KasperskyOS

Main Article: Operating Systems

KasperskyOS is secure. operating system Designed for use in critical network infrastructures and devices. Internet of Things

KasperskyOS

Features of KasperskyOS

1. Proprietary System

This is not a port or an adaptation of other systems (in particular, Linux), but a completely proprietary development of Kaspersky Lab. The system was developed for a total of 14 years. The system lacks a graphical interface and is not intended for the consumer market.

2. The system is built on the basis of a microkernel and is equipped with an independent security engine (Security Engine)

All data exchange between KasperskyOS software modules passes through the system microkernel, which contains means for calculating security verdicts that will allow or prohibit each specific action of the application. The kernel itself contains the minimum necessary code for operation.

3. By default, everything is prohibited

The system is built on the basis of the principle of Default Deny, which prevents software components from committing any unauthorized actions. The solution is built on the principle of dividing objects into the maximum number of isolated entities. Users of the system can analyze the source code and make sure that no undocumented functions are hidden in it. Everything else, thus, is configured with the participation of the customer - in the form of various security policies, each of which is configured individually for each application.

4. A different shortcut to each item

No one can install an application on the system without setting its behavioral configuration. Hardware and resource-level applications (files, databases, network ports, etc.) are marked with their own security attributes. You cannot access a resource that lacks a "security label."

5. The system as a whole is POSIX-compatible

But the use of "native" APIs guarantees the safe behavior of applications. The developer will have to choose the proper balance between compatibility and security of the code.

6. The system is focused on a wide range of applications

Among those:

• Telecommunication equipment
• Smart cars
• M2M- and IoT equipment
• Industrial systems

2023

Kaspersky mobile OS was first tested in the test laboratory of a telecom operator

In mid-November, MegaFon provided Kaspersky Lab with data on the test results of the KasperskyOS for Mobile operating system in the company's St. Petersburg laboratory, where the operator deployed a test laboratory for compliance with 3GPP cellular standards and correct operation when performing basic functions. These include data transmission, calls, sending SMS, switching between mobile communication technologies in all modern networks used in the Russian Federation - 2G, 3G, 4G.

Testing process in the operator's laboratory (photo freepik)

The operating system was installed on a device with a Chinese ARM processor and provided the implementation of all the above technologies and the operation of the graphics kernel, which proves the possibility of creating various mobile devices based on KasperskyOS, such as smartphones, cellular-connected car assistants and other similar IoT devices.

At the moment, we are talking about the first of a series of tests to be passed by our mobile operating system, "Viktor Ivanovsky, head of the KasperskyOS business development group, told TAdviser. - Before that, we were engaged in the development and debugging of mechanisms necessary for the mobile operating system on bench and laboratory equipment in our company. Other telecom operators, other countries and new markets are ahead.

KasperskyOS for Mobile was tested according to a laboratory testing program consisting of more than 250 test cases. Now KasperskyOS is not a real-time operating system, but the services implemented by Kaspersky Lab specialists based on the microkernel allow you to support all of the listed technologies. For each case, logs were recorded for the exchange of signal information between the device and the network, and the results were used to optimize the operation of the operating system. If necessary, the operation of the device based on the company's operating system was compared with a similar device based on the reference OS.

Real-time operating systems are a separate family, primarily designed to work in industrial environments, controllers, but, of course, not on mobile devices, "Viktor Ivanovsky explained to TAdviser. - The good news is that we are conducting internal research to create RTOS based on our microkernel. We consider it premature to announce the timing of the development.

MegaFon's laboratory allows you to solve a wide range of tasks for researching subscriber equipment. Testing is carried out on a dedicated network with all functional nodes - radio access network, kernel, transport segment. It includes fragments of networks of all technologies used today, including VoLTE, VoWIFI, 5G.

A test zone has been built in the laboratory, which allows you to investigate the operation of equipment in 5G networks at any frequency, including in the band most suitable for the fifth generation - 3.4-3.8 GHz. Such resources allow to implement any scenario of subscriber device operation in the operator's network.

The mission of the MegaFon laboratory is to make subscriber devices better and make the most of their capabilities on the network, "Alexander Jakonia, head of the MegaFon Center for Research and Testing of Subscriber Equipment, explained the goals of the study. We strive to provide our subscribers with well-functioning subscriber equipment, which will allow them to receive only high-quality service. Participation in KasperskyOS testing will allow you to use the expertise of laboratory employees in further development and ensure the presence of a whole fleet of tested and well-functioning devices based on KasperskyOS on the network.

