Woburn, MA – February 9, 2017 – Today Kaspersky Lab is announcing the commercial availability of KasperskyOS, a specialized operating system designed for embedded systems with strict cybersecurity requirements. By design, KasperskyOS significantly reduces the chances of undocumented functionality and thus mitigates the risk of cyberattacks.
A massive undertaking that took Kaspersky Lab’s best talent 15 years to develop, KasperskyOS is now commercially available to original equipment manufacturers (OEMs), original design manufacturers (ODMs), systems integrators and software developers around the world. Key implementations of the operating system are tailored for the telecoms and automotive industries as well as critical infrastructure.
KasperskyOS introduces a secure-by-design environment for the ever-growing and increasingly attacked embedded systems and Internet of Things (IoT) devices. In a modern connected world where IoT devices are being used by consumers, utilized in critical infrastructure and control many aspects of our everyday life, the demand for a strong security approach is higher than ever.
Based on a new, developed entirely in-house microkernel, KasperskyOS utilizes well-established principles of security-driven development, such as Separation Kernel, Reference Monitor, Multiple Independent Levels of Security and the Flux Advanced Security Kernel architecture. It was designed with specific industries in mind, and thus not only solves security issues, but also addresses organizational and business challenges related to secure application development for embedded systems.
“The idea behind KasperskyOS emerged 15 years ago when a small team of experts discussed an approach that would make it impossible to execute undocumented functionality,” said Andrey Doukhvalov, head of future technologies and chief security architect, Kaspersky Lab. “Further research revealed that such a design is very hard to implement in the environment of a conventional, general-purpose operating system. To address this we chose build our own OS that follows the universally embraced rules of secure development, but also introduces many unique features, making it not only secure, but also relatively easy to deploy in applications where protection is needed the most.”
“Our OS started way back in the days when viruses were the most serious cybersecurity problem – long before complex attacks on industrial systems emerged and there was total dependence on computer systems in every aspect of our lives,” said Eugene Kaspersky, chairman and CEO, Kaspersky Lab. “Back then, the concept of ‘security without limits’ was certainly not on the agenda of the growing IT crowd. We understood from the very beginning that designing our own operating system would be a huge undertaking – a project that would require vast resources for many years before it could be commercialized. Today we see clear demand for strengthened security in critical infrastructure, telecoms and the finance industry, as well as in both consumer and industrial IoT devices. In the beginning it was a risky investment that no other security vendor had the courage to conduct. But today, thanks to our efforts, we have a product that provides the maximum possible level of immunity against cyberattacks – a product based on principles that can be verified independently.”
KasperskyOS has been designed to allow programs to execute only documented operations. Developing applications for KasperskyOS requires ‘traditional’ code to be created, as well as a strict security policy that defines all types of documented functionality. Only what is defined by this policy can be executed, including the functionality of the operating system itself. Such an approach proved to be very time-consuming during the KasperskyOS development process, but for application developers it offers a certain benefit: a security policy can be developed in parallel with the actual functionality. The functionality itself can in fact be immediately tested: a mistake in the code means undocumented behavior, which is blocked by the OS. Most importantly, the development of a security policy can be customized according to business needs: security can be adapted depending on the application requirements, rather than the other way around.
“There is no such thing as 100 percent security, but KasperskyOS guarantees our customers the first 99 percent,” said Andrey Nikishin, head of future technologies business development, Kaspersky Lab. “Technically speaking, in a really complex environment, attempts to inject a certain code in our system cannot be successful. Our advantage is that, since any malicious operation is undocumented by the security policy, being an integral part of any application, the payload will never be executed. KasperskyOS is therefore immune from the typical cyberthreat agenda of today.”
The deployment flexibility
KasperskyOS is not a general-purpose operating system. It is designed for, and meets the requirements of, embedded devices and is aimed at three key industries: telecommunication, automotive and industrial. In addition, Kaspersky Lab is also developing deployment packages for the financial industry (security of POS-terminals and thin client PS) and the security enhancement of critical operations for general-purpose Linux-based systems and endpoints in particular. The ease of deployment is achieved through three packages:
- KasperskyOS offers maximum security, although its requirements bring an extra challenge to a customer’s development process. It can be used as base on which to build devices like network routers, IP cameras or IoT controllers. It addresses the needs of the telecom industry, critical infrastructure applications and the emerging development of IoT.
- Kaspersky Secure Hypervisor is at a slightly reduced cost and makes it possible to execute applications with strict control over how they communicate with each other. It addresses the needs of telecoms, the automotive industry and can also be used for general security purposes, up to the secure operation of endpoints.
- Kaspersky Security System brings enforced security to conventional operating systems as well as other embedded and real-time OS with minimal development overheads.
KasperskyOS is available for OEMs, ODMs, systems integrators and software developers around the world. Successful projects have already been conducted with Russia’s system integrator Kraftway (secure network router), SYSGO (strengthened security for PikeOS real-time operating system with Kaspersky Security System) and European systems integrator BE.services (embedding KasperskyOS technology in specialized Programmable Logic Controllers). Since KasperskyOS can be tailored to fit the unique needs of every customer, the pricing of KasperskyOS varies depending on requirements.
More information about KasperskyOS, Kaspersky Secure Hypervisor and Kaspersky Security System, as well as contact information for potential customers is available on a dedicated website. Technical background information is available in this detailed article at Securelist.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter