QNX SDP is a cross-compiling and debugging environment, including an IDE and command-line tools, for building binary images and programs for target boards running QNX Neutrino 7.1.
The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX Neutrino RTOS system and developers who want to create a QNX Neutrino resource manager free from vulnerabilities.
This User's Guide describes version 7.1 of the Integrated Development Environment (IDE) that's part of the QNX Momentics tool suite.
The following table describes security problems and cyberattacks and the QNX Neutrino security features that can mitigate them.
Security policies can make some aspects of security much easier for a developer.
Stack cookies provide protection against stack buffer overflow on stack-allocated variables, which prevents program misbehaviours.
Address space layout randomization varies the location of data and instructions each time an executable is loaded.
QNX Neutrino RTOS fortified system functions are designed to detect out-of-bounds memory accesses by performing lightweight parameter validation at compile-time, runtime, or both.
QNX Neutrino offers developers many alternatives for cryptography functions.
Because the QNX hypervisor is built as an extension of the QNX Neutrino microkernel, it inherits the security features of the microkernel itself as well as the secure execution environment the microkernel creates. It also has additional layers that are purpose built for secure virtual machine operation.
The information in this section is designed to help you create a QNX Neutrino resource manager that does not contain vulnerabilities. It focuses on properly checking both permissions and the length and content of resource manager messages.
The QNX cryptography library (qcrypto library) is a generic cryptographic shim layer that provides a consistent API to the various cryptographic primitives offered by third-party libraries.
The devcrypto service is a legacy system driver interface and is mainly provided for backwards compatibility.
The pathtrust feature prevents processes from executing untrusted code. If a process is compromised, pathtrust mitigates the threat of the system being further compromised by an attacker using chained-together exploits.
Systems that need authentication can use pluggable authentication module (PAM), a configurable standard library.
The QNX Hypervisor allows you to run multiple OSs on a target system so you can separate critical and non-critical functions, support a wide variety of applications, and reduce hardware costs.
QNX Software in the Cloud enables developers to use the QNX software in Amazon Web Services (AWS) and Microsoft Azure (Azure).
This User's Guide is aimed at all systems integrators and developers who want to design and build embedded systems using the QNX Advanced Virtualization Frameworks.
This section describes the typographical conventions used throughout the documentation and explains how to obtain technical support.
