Russian cyber security vendor Kaspersky Labs has launched KasperskyOS – a secure operating system based on a proprietary microkernel, designed to protect embedded computers in telecommunications and industrial equipment.

Kaspersky says deploying the OS can significantly reduce the chances of an attacker using the software in the ways not intended by its creators.

“The idea behind KasperskyOS emerged 15 years ago when a small team of experts discussed an approach that would make it impossible to execute undocumented functionality,” explained Andrey Doukhvalov, head of Future Technologies and Chief Security Architect at Kaspersky Lab.

“Further research revealed that such a design is very hard to implement in the environment of a conventional, general-purpose operating system. To address this we chose build our own OS that follows the universally embraced rules of secure development, but also introduces many unique features, making it not only secure, but also relatively easy to deploy in applications where protection is needed the most”.

KasperskyOS in action
KasperskyOS in action – Eugene Kaspersky

The holy grail

Moscow-based Kaspersky Labs is Europe’s largest cyber security vendor by market share. It owes a large part of its success to the charismatic co-founder and CEO Eugene Kaspersky, who has spent much of the past 20 years traveling around the world and drumming up business.

Kaspersky’s tenure has been marred by allegations that his company supplied information to the Russian security services, but these have never been conclusively proven.

Kaspersky Lab’s latest product is a new category of software for embedded systems. It was developed to be ‘secure-by-design’ and is only able to execute documented operations – this essentially means it can only do what app developers instruct it to do.

Applications for KasperskyOS require both ‘traditional’ code and a strict security policy that defines all types of functionality that the code can execute. The code can then be immediately tested - a mistake means undocumented behavior, which is blocked by the OS.

Kaspersky Lab admits that this bring an extra challenge to a customer’s development process, but maintains that this approach can considerably improve the security of specialized industrial hardware.

“We understood from the very beginning that designing our own operating system would be a huge undertaking – a project that would require vast resources for many years before it could be commercialized,” Kaspersky said.

“Today we see clear demand for strengthened security in critical infrastructure, telecoms and the finance industry, as well as in both consumer and industrial IoT devices. In the beginning it was a risky investment that no other security vendor had the courage to conduct. But today, thanks to our efforts, we have a product that provides the maximum possible level of immunity against cyberattacks – a product based on principles that can be verified independently”.

At the moment, the product is aimed at three industry verticals: telecommunication, automotive and industrial. Kaspersky is already working on a specialized version of the OS for retail, and another version to enhance security of general-purpose Linux-based systems.

Kaspersky’s partners have already used KasperskyOS in the design of network routers and Programmable Logic Controllers.