Why KasperskyOS

For years monolithic operating systems were developing without security in mind, with focus on functionality, speed and ease of development. With the increase of functionality and support for various hardware, their size and complexity keep growing. The most services contain in the kernel in such systems, i.e. the part of the system that executes in the privileged mode. The result is an explosive growth in the amount of privileged code.

Any code executing in privileged mode can bypass security, and is therefore inherently part of a system’s trusted computing base (TCB). So, we see a rapid grow of TCB and it’s a huge problem.

What’s wrong with TCB? Almost all code has bugs, the number of bugs grows with the size of the code base, and that leads to a growth of the number of vulnerabilities and rise in cybercrime.

The solution is a microkernel-based operating system. The term “microkernel” implies that only the most critical system operation mechanisms are located in the kernel, while less important functions are ordinary applications. This makes it much easier to ensure that the kernel code is free of errors and vulnerabilities, and that the attack surface is minimal.

Why microkernel? According to АСМ (Association for Computing Machinery), in microkernel-based architecture:

96% of critical Linux exploits would not reach critical severity;
57% of Linux exploits would be reduced to low severity;
29% of Linux exploits would be prevented by microkernel-based design alone.

The KasperskyOS kernel contains only about 100 thousand lines of code. To compare: monolithic kernels can include tens of millions of code lines.

In theory, app isolation is the foundation of a secure IT system. However, the reality is different from the textbook: the apps do not exist in their own space, so for the normal operation of an IT system its components must interact with each other.

The problem is that not all apps are secure. According to the Kaspersky Security Network in the Q2 2022:

exploits targeting Microsoft Office vulnerabilities grew in the second quarter to 82% of the total
attempts at exploiting vulnerabilities that affect various script engines and, specifically, browsers, dipped to 5%
Android exploits ranked third in our statistics with 4%, followed by exploits of Java applications, the Flash platform, and PDF documents, each with 3%.

The standard approach to cybersecurity involves a “vulnerability-antidote” race: finding and closing vulnerabilities (ideally, before attackers manage to exploit them, which is not always feasible in practice).

With Cyber Immunity and KasperskyOS, we suggest a new paradigm — the development of systems that will remain operational even if a vulnerability is successfully exploited in a particular untrusted application, component, driver, etc. One of the cornerstones of the paradigm is the principle of domain isolation, inspired by the MILS architectural concept.

The components of our OS are separated into isolated security domains and cannot affect one another. All of their interactions go through the microkernel, while Kaspersky Security System passes a security verdict on each. If an interaction fails to match defined policies, it is blocked even before the execution.

Thanks to this, when developing for KasperskyOS, you can use untrusted components that do not have Cyber Immunity. If one of them proves to be vulnerable, and attackers take advantage of this, the OS simply will not allow the component to perform operations that are not authorized by the security policy and that affect the functioning of the product.

Sadly, code is never bug-free. By the end of August (in the space of just 6 months) more than 16,000 new entries appeared in the Common Vulnerabilities and Exposures (CVE) database. For comparison, 20,000 new vulnerabilities were found for the whole of 2021, which was also the top result since 1999. It’s looking increasingly likely that the record may be broken in 2022, with time to spare. Additionally, whilst all code contains vulnerabilities, some can be more dangerous than others. That’s why it’s so important to block the attackers’ entry into critical system elements.

For safe and secure operations system components should interact strictly in accordance with security policies. To tailor solutions to specific tasks, be it the operation of an IoT gateway or a nuclear reactor, it’s necessary to be able to describe various security policies. KasperskyOS is designed to handle these and other security tasks using the Kaspersky Security System.

Kaspersky Security System architecture is based on two classic information security concepts: MILS (Multiple Independent Levels of Security) architecture and FLASK (Flux Advanced Security Kernel). It filters all inter-process communications (IPC), either approving or declining them according to the prescribed security policies. That way, if one of the components gets hacked, Kaspersky Security System won’t let the attackers pass into the system or network, where they can wreak havoc.

According to the Google Project Zero team, 2021 broke records for the number of 0-day attacks exploited in real-world attacks with 58 exploits.

A 0-day is a problem, but having an already released #security update from the software manufacturer doesn’t always help either. A classic example: the Equifax hack. The attackers exploited a vulnerability in the Apache Struts 2 framework, which had been shut down by Oracle two months before the leak began. Alas, patches were not installed everywhere in time.

We took these aspects into account: the problem of 0-day attacks and the need for companies to protect themselves by default, without having to close any vulnerabilities in a pinch.

