the future of embedded and iot security: kaspersky operating system · 2019-07-26 · the internet...
TRANSCRIPT
THE FUTURE OF EMBEDDEDAND IoT SECURITY:KASPERSKY OPERATING SYSTEM
THE INTERNET OF THINGS
AN EXPLOSION OF CONNECTED POSSIBILITIES
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System2
BIL
LIO
NS
OF
DE
VIC
ES
50
40
30
20
10
0
90 92 94 96 98 00 02 04 06 08 10 12 14 16 1820
YEAR
1992
1,000,0002003
0.5 BILLION
2009
IoT INCEPTION
2012
8.7 BILLION
2014
14.4 BILLION
2015
18.2 BILLION
2017
28.4 BILLION2016
22.9 BILLION
2018
34.8 BILLION
2019
42.1 BILLION
2020
50.1 BILLION
2013
11.2 BILLION
RICH IoT DEVICES ARE THE MOST VULNERABLE
Things
Sensor & Actuator Processing Communication
Local Network
Gateway(s)
Wired/wireless
Power line
BAN, PAN, LAN
The Internet Back-End Services
Remote Server
User access and
control
Business Data
Analysis
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System3
IoT ATTACKS
MIRAI
Mirai was initially discovered in August and its name comes from
the discovered binaries called “mirai.()”. It is an ELF Linux
executable and focuses mainly on DVRs,
routers, web IP cameras, Linux servers, and other devices that
are running Busybox, a common tool for IoT embedded devices.
BASHLITE
Infects Linux systems in order to launch distributed denial-of-
service attacks (DDoS). In 2014 BASHLITE exploited the
Shellshock software bug to exploit devices running BusyBox.
In 2016 it was reported that one million devices have been
infected with BASHLITE.
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System4
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System5
THE MAIN PROBLEM OF IoT FROM A CYBER SECURITY POINT OF VIEW
Human mistakes
Use of 3rd party software
and libraries
Software Complexity
(Number of lines of code
increasing dramatically)
INSECURE DESIGN
VULNERABILITIES
Time to market pressure
INSECURITY OF CONVENTIONAL OPERATING SYSTEMS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System6
WHY CONVENTIONAL OPERATING SYSTEMS ARE NON SECURE
Monolithic system where any
module can call any other
By exploiting the arbitrary code
execution vulnerability it is possible
to call any other module,
regardless of security settings
Uncontrolled use of 3rd party
libraries
Adversaries can get control over a
whole system with the help of only
one vulnerability
Poor security settings due to
various reasons (lack of expertise,
laziness, lack of time…)
Big attack surface
Interactive user
Device Driver
Libraries Commands Application
Programs
OS System Call Interface
…
Device Driver
Device Driver
…
Driver
Inte
rface
Trap Table
Monolithic Kernel Module
Process Management
Memory Management
File Management
Device Mgmt Infrastructure
HOW WE SECUREEMBEDDED SYSTEMS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System8
HOW TO FIX THE PROBLEM
Make an environment that simply won't allow
the program to perform undeclared functions
and prevent the exploitation of vulnerabilities.
THE MAIN PRINCIPLES OF SECURE OS
Secure by design system
MILS with reference monitor approach
Microkernel based
Meets specific requirements for embedded systems
SPECIFIC REQUIREMENTS FOR EMBEDDED OPERATION SYSTEMS
SMALL SIZE AND MINIMUM RESOURCE USAGE
Most embedded systems
use limited hardware
recourses (RAM, ROM,
CPU)
OUT OF THE BOX SECURITY
Most embedded systems have
(almost) unique security
requirements. It is necessary
to reduce time to market and
reduce the efforts that need to
be put into security settings
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System9
STABLE WORK EVEN UNDER ATTACK
One has to think about
possible threats and threat
vectors in advance
COMPLIANCE WITH INDUSTRY STANDARDS
A system has to be designed
and developed in accordance
to industrial safety and security
standards.
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System10
KASPERSKYOS // OVERVIEW
Designed for embedded connected systems with
specific requirements for cyber security
Based on the separation kernel which guarantees
the control of all internal system communications
The behavior of every module is pre described via
security policies
MILS architecture
Domain separation/isolation
Flexible internal
communications control via
Kaspersky Security System
(KSS)
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System11
KASPERSKYOS // SPECIFICATIONS
Microkernel based OS from the in-house
development team at Kaspersky Lab
Static security configuration
MILS architecture
Separate business applications from security
(easier to develop and support, decrease time to
market, increase security and safety)
Maximum level of control due to minimum security
domains granularity (every single module/driver
could be set as security domain)
POSIX API compatible (well 98% of the API)
Runs on Intel x86, x64 and ARM (v6, v7, v8)
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System12
KASPERSKYOS - TRUSTED. FLEXIBLE. SECURE.
