Skip to main content

Kaspersky to Build Secure OS

Kaspersky recently confirmed the rumours that they are creating a new, built from scratch, secure operating system for the Industrial Control Systems (ICS) market.  Kaspersky argue that the well known issues with ICS, such as the Stuxnet, Duqu and Flame infections, have prompted them to re-evaluate the security of critical infrastructure type environments.  The conclusion was that a new, independently developed operating system, built using secure principles is the way forward.

The main issue with ICS environments is the fact they nearly always require 24 x 7 x 365 up time.  Not the usual 5-nines availability for critical or data storage or web apps.  These environments cannot be stopped.  Think oil pumps, water extraction systems, electricity production plants, gas transportation systems and so on.  It's not really a case of finishing at 6pm, doing a few hours patching and updating, testing and ready for the 8am login rush.  Those sorts of outage windows simply don't exist. This makes management of such environments difficult and has often lead in the past to legacy systems, often un-patched, performing critical services, simply because the downtime to replace or improve them is too great.  Introduce the likes of Stuxnet into the equation and you can see the opportunity for malware is too great to ignore.



The scenario of SCADA and ICS systems becoming active targets is increasing.  Not only are there potential nation-state sponsored cyber-war style attacks, but also the general cases of disgruntled employees and malicious and non-malicious negligence are common.

So whilst a new operating system could help, why hasn't this been done before?  Microsoft, Apple and Linux have distributed operating systems for 25 plus years, but still their vulnerabilities are exploited daily.  Kaspersky argue that a new OS would need to be so singularly focused, there has been either no business or technical incentive in the past for one to be completed.  They also make the interesting point that a new OS would need to be developed independently of any previous code and to incorporate all the latest and greatest the security world has to offer.

This makes another interesting discussion point.  Security isn't new.  It's not as if all the security products in the market place today, with their new frameworks, approaches and standards, have all simply been created since Y2K and if we implement every single one, they will be no data breaches or exposures.

The 1975 reference paper 'Secure Design Principles' by Saltzer and Schroeder, makes several statements that even in 2012 still stand the test of time:


  • Economy of mechanism: Keep the design as simple and small as possible.
  • Fail-safe defaults: Base access decisions on permission rather than exclusion.
  • Complete mediation: Every access to every object must be checked for authority.
  • Open design: The design should not be secret.
  • Separation of privilege: It’s safer if it takes two parties to agree to launch a missile than if one can do it alone.
  • Least privilege: Operate with the minimal set of powers needed to get the job done.
  • Least common mechanism: Minimize subsystems shared between or relied upon by mutually distrusting users.
  • Psychological acceptability: Design security systems for ease of use.


If all points are applied to even the smallest of coding project or piece of business process, the security posture of an environment would be greatly increased.  Small and simple design is an obvious one, which should be applied to any number of challenges in life.

Open design is another powerful aspect, often cited as the argument for general open source software. If the source code if freely available, the number of potential reviewers and bug fixers, out numbers any risks associated with adversaries seeing the code.  This can also be applied to the basic recommendations surrounding cryptographic algorithms - choose an existing one that has had many years of both cryptanalyst attack work and adversarial cracking done against it.  The main features of access control list management are all still sound.  Use of separation of duty constraints are common in many role based access control framework products off the shelf and least privilege is built into many operating systems by default.

Psychological acceptability is an interesting concept, which still brings up discussions to this day.  If security becomes too complex, inhibits end user productivity or convenience, it simply wont be implemented, resulting in less security not more.  The outcome to strive for, is to either make security easily implementable, make security embedded into the product or process so it's there by default or make security entirely transparent - it's there, but it has zero impact on productivity.

The last few years has seen several opportunities for new operating systems, for things like smart phones and set top boxes.  Whilst many rely heavily on what has gone before, they were a good opportunity to implement some of the basic key principles from Saltzer and Schroeder.

It will be interesting to see the results of the Kaspersky offering that hopefully will solve many of the basic security issues still being faced.

@SimonMoffatt

Popular posts from this blog

Customer Data: Convenience versus Security

Organisations in both the public and private sector are initiating programmes of work to convert previously physical or offline services, into more digital, on line and automated offerings.  This could include things like automated car tax purchase, through to insurance policy management and electricity meter reading submission and reporting.

Digitization versus Security

This move towards a more on line user experience, brings together several differing forces.  Firstly the driver for end user convenience and service improvement, against the requirements of data security and privacy.  Which should win?  There clearly needs to be a balance of security against service improvement.  Excessive and prohibitive security controls would result in a complex and often poor user experience, ultimately resulting in fewer users.  On the other hand, poorly defined security architectures, lead to data loss, with the impact for personal exposure and brand damage.

Top 5 Security Predictions for 2016

It's that time of year again, when the retrospective and predictive blogs come out of the closet, just before the Christmas festivities begin.  This time last year, the 2015 predictions were an interesting selection of both consumer and enterprise challenges, with a focus on:


Customer Identity ManagementThe start of IoT security awarenessReduced Passwords on MobileConsumer PrivacyCloud Single Sign On
In retrospect, a pretty accurate and ongoing list.  Consumer related identity (cIAM) is hot on most organisation's lips, and whilst the password hasn't died (and probably never will) there are more people using things like swipe login and finger print authentication than ever before.

But what will 2016 bring?


Mobile Payments to be Default for Consumers

2015 has seen the rise in things like Apple Pay and Samsung Pay hitting the consumer high street with venom.  Many retail outlets now provide the ability to "tap and pay" using a mobile device, with many banks also offer…

Online-ification: The Role of Identity

The Wikipedia entry for Digital Transformation, "refers to the changes associated with the application of digital technology in all aspects of human society".  That is a pretty broad statement.

An increased digital presence however, is being felt across all lines of both public and private sector initiatives, reaching everything from being able to pay your car tax on line, through to being able to order a taxi based on your current location.  This increased focus on the 'online-ification' of services and content, drives a need for a loosely coupled and strong view of an individual or thing based digital identity.