And now, boys and girls, woo-hoo! Today is a day when woo-hoo\u2019ing seems the most appropriate thing to do. Like this: WOO-HOO!!!<\/p>\n
Why, you say?<\/p>\n
We\u2019ve officially launched our very own secure operating system<\/a> for network devices, industrial control systems, and the IoT. The OS was originally conceived on November 11; that\u2019s why we refer to it by the code name 11-11. It was a very long development cycle, for sure: we worked on the project for 14 solid years and have even run a real-world pilot test roll-out<\/a>. Now the OS I\u2019ll spare you all the nerdy detail, but if you do want the techy info \u2014 here<\/a> it is. I\u2019d rather focus on the things we left out of that post, so I\u2019ll answer some frequently asked questions and debunk some myths about our new OS.<\/p>\n This is one of the most frequently asked questions. The answer is amazingly simple and straightforward: This is not Linux<\/b>. It\u2019s literally not Linux; there\u2019s not a single string of Linux code in it. We designed the OS from scratch, for different applications and purposes.<\/p>\n What matters most for Linux, Windows, macOS and the like is compatibility<\/em> and universality<\/em>. The developers do their utmost to popularize their solutions by oversimplifying app development and toolsets. But when it comes to our target audiences (hardware developers, SCADA systems, IoT, etc.), this approach is a no-go: What matters most here is security<\/em>.<\/p>\n In order to create a secure environment, we need to enable global Default Deny<\/a> at the process level and wrap it into a microkernel. In simple words, it\u2019s a system that does what it\u2019s instructed to and is unable to do anything else. With traditional operating systems, that\u2019s impossible.<\/p>\n However, it\u2019s possible to build security mechanisms into an already functional system. In essence, that\u2019s our core business<\/a>. What we do is enough for many applications. However, with some applications, even the smallest risk of a cyberattack is a disaster. When security has to be guaranteed, we have to build something new. Something that is secure by design<\/em>.<\/p>\n Well, we don\u2019t claim to have created something completely new. Of course there have been other attempts to create a secure OS. At times some projects even succeeded, but the cost of their implementation is on a par with that of an airplane (curiously, such systems were indeed used on airplanes), so such projects were never destined to produce widely applied kit.<\/p>\n Other projects<\/a> were mostly limited to the realm of academic research. In other words, some bright minds would build a microkernel and celebrate with champagne and speeches, and that would basically be it. No project has ever reached the stage of full-scale deployment or commercialization. But a functional vehicle does not end with an engine; it can\u2019t function without wheels, suspension and myriad other important stuff.<\/p>\n We decided to design the system so as to be relevant in different spheres, allowing customization on a granular level, based on application. Basically, we created three products. They are: an OS (KOS), a standalone secure hypervisor (KSH), and a dedicated system for secure interaction among OS components (KSS). They can address various challenges on their own too, depending on the application.<\/p>\n For example, SYSGO, a German company, licensed<\/a> KSS to use it in its own operating system, PikeOS. Some vendors are interested only in the hypervisor (KSH), which lets them securely run existing applications without modifying them. But for Kraftway switches<\/a>, this level of integration was not enough, so they decided to deploy the operating system in full.<\/p>\n In other words, the key advantage of our operating system is its practical, accessible nature; it\u2019s purpose-built rather than designed for generic hypothetical scenarios.<\/p>\n Naturally, as soon as we claimed the system was secure by design, some people refuted the claim, not believing it. That\u2019s absolutely fine: in the world of cybersecurity one should not take anything at face value.<\/p>\n Our operating system\u2019s architecture is based on the principle of dividing objects into the maximum number of isolated entities. Customers may examine the source code to make sure there are no undocumented capabilities inside the system. The rest is in effect configured together with the customer in the shape of various security policies designed to substantiate literally every tiny thing.<\/p>\n The system will do only the things you want it to do. Thus, adversaries won\u2019t be able to take advantage even of a bug in an app created for this OS. Of course, you can write lengthy code with a lot of bugs. But for the code to work, it has to comply with strict policies that define what code can and can\u2019t do.<\/p>\n Sure, because our system is extremely flexible! In general, it could be further tweaked to become a mass-market product, but that would require quite a lot of time and resources. Right now we haven\u2019t planned that far ahead, and we see our solution as a niche offering.<\/p>\n Also, keep in mind that it\u2019s possible to port third-party code to the OS. Our solution includes a secure hypervisor, which allows customers to run virtually any operating system as a guest OS and custom application (such as an Linux running Apache server).<\/p>\n Yes, if we could take this server, divide it into many isolated instances and write policies on how they would interact with each other, we\u2019d get a far higher level of security. But it\u2019s an awful lot of work. At the same time, anything is possible if you have enough guts and resources :)<\/p>\n That\u2019s why we enabled custom applications in the hypervisor. Yes, we\u2019ll get an initially secure OS with initially insecure customization. Anything happening inside this customization will be unclear. But we\u2019ll be able to control its interactions with hardware, other customizations, and the outside world. That is already something. With such a configuration, escape from the sandbox is highly unlikely.<\/p>\n The kernel does not transmit anything anywhere \u2014 that can be easily checked by looking at the source code (see above). The microkernel has practically nothing in it. All drivers are kept isolated. So to pass any data, one has to write another piece of code. It will be seen quite clearly \u2014 you don\u2019t even have to look at the source code to see it. All of this is written in security policies. And the customer will always be able to audit those policies, regardless of the code. If the policies contain no instructions to send data, the system doesn\u2019t do it.<\/p>\n Frankly, I don\u2019t remember ever buying arms or legs, so I\u2019m not quite up to date on current street prices. But actually this comparison is dubious one. Our OS is not an out-of-the-box product; it\u2019s a project<\/i> offering.<\/p>\n We\u2019re not selling a boxed solution with a cure-all for everyone. Instead, we collaborate with vendors and developers who provide, say, networking equipment, industrial automation systems, automotive solutions, even smart fridges. We provide the code and help configure the system based on their requirements. Consequently, the cost of the solution depends on application and the labor that needs to be invested in the final product.<\/p>\n I agree, no answer is perfect \u2013 except for the number 42<\/a> :) Anything can happen. However, that\u2019s no reason to give up! The very essence of cybersecurity is to make cybercrooks\u2019 lives as difficult as possible, and make cyberattacks so costly that they become unprofitable business. In this respect, our OS is ahead of any competition.<\/p>\nis ready for consumption<\/s> is available for deployment by all interested parties in a variety of scenarios.<\/p>\nWhy would we need another Linux?<\/h2>\n
Oh come on, a secure OS is not news! So what?<\/h3>\n
How would you prove the OS allows only listed operations to run?<\/h3>\n
Do you really think anything will work on that OS?<\/h3>\n
Oh come on, it will collect data anyway<\/h3>\n
Well, OK, but it must cost an arm and a leg<\/h3>\n
Everything can be hacked, and your OS is no exception!<\/h3>\n