Kaspersky Lab began growing an ecosystem of applications for its OS

The main milestone for the near future, which Kaspersky Lab sees in the development of its operating system, is support for applications that will be developed by external manufacturers. Dmitry Lukiyan, Head of Corporate Product Management at KasperskyOS, told TAdviser about this and other plans to develop the KasperskyOS direction in October at the GITEX international exhibition in Dubai.

In connection with the focus on the development of the ecosystem, at the beginning of 2024, it is planned to release an application distribution system - a catalog that is an analogue of a marketplace. It will present applications for different directions on which KasperskyOS runs: IoT gateways, thin clients, potentially cars, as well as mobile devices.

Our task next year is to ensure that third-party companies can develop applications for KasperskyOS, says Dmitry Lukiyan.

In parallel with the development of the application catalog, a motivational program is being created for developers, within which they can get advantages - both in terms of earning money and promoting their products, a representative of Kaspersky Lab added.

Kaspersky Lab is working on creating a motivation program for application developers "(photo: TAdviser)"

And to minimize the barriers that programmers need to overcome to enter, Kaspersky Lab is working to get Flutter, Google's open-source cross-platform tool for quickly developing mobile applications for iOS and Android, on their platform.

Another area of ​ ​ development is compliance with the requirements of regulators. In this regard, by the end of 2023, the company is completing the preparation of the OS for certification according to the requirements of FSTEC 4A^[1] of^[2]During 2024, the OS will be certified. And the first to receive this certified version of the OS will be the Kaspersky IoT gateway.

This is due to the fact that in Russia IoT is actively developing in industry, explains Dmitry Lukiyan. But this is a regulated area, because this is usually a critical information infrastructure (CII), and in order for the OS to become part of the CII and be used there as a means of protection, it must be certified accordingly.

The IoT gateway at the enterprise allows you to take data from various sensors, actuators, etc., and then they need to be sent to various analysis systems, where the analysis of performance, efficiency will take place. At the same time, enterprises often have a lot of old equipment, the creation of which did not lay down the concept of IoT. And due to the gateway, you can connect to various devices.

Kaspersky plans to stimulate its partners to develop applications that allow them to do this and place these applications in the catalog.

There is a great need for this in the IoT field. Therefore, now the emphasis is on the growth of the number of partners in this area, "notes Dmitry Lukiyan.

A similar story is with the use of KasperskyOS in cars: here, too, you need to take into account the regulation, which is different in different countries, and attract third-party application developers taking this into account. At the moment, there is only one ready-made case of using KasperskyOS in a car: in May 2023, Kaspersky Lab provided a functional sample of the Atom electric car with protection against remote attacks by attackers. In this case, the KasperskyOS-based security gateway Kaspersky Automotive Secure Gateway (KASG) is used to protect all digital systems of the car.

At the same time, the company says that they are negotiating with other automakers in different countries on the application of their decision in their cars.

The OS development plans also include the story of the alienation of driver development: now it is being conducted at Kaspersky Lab, and the company is actively working on methodology and tools so that drivers can be developed by third-party companies, and without violating the cyber immune problem.

As for the OS for thin clients, in particular, in 2023 the company had a big task, which will last for 2024: there are plans to release version 2.0 in the 2nd quarter, which will finally support sound, said Dmitry Lukiyan. Now a thin client on KasperskyOS connects to a virtual infrastructure, and there is no way to provide an audio conference on it. Therefore, the task is to support audio conferences, which, the company expects, will significantly expand the use of cyber-immune thin clients in the market.

Another area of ​ ​ work on thin clients is the forwarding of tokens and flash drives in Linux builds. This is a case where there is a remote version of Linux, and you need to include a flash drive or token in the thin client so that it appears on the remote machine. Also in the plans for the OS for thin clients is support for the VDI platforms Citrix and Vmware for the international market. It will be possible for a browser ported to KasperskyOS to remotely connect to VDI platforms of market leaders. And according to the Russian VDI, Kaspersky Lab works closely with the Basis company.

