Kaspersky releases secure IoT operating system for developers

The lack of security in the number of Internet of Things (IoT) devices is increasingly worrying to CISOs trying to protect corporate networks, particularly after the distributed denial of service attacks marshalled last year by the Mirai botnet.

So developers and manufacturers of IoT devices will be interested in the release announced Monday of KasperskyOS, which the namesake company calls a secure operating system for network devices, industrial control systems, and the IoT.

“Our OS is not an out-of-the-box product; it’s a project offering,” company CEO Eugene Kaspersky said in a blog. “We’re not selling a boxed solution with a cure-all for everyone. Instead, we collaborate with vendors and developers who provide, say, networking equipment, industrial automation systems, automotive solutions, even smart fridges. We provide the code and help configure the system based on their requirements.”

Because solutions are customized he didn’t cite a price.

While he doesn’t claim the OS cannot be hacked, Kaspersky says security is enhanced because the OS does only what it’s instructed to do; it can’t do anything else. Developers can look at the source code and immediately see if anything has been added that they don’t want. The kernel does not transmit data, the company says, and the microkernel “has practically nothing in it. All drivers are kept isolated. So to pass any data, one has to write another piece of code. It will be seen quite clearly — you don’t even have to look at the source code to see it. All of this is written in security policies. And the customer will always be able to audit those policies, regardless of the code. If the policies contain no instructions to send data, the system doesn’t do it.”

The OS is made up of three components: An OS (KOS), a standalone secure hypervisor (KSH), and a dedicated system for secure interaction among OS components (KSS). Developers can licence any of them for the purpose they need. For example, the blog says, a German company licensed KSS for its own operating system. The blog says some vendors are interested only in the KSH hypervisor, which lets them securely run existing applications without modification.

“At first glance this is a positive development as it reaffirms how many vendors are working to improve IoT security,” Forrester Research security analyst Merritt Maxim said in an email. “There will likely never be one solution/product that solves IoT security but a secure OS  is another tool available for organizations and developers to help secure IoT from cyber attacks.”

The solution is one that developers should consider when designing new network devices. Unfortunately, it won’t help fix the millions of unpatched and insecure devices already on the Internet. It will be a while before they are retired. Meanwhile such devices will continue to be a menace.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now