Real pros don’t chase vulnerabilities, they ban them. The Default Deny principle underlies all secure solutions based on KasperskyOS. Any interaction that isn’t explicitly allowed by the security policy is blocked.

While developing on KasperskyOS, it is possible to use components that don’t have Cyber Immune capabilities. In case of an exploit, the OS will prevent the component from performing operations not specified in the security policy.

We’ve prepared some numbers and facts about the threat landscape for industrial automation systems in the first half of 2022. According to Kaspersky ICS CERT:

During this period, malicious objects were blocked at least once on 31.8% of the world’s ICS computers.
The top sources of threats to computers in organizations’ technology infrastructure are the Internet (16.5%), removable media (3.5%), and email (7.0%).
In the first half of 2022, 7219 families of various types of malware were blocked on ICS computers.
In terms of the share of ICS computers on which malware was blocked, building automation systems were the leaders in Russia and globally as a whole.

It is difficult to overestimate the danger of cyber threats at the intersection of the cyber and physical worlds. That is why industries, where security is the highest priority, are moving towards the secure-by-design approach — creating cyber security mechanisms at the design stage of IT solutions.

In fact, the goal of security by design is to make a system that is guaranteed to work even under attack. This is how KasperskyOS was created, which embodies the idea of Cyber Immunity.

Some security threats can be neutralized by security software, while protection from other threats can only be achieved by trusted hardware and software systems that provide protection from unauthorized actions.

KasperskyOS separates security functions from application business logic, which makes it easier to configure security policies:

The developer of a KasperskyOS-based solution can combine many different models to build a policy that most closely matches the security objectives set.
To simplify policy design, we have developed a special policy description language – Policy Specification Language (PSL). PSL syntax allows you to combine a variety of security models, including finite and time automata, TE (Type Enforcement), Role Based Access (RBAC) models, and more, into a single policy.
There is no need to write code that implements the security policy – it is generated by a special compiler based on the PSL description. The code generated from well-researched models can be trusted.
The implementation of the security policies is separated from the application code. This allows them to be changed independently of each other, making it easier for application developers and solution architects.

Today we are developing products based on KasperskyOS with clearly defined security policies and scenarios of use, for which it is possible to build a threat model and create a Cyber Immune system.

The most popular question about KasperskyOS is: “Isn’t that Linux?”. No, it is definitely not Linux. There is not a single line of code from it – our OS was developed from scratch and for absolutely different tasks.

Why develop a proprietary kernel if we could take Linux one?

~100K lines of code in KasperskyOS microkernel vs. ~35M lines of code in Linux.
96% of critical Linux exploits would not reach critical severity in microkernel architecture;
57% of Linux exploits would be reduced to low severity;
29% of Linux exploits would be prevented by microkernel-based design alone.

In addition, we use architectural principles to ensure that the operating system behaves safely in each and every application. The output of the system can only do what it needs to do. This cannot be done in a traditional operating system.

We have rejected borrowed code in favor of security guarantees. The KasperskyOS microkernel, as well as the libkos base library, driver framework, input framework and most drivers are all proprietary to Kaspersky and are not based on any existing project (Linux or otherwise).

Here are a few statistics by Kaspersky:
• Kaspersky detects 380,000+ information security threats daily
• 90% of security threats are traditional cybercrime and 10% are targeted attacks, including antivirus attacks
• Ransomware remains the clear leader in the current threat landscape

The world is changing toward digitalization, and attackers are evolving techniques, tactics and tools within the main trends:
• Taking advantage of 0-day vulnerabilities in server products and gateways (e.g. Hafnium attacks on MS Exchange, ransomware attacks on VPN gateways)
• Advance multiplatformism, particularly providing “support” for Linux and ESXi encryptors
• Using popular red team tools and “living off the land” techniques instead of “ordinary” malware

How does the infosecurity industry work today?
1. An attacker finds another vulnerability.
2. The vulnerability becomes public.
3. Developers, IS companies and administrators urgently develop and apply countermeasures, protection or neutralization measures. This is difficult and expensive, and sometimes impossible.

KasperskyOS allows you to get out of the “virus -> anti-virus” vicious circle. The operating system is designed so that it doesn’t need to be supplemented with superimposed protection means. Its architecture prevents an intruder from interfering with the system even if a component has been compromised.

