Академический Документы
Профессиональный Документы
Культура Документы
EMBEDDED
AND IoT SECURITY:
KASPERSKY
OPERATING SYSTEM
THE INTERNET OF THINGS
42.1 BILLION
2018
22.9 BILLION
2015
18.2 BILLION
BILLIONS OF DEVICES
30
2014
20
11.2 BILLION
2012
8.7 BILLION
2009
10
IoT INCEPTION
1992 2003
20
90 92 94 96 98 00 02 04 06 08 10 12 14 16 18
YEAR
2 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
RICH IoT DEVICES ARE THE MOST VULNERABLE
Remote Server
Gateway(s)
Business Data
Analysis
Sensor & Actuator Processing Communication
3 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
IoT ATTACKS
MIRAI
Mirai was initially discovered in August and its name comes from
the discovered binaries called mirai.(). It is an ELF Linux
executable and focuses mainly on DVRs,
routers, web IP cameras, Linux servers, and other devices that
are running Busybox, a common tool for IoT embedded devices.
BASHLITE
4 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
THE MAIN PROBLEM OF IoT FROM A CYBER SECURITY POINT OF VIEW
VULNERABILITIES
Human mistakes
Use of 3rd party software
and libraries
Software Complexity
(Number of lines of code
increasing dramatically)
INSECURE DESIGN
Time to market pressure
INSECURITY OF CONVENTIONAL
OPERATING SYSTEMS
5 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
WHY CONVENTIONAL OPERATING SYSTEMS ARE NON SECURE
Interactive user
Monolithic system where any
module can call any other
Driver Interface
whole system with the help of only Monolithic Kernel Module
Device Driver
one vulnerability
Process Management
Poor security settings due to Memory Management
various reasons (lack of expertise, File Management
laziness, lack of time) Device Mgmt Infrastructure
Device Driver
Microkernel based
8 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
SPECIFIC REQUIREMENTS FOR EMBEDDED OPERATION SYSTEMS
9 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
KASPERSKYOS // OVERVIEW
MILS architecture
Domain separation/isolation
Flexible internal
communications control via
Kaspersky Security System
(KSS)
10 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
KASPERSKYOS // SPECIFICATIONS
MILS architecture
11 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
KASPERSKYOS - TRUSTED. FLEXIBLE. SECURE.
12 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
BENEFITS OF KASPERSKYOS
13 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
KASPERSKYOS IMPLEMENTATIONS
14 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
TECHNOLOGIES THAT ARE FIT FOR EVERY PURPOSE
TO SECURE EMBEDDED SYSTEMS
Level of control
15 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
TECHNOLOGIES THAT ARE FIT FOR EVERY PURPOSE
TO SECURE EMBEDDED SYSTEMS
Good level of
Most secure
Requires
solution (all components
security (isolation of
are isolated and controlled)
re/development Kaspersky
VMs and critical
some critical OS
functions, limited
Requires rethinking
Amount of extra work
Level of control
16 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
TECHNOLOGIES THAT ARE FIT FOR EVERY PURPOSE
TO SECURE EMBEDDED SYSTEMS
Good level of
security (isolation of
Linux level
Good containers,
of
Most secure
Requires
solution (all components control only inter of
security (isolation
are isolated and controlled)
re/development Kaspersky container
VMs and critical
some critical OS communications)
functions, limited
Requires rethinking
Amount of extra work
19 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
USE CASES TELECOM EQUIPMENT
KASPERSKYOS
Trusted platform
Secure by design:
Secure boot ensures integrity
of OS and applications
Security Domain 2 Security Domain 4
Isolation of every single Web server Telnet
module
Security Domain 3 Security Domain 5
SSH Storage
Minimize impact of
vulnerabilities, malware Security Domain 1
Network Stack
protection KasperskyOS
uCore + KSS
Security Domain 0
Protection of sensitive data Network Driver
(i.e. encryption keys)
20 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
USE CASES IoT
KASPERSKYOS
Secure by design system (the only way to secure IoT devices)
Isolation of every single module
Minimize the impact of vulnerabilities
Protection of sensitive data (i.e. encryption keys,
users data, secure storage)
Secure boot
EXAMPLE
Connected to the Internet and powerful enough
(not MCU based) devices like:
1. Smart CCTV cameras (processes images on a
device and sends processed data to a server)
21 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
USE CASES CONNECTED CARS
22 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
USE CASES ENDPOINTS
23 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
USE CASES NETWORK EQUIPMENT
VPN appliances
UTMs
24 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
USE CASES POS TERMINALS
Bring security sensitive functions to the Security Service, for example: unable to modify
Untrusted application
Dealing with credit cards (protection of CC
data read from a card)) Sensitive data
Trusted code
Bank communications
25 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
USE CASES LINUX SECURITY ENHANCEMENT
Use cases:
Secure remote device updates & reconfiguration
IoT equipment
26 Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System
QUESTIONS?
Kaspersky OS
Securing Embedded Communications