\nHere at Kaspersky we found the solution to these problems by creating KasperskyOS. It\u2019s based on the microkernel concept, the MILS architectural approach<\/a>, and FLASK<\/a> architecture.<\/p>\n Average daily number of malicious files detected by Kaspersky security solutions from 2019 to 2022<\/p><\/div>\n \nIt\u2019s not easy to compare which architecture is better \u2014 microkernel or monolithic kernel. However, there have been many serious studies<\/a> dedicated to this. From these, it\u2019s become evident that:\n<\/p>\n 3D shooter running on KasperskyOS.<\/p><\/div>\n \nThe performance of an operating system during processes requiring connections to remote desktops is an important concern. Therefore, we paid particular attention to it. And thanks to multicore and codec support, we managed to achieve a level of performance comparable to Linux.<\/p>\n Games are some of the most performance-demanding applications, so as part of our testing we set ourselves the task of running a recently released game that uses GPU heavily on KasperskyOS. This doesn\u2019t mean we\u2019re going to start developing games or consoles. But this experiment did let us clearly demonstrate to our partners which will develop devices on KasperskyOS the system\u2019s real capabilities of performing tasks related to design and 3D modeling.\n<\/p>\n \nIf we look closely at the architecture of our Cyber Immune gateway (one of the first KasperskyOS-based devices to hit the market), we find there around 200 security domains. If we tried to build the same thing on Docker containers in Linux, it would require more than 5GB of RAM. Such a gateway implemented in the form of 200 containers on low-spec hardware with a single-core processor would work extremely slowly. The fundamental difference lies in the approaches: in Linux containers, we essentially take a complete system and trim off what we don\u2019t need, whereas in KasperskyOS, we build it from the ground up with only the necessary components. This significantly optimizes resource consumption.<\/p>\n Architecture of the Cyber Immune gateway<\/p><\/div>\n \nThe FLASK concept provides control over security domains using security policies. There is a common belief that this approach makes it impossible to expand OS functionality through applications. However, the evolution of specific products based on KasperskyOS clearly demonstrates the opposite:\n<\/p>\n \nHowever, we\u2019re not stopping there; we\u2019re now working to transition to the next stage, where on the basis of KasperskyOS it will be possible to create full-fledged Cyber Immune platforms and systems with a large number of applications. Mobile devices are an example of such systems.\n<\/p>\n \nIt might seem that development of a new operating system requires developers to completely retrain. But that\u2019s not the case. KasperskyOS is already bringing together developers from entirely different paradigms who use the tools they\u2019re familiar with.<\/p>\n Web applications are being developed for gateways and thin clients utilize the Qt framework, popular in the Linux community. For controllers, there\u2019s nothing preventing the creation of console applications familiar to almost every programmer from their student days.<\/p>\n Furthermore, together with colleagues working on developing an automotive gateway, we offer the option to use standard frameworks from the automotive industry, such as AUTOSAR Adaptive. We\u2019re actively working on providing Flutter technology capabilities in our OS, which will ensure compatibility with Android applications.\n<\/p>\n \nSome developers fear that developing new operating systems is pointless because drivers are only written for mainstream OS (Linux, Android, Windows). Therefore, any new OS will only work with a limited range of hardware. Understanding this, we launched a research project with the goal of creating technology that enables Linux drivers to run on KasperskyOS with minimal modifications \u2014 Linux Compat.<\/p>\n The idea is simple: in KasperskyOS, you can run a piece of code in the secure domain like in a container. We add a thin software layer to this container so the Linux driver thinks it\u2019s operating in its familiar Linux environment. Thanks to this technology, we\u2019ve ported around 300,000 lines of Linux code to KasperskyOS \u2014 changing less than 5%. 300,000 lines of code is 8\u201310 years of work for an experienced developer (when it comes to driver development). Now for some concrete numbers. For example, accelerometer and gyroscope drivers in Linux contain about 7000 lines of code. To run this code using our technology on KasperskyOS, only 20 lines needed to be modified. And the NFC driver, used to support equipment with which mobile devices interact with payment terminals, contains about 1200 lines of code; with our technology, this driver ran without any changes at all.<\/p>\n In my opinion, we\u2019ve developed a technology that will allow us to upscale in the future. And right now we\u2019re choosing the product on which we can fully test this technology.<\/p>\n Everybody needs to choose for themselves whether they want to be mired in myth or in the new Cyber Immune reality. You can learn more on our KasperskyOS website<\/a> and in blog on Cyber Immunity<\/a>. <\/p>\n Let\u2019s debunk myths together: reality is way more interesting!<\/p>\n","protected":false},"excerpt":{"rendered":" We explore some common misconceptions about the development and application of Cyber Immune products based on KasperskyOS. <\/p>\n","protected":false},"author":2751,"featured_media":22035,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[2652,2178,1487],"class_list":{"0":"post-22032","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-cyber-immunity","10":"tag-cyberimmunity","11":"tag-kasperskyos"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cyber-immunity-technology-myths\/22032\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cyber-immunity-technology-myths\/26606\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cyber-immunity-technology-myths\/29337\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cyber-immunity-technology-myths\/26889\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cyber-immunity-technology-myths\/49494\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cyber-immunity-technology-myths\/32884\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cyber-immunity-technology-myths\/32532\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/cyberimmunity\/","name":"cyberimmunity"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2751"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=22032"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22032\/revisions"}],"predecessor-version":[{"id":22034,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/22032\/revisions\/22034"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/22035"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=22032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=22032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=22032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Average](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2023\/11\/08211736\/cyberimmunity-technology-myths-infographics.jpg\")
Myth 2: the cybersecurity advantages of microkernels haven\u2019t been proven<\/h2>\n
\n
![\"3D](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2023\/11\/08211749\/cyberimmunity-technology-myths-game-scaled-1-scaled-scaled.jpg\")
<\/a>Myth 3: microkernel OS is slow<\/h2>\n
Myth 4: Linux containers can perform the same tasks that KasperskyOS can using MILS.<\/h2>\n
![\"Architecture](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2023\/11\/08211808\/cyberimmunity-technology-myths-architecture.jpg\")
<\/a>Myth 5: you can\u2019t build dynamic systems with FLASK<\/h2>\n
\n
Myth 6: development is narrowly specialized<\/h2>\n
Myth 7: the difficulty of porting to different hardware platforms<\/h2>\n