Initially, the micro-core operating system KasperskyOS was "sharpened" for built-in applications, the peculiarity of which is that it is known in advance what the functionality will be, all processes start right at the system boot, links are established between them, these processes interact and solve business problems. But not so long ago, the company began a U-turn towards "large" operating systems, including OS for mobile devices.

At GITEX, Kaspersky Lab presented a production model that can be controlled from a mobile device based on KasperskyOS "(photo: TAdviser)"

In September 2023, for example, the company mentioned work on a prototype of a professional mobile device based on KasperskyOS. Such a gadget is focused on use in industrial enterprises.

And in October, Andrei Naenko, head of kernel development at KasperskyOS, said that the OS project for mobile devices is large and complex, it needs to take into account many things that did not have to be taken into account before. So, for example, everyone expects from a smartphone that applications can be installed on it. To do this, you need to ensure the supply and installation of applications, manage their lifecycle, be able to uninstall, etc. Thus, the "large" OS, unlike embedded systems, contains much more functionality, more processes, and the connections between different processes can be established dynamically. These scenarios were not previously provided in KasperskyOS, so now the company has to implement a lot of functionality in order to provide them.

As part of cyberimmune thin clients

Kaspersky Lab""expands the pool of technological partners in the direction of cyberimmune thin clients. The company signed an agreement with, TSplus a global vendor of access solutions. virtual desktops Kasperskog Lab announced this on October 19, 2023. Within the framework of cooperation, Kaspersky Lab will operating system provide KasperskyOS and cyber-immune software products, and TSplus will provide ON remote access to desktops, application delivery and information protection for virtual desks. more. here

At the heart of cyberimmune devices for industrial and energy enterprises

Kaspersky Lab and System Electric plan to create KasperskyOS-based cyber immune devices for industrial and energy enterprises. The companies agreed on June 28, 2023.

Companies will implement and optimize KasperskyOS for the tasks and functions of devices such as relay protection and automation terminals (RPA), programmable logical controllers (PLC). They will also begin developing application applications, for example, to protect against freelance modes of operation, control and control of technological processes. This will provide end users with high-tech cyber-immune solutions, increase the security and resistance of enterprises to cyber attacks.

In the future, partners will be able to introduce cyber immune devices at any electric power facilities, including in the power grid to protect transformer substations, power plants, oil refineries, and metallurgical plants.

One of the main priorities of System Electric is to contribute to the formation of conditions for the technological sovereignty of ours, countries which cannot be achieved without investing in development - and ITindustries ensuring cyber security industrial systems. Cooperation with Kaspersky Lab allows us to provide customers with the most secure solutions that meet the needs of the market. In May 2023, Kaspersky Lab and I presented the first joint product - the SystemeLogic X digital control unit for the SystemePact ACB circuit breaker, which provides customers with a high level of digitalization and optimal protection against the cyber threats entire service life. Now we are glad to announce cooperation in the field of building joint solutions based on operating system KasperskyOS. We are confident that it will bring the company closer to the next goal - the cyber immunity of our solutions, - said Nikolay Ladygin the first deputy general director of System Electric for the Energy and Automation markets.

{{quote 'The development of any cyber-immune solution is a combination of equipment, operating system and functional components combined by developed architecture and implemented in cooperation with a technological partner. We are launching an initiative with a new player for cyber immunity, but mature for industrial segments - System Electric. The agreement will allow us to expand the scope of cyber immunity and significantly enrich this young discipline of cyber immune solutions with industry expertise, "said Andrey Suvorov, Director of Business Development at KasperskyOS. }}

Use in CIPF ViPNet cyberimmune solutions

Kaspersky Lab and InfoTeCS have confirmed long-term cooperation with the Memorandum of Partnership. At this stage of interaction, companies plan to create cyber immune solutions based on the KasperskyOS operating system, which will run ViPNet cryptographic information protection tools. InfoTeCS announced this on June 20, 2023.

In areas such as manufacturing, the Internet of things, smart cities, digital workplaces, not only cyber immune products and solutions are required, but also means of cryptographic information protection. By combining the properties of KasperskyOS and InfoTeCS technologies, the market gets new opportunities for the development of digitalization projects for production and traditional business processes, "said Andrey Suvorov, Director of Business Development at KasperskyOS.

Companies value the market at more than a hundred thousand devices and automated workplaces over the next five years. The partnership plans to present the first joint developments in 2024.