KasperskyOS is the foundation from which to build a trusted platform – it will not allow untrusted/ malicious/ undocumented code to run, due to strict security policies
Set any type of security policy and combine different types of policies.
Use one OS for different appliances – saving time on education and implementation
Due to separation, functional code and security can be worked on in parallel. This saves time to market without sacrificing anything.
Improve safety because of strict security policies that describe the behaviour of a system
TRUSTED FLEXIBLE SECURE
BENEFITS OF KASPERSKYOS
INHERENT SECURITY
KasperskyOS is an operating
system that is secure by design
and we intend to keep it that way
by using the best practices of
software development
FLEXIBLE SECURITY CONFIGURATION
Well-designed configuration tools
make it easy to create declarative
rule definitions and combinations of
rules to control interactions in the
system
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System13
VERSATILE MODULAR ARCHITECTURE
Building the system based on
loosely coupled modules helps to
minimize the amount of trusted
code and tailor each solution to
the customer’s specific needs
SEPARATION OF APPLICATION FEATURES FROM SECURITY FUNCTIONSThe security architecture is designed
to separate security functions from
application business logic, making
both configuring security policies and
developing applications easier
KASPERSKYOS IMPLEMENTATIONS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System14
Our technologies help developers and
manufacturers of complex embedded systems to
secure their future revenue by minimizing the risks
associated with cyber incidents and malicious
software.
We have developed a set of products that suit
different client needs and follow the same security
principles (separation and isolation of security
domains and strict control of inter domain
communications):
KasperskyOS
Kaspersky Secure Hypervisor
Kaspersky Security System for
Linux
TECHNOLOGIES THAT ARE FIT FOR EVERY PURPOSE TO SECURE EMBEDDED SYSTEMS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System15
Level of control
Am
ou
nt o
f e
xtr
a w
ork
Kaspersky
OS
Most secure solution (all components
are isolated and controlled)
Requires rethinking and redevelopment
of architecture of every component
Requires (at least) porting of applications
or complete rewriting of them
Limited support of hardware
(embedded systems only)
TECHNOLOGIES THAT ARE FIT FOR EVERY PURPOSE TO SECURE EMBEDDED SYSTEMS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System16
Level of control
Am
ou
nt o
f e
xtr
a w
ork
Kaspersky
OS
Most secure solution (all components
are isolated and controlled)
Requires rethinking and redevelopment
of architecture of every component
Requires (at least) porting of applications
or complete rewriting of them
Limited support of hardware
(embedded systems only)
Level of control
Am
ou
nt o
f e
xtr
a w
ork
Good level of
security (isolation of
VMs and critical
functions, limited
control of
communications)
Requires rethinking
and redeveloping of
applications’
architecture only
Kaspersky
Secure
Hypervisor
Requires
re/development
some critical
functions
Wide range of
hardware supported
(not only embedded
systems)
Kaspersky
OS
TECHNOLOGIES THAT ARE FIT FOR EVERY PURPOSE TO SECURE EMBEDDED SYSTEMS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System17
Level of control
Am
ou
nt o
f e
xtr
a w
ork
Kaspersky
OS
Most secure solution (all components
are isolated and controlled)
Requires rethinking and redevelopment
of architecture of every component
Requires (at least) porting of applications
or complete rewriting of them
Limited support of hardware
(embedded systems only)
Level of control
Am
ou
nt o
f e
xtr
a w
ork
Good level of
security (isolation of
VMs and critical
functions, limited
control of
communications)
Requires rethinking
and redeveloping of
applications’
architecture only
Kaspersky
Secure
Hypervisor
Requires
re/development
some critical
functions
Wide range of
hardware supported
(not only embedded
systems)
Kaspersky
OS
KSS for
Linux
Good level of
security (isolation of
Linux containers,
control only inter
container
communications)
Only requires the
rethink and
redevelopment of
application
architecture
Requires minimum
re/development
Runs on virtually
all Linux systems
with container
support
Kaspersky
Secure
Hypervisor
Level of control
Am
ou
nt o
f e
xtr
a w
ork
Kaspersky
OS
TECHNOLOGIES THAT ARE FIT FOR EVERY PURPOSE TO SECURE EMBEDDED SYSTEMS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System18
Most secure solution (all components are isolated and controlled)
Requires the rethinking and redevelopment of the architecture of every component
Requires (at least) the porting of applications or their complete rewrite
Limited support of hardware (embedded systems only)
