2. QNX Neutrino RTOS is a scalable and resilient OS designed to meet the
requirements of real-time embedded systems. QNX Neutrino is microkernel .In essence, may of
the features (e.g. Protocol stack ,device driver, file systems) that usually considered an integrated
part of monolithic kernel were shifted to be implemented as a user space applications. Although
QNX Neutrino RTOS was conceived to have as limited interface as possible with user applica-
tions, but that doesn’t mean it completely immune to security threats which might happened
unexpectedly. Neutrino is potentially vulnerable to most of the same threats that other
UNIX-style systems face. Furthermore, there are also some issues that are peculiar to Neutrino.
One of the most fundamental vulnerability peculiar to Real-time OS relies on messages passing
between the OS kernel, process manager and other services/applications. In QNX lingo, these
are the messages passing between clients (e.g., application requesting data) and server (e.g.,
qconn providing data) .Such a local exploits wouldn't exist in a monolithic OS, where all drivers
are located in the same address space as the kernel.
Similarly, two vital Neutrino's components, qconn and Qnet, does little to no authentication at
all .qconn is a server that runs on a target system and handles all incoming requests from QNX
Momentics Tool Suite. Qnet is Neutrino's transparent networking protocol, it displays other Neu-
trino machines on the network as they were an extensions of the local machine.
In our project for Operating System Security we will address some of those vulnerabilities, with
possible solutions and recommendations. Also, we will demonstrate QNX Neutrino scalability;
we will illustrate the required steps needed to customize QNX Neutrino RTOS image, and how to
create a bootable USB mass storage device, presumably, our system is deeply embedded. Since
only the essential and the required components/modules will be included in the system image,
system’s security level might be increased dramatically (e.g.,qconn and Qnet will be omitted).
Abstract
Fig-1 Illustrates the basic elements of our tutorial Lab experiment, such as the main hardware
and software that will be used and the connections between them.
Please be advised that we might not be able to obtain Board Support Package (BSP) which will
be used as QNX Neutrino RTOS (Target) on time, bios.build might be used instead. Consequent-
ly, step No.6 will be cancelled.
Page 1
Survey/analysis of the QNX Neutrino Secure Kernel
3. References
[1] Odell, D. Pentesting QNX Neutrino RTOS. http://www.fishnetsecuri-
ty.com/6labs/blog/pentesting-qnx-neutrino-rtos (accessed 2 Feb 2014)
[2] Hobbs, C. Using an IEC 61508-Certified RTOS Kernel for Safety-Critical Systems. http://ww-
w.qnx.com/download/feature.html?programid=21526 (accessed 3 Feb 2014)
[3] Hobbs, C. Protecting Applications Against Heisenbugs. http://www.qnx.com/download/-
feature.html?programid=21289 (accessed 3 Feb 2014)
[4] QNX Software Systems .QNX Neutrino RTOS V6.3 System Architecture, 2005
[5] Schaffer, J. Reid, S .The Joy of Scheduling. http://www.qnx.com/download/feature.htm-
l?programid=21959 (accessed 3 Feb 2014)
[6] Krten, R; updated by QNX Software Systems. Getting Started with QNX Neutrino: A Guide
for Realtime Programmers, 2009
[7] Silberschatz, A. Galvin, P .Gagne. Operating System Concepts. 8th Edition 2010
Page 2
QNX Momentics IDE
QNX Neutrino RTOS (Host)
QNXNeutrinoRTOS(Target)
OSimage
Buildfile
12
3
4
6
5
Fig-1