{{quote "Strategic partnership with InfoTeCS specialists, on the one hand, helps to meet the needs of our future users of cyber-immune products, and on the other hand, it becomes another confirmation of the importance and relevance of the cyber-immune approach to the development of Secure-by-Design systems," added Andrey Suvorov, Director of Business Development KasperskyOS. }}

ViPNet information protection products are widely sought after in IT infrastructure protection scenarios, automated systems of various classes, including critical ones. Expertise of InfoTeCS in the development of CIPF makes it possible to ensure effective protection of information in APCS, IIoT, M2M, ICSS, etc. Industrial cybersecurity is one of the promising areas in which we have already achieved significant results. Thanks to the integration of CIPF ViPNet and cyber immune products of Kaspersky Lab, ambitious tasks for ensuring information security in industry will be solved, - said Dmitry Gusev, Deputy General Director of InfoTeCS.

Creating an application marketplace for KasperskyOS

Kaspersky Lab creates an application marketplace for its own KasperskyOS operating system. This was reported in the Russian antivirus company in early February 2023.

According to Vedomosti, citing Dmitry Lukiyan, head of the platform solutions department based on KasperskyOS of Kaspersky Lab, the volume of investments in this project in two years will amount to about $1.5 million. According to him, the first version of the marketplace will be released in late 2023 or early 2024.

Kaspersky Lab creates an application marketplace for its own OS

Lukiyan told the newspaper that any third-party software developers will be able to create applications for him. At first, it will be possible to develop applications based on Linux, but the applications themselves will only work on KasperskyOS. In the future, developers will have to completely switch to KasperskyOS.

The first to be added to the marketplace will be the Internet of Things (IoT) gateway of Aprotech. It allows you to combine many sensors and intelligent devices and collect data from them into a single system. Other partners in this project include InfoTeCS and MyOffice. The latter, by the beginning of February 2023, is working on the development of KasperskyOS tools in terms of supporting applications with complex graphical interfaces, Pavel Kalyakin, general director of MyOffice, explained in an interview with the publication.

Kaspersky Lab plans to earn money on the application catalog precisely by selling license keys for Kaspersky Security Center.

Earlier, Kaspersky Lab launched a mechanism for creating applications for working with KasperskyOS. To do this, the application distribution infrastructure, cyber immune platforms for thin clients, IoT gateways and professional mobile devices are developing.^[3]

2022: International expansion begins

On September 20, 2022, it became known about the first case of KasperskyOS entering the foreign market. Two companies in the UAE have begun testing an operating system designed for the industrial Internet of Things (IIoT).

As KasperskyOS Business Development Director Andrei Suvorov told Vedomosti, by September 2022, Kaspersky Lab is looking for partners to implement KasperskyOS-based solutions in the META region (Middle East, Turkey, Africa), but "the most seriously advanced and sees interest" in the Gulf countries, in particular the UAE.

Kaspersky Lab first launched KasperskyOS on the international market

We have closed pilot tests of gateways for IIoT, in which two companies are participating, "he said.

According to Suvorov, the first tests took place in early February 2022, before the start of the Russian military special operation in Ukraine. Since then, the company's plans to promote KasperskyOS to international markets have not changed, he added.

Gateways for the Internet of Things - network equipment that allows you to combine many sensors and intelligent devices and collect data from them into a single system.

Market Data Forecast predicts that the global IIoT market will reach almost $900 billion by 2026. This is three times higher than in 2020. META's share in the segment will be 5%, analysts expect.^[4]

2021

Open version of KasperskyOS Community Edition

On November 19, 2021, Kaspersky Lab introduced a free version of the KasperskyOS cyberimmune operating system. Running on the Raspberry Pi 4 microcomputer, KasperskyOS Community Edition will be available to a wide range of developers.

Photo: www.ancienthistory.spb.ru

Free access to the distribution will help spread secure by design development skills and test technological ideas. The community forming around the operating system will be able to improve cyberimmune solution development practices.

The KasperskyOS special-purpose operating system is designed to create solutions based on it that are protected from any attacks - both existing and still unknown. Cyberimmune products based on this OS can be used in industry, transport infrastructure, corporate IT, as well as in other areas where there are increased requirements for cybersecurity, reliability and predictability of work.

