KasperskyOS Product Presentation Eng

THE FUTURE OF
EMBEDDED
AND IoT SECURITY:
KASPERSKY
OPERATING SYSTEM
THE INTERNET OF THINGS
AN EXPLOSION OF CONNECTED 2020

POSSIBILITIES 50.1 BILLION
50 2019
42.1 BILLION
2018
34.8 BILLION 2017

40
28.4 BILLION
2016
22.9 BILLION
2015
18.2 BILLION
BILLIONS OF DEVICES
30
2014
14.4 BILLION 2013
20
11.2 BILLION
2012
8.7 BILLION
2009
10
IoT INCEPTION
1992 2003
1,000,000 0.5 BILLION

0
20
90 92 94 96 98 00 02 04 06 08 10 12 14 16 18
YEAR
2 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
RICH IoT DEVICES ARE THE MOST VULNERABLE
Things Local Network The Internet Back-End Services
Remote Server
Gateway(s)
User access and

Wired/wireless control
Power line
BAN, PAN, LAN
Business Data
Analysis
Sensor & Actuator Processing Communication
IoT ATTACKS
MIRAI
Mirai was initially discovered in August and its name comes from
the discovered binaries called mirai.(). It is an ELF Linux
executable and focuses mainly on DVRs,
routers, web IP cameras, Linux servers, and other devices that
are running Busybox, a common tool for IoT embedded devices.
BASHLITE
Infects Linux systems in order to launch distributed denial-of-

service attacks (DDoS). In 2014 BASHLITE exploited the
Shellshock software bug to exploit devices running BusyBox.
In 2016 it was reported that one million devices have been
infected with BASHLITE.
THE MAIN PROBLEM OF IoT FROM A CYBER SECURITY POINT OF VIEW
VULNERABILITIES
Human mistakes
Use of 3rd party software
and libraries
Software Complexity
(Number of lines of code
increasing dramatically)
INSECURE DESIGN
Time to market pressure
INSECURITY OF CONVENTIONAL
OPERATING SYSTEMS
WHY CONVENTIONAL OPERATING SYSTEMS ARE NON SECURE
Interactive user
Monolithic system where any
module can call any other
By exploiting the arbitrary code

execution vulnerability it is possible
to call any other module,
regardless of security settings Libraries Commands Application
Programs
Uncontrolled use of 3rd party OS System Call Interface
libraries
Device Driver Trap Table
Adversaries can get control over a
Driver Interface
whole system with the help of only Monolithic Kernel Module
Device Driver
one vulnerability
Process Management
Poor security settings due to Memory Management
various reasons (lack of expertise, File Management
laziness, lack of time) Device Mgmt Infrastructure
Device Driver
Big attack surface

HOW WE SECURE
EMBEDDED SYSTEMS
HOW TO FIX THE PROBLEM
Make an environment that simply won't allow

the program to perform undeclared functions
and prevent the exploitation of vulnerabilities.
THE MAIN PRINCIPLES OF SECURE OS

Secure by design system
MILS with reference monitor approach
Microkernel based
Meets specific requirements for embedded systems
SPECIFIC REQUIREMENTS FOR EMBEDDED OPERATION SYSTEMS
SMALL SIZE AND MINIMUM STABLE WORK EVEN

RESOURCE USAGE UNDER ATTACK
Most embedded systems One has to think about
use limited hardware possible threats and threat
recourses (RAM, ROM, vectors in advance
CPU)
OUT OF THE BOX COMPLIANCE WITH

SECURITY INDUSTRY STANDARDS
Most embedded systems have A system has to be designed
(almost) unique security and developed in accordance
requirements. It is necessary to industrial safety and security
to reduce time to market and standards.
reduce the efforts that need to
be put into security settings
KASPERSKYOS // OVERVIEW
Designed for embedded connected systems with

specific requirements for cyber security
Based on the separation kernel which guarantees

the control of all internal system communications
The behavior of every module is pre described via

security policies
MILS architecture
Domain separation/isolation
Flexible internal
communications control via
Kaspersky Security System
(KSS)
KASPERSKYOS // SPECIFICATIONS
Microkernel based OS from the in-house

development team at Kaspersky Lab
Static security configuration
MILS architecture
Separate business applications from security

(easier to develop and support, decrease time to
market, increase security and safety)
Maximum level of control due to minimum security

domains granularity (every single module/driver
could be set as security domain)
POSIX API compatible (well 98% of the API)
Runs on Intel x86, x64 and ARM (v6, v7, v8)
KASPERSKYOS - TRUSTED. FLEXIBLE. SECURE.
TRUSTED FLEXIBLE SECURE