KasperskyOS was initially designed for devices on which antivirus installation is fundamentally impossible (secure gateways, electronic control units in cars, etc.). Today, our OS is evolving and the range of devices on which it works is growing.

We are a global company, with a global vision and a focus on international markets. We operate in 200 countries and territories and have 34 offices in more than 30 countries. Our team consists of more than 4,000 highly-qualified specialists.

Our mission is to build a safer world. We believe in a tomorrow where technology improves all of our lives.

We are forever innovating, delivering protection that’s effective, usable and accessible. We pride ourselves on developing world-leading security that keeps us — and every one of our 400 million users protected by our technologies, and 250,000 corporate clients — one step ahead of potential threats.

Which is why we secure it, so everyone everywhere has the endless opportunities it brings. In the modern world, cybersecurity is about more than just protecting devices, but developing an ecosystem where everything connected through technology is immune to cyber threats. That’s why we have moved beyond the anti-virus laboratory to provide cybersecurity technology that people can trust, and our business focus has evolved towards the wider concept of “Cyber Immunity”.

Today, transparency is a vital element in the digital world we all rely on. Kaspersky Global Transparency Initiative includes a number of actionable and concrete measures to engage with the wider cybersecurity community and stakeholders in validating and verifying the trustworthiness of its products, internal processes and business operations.

Businesses are showing increased interest in having confidence in their technology providers, with more than 70% of IT decision makers declaring a strong importance of having ongoing assurance that the IT solutions they use are operating in a known and trusted state. This is why Kaspersky decided to open two new trust-building facilities for the company’s partners and customers in Italy and in the Netherlands. The centers will operate as per a new format: providing customers and partners with just the most popular service — an overview of our engineering and data management practices.

The new centers are part of the Kaspersky Global Transparency Initiative (GTI), and aim to open the “black box” of technology — increasing customer confidence in the company’s solutions. With the 2017 launch of the GTI, we became the first cybersecurity company to open its source code for external review. The initiative aims to engage the broader community in validating and verifying the trustworthiness of our products, internal processes, and business operations.

With the latest addition of two new facilities, Kaspersky now operates nine Transparency Centers in Europe, APAC, North America and Latin America. Centers opened earlier offer additional review options — the red and black pistes — which vary in their depth and the level of technical skills required. The former provides a review of the most critical parts of the source code, enabling analysis of a particular functionality, while the latter represents the deepest and most comprehensive review of the most critical parts of the source code. The code review can be run solely for consultation purposes and in compliance with the strictest access policy to rule out the possibility of any modifications.

KasperskyOS is developing within these trends. The native code of KasperskyOS is continually subjected to various kinds of testing, including fuzzing. Some of the more critical components undergo formal verification and validation of security models. Code is subjected to static and dynamic analysis. Penetration tests are regularly conducted. A Bug Bounty program is planned.

Kaspersky products are regularly assessed by independent experts — and have won numerous industry awards, plus recognition from leading industry analysts.

In 2013-2021:

Kaspersky products participated in 741 independent tests and reviews;
our solutions were awarded 518 firsts;
with our products we achieved 612 top-three finishes.

KasperskyOS operating system and the concept of Kaspersky Cyber Immunity® also received high marks from the professional community.

Arc Advisory Group, a leading technology market research group and consultancy, in the white paper published in April 2021 states that Kaspersky Cyber Immunity “could be the foundation to unleash secure digital transformation in the industry.”

Later, in June 2022, Arc Advisory Group hails Cyber Immunity as the Best Practice for Industrial IoT. The white paper covers approaches and guidelines that are being developed in the area of IIoT security. The author concludes that it is practical to use systems that provide protection against existing and potential cyberthreats as part of their architecture. KasperskyOS, our micro-kernel operating system, meets this criterion perfectly.

Cyber Immune data gateway for industry Kaspersky IoT Secure Gateway 100 was awarded at World Leading Internet Scientific and Technological Achievements 2020 ceremony.

Kaspersky Secure Remote Workspace (KSRW) received prestigious award at World Leading Internet Scientific and Technological Achievements 2022 awards ceremony during the World Internet Conference. KSRW is a solution for building a managed and functional Cyber Immune infrastructure of thin clients based on the KasperskyOS microkernel operating system, with protection against the vast majority of potential cyberthreats.

Why KasperskyOS

Microkernel-based architecture

Isolation

Control

Default deny

Security by design

Flexible policy configuration

Proprietary microkernel

Without additional security tools

Designed by Kaspersky

25 years in cybersecurity

Transparency

Industry recognition