Purpose of KasperskyOS Community Edition:

• Creating prototypes of Embedded and IoT solutions on KasperskyOS - for both test and training purposes.
• Porting applications, components, drivers.
• Study of the principles and techniques of development secure by design.

Who can use KasperskyOS Community Edition:

• Developers, primarily Embedded and IoT solutions.
• Educational institutions that study information security, and industries with increased security requirements (automation, IoT and others).

The KasperskyOS CE distribution kit is distributed as a deb package and, in addition to the OS itself, includes development tools, instructions and sample source codes. Examples demonstrate the functionality, practical use of safety patterns and the implementation of typical information security tasks with up-to-date immune practices.

KasperskyOS Community Edition can be used to create its products for non-commercial and non-industrial use. Developers who want to release commercial products based on KasperskyOS can contact Kaspersky Lab for verification of solutions and negotiations on commercial cooperation.

Kaspersky Lab allowed third-party developers to create applications for their OS

At the end of October 2021, Kaspersky Lab allowed third-party developers to create applications for its KasperskyOS operating system.

One of the first companies to adapt its software to KasperskyOS was MyOffice. He developed a document editor and mail client for the mobile version of the platform.

MyOffice adapted its applications for KasperskyOS taking into account the cyber-immune approach to security, which allowed us to focus on functionality without wasting resources on integrating information protection tools. Our software works stably in the KasperskyOS environment, "said Dmitry Komissarov, CEO of the company.

Kaspersky Lab allowed third-party developers to create applications for their OS

According to Dmitry Lukiyan, head of corporate product management based on Kaspersky OS, the operating system is being tested on devices of various form factors by the end of October 2021. Prototypes of the devices will be presented until the end of autumn, he added.

As part of the expansion of the OS capability, an application distribution infrastructure, cyber immune platforms for thin clients, IoT gateways and professional mobile devices are being created. To reduce the entry barrier, the application distribution infrastructure will be familiar to most developers, Kaspersky Lab said.

According to Grigory Sizov, head of business development for KasperskyOS-based solutions, the first cyber-moon products have previously been released on the market: in particular, in 2021, the company launched such a gateway for the industrial Internet of Things. The Internet of Things requires support for a large number of protocols that allow you to connect equipment already installed on customers. Thin customers need VPN and video conferencing support to quickly organize a remote workplace, and professional mobile devices need an office suite and VPN, he said.^[5]

2020: Integration with Skala-R VRM

On January 9, 2020, IBS announced that its joint solution with Kaspersky Lab will help protect the virtual desktop infrastructure and user devices without additional information security tools.

The security of thin clients is a common problem: standard operating systems, as a rule, are not designed to work with them and have excessive functionality. This makes access devices vulnerable and requires additional protection.

Kaspersky Lab releases an operating system designed specifically for thin clients - KasperskyOS for Thin Client.

Now it supports work with the protected VDI solution Scala-R BPM, which is designed for systems with high security requirements.

With the help of a combination of these products, the end user receives a comprehensive secure solution for accessing the virtual desktop environment based on modern Russian technologies.

The first version of the solution supports device forwarding, USB working with key media information (tokens/)smart cards , and RUTOKEN JaCarta SafeNet connects to desktops using the RDP protocol.

Integration with the central management system of Kaspersky Security Center allows you to perform tasks for updating KasperskyOS and the Scala-P VM client, as well as provides centralized management and monitoring of thin clients.

Previously, there was no specialized secure operating system on the market designed for thin clients. KasperskyOS is not another clone of Linux-like systems, but a completely different operating system written from scratch. Kaspersky Lab has made a special product on the Russian market. Having finalized our VDI solution for KasperskyOS, we ensured the protection of all layers of the IT infrastructure, including client access devices to the virtual desktop environment, noted Anton Klimov, Director of the Department for Implementation and Operation of Information Security Systems at IBS

It is important for us that there is high-quality Russian virtualization on the market and a solution for creating high-load desktops based on VDI technology. This is not the first experience of fruitful cooperation between Kaspersky Lab and Skala-R. The integration of KasperskyOS and Scala-P BPM made it possible to create an initially secure virtual workplace that provides secure storage and processing of data. said Grigory Sizov, Head of Business Development at KasperskyOS

2019

Creating a smartphone based on the system

On December 10, 2019, it became known about Kaspersky Lab's plans to release its own secure smartphone based on the KasperskyOS platform. Read more here

Launch of products into commercial operation

The first products based on the Kaspersky OS operating system will be put into commercial operation in 2020. This was announced in December 2019 by representatives of Kaspersky Lab. In particular, we are talking about the solution for the thin client KasperskyOS for Thin Client, made in partnership with Depo, and the gateway for the Internet of Things Kaspersky Secure IoT Gateway, developed in conjunction with Advantech. The latest solution, as Grigory Sizov, head of business development for KasperskyOS solutions based on Kaspersky Lab, told TAdviser, is already integrated with the main cloud infrastructures.