KasperskyOS is the foundation Set any type of security policy Due to separation, functional
from which to build a trusted and combine different types of code and security can be worked
platform it will not allow policies. on in parallel. This saves time to
untrusted/ malicious/ market without sacrificing
undocumented code to run, due Use one OS for different anything.
to strict security policies appliances saving time on
education and implementation Improve safety because of strict
security policies that describe the
behaviour of a system
BENEFITS OF KASPERSKYOS
INHERENT SECURITY VERSATILE MODULAR

ARCHITECTURE
KasperskyOS is an operating Building the system based on
system that is secure by design loosely coupled modules helps to
and we intend to keep it that way minimize the amount of trusted
by using the best practices of code and tailor each solution to
software development the customers specific needs
FLEXIBLE SECURITY SEPARATION OF APPLICATION

CONFIGURATION FEATURES FROM SECURITY
Well-designed configuration tools FUNCTIONS
make it easy to create declarative The security architecture is designed
rule definitions and combinations of to separate security functions from
rules to control interactions in the application business logic, making
system both configuring security policies and
developing applications easier
KASPERSKYOS IMPLEMENTATIONS
Our technologies help developers and

manufacturers of complex embedded systems to
secure their future revenue by minimizing the risks
associated with cyber incidents and malicious
software.
We have developed a set of products that suit

different client needs and follow the same security
principles (separation and isolation of security
domains and strict control of inter domain
communications):
KasperskyOS
Kaspersky Secure Hypervisor
Kaspersky Security System for

Linux
TECHNOLOGIES THAT ARE FIT FOR EVERY PURPOSE
TO SECURE EMBEDDED SYSTEMS
Most secure solution (all components

are isolated and controlled) Kaspersky
OS
Requires rethinking and redevelopment
Amount of extra work
of architecture of every component
Requires (at least) porting of applications

or complete rewriting of them
Limited support of hardware

(embedded systems only)
Level of control
Good level of
Most secure
Requires
solution (all components
security (isolation of
are isolated and controlled)
re/development Kaspersky
VMs and critical
some critical OS
functions, limited
Requires rethinking
functions and redevelopment

Kaspersky control of
of architecture of every component
Secure communications)
Wide range of
Hypervisor
Requires (at least) porting
hardware of applications
supported
Requires rethinking
or complete (not
rewriting
only of them
embedded
and redeveloping of
systems)
applications
architecture only
(embedded systems only)
Level of control
Good level of
security (isolation of
Linux level
Good containers,
of
Most secure
Requires
solution (all components control only inter of
security (isolation
are isolated and controlled)
re/development Kaspersky container
VMs and critical
some critical OS communications)
functions, limited
Requires rethinking
functions and redevelopment

Kaspersky control of
of architecture of every component communications)
Only requires the
Secure
Wide range of rethink and
Hypervisor
Requires (at least) porting
hardware of applications
supported redevelopment of
KSS for rewriting of them Requires rethinking
or complete (not only embedded application
Linux and redeveloping of
systems) architecture
applications
architecture only
(embedded systems only) Requires minimum
re/development
Level of control
Runs on virtually
all Linux systems
with container
support
KASPERSKYOS SECURE HYPERVISOR KSS FOR LINUX

Most secure solution (all Good level of security Good level of security
components are isolated and (isolation of VMs and critical (isolation of Linux containers,
controlled) functions, limited control of controls only inter container
communications) communications)
Requires the rethinking and
redevelopment of the Only requires the rethinking Only requires the rethinking
architecture of every and redevelopment of and redevelopment of
component application architecture application architecture
Requires (at least) the porting Requires re/development of Requires minimum
of applications or their some critical functions re/development
complete rewrite
Wide range of hardware Runs on virtually all Linux
Limited support of hardware supported (not only embedded systems with container
(embedded systems only) systems) support
USE CASES
Telecoms IoT and Connected

and Network Industrial IoT Cars
Equipment
Endpoints POS Linux Systems

Terminals Security
Enhancement
USE CASES TELECOM EQUIPMENT
KASPERSKYOS
Trusted platform
Secure by design:
Secure boot ensures integrity
of OS and applications
Security Domain 2 Security Domain 4
Isolation of every single Web server Telnet
module
Security Domain 3 Security Domain 5
SSH Storage
Minimize impact of
vulnerabilities, malware Security Domain 1
Network Stack
protection KasperskyOS
uCore + KSS
Security Domain 0
Protection of sensitive data Network Driver
(i.e. encryption keys)
Network Routers & switches, Request for security

verdict to allow this
Firewalls, VPN Internet domain to send
datagram to another
domain
USE CASES IoT
KASPERSKYOS
Secure by design system (the only way to secure IoT devices)
Isolation of every single module
Minimize the impact of vulnerabilities
Protection of sensitive data (i.e. encryption keys,
users data, secure storage)
Secure boot
EXAMPLE
Connected to the Internet and powerful enough
(not MCU based) devices like:
1. Smart CCTV cameras (processes images on a
device and sends processed data to a server)
2. Smart hubs (all sensors and end devices connect to

these)
USE CASES CONNECTED CARS
KASPERSKY SECURE HYPERVISOR
Secure by design system