Good level of security (isolation of VMs and critical functions, limited control of communications)
Only requires the rethinking and redevelopment of application architecture
Requires re/development of some critical functions
Wide range of hardware supported (not only embedded systems)
Good level of security (isolation of Linux containers, controls only inter container communications)
Only requires the rethinking and redevelopment of application architecture
Requires minimum re/development
Runs on virtually all Linux systems with container support
KASPERSKYOS SECURE HYPERVISOR KSS FOR LINUX
USE CASES
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System19
Telecoms
and Network
Equipment
IoT and
Industrial IoT
Connected
Cars
Endpoints POS
Terminals
Linux Systems
Security
Enhancement
USE CASES – TELECOM EQUIPMENT
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System20
Secure boot ensures integrity
of OS and applications
Isolation of every single
module
Minimize impact of
vulnerabilities, malware
protection
Protection of sensitive data
(i.e. encryption keys)
KASPERSKYOS
Trusted platform
Secure by design:
Network Routers & switches,
Firewalls, VPN Internet
Security Domain 0
Network Driver
Security Domain 1
Network Stack
Security Domain 3
SSH
Security Domain 2
Web server
Security Domain 5
Storage
Security Domain 4
Telnet
KasperskyOS
uCore + KSS
Request for security
verdict to allow this
domain to send
datagram to another
domain
USE CASES – IoT
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System21
Isolation of every single module
Minimize the impact of vulnerabilities
Protection of sensitive data (i.e. encryption keys,
user’s data, secure storage)
Secure boot
Secure by design system (the only way to secure IoT devices)
1. Smart CCTV cameras (processes images on a
device and sends processed data to a server)
2. Smart hubs (all sensors and end devices connect to
these)
EXAMPLE
Connected to the Internet and powerful enough
(not MCU based) devices like:
KASPERSKYOS
USE CASES – CONNECTED CARS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System22
Isolation of infotainment from safety critical system
(advanced driver assistance systems, AUTOSAR)
Minimize impact of vulnerabilities in every domain
Protection of sensitive data (i.e. encryption keys, logs,
telematics data) from unauthorized access
Secure boot and protection against the unauthorized
modification of firmware and software (i.e. malware
infection, and unauthorized modifications)
Secure by design system
Can be used in central gateway, head unit or specific ECUs
KASPERSKY SECURE HYPERVISOR
USE CASES – ENDPOINTS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System23
No or limited and controlled data
exchange between VMs
Integrity checking of software
Trusted boot
Bootkit and rootkit protection
Control of access to external devices
Reduce TCO (need one PC instead of two)
Two virtual machines
First one with access to sensitive data (internal
domain)
Second one with access to the Internet and
access
to public services (external domain)
o Truly said this is not ordinary PC.
It has to have 2 network cards
and 2 HDDs
Trusted domain Untrusted domain Trusted domain
Administrative
serviceApplication SSL/TLS Certificate storage
Access service
Request
handshake
Give permissions
Kaspersky Secure Hypervisor
KASPERSKY SECURE HYPERVISOR
USE CASES – NETWORK EQUIPMENT
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System24
Secure storage for encryption keys (can
be protected from the access of
unauthorized software and hardware)
Separation of functional modules like web
anti-virus, content filtering, mail anti-virus,
cloud storage (can be sold separately
with different licenses)
VPN appliances
UTMs
KASPERSKY SECURE HYPERVISOR
USE CASES – POS TERMINALS
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System25
Dealing with credit cards (protection of CC
data read from a card))
Bank communications
Secure storage (audit, securely sending trusted
data to management or regulator)
Bring security sensitive functions to the Security Service, for example:
Helps with PA DSS compliance
POS software integrity checking
Kaspersky Secure Hypervisor
Domain
Untrusted application
Trusted code
Sensitive data
Memory protection
feature
unable to modify
protect
memory
pages
KASPERSKY SECURE HYPERVISOR
USE CASES – LINUX SECURITY ENHANCEMENT
Kaspersky Lab | Future of embedded and IoT security: Kaspersky Operating System26
Secure remote device updates & reconfiguration
Separation of duties between components and
remote agents (like OEMs and consumers)
Sandboxing untrusted components
In-depth system hardening with enforced security
properties on inter components communications
Use cases:
PLCs / Industrial IoT devices
IoT equipment
KASPERSKY SECURITY SYSTEM
QUESTIONS?
Kaspersky OS
Securing Embedded Communications