Starting in 2020 to be sold in Russia, both products based on KasperskyOS will then be promoted in the foreign market, Grigory Sizov told TAdviser. As of December 2019, customers of products based on KasperskyOS are single companies and government agencies. As an example, Sizov cited the Department of Information Technology of Orenburg, using a gateway for the Internet of Things.

Начав в 2020 году продаваться в Russia, products based on KasperskyOS will then be promoted in the foreign market, - said Grigory Sizov

The small number of customers of products based on KasperskyOS, as Sizov explained, is due to the fact that they have not yet entered commercial operation, as well as the fact that they are quite difficult to master. At the same time, as such, interest in their acquisition, according to Sizov, is quite high.

On the part of government agencies and state-owned companies, interest in the purchase of products based on KasperskyOS increased slightly after being included in the register of domestic software, - said Grigory Sizov

The greatest interest in purchasing products based on KasperskyOS, according to him, is shown by those organizations that are somehow associated with a critical infrastructure.

According to him, the company plans to further develop the KasperskyOS ecosystem, creating solutions for telecommunications, transport, the Internet of Things, industry, as well as large and small screens on its basis.

Thus, the prototype solution based on KasperskyOS for cars, as Sizov pointed out, will be ready for the company in 2020. However, the company will not limit itself to cars alone - it plans to create solutions based on KasperskyOS and for other areas of the transport industry.

Grigory Sizov also told TAdviser some details about the mobile operating system being created by Kaspersky Lab. According to him, it is at the testing stage, which will be completed by the end of 2020. In the event that it is successful, the operating system for mobile devices will be launched into commercial operation in 2021.

The mobile operating system is not a separate product, but, in fact, a version of the existing KasperskyOS system, Sizov said.

Client applications

Kaspersky Lab has expanded the range of use of the trusted KasperskyOS operating system, developed from scratch and guaranteeing a high level of cybersecurity due to its architecture, from IoT devices and solutions for protecting industrial systems to client applications. The unified communication platform CommuniGate Pro, which provides e-mail, voice data, SMS messages and files on the corporate network, joins the ecosystem of solutions that will work on KasperskyOS.

This project will be implemented within the framework of a technological partnership with CommuniGate Systems and will expand the portfolio of trusted business applications that implement the principle of digital immunity and run on the KasperskyOS operating system.

Entry into the register of Russian software

At the end of June 2019, it became known that KasperskyOS was included in the register of Russian software, which is maintained by the Ministry of Telecom and Mass Communications.

The Kaspersky Lab product was included in the software classes, which are designated in the order of the Ministry of Communications as operating systems, BIOS (a set of firmware that are responsible for the operation of computer components and are loaded immediately after it is turned on), built-in software for telecommunications equipment and other software.

Kaspersky Lab OS entered the registry of domestic software

KasperskyOS is designed for corporate information systems, special-purpose computer systems, the Internet of Things, smart power systems, industrial systems, telecommunications, transport systems.

As a representative of Kaspersky Lab told Vedomosti, the company wanted to expand the network of customers and partners, so it applied for inclusion in the register. Now the antivirus manufacturer intends to cooperate with Russian equipment and software manufacturers to meet the requirements of state programs and the market and help build the Russian software and hardware ecosystem, he said.

The founder and general director of Kaspersky Lab, Yevgeny Kaspersky, in a conversation with the publication, called KasperskyOS a secure operating system, where all applications work in isolation and each application has a trusted operating script.

Earlier in 2019, Kaspersky Lab showed all its developments, including the operating system, Deputy Prime Minister Maxim Akimov.

