KasperskyOS

KasperskyOS is a proprietary, partially POSIX-compliant microkernel-based operating system built from scratch using secure-by-design principles. It was developed by Kaspersky Lab for IT products in industries with strict requirements for cybersecurity, reliability, and operational predictability.[1] Key use cases are network equipment, industrial control/IoT gateways, smart cars, smart city and transport infrastructure, and other critical-infrastructure uses.[2]

The operating system protects IT systems from malicious code and the exploitation of vulnerabilities, reducing the risks of accidental or intentional software errors.[3] It features a minimal trusted kernel, strict isolation of components in user space, default-deny policy enforcement and formal, policy-based control via the Kaspersky Security System. The aim is to create “Cyber Immune” systems that keep critical functions operating even if some parts of the system are attacked via unknown vulnerabilities.[2]

KasperskyOS is built on its own microkernel, developed from scratch without using third-party code or libraries.[1] There is a community edition for prototyping and development.[4]

Security

KasperskyOS combines the MILS (Multiple Independent Levels of Security) and FLASK security architecture approaches with Kaspersky's own technologies.[5]

In the MILS model, a secure system consists of isolated security domains and a separation kernel that manages interactions between them.[5]

Communication between processes occurs only through the security monitor (Kaspersky Security System) via typed interfaces. The system therefore remains secure as a whole even if isolated components contain vulnerabilities or malicious code.[3]

In the FLASK architecture, the security system is divided into policy enforcement, which is handled by the microkernel, and policy decision-making, which is handled by the security monitor. This separation simplifies system analysis and ensures consistency in security policies.[5]

Microkernel architecture

KasperskyOS is built on a microkernel written in C (C99 standard) comprising approximately 100,000 lines of code, whereas the Linux kernel, for example, had over 40 million lines of code as of 2025.[6] This compactness reduces the potential attack surface and simplifies formal verification.[1]

The microkernel implements only essential low-level mechanisms that require privileged execution:

  • process and thread scheduling;
  • virtual memory management;
  • I/O port access control;
  • direct memory access (DMA) management;
  • synchronization via futexes;
  • interrupt handling;
  • real-time clock management;
  • descriptor management;
  • Inter-process communication is strictly synchronous and message-based (request/response);
  • interaction with the security subsystem (Kaspersky Security System).[5]

Drivers, file systems, network stacks, and other components run in user space as isolated processes and communicate with the kernel via system calls.[3] The microkernel exposes only three system calls, minimizing system vulnerabilities.[1]

Security monitor

Kaspersky Security System (KSS) is a unified security decision-making center and a centralized security monitor that oversees all interactions between system components.[3]

The KasperskyOS microkernel delivers a message only if KSS authorizes its delivery based on a defined set of security policies. If the verdict is negative, the transmission is blocked, and steps may be taken to restore normal system operation.

A special policy description language—Policy Specification Language (PSL)—has been developed for designing policies. The PSL syntax allows multiple security models to be combined within a single policy, including finite and state machines, Type Enforcement (TE), Role-Based Access Control (RBAC) models, and others. It is also possible to develop custom policy classes. In PSL, the description is formulated in terms of the task itself.

PSL eliminates the need for developers to write security policy implementations or configure KSS manually. Monitor code optimized for the selected task is generated from the PSL description by a special compiler.[5]

Hardware compatibility

KasperskyOS supports multiple hardware architectures: x86 / x86_64, ARMv5, ARMv7, ARMv8, MIPS32.

Tested platforms: Intel Generic and Atom CPUs, NXP i.MX series, TI Sitara processors, HiSilicon Kirin platforms, MIPS24k.[7]

The KasperskyOS Community Edition enables development of educational applications that can run on QEMU (x86_64) or Raspberry Pi 4 Model B.[3]

Development history

2002: Development began under the internal code name “11.11”.[8]

2012: Eugene Kaspersky publicly announced KasperskyOS for the first time.

2013: Beta testing by partner companies.

2015: Partnership with SYSGO (PikeOS developer) and integration of Kaspersky Security System into third-party OS.

2016: Completion of kernel development and announcement of the first hardware partner

2017: Official release of KasperskyOS.[9]

2019: Work on a secure mobile OS based on KasperskyOS.

2021: Release of the first commercial product based on KasperskyOS (industrial IoT gateway).

2021: Launch of KasperskyOS Community Edition for educational purposes.

2022: Release of an improved IoT gateway model.

2023–2024: Development of a smartphone prototype and app ecosystem. Launch of the “Kaspersky Appicenter” platform for corporate clients and industrial enterprises.

Applications

KasperskyOS is used in sectors that require a high level of cybersecurity, reliability, and deterministic behavior:

Use cases

Automotive cybersecurity. A secure automotive platform based on KasperskyOS is integrated into the Ajunic high-performance ECU developed by AVL Software and Functions GmbH (Germany) and is intended for use in ADAS and autonomous driving systems.[10]

Automotive software platforms and gateways. The operating system enables secure in-vehicle communication, over-the-air (OTA) updates, and compliance with industry cybersecurity standards.[11]

Products

Products based on KasperskyOS are already in use:

Kaspersky IoT Secure Gateway (KISG) 100 — a cyber-immune gateway operating as a data diode, enabling one-way secure data transfer to external systems.

KISG 1000 — an industrial gateway that aggregates device data and transmits it securely to enterprise or cloud environments, with built-in security controls.

Kaspersky Thin Client — a secure thin client providing access to virtual desktop infrastructure via remote desktop protocols.[3]

Early deployments of the OS also appeared in Kraftway routing/switching gear.

See also

References

  1. ^ a b c d "KasperskyOS — Secure Operating System released for IoT and Embedded Systems". The Hacker News. Retrieved 2026-03-21.
  2. ^ a b Smolaks, Max (2026-03-16). "Kaspersky finally launches secure industrial OS". www.datacenterdynamics.com. Retrieved 2026-03-21.
  3. ^ a b c d e f g "Modern OSs for embedded systems". Dataproof Communications. 2018-06-20. Retrieved 2026-03-21.
  4. ^ "Kaspersky launches its own OS on Russian routers". Archived from the original on 2026-02-13. Retrieved 2026-03-21.
  5. ^ a b c d e Nazarov, S.; С, Назаров; Barsukov, A.; А, Барсуков (2023-05-11). "Reliability and security of operating systems of various architectures. Part 3". Elektronika: Nauka, Tekhnologiya, Biznes (in Russian). 0 (10): 80–87. doi:10.22184/1992-4178.2023.231.10.80.86. ISSN 1992-4186.
  6. ^ "The Linux Kernel surpasses 40 Million lines of code: A historic nilestone in Open-Source software". www.stackscale.com. 2025-01-27. Retrieved 2026-03-21.
  7. ^ "Kaspersky Lab and AVL collaborate on developing secure autonomous driving controller". en.eeworld.com.cn. Retrieved 2026-03-21.
  8. ^ "Nuevo competidor de Microsoft? Kaspersky crea un sistema operativo único". Sputnik Mundo (in Spanish). 2017-02-16. Retrieved 2026-03-21.
  9. ^ "Nace el sistema operativo KasperskyOS 11-11". radiosantacruz.icrt.cu (in Mexican Spanish). Archived from the original on 2025-02-12. Retrieved 2026-03-21.
  10. ^ "Kaspersky and AVL Software and Functions develop secure autonomous driving controller - ITP.net". 2020-06-22. Retrieved 2026-03-21.
  11. ^ Butcher, Lawrence. "Increased security for autonomous and connected vehicles". www.autonomousvehicleinternational.com. Retrieved 2026-03-21.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.