Microkernel

Cyberimmune operating system base

An operating system’s kernel is the key architectural component responsible for communication between user applications and hardware. KasperskyOS is based on a microkernel developed by Kaspersky. The microkernel is written from scratch and doesn’t use Linux kernel code.

The term “microkernel” implies that only the most critical system operation mechanisms are located in the kernel, while less important functions are ordinary applications. This makes it much easier to ensure that the kernel code is free of errors and vulnerabilities, and that the attack surface is minimal.

Microkernel architecture is the gold standard in developing secure operating systems that don’t require additional security tools. As long as the methodology is followed, such an operating system is secure by design.

Size of the KasperskyOS microkernel code compared to the monolithic kernel of a general-purpose system

Advantages of the technology

Developed from scratch

KasperskyOS microkernel is a proprietary Kaspersky development. The design and implementation of all microkernel parts serve to accomplish the main goal: create a secure operating system.

Small size

The KasperskyOS kernel contains only a few dozen thousand lines of code. The smaller the kernel size, the fewer potential vulnerabilities it has and the easier it is to formally verify. To compare: monolithic kernels can include tens of millions of code lines.

Minimum attack surface

There are only three system calls and only one IPC interface in KasperskyOS. This keeps the attack surface to a minimum.

Security module integration

The KasperskyOS microkernel is designed to take full advantage of Kaspersky Security System capabilities.

Ease of development

A number of libraries have been developed for KasperskyOS that provide partial POSIX compatibility, thus simplifying the creation and porting of applications.

Features of the technology

The KasperskyOS kernel is responsible for functions that can only be performed in privileged mode:

  • Plan processes and threads
  • Manage virtual memory
  • Manage access to I/O ports
  • Manage DMA memory
  • Perform Futex-based synchronization
  • Deliver and manage hardware interrupts
  • Receive and set the real time
  • Manage descriptors
  • Interact with the Kaspersky Security System

All other operating system functions, including drivers, file systems, and network stacks, are moved to user mode.

The KasperskyOS kernel guarantees complete isolation of IT system components. The only IPC type provided by the kernel is synchronous messaging (request–response). Each message is sent to the Kaspersky Security System to check for compliance with the specified security policy. The kernel only delivers the message if the policy allows it.

Learn more about KasperskyOS

We are always happy to answer your questions about KasperskyOS and solutions based on it. Fill out the form to get additional information or to discuss cooperation prospects

Ask a Question

Answering the most frequently asked questions about KasperskyOS and products based on

Read the FAQ