OS DAY-2019. Cooperation among operating platform developers and the security of Russian software
The sixth OS DAY conference, Tools: Their Development and Practical Application, was held in Moscow in June 2019. The conference was organized by a consortium of leading Russian IT companies and organizations: Institute for System Programming of the Russian Academy of Sciences, DZ Systems, BaseALT SPO, GosNIIAS, Kaspersky, RED SOFT, RusBITech-Astra, and Cryptosoft.
OS DAY-2019 participants included over 300 Russian operating platform and system software developers, regulators, as well as customers using Russian software. The main theme of the event had been chosen by the OS DAY-2018 participants. Since developers need to ensure a high quality of their software products in all stages of their lifecycle, issues related to using tools have taken on a special importance. This is why OS DAY-2019 was devoted to tools designed for creating operating platforms and using these tools in real life.
Reliability, including security, is one of the most important characteristics of system software. During the opening ceremony, Arutyun Avetisyan, Director of the V.P. Ivannikov Institute for System Programming of the Russian Academy of Sciences, said, "Cyberthreats have become a challenge for all of us. Providing protection against these risks is a formidable and multifaceted task, which cannot be accomplished by one company alone. The cooperation of software developers is necessary. Leading Russian firms know this very well: significantly, the conference’s organizers include companies that compete in the marketplace but unite their efforts to address important issues. Russia’s technological independence can only be ensured by the joint efforts of businesses, fundamental research institutions and regulators."
Today, regulators define trends in ensuring that system software is trusted. Dmitry Shevtsov, head of department at the Federal Service for Technical and Export Control (FSTEC) of Russia responsible for managing work related to ensuring the technical protection of information and the security of Russian critical infrastructure, spoke about new regulatory documents that establish a software standardization procedure and software security requirements. Two documents came into effect on June 1, 2019: "Methodology of Identifying Vulnerabilities and Undocumented Features in Software" and "Information Security Requirements Establishing Trust Levels for Tools Providing the Technical Protection of Information and Information Technology Security Tools". The latter document describes six trust levels. The FSTEC of Russia places special emphasis on modeling security policies for access management and on the development of a secure compiler.
Russia’s technological independence in the IT sphere is based on trusted system software and related development tools. Alexey Novodvorsky, deputy CEO of BaseALT SPO, spoke of a domestic development infrastructure that is already in place and available to all Russian companies. "To ensure technological independence, it is essential to have freedom in selecting hardware platforms. We offer support for the greatest possible number of such platforms in Sisyphus, a Russian repository developed by our team. In 2019, we released the ninth stable platform of the repository. It can be used by developers of system or application software to create the necessary toolsets and software products for all supported platforms, including Russian platforms Elbrus, Baikal, ELVIS, and YADRO, as well as emerging foreign platforms –RISC V, ARM, and Loongson. So, the question whether life is possible without х86 no longer sounds like a joke."
Anna Kan, sector head at GosNIIAS, believes that to achieve technological independence it is necessary to develop certifiable Russian real-time operating systems, including on-board OS’s, in addition to general-purpose operating systems. "GosNIIAS, in cooperation with Russian Academy of Sciences institutes and IT companies, is developing a certifiable multiplatform real-time on-board OS and related development tools. To date, we have resolved the main fundamental issues and got down to development work."
Sophisticated system software is based on the results of fundamental research in mathematics. Alexander Oruzheinikov, head of development at RusBITech-Astra, believes it is very important that these issues have been put on the OS DAY agenda, making it possible to concentrate on the scientific and technological issues of system software development. "An operating platform is considered the foundation upon which the critical infrastructure of enterprises and organizations is built. Programming the actual OS components, as well as the tools used to create and verify these components, are aspects that have become especially significant. Only fundamental mathematical research can ensure the reliability of software products and of the toolsets used to develop them. As a result of this approach, FSTEC of Russia awarded our OS, Astra Linux, an A1 certificate, the highest possible security rating."
Russian developers view creating tools designed to ensure the compatibility of Russian software as an important task. Roman Simakov, director of system products at RED SOFT, emphasized, "To create the extremely sophisticated multicomponent systems used in critical IT infrastructure, what customers need is not separate programs but suites that include both system and application software. In view of this need, we are particularly serious about developing our partner program. Today, RED SOFT has over 100 confirmed compatibilities. We are working with our colleagues from ARPP Otechestvenniy Soft (Domestic Software Developers Association) to put together a comprehensive catalog of compatible software products."
Cooperation between system software and security product developers is essential for meeting the challenges faced by the IT industry. Valery Egorov, deputy CEO for core information technologies at Cryptosoft, commented, "A technological breakthrough can only be achieved through coordinated work. Our collaboration with companies that create Russian operating systems and application software enables us to view our own development efforts, such as the QP OS, from a new perspective. Today creating compatible tools and systems that Russian developers will use is one of our highest priorities."
Andrey Doukhvalov, head of future technologies at Kaspersky, shared his vision: "Security, trust, vulnerabilities, the human factor, errors… Developers have been repeating these words for years. And yet, the number of problems has only been growing. There are different reasons for this, including the increasing variety and sophistication of software. The methods commonly used to ensure security and trust do not offer the hope that the problems will be resolved anytime soon. However, there is a way out. We envision the software industry evolving towards immune information systems, that is, information systems that have the ability to perform their core function in an aggressive information environment built into them at the systemic, architectural, fundamental level. Such systems can work reliably regardless of errors in application code, improper administration, malware or other attacks. Just like living organisms in nature."
Dmitry Zavalishin, CEO of DZ Systems and co-founder of OS DAY, summed up the discussions at the conference. "Russian system software has become sophisticated, complex and multicomponent. A great number of extremely varied tools is necessary to maintain its lifecycle: to develop software, including that designed for specific processors, to build, debug and test it, and to collect data on the efficiency and errors occurring during the system’s operation, etc. In this context, creating and using toolkits is one of the most vital tasks for system software developers. Useful and focused conversations among colleagues, impossible to achieve at other events, become possible at the OS Day conference."
The OS DAY conference included an exhibition of products by Russian operating system and hardware platform developers. The participants got a chance not only to view state-of-the-art solutions but also to try out the hardware and software systems on display.
For additional information, please contact Anna Novomlinskaya, OS DAY Executive Director, firstname.lastname@example.org.
About the OS Day conference
The annual OS DAY conference is devoted to issues related to developing operating platforms and other system software in Russia, the Eurasian Customs Union and the Commonwealth of Independent States (CIS). The main goal of the event is to provide a venue where operating platform and system software developers could share their expertise, where system software customers and developers could communicate and where all participants could find opportunities for cooperation in this area.
OS DAY organizers: Institute for System Programming of the Russian Academy of Sciences, DZ Systems, BaseALT SPO, GosNIIAS, Kaspersky, RED SOFT, RusBITech-Astra, and Cryptosoft.