About KasperskyOS Community Edition

KasperskyOS Community Edition (CE) is a publicly available version of KasperskyOS that is designed to help you master the main principles of application development under KasperskyOS. KasperskyOS Community Edition will let you see how the concepts rooted in KasperskyOS actually work in practical applications. KasperskyOS Community Edition includes sample applications with source code, detailed explanations, and instructions and tools for building applications.

KasperskyOS Community Edition will help you:

• Learn the principles and techniques of "secure by design" development based on practical examples.
• Explore KasperskyOS as a potential platform for implementing your own projects.
• Make prototypes of solutions (primarily Embedded/IoT) based on KasperskyOS.
• Port applications/components/drivers to KasperskyOS.
• Explore security issues in software development.

You can download KasperskyOS Community Edition here.

In addition to this documentation, we also recommend that you explore the materials provided in the specific KasperskyOS website section for developers.

About this Guide

The KasperskyOS Community Edition Developer's Guide is intended for specialists involved in the development of secure solutions based on KasperskyOS.

The Guide is designed for specialists who know the C/C++ programming languages, have experience developing for POSIX-compatible systems, and are familiar with GNU Binary Utilities (binutils).

You can use the information in this Guide to:

• Install and remove KasperskyOS Community Edition.
• Use KasperskyOS Community Edition.

Basic concepts

Frequently used terms related to KasperskyOS Community Edition are presented below:

• KasperskyOS is a microkernel operating system used for building secure software/hardware systems.
• Kaspersky Security System is a technology that lets you create a declarative description of a solution security policy and generate the Kaspersky Security Module based on this description.
• The Kaspersky Security Module is a kernel module that either allows or denies each IPC interaction in a solution.
• A solution consists of the KasperskyOS kernel, Kaspersky Security Module, and applications and system software integrated for operation within a software/hardware system.
• An entity is an application running in KasperskyOS.
• A service is a set of logically related methods available via the IPC mechanism (for example, a kernel service for allocating memory or a driver entity service for working with a block device).
• A handle is an identifier of a resource (for example, a memory area, port or network interface). This handle is used to access the specific resource.
• IPC (InterProcess Communication) is the mechanism used by entities to interact with each other and with the kernel.
• A solution security policy provides the logic for managing IPC interactions in a solution and is implemented by the Kaspersky Security Module.

System requirements

To install KasperskyOS Community Edition and run examples on QEMU, the following is required:

1. Operating system: Debian GNU/Linux "Buster" version 10.7 x64.
2. Processor: x86-64 architecture (support for hardware virtualization is required for higher performance).
3. RAM: it is recommended to have at least 4 GB of RAM for convenient use of the build tools.
4. Disk space: at least 3 GB of free space in the /opt partition (depending on the solution being developed).

To run examples based on the Raspberry Pi platform, you must use Raspberry Pi 4 Model B with a RAM volume equal to 2, 4, or 8 GB.

Distribution kit

The distribution kit of KasperskyOS Community Edition includes the following:

• DEB package for installation of KasperskyOS Community Edition, including:
  • Image of the KasperskyOS kernel
  • Components of KasperskyOS Community Edition
  • Set of tools for solution development (NK compiler, GCC compiler, GDB debugger, binutils toolset, QEMU emulator, and accompanying tools)
  • End User License Agreement
  • Information about third-party code (Legal Notices)
• Release Notes
• KasperskyOS Community Edition Developer's Guide (Online Help)

The following components included in the KasperskyOS Community Edition distribution kit are the Runtime Components as defined by the terms of the License Agreement:

• Image of the KasperskyOS kernel.

All the other components of the distribution kit are not the Runtime Components. Terms and conditions of the use of each component can be additionally defined in the section "Information about third-party code".

Included third-party libraries and applications

To simplify the application development process, KasperskyOS Community Edition also includes the following third-party libraries and applications:

• Boost (v.1.71) is a set of class libraries that utilize C++ language functionality and provide a convenient cross-platform, high-level interface for concise coding of various everyday programming subtasks (such as working with data, algorithms, files, threads, and more).

  Documentation: https://www.boost.org/doc/

• Arm Mbed TLS (v.2.16) implements the TLS and SSL protocols as well as the corresponding encryption algorithms and necessary support code.

  Documentation: https://tls.mbed.org/kb

• Civetweb (v.1.11) is an easy-to-use, powerful, embeddable web server based on C/C++ with additional support for CGI, SSL and Lua.

  Documentation: http://civetweb.github.io/civetweb/UserManual.html

• Eclipse Mosquitto (v1.6.4) is a message broker that implements the MQTT protocol.

  Documentation: https://mosquitto.org/documentation/

See also Information about third-party code.

Limitations and known issues

Because the KasperskyOS Community Edition is intended for educational purposes only, it includes several limitations:

1. Symmetric multiprocessing (SMP) is not supported. Only one processor kernel is used.
2. Dynamically loaded libraries are not supported.
3. The maximum supported number of running applications (entities) is 32.
4. When an entity is terminated through any method (for example, return from the main execution thread), resources allocated by the entity are not released, and the entity goes to sleep. Entities cannot be started repeatedly.
5. You cannot start two or more entities with the same EDL description.
6. The system stops if no running entities remain, or if one of the driver entity threads has been terminated, normally or abnormally.