Kaspersky launches its own OS on Russian routers

Re: Lofty goals

Keep it small might allow reuse , single purpose modules but Swiss knife utility classes are broken down.

Re: Lofty goals

Thanks to Windows and the like people have got used to the notion of an operating system as a huge hunk of code that does everything from task and storage management to rendering web pages. In the real-time world everything is a lot more modular so kernels are compact and essentially provable with other subsystems being added as components only where necessary. A kernel can be only a few hundred bytes of code, it just depends on what you want it to do.

Of course, this doesn't stop MSFT from pushing Windows as a real-time and process control system. Its the sort of thing that's attractive to executive decision makers and lazy system designers but it will result in five storey BSODs and Stuxnet infections (you also end up with people telling you with a straight face that 20-40uSec packet jitter on an isosynchronous industrial control network is perfectly normal and acceptable...its what you get when you use "real time" Windows!)

Incidentally, Intel used to sell a pretty 'hard' kernel back in the day, they called iRMX. It actually used the x86 protection model properly -- if task and segment management is done properly on one of these processors its quite difficult to break the system, let alone break into it.

Re: True microkernel approach?

If the description is accurate, it would only be the SECOND formally-proven kernel written (after seL4). The thing is, how well can such a microkernel perform when latency (such as high-throughput networking) is an issue?

Re: True microkernel approach?

Is the performance penalty of a micro-kernel a problem for industrial systems ? The available CPU power has increased so much over the last 2 decades that inefficient but secure systems are probably better for industrial control as most industrial systems do not do a huge amount of number crunching.

(A control system hand coded in C on a 486 could be replaced by an interpreted system running on a modern CPU and still be over 10 times faster.)

Re: True microkernel approach?

"The past objection to the micro-kernel approach was the performance penalty of switching in/out of ring-0 to do serious stuff."

In order to be able to switch in/out of ring0, you must have a CPU that's designed to allow it. X86 is not that CPU.

Re: Nobody serious about security is going to take Kaspersky seriously...

No, it'll some horrific mash-up between Darwin (yes, it's open source) and OpenWRT.

Re: Well routing is actually a very simple problem

But then you have to deal with port forwarding, NAT traversal, VPN's sometimes, and TWO protocol stacks. It's unfortunately a necessary complexity.

Re: Well routing is actually a very simple problem

"Just receive a packet, look at its address,"

Which address, MAC, IPv4, IPv6...? What if there is a mismatch?

"look in your address table where to forward it to"

Is it unicast, multicast, which address table? Is it a preconfigured address table, a dynamically generated table, has it been poisoned?

Do you just trust the input and forward it? Do you allow firewall rules? Are these based on port, ip, mac, etc?

What happens if the packet is corrupted? What happens if packets arrive out of order, are truncated, have jumbo frames. Do you allow dynamic routing? Which VLAN are they on? What if the external port is slower than the receiving port? Do you block, buffer etc?

What you are describing is an unintelligent L2 switch (with no VLANs) not a router. Also one that trusts every interface - like a switch from 30 years ago.

Re: Well routing is actually a very simple problem

Do you mean CLI, the type of management interface used on vast majority of 'proper' routers?

Admittedly some of them have GUI but that can be disabled and the GUI just translates the mouse clicks into CLI command anyway.

Re: Well routing is actually a very simple problem

This might be fine for a stand alone LAN that is air gapped to the Internet but since everyone one doesn't to want that, more is needed. I'm still not sure why an industrial control system needs internet access.. especially critical systems.

Re: Secure router, vulnerable SCADA & ICS behind ?

Shirley those decisions are up to the owner?

Re: Secure router, vulnerable SCADA & ICS behind ?

That is frankly none of its business. That's a job for the higher layers.

Re: Secure router, vulnerable SCADA & ICS behind ?

If I was a high-up in the Russian Telecoms Ministry I would have constant nightmares about other countries creeping and crawling round the Russian networks and would be very happy to have a solution to the problem. (Even if it were only a partial solution).

Computers in factories etc would be a problem for the Industry Ministry.

Re: And another thing......

It's awfully easy to bake-in the public half of an authentication key-pair so every device can verify any updates before installing anything.

Hell, even M$ can manage that!... some of the time... to varying degrees of competence...

Re: It's a dirty job, but SOMEbody has to try

Everyone else puts security last because it doesn't sell. For most customers, security gets in the way of actual work, and actual work is the first priority of any company; otherwise there's no reason for them existing.

For example, having a door you have to manually pull each time becomes a problem when your job normally requires you to carry large but high-confidence things around with both hands in and out all day long (because, say, you're a trusted courier). Now you have conflicting orders. You need to maintain security because of the sensitivity of your charges, but you still need to be able to get in and out; things start to get complicated.

Re: It's a dirty job, but SOMEbody has to try

Saying everyone puts security last is not really fair. That was true in the past, both Microsoft and Apple had times where security was an afterthought at best, completely ignored at worst.

While Microsoft has a lot of things you can complain about, since Windows 7 Windows has been pretty stable, gets regular security fixes, and hasn't had another Code Red / I Love You type scenario for years now. The blue screen of death used to be common with Windows 9x/NT/2000/XP, it is pretty rate these days.

Apple certainly deserved their reputation for thinking "we are invulnerable to hacking, so we can ignore security" in the past, but they do a better job than Microsoft or Google now. They file a CVE for every single security fix they make, even for issues discovered internally, and document them all for each patch, so you know exactly what subsystems are being touched from a security perspective. They published a 60 page iOS security guide that goes into great detail about the inner workings of iOS with relation to encryption and other methods of keeping your data secure both on your device, as well as with services like iCloud. They designed a secure enclave into their SoC, which runs the formally verified L4 microkernel, and is used to protect encryption keys, fingerprint data, and other ultra sensitive data. That's hardly "putting security last".

Re: It's Russia

It's Russia, NSA, Huawei etc! Who really trusts anyone for seriously sensitive stuff anywhere in the world?

How much Western stuff has backdoors, do we know for sure what has and what has not?

I don't trust Western governments any more than Eastern governments.

Why not wait a couple of weeks to see what it actually is and how it works?

Criticising maybes and what ifs, is a waste of time.

Re: Um....

Actually, it looks to be reinventing seL4 according to the specs. seL4 is the first formally-proven kernel, and this looks to be the second.

Re: No such thing as unexploitable

Trouble is, at some point you have to go, "Sod this" and just go for it since you can easily go into DTA Mode and freeze yourself with paranoia (or maybe even kill yourself because you end up not trusting yourself). If it ever got to the point that DTA Mode was completely justified, civilization itself would inevitably collapse.