KasperskyOS Community Edition 1.0

Cyber immunity

The idea of cyber immunity is based on the following concepts:

• Security goals and prerequisites
• MILS concepts (security domain, separation kernel, reference monitor)
• Trusted computing base (TCB)

These concepts are considered below. Then definitions of a cyber immune system and cyber immune approach are given.

Security goals and prerequisites

Information system security is not a universal abstract concept. Whether a system is secure or not depends on chosen security goals and prerequisites.

Security goals are requirements placed on an information system, which if achieved, ensure the secure operation of the information system in every possible scenario, taking into account the security prerequisites. Example of a security goal: ensure that data is kept confidential while using a communication channel.

Security prerequisites are additional limitations placed on the conditions in which the system is used, which if satisfied, will achieve the security goals. Example of a security prerequisite: cybercriminals must not have physical access to the hardware.

MILS concepts

In the MILS (Multiple Independent Levels of Security) model, a secure information system consists of isolated security domains and a separation kernel that controls the interactions between domains. The separation kernel isolates domains and controls the information flows between them.

Each attempted interaction between security domains is checked for compliance with certain rules, which are specified by the solution security policy. If an interaction is forbidden by the current policy, then it is not allowed (it is blocked). In a MILS architecture, a separate component (reference monitor) implements the security policy. For each security domain interaction, the reference monitor returns a decision (a boolean value) regarding whether the interaction complies with the security policy. The separation kernel calls the monitor each time one domain references another.

Trusted computing base (TCB)

Trusted Computing Base (TCB) is the set of all programming code, which if vulnerable will prevent an information system from achieving its specified security goals. In the MILS model, the separation kernel and reference monitor underpin the trusted computing base.

The trusted computing base's reliability plays a key role in ensuring the security of an information system.

Cyber immune system

An information system is cyber immune (or possesses cyber immunity) if it is separated into isolated security domains, all interactions between which are independently controlled, and is:

• a description of its security goals and prerequisites;
• guarantees of the reliability of the entire trusted computing base, including an execution environment and mechanisms for interaction control;
• guarantees that security goals will be achieved in all possible use scenarios, given the specified prerequisites and an uncompromised trusted computing base.

Cyber immune approach

The cyber immune approach is a way to build cyber immune systems.

The cyber immune approach is based on:

• dividing the system into isolated security domains;
• independent control of all interactions between security domains in accordance with the specified security policy;
• ensuring the reliability of the trusted computing base.

Advantages of the cyber immune approach

The cyber immune approach lets you:

• reduce the security properties of a system as a whole to the security properties of its separate components;
• provide guarantees that a system's security goals will be achieved even if any of its untrusted components is compromised;
• reduce requirements on one or more system components relative to the requirements on the system as a whole;
• minimize damage to the system as a whole if any one of its component is compromised;
• simplify the process of system certification.