Kaspersky has launched new KasperskyOS to overcome the security issues faced by many IoT devices. So manufacturers and developers of the IoT devices have come up with this OS that is also called as secured OS for network devices, IoT and control systems.
CEO of Eugene Kaspersky said in his blog that ”Our OS is not an out-of-the-box product; it’s a project offering.” He also told that “We’re not selling a boxed solution with a cure-all for everyone. Instead, we collaborate with vendors and developers who provide, say, networking equipment, industrial automation systems, automotive solutions, even smart fridges. We provide the code and help configure the system based on their requirements.”
While he does not guarantee that this OS cannot be hacked. Kaspersky told that security is upgraded because the OS is built in such way that it only follows the instructions given by the developer, it cannot do anything else without instructions. Now developers can look into the source code and instantly check if anything that is added is no more required. The data transmission is not done by the kernel.
The Company also told that Microkernel ”has practically nothing in it. All drivers are kept isolated. So to pass any data, one has to write another piece of code. It will be seen quite clearly — you don’t even have to look at the source code to see it. All of this is written in security policies. And the customer will always be able to audit those policies, regardless of the code. If the policies contain no instructions to send data, the system doesn’t do it.”
This OS is basically made up of 3 components: A standalone secure hypervisor (KSH), a dedicated system for secure interaction among OS components (KSS) and an OS (KOS). Based on the requirement developers can license any of them.For example, one of the blog says, a german organization licensed only KSS for their own OS. The blog also says that if some vendors are interested only in KSH hypervisor, that allows them to run the existing applications without any alterations.
“At first glance, this is a positive development as it reaffirms how many vendors are working to improve IoT security,” Forrester Research security analyst Merritt Maxim said in an email. “There will likely never be one solution/product that solves IoT security but a secure OS is another tool available for organizations and developers to help secure IoT from cyber attacks.”
If a developer is designing a new network device then this solution can be implemented. Unfortunately, it does not help in solving millions of existing devices that are already present on the Internet. So these existing devices continue to create problems.