Russian security firm Kaspersky Lab has launched its own operating system, the KasperskyOS, which the company said took 15 years to create.
The tech firm said KasperskyOS is a specialized operating system designed for embedded systems with strict cybersecurity requirements. By design, KasperskyOS significantly reduces the chances of undocumented functionality and thus mitigates the risk of cyberattacks, it added.
The operating system is tailored for the telecoms and automotive industries, as well as critical infrastructure, Kaspersky Lab said.
Based on a new, developed entirely in-house microkernel, the KasperskyOS utilizes principles of security-driven development such as Separation Kernel, Reference Monitor, Multiple Independent Levels of Security and the Flux Advanced Security Kernel architecture.
KasperskyOS was designed with specific industries in mind and thus not only solves security issues, but also addresses organizational and business challenges related to secure application development for embedded systems, the company said.
“The idea behind KasperskyOS emerged 15 years ago when a small team of experts discussed an approach that would make it impossible to execute undocumented functionality. Further research revealed that such a design is very hard to implement in the environment of a conventional, general-purpose operating system. To address this we chose build our own OS that follows the universally embraced rules of secure development, but also introduces many unique features, making it not only secure, but also relatively easy to deploy in applications where protection is needed the most,” narrated Andrey Doukhvalov, head of future technologies and chief security architect at Kaspersky Lab.
Eugene Kaspersky, chairman and CEO of Kaspersky Lab also explained, “Our OS started way back in the days when viruses were the most serious cybersecurity problem – long before complex attacks on industrial systems emerged and there was total dependence on computer systems in every aspect of our lives. Back then, the concept of ‘security without limits’ was certainly not on the agenda of the growing IT crowd. We understood from the very beginning that designing our own operating system would be a huge undertaking – a project that would require vast resources for many years before it could be commercialized.”
“Today we see clear demand for strengthened security in critical infrastructure, telecoms and the finance industry, as well as in both consumer and industrial IoT devices. In the beginning it was a risky investment that no other security vendor had the courage to conduct. But today, thanks to our efforts, we have a product that provides the maximum possible level of immunity against cyberattacks – a product based on principles that can be verified independently,” added Kaspersky.
KasperskyOS has been designed to allow programs to execute only documented operations. Developing applications for KasperskyOS requires ‘traditional’ code to be created, as well as a strict security policy that defines all types of documented functionality. Only what is defined by this policy can be executed, including the functionality of the operating system itself, according to the company.
“Such an approach proved to be very time-consuming during the KasperskyOS development process, but for application developers it offers a certain benefit: a security policy can be developed in parallel with the actual functionality,” it said.
The functionality itself can in fact be immediately tested: a mistake in the code means undocumented behavior, which is blocked by the OS. Most importantly, the development of a security policy can be customized according to business needs: security can be adapted depending on the application requirements, rather than the other way around, the company said.
“There is no such thing as 100% security, but KasperskyOS guarantees our customers the first 99%. Technically speaking, in a really complex environment, attempts to inject a certain code in our system cannot be successful. Our advantage is that, since any malicious operation is undocumented by the security policy, being an integral part of any application, the payload will never be executed. KasperskyOS is therefore immune from the typical cyberthreat agenda of today,” commented Andrey Nikishin, head of future technologies business development at Kaspersky Lab.
The company pointed out that KasperskyOS is not a general-purpose operating system. It is designed for embedded devices and is aimed at three key industries: telecommunication, automotive and industrial, it said.
In addition, Kaspersky Lab said it is also developing deployment packages for the financial industry (security of POS-terminals and thin client PS) and the security enhancement of critical operations for general-purpose Linux-based systems and endpoints in particular.
Kaspersky Labs said OS can be used as base on which to build devices like network routers, IP cameras or IoT controllers. It addresses the needs of the telecom industry, critical infrastructure applications and the emerging development of the Internet of Things, the company said.
Kaspersky Lab said successful projects have already been conducted with Russia’s system integrator Kraftway (secure network router), SYSGO (strengthened security for PikeOS real-time operating system with Kaspersky Security System) and European systems integrator BE.services (embedding KasperskyOS technology in specialized Programmable Logic Controllers).
As a unique project that is tailored for every customer, the Kaspersky Lab said the pricing of the OS varies depending on requirements.