Survey/analysis of the QNX Neutrino Secure Kernel Wael Alnemer 100416646
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Survey/analysis of the QNX Neutrino Secure Kernel Wael Alnemer100416646
QNX Neutrino RTOS is a scalable and resilient OS designed to meet the requirements of real-time embedded systems. QNX Neutrino is microkernel .In essence, may of the features (e.g. Protocol stack ,device driver, file systems) that usually considered an integrated part of monolithic kernel were shifted to be implemented as a user space applications. Although QNX Neutrino RTOS was conceived to have as limited interface as possible with user applica-tions, but that doesn’t mean it completely immune to security threats which might happened unexpectedly. Neutrino is potentially vulnerable to most of the same threats that other UNIX-style systems face. Furthermore, there are also some issues that are peculiar to Neutrino.
One of the most fundamental vulnerability peculiar to Real-time OS relies on messages passing between the OS kernel, process manager and other services/applications. In QNX lingo, these are the messages passing between clients (e.g., application requesting data) and server (e.g., qconn providing data) .Such a local exploits wouldn't exist in a monolithic OS, where all drivers are located in the same address space as the kernel. Similarly, two vital Neutrino's components, qconn and Qnet, does little to no authentication at all .qconn is a server that runs on a target system and handles all incoming requests from QNX Momentics Tool Suite. Qnet is Neutrino's transparent networking protocol, it displays other Neu-trino machines on the network as they were an extensions of the local machine. In our project for Operating System Security we will address some of those vulnerabilities, with possible solutions and recommendations. Also, we will demonstrate QNX Neutrino scalability; we will illustrate the required steps needed to customize QNX Neutrino RTOS image, and how to create a bootable USB mass storage device, presumably, our system is deeply embedded. Since only the essential and the required components/modules will be included in the system image, system’s security level might be increased dramatically (e.g.,qconn and Qnet will be omitted).
Abstract
Fig-1 Illustrates the basic elements of our tutorial Lab experiment, such as the main hardware and software that will be used and the connections between them.
Please be advised that we might not be able to obtain Board Support Package (BSP) which will be used as QNX Neutrino RTOS (Target) on time, bios.build might be used instead. Consequent-ly, step No.6 will be cancelled.
Page 1
Survey/analysis of the QNX Neutrino Secure Kernel
References[1] Odell, D. Pentesting QNX Neutrino RTOS. http://www.fishnetsecuri-ty.com/6labs/blog/pentesting-qnx-neutrino-rtos (accessed 2 Feb 2014)[2] Hobbs, C. Using an IEC 61508-Certified RTOS Kernel for Safety-Critical Systems. http://ww-w.qnx.com/download/feature.html?programid=21526 (accessed 3 Feb 2014)[3] Hobbs, C. Protecting Applications Against Heisenbugs. http://www.qnx.com/download/-feature.html?programid=21289 (accessed 3 Feb 2014)[4] QNX Software Systems .QNX Neutrino RTOS V6.3 System Architecture, 2005[5] Schaffer, J. Reid, S .The Joy of Scheduling. http://www.qnx.com/download/feature.htm-l?programid=21959 (accessed 3 Feb 2014)[6] Krten, R; updated by QNX Software Systems. Getting Started with QNX Neutrino: A Guidefor Realtime Programmers, 2009[7] Silberschatz, A. Galvin, P .Gagne. Operating System Concepts. 8th Edition 2010
Page 2
QNX Momentics IDE
QNX Neutrino RTOS (Host)
QN
X Neutrino RTO
S (Target)
OS im
age
Build�le12
3
4
6
5
Fig-1
Related Documents