Isolation of infotainment from safety critical system
(advanced driver assistance systems, AUTOSAR)
Minimize impact of vulnerabilities in every domain
Protection of sensitive data (i.e. encryption keys, logs,

telematics data) from unauthorized access
Secure boot and protection against the unauthorized

modification of firmware and software (i.e. malware
infection, and unauthorized modifications)
Can be used in central gateway, head unit or specific ECUs
USE CASES ENDPOINTS

Two virtual machines Trusted domain Untrusted domain Trusted domain
First one with access to sensitive data (internal
Administrative
domain) service
Application SSL/TLS Certificate storage
Second one with access to the Internet and

access
to public services (external domain)
No or limited and controlled data
exchange between VMs
Integrity checking of software
Trusted boot
Bootkit and rootkit protection
Control of access to external devices Access service Give permissions
Reduce TCO (need one PC instead of two)
Request
o Truly said this is not ordinary PC. handshake
It has to have 2 network cards
and 2 HDDs
USE CASES NETWORK EQUIPMENT
Secure storage for encryption keys (can

be protected from the access of
unauthorized software and hardware)
Separation of functional modules like web

anti-virus, content filtering, mail anti-virus,
cloud storage (can be sold separately
with different licenses)
VPN appliances
UTMs
USE CASES POS TERMINALS

Domain
Bring security sensitive functions to the Security Service, for example: unable to modify
Untrusted application
Dealing with credit cards (protection of CC
data read from a card)) Sensitive data
Trusted code
Bank communications
Secure storage (audit, securely sending trusted

data to management or regulator)
protect
POS software integrity checking memory
pages
Memory protection
Helps with PA DSS compliance feature
USE CASES LINUX SECURITY ENHANCEMENT
KASPERSKY SECURITY SYSTEM
Use cases:
Secure remote device updates & reconfiguration
Separation of duties between components and

remote agents (like OEMs and consumers)
Sandboxing untrusted components
In-depth system hardening with enforced security

properties on inter components communications
PLCs / Industrial IoT devices
IoT equipment
QUESTIONS?
Kaspersky OS
Securing Embedded Communications

KasperskyOS Product Presentation Eng

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

KasperskyOS Product Presentation Eng

Загружено:

Авторское право:

Доступные форматы

THE FUTURE OF

AN EXPLOSION OF CONNECTED 2020

34.8 BILLION 2017

14.4 BILLION 2013

1,000,000 0.5 BILLION

Things Local Network The Internet Back-End Services

User access and

Infects Linux systems in order to launch distributed denial-of-

By exploiting the arbitrary code

Big attack surface

Make an environment that simply won't allow

THE MAIN PRINCIPLES OF SECURE OS

MILS with reference monitor approach

Meets specific requirements for embedded systems

SMALL SIZE AND MINIMUM STABLE WORK EVEN

OUT OF THE BOX COMPLIANCE WITH

Designed for embedded connected systems with

Based on the separation kernel which guarantees

The behavior of every module is pre described via

Microkernel based OS from the in-house

Static security configuration

Separate business applications from security

Maximum level of control due to minimum security

POSIX API compatible (well 98% of the API)

Runs on Intel x86, x64 and ARM (v6, v7, v8)

TRUSTED FLEXIBLE SECURE

INHERENT SECURITY VERSATILE MODULAR

FLEXIBLE SECURITY SEPARATION OF APPLICATION

Our technologies help developers and

We have developed a set of products that suit

Kaspersky Secure Hypervisor

Kaspersky Security System for

Most secure solution (all components

of architecture of every component

Requires (at least) porting of applications

Limited support of hardware

functions and redevelopment

functions and redevelopment

KASPERSKYOS SECURE HYPERVISOR KSS FOR LINUX

Telecoms IoT and Connected

Endpoints POS Linux Systems

Network Routers & switches, Request for security

2. Smart hubs (all sensors and end devices connect to

KASPERSKY SECURE HYPERVISOR

Secure by design system

Minimize impact of vulnerabilities in every domain

Protection of sensitive data (i.e. encryption keys, logs,

Secure boot and protection against the unauthorized

Can be used in central gateway, head unit or specific ECUs

KASPERSKY SECURE HYPERVISOR

Second one with access to the Internet and

KASPERSKY SECURE HYPERVISOR

Secure storage for encryption keys (can

Separation of functional modules like web

KASPERSKY SECURE HYPERVISOR

Secure storage (audit, securely sending trusted

Kaspersky Secure Hypervisor

KASPERSKY SECURITY SYSTEM

Separation of duties between components and

Sandboxing untrusted components

In-depth system hardening with enforced security

PLCs / Industrial IoT devices

Вам также может понравиться