By the end of June 2019, Kaspersky Lab was working on the possibility of launching its OS on smartphones. If the company launches a mobile operating system, it will not be necessary to re-enter it into the registry, Andrei Dukhvalov, head of the advanced technologies department at Kaspersky Lab, told Vedomosti.^[6]

2017: Global Announcement

In February 2017, Kaspersky Lab announced the global launch of its secure KasperskyOS operating system for industrial systems, embedded devices and the Internet of Things.

In August last year, the company made a "trial release"; it was announced that the first routers of the Russian company Kraftway based on the new operating system were launched. Now a full commercial release has been made, and the product is available to customers around the world.

As explained in the blog of the head of the company Yevgeny Kaspersky, in fact, Kaspersky Lab has released three different products at once: an independent operating system, a separate secure hypervisor for virtualization systems and a system that provides protection when individual components of the operating system interact - Kaspersky Security System. The commercial release of KSS took place back in February 2015. At the same time, it was announced that the German company SYSGO licensed KSS for use with its own secure industrial operating system PikeOS.

A characteristic feature of KasperskyOS is its open architecture: the source code is available to everyone for analysis. According to the developers, KasperskyOS does not collect or transfer anywhere "to the side" any data about the systems on which it runs. The OS is devoid of any undocumented functions.

Contrary to popular speculation, KasperskyOS has nothing to do with Linux or any other open operating systems.

Not a single line of Linux code, the company said.

The system is not intended for the mass market, and will not be distributed in a "boxed" format. It is planned to be delivered on specific orders with adaptation for customer systems.^[7]

2016

Entering the Russian market

On August 18, 2016, Kaspersky Lab announced the launch on the Russian market of a software product - KasperskyOS - an operating system for elements of engineering and industrial infrastructure.

Referring to the architecture features and purpose of KasperskyOS, the company guarantees a high level of its information security. The basic principle of the OS boils down to the rule "everything that is not allowed is prohibited." This helps to eliminate the possibility of exploiting known vulnerabilities and those that will be discovered in the future. At the same time, the system is extremely flexible and all security policies, including prohibitions on the execution of certain processes and actions, are configured in accordance with the needs of the consumer organization.

The KasperskyOS operating system does not replace the existing widely used operating systems used on user computers or servers. It has other tasks and another principle of operation - the security of applications in this OS is determined by checking and approving their behavior. Any communication between KasperskyOS software modules is guaranteed to pass through the system microkernel, which contains means for calculating security verdicts in accordance with the specified security policy, allowing or prohibiting each specific action on the part of the application.

The company is considering the possibility of using KasperskyOS in industrial systems, in particular in APCS, in telecommunications equipment, in medical devices, in cars and other gadgets from the world of the "Internet of Things" - for example, in video cameras that record, recognize objects and faces, store and classify information.

The solution will be delivered as pre-installed software on various types of equipment used in industrial and corporate networks. According to the company's statement, the Kaspersky Lab OS is embedded in the L3 level routing switch developed by Kraftway.

Andrey Dukhvalov - Architecture and implementation of KasperskyOS, (2016)

Kraftway is the first customer

In August 2016, it became known that Kraftway will become the first user of the Kaspersky Lab operating system. The Russian manufacturer of IT equipment will install KasperskyOS in its routers. Read more here.

2015: Finalization

At the end of February 2015, Kaspersky Lab announced the launch of its new solution - Kaspersky Security System (KSS), designed to ensure the protection of various information systems with increased cybersecurity requirements: from ERP and electronic document management to smart power grids, critical infrastructure management systems.

The brochure for it indicates that the new solution has "grown" from the development of KasperskyOS, Kaspersky Lab's own operating system, and can run on this OS, as well as PikeOS and Linux.

Andrey Nikishin, Special Projects Director of the Advanced Development Department of Kaspersky Lab, told TAdviser that as of the beginning of 2015, the development of the main components of KasperskyOS had been completed. It is planned to supply the OS in conjunction with KSS:

"Kaspersky Security System is one of the main elements of KasperskyOS, and selling it without KSS is like selling a car without an engine," Nikishin explained.

He added that the company continues to increase the functionality of its secure OS.

As of the beginning of 2015, the development of the main components of KasperskyOS was completed, but Kaspersky Lab continues to increase its functionality

As part of the development of a secure OS, Kaspersky Lab works with potential customers, conducts research on threats, possible vectors of cyber attacks. In addition, since a secure OS is a highly specialized solution, it is adapted for each specific customer, carefully integrating the hardware and software, says Andrey Nikishin.

