Security objectives and constraints

Definitions and general provisions

The goal of the cyberimmune approach to development is to create a cyberimmune system: a system whose declared assets are protected against undesirable events under any conditions, even under attack, subject to predefined constraints.

One prerequisite when developing a cyberimmune system is to identify its security objectives and the security constraints under which the system will operate.

Security objectives are the particular requirements imposed on a cyberimmune information system that must be fulfilled to ensure that the system operates securely in any possible usage scenario with consideration of the necessary security constraints.

Security constraints are the additional restrictions placed upon the system operating conditions that either simplify or complicate the fulfillment of security objectives.

Application is a component installed on top of the system image and started by means of Kaspersky IoT Secure Gateway 1000. May be developed by Kaspersky or supplied by a partner. The application communicates with Kaspersky IoT Secure Gateway 1000 and other applications through an API provided by Kaspersky IoT Secure Gateway 1000.

Application package is a set of all files that make up an application.

Application image is a set of executable files and libraries that make up an application.

Audit event is a security event, such as a reboot, system version update, or information security event.

Hardware platform is a target device on which the system image is installed.

Data and information are any information in digital form, such as application files or data stored in databases.

Kaspersky IoT Secure Gateway 1000 network device types:

Kaspersky IoT Secure Gateway 1000 can operate as one of the following types of network device:

• Network router is a type of network device that applies a policy to route traffic that passes through the device.
• Unidirectional gateway is a type of network device that applies a policy to ensure that devices on the LAN transmit data to the WAN, whereas local resources are not exposed to any impact from the WAN.

The network device switches between the types while running. For the changes to take effect, a full reinstallation of Kaspersky IoT Secure Gateway 1000 is required.

Kaspersky IoT Secure Gateway 1000 security objectives:

Kaspersky IoT Secure Gateway 1000 has the following security objectives:

• Kaspersky IoT Secure Gateway 1000 ensures secure (integrity and authenticity) system and application updates even when using untrusted data channels.
• Kaspersky IoT Secure Gateway 1000 ensures secure (integrity and authenticity) storage of system settings and configurations received from a trusted source. Trusted sources of information are:
  • Kaspersky Security Center Administration Server.
  • Administrator authorized by means of a certificate when installing a secure channel between the administrator's computer and Kaspersky IoT Secure Gateway 1000.
• Kaspersky IoT Secure Gateway 1000 ensures secure (integrity) storage of audit events and transfer of these to Kaspersky Security Center Administration Server in a manner that guarantees security (integrity and authenticity).
• Kaspersky IoT Secure Gateway 1000 provides a secure (integrity and confidentiality) communication channel to the remote server (via TLS terminator).
• While running, Kaspersky IoT Secure Gateway 1000 ensures the integrity and authenticity of application packages during dynamic installation.
• Kaspersky IoT Secure Gateway 1000 ensures the integrity and authenticity of application images before these run.
• While running, Kaspersky IoT Secure Gateway 1000 enables granting of privileges to dynamically launched applications.
• Kaspersky IoT Secure Gateway 1000 ensures that Kaspersky Security System policies are applied to any communication between applications and Kaspersky IoT Secure Gateway 1000.
• Kaspersky IoT Secure Gateway 1000 provides a secure (integrity and confidentiality) dedicated data storage to each application. Only the application whose data is stored in the storage has access to it.
• Kaspersky IoT Secure Gateway 1000 guarantees communication between applications and external systems through a secure (integrity and confidentiality) communication channel (via the TLS terminator) only.
• When operating in unidirectional gateway mode, Kaspersky IoT Secure Gateway 1000 ensures unidirectional data transfer from applications interacting with the LAN to applications interacting with the WAN, while preventing local resources from being exposed to any impact originating on the WAN.

Kaspersky IoT Secure Gateway 1000 security assumptions:

The security constraints of Kaspersky IoT Secure Gateway 1000 are as follows:

• Threats associated with a vulnerability of the hardware platform are not considered. The hardware platform is assumed to be trusted.
• The device on which Kaspersky IoT Secure Gateway 1000 is installed is operating in an environment that completely eliminates the possibility of any physical access by a cybercriminal, including their inability to directly connect to the device. Threats associated with relevant vulnerabilities are out of consideration.
• A medium level of threat (basic elevated) from the external network is assumed.
• A low level of threat (basic) from the internal network is assumed.

  For more information on assessing the information security threat level, please refer to the website of Federal Service for Technical and Export Control of Russia.

• Initial configuration should be done in an environment that rules out spoofing of Kaspersky Security Center Administration Server—that is, by a trusted administrator in a monitored zone.
• When operating in unidirectional gateway mode:
  • The integrity of data transmitted over the LAN from devices to the gateway is not a guarantee.
  • Devices connected to the gateway are not protected against attacks originating on the LAN.
  • The hardware platform must have separate physical ports for connecting to the LAN and WAN.
• Availability of Kaspersky IoT Secure Gateway 1000 is not a security objective.
• Security objectives are not guaranteed when installing VPN applications or Kaspersky Debug Service (KDS). When one of these applications is installed, the device restarts and exits cyberimmune mode. To return to cyberimmune mode, you have to completely reinstall Kaspersky IoT Secure Gateway 1000 and repeat the initial configuration.