"In addition, you need to undergo training in order to write applications for KasperskyOS correctly. Without correctly written software, you cannot achieve a high level of security for the entire system as a whole, - summed up the director of special projects of the advanced development department of Kaspersky Lab. - That is why you can neither download the distribution kit or SDK, nor buy the OS itself in the store. If you have a task, there is a hardware platform, then come - we will discuss. "

Speaking about the key parameters of KasperskyOS, Andrey Nikishin explained that this is not a replacement for existing desktop operating systems such as Windows, Linux, MAC, which are designed for workstations and end-user servers: "These operating systems, in our opinion, provide insufficient security guarantees for the applications we focus on, especially in the context of the development of modern threats."

Our secure OS is designed for solutions in which security is a top priority and which have the possibility or non-zero probability of information exchange with external networks, such as the Internet. The main principle of operation of a secure OS is the impossibility of functioning of undeclared properties of software. Any communications between the secure OS modules pass through the micro-core of the OS, which is connected to the security server. The latter provides a security verdict for any action and based on this verdict, the kernel either allows or blocks communication. At the same time, the security policy and model is customized for the needs of the client and, moreover, can change.

Andrei Nikishin explained that as a result, any software will be able to perform only those functions for which it is intended. This approach allows you not to be afraid of vulnerabilities - if an application has some kind of vulnerability, then it will not be able to affect the work of other programs and the system as a whole, since it can only perform the actions that it is allowed to do, he said.

2013: Testing

In December 2012, it became known that the protected industrial OS of Kaspersky Lab entered the beta testing stage^[8]. According to company representatives, several trusted partners of Kaspersky Lab have received developer packages (SDKs) of the system and, in addition to testing itself, are writing utility programs for it, including industrial controller drivers.

The names of these partners were not announced in the company, however, they noted that these are domestic integrators, which are simultaneously partners of a foreign APCS supplier .

At the same time, it became known that the protected Kaspersky OS was written "from scratch": it does not use any previously existing code, including the Linux kernel and other open systems. The operating system is based on a microkernel architecture, and mainly supports the POSIX standard (Portable Operating System Interface for Unix, portable interface operating systems Unix).

2012: First facts about the new OS

The fact that Kaspersky Lab is developing its own operating system became known in the summer of 2012, when the company posted vacancies on the HeadHunter resource related to the development of a new protected OS. From their description it followed that the company has been working in this area for quite a long time.

Later, in the fall of 2012, information about the ongoing development was confirmed on its website by the founder of Kaspersky Lab, Evgeny Kaspersky. According to him, the new OS is intended for use in industrial systems.

In 2012, Evgeny Kaspersky revealed some details about the OS being developed

The company began developing its own OS based on the idea of ​ ​ weak security of modern industrial IT systems. The company's goal is to create a secure OS on which ICS systems will "spin," which can be built into the existing infrastructure that controls the "health" of existing systems and guarantees the receipt of reliable information, Kaspersky explained.

"Our system is highly specialized, it is developed to solve a specific problem, and is not designed to play Half-Life, edit videos or communicate on social networks. We are working on a method of writing software that, in principle, (by design) will not be able to perform undeclared functionality in it. This point is the most important: the impossibility of executing third-party code, hacking a system or programs in our project is a thing that is proven and verified, "he wrote about the new system on his website

Customers

Testing at FIU

First Deputy Director of the Interregional Information Center of the Pension Fund of the Russian Federation (MIC PFR) Sergey Gotsutsov at the TAdviser conference "Import Substitution 2018: Real Experience," held on February 14, spoke about a pilot project using the protected operating system KasperskyOS to create secure thin clients in the VDI infrastructure. As part of the project, the solution is tested at several terminals.

Kaspersky Secure Hypervisor implements several containers on either a thin client or a standard AWS, which are divided among themselves, and controls the exchange of data between all containers and between the container and the outside world. In the FIU pilot project, a trusted guest OS is deployed in one container, and in another, an untrusted one, with which the end user works. All the tools on which the security of the end workplace depends are located in a trusted OS, including antivirus. The second OS does not contain any. In the case of the FIU, the untrusted guest OS in the pilot is Windows 7. More information about the project is here.

Notes