SlideShare a Scribd company logo

Survey/analysis of the QNX Neutrino Secure Kernel

A
Apollo_n
1 of 3
Download to read offline
Survey/analysis of the QNX Neutrino Secure Kernel Wael Alnemer 100416646
QNX Neutrino RTOS is a scalable and resilient OS designed to meet the requirements of real-time embedded systems. QNX Neutrino is microkernel .In essence, may of the features (e.g. Protocol stack ,device driver, file systems) that usually considered an integrated part of monolithic kernel were shifted to be implemented as a user space applications. Although QNX Neutrino RTOS was conceived to have as limited interface as possible with user applica- tions, but that doesn’t mean it completely immune to security threats which might happened unexpectedly. Neutrino is potentially vulnerable to most of the same threats that other UNIX-style systems face. Furthermore, there are also some issues that are peculiar to Neutrino. One of the most fundamental vulnerability peculiar to Real-time OS relies on messages passing between the OS kernel, process manager and other services/applications. In QNX lingo, these are the messages passing between clients (e.g., application requesting data) and server (e.g., qconn providing data) .Such a local exploits wouldn't exist in a monolithic OS, where all drivers are located in the same address space as the kernel. Similarly, two vital Neutrino's components, qconn and Qnet, does little to no authentication at all .qconn is a server that runs on a target system and handles all incoming requests from QNX Momentics Tool Suite. Qnet is Neutrino's transparent networking protocol, it displays other Neu- trino machines on the network as they were an extensions of the local machine. In our project for Operating System Security we will address some of those vulnerabilities, with possible solutions and recommendations. Also, we will demonstrate QNX Neutrino scalability; we will illustrate the required steps needed to customize QNX Neutrino RTOS image, and how to create a bootable USB mass storage device, presumably, our system is deeply embedded. Since only the essential and the required components/modules will be included in the system image, system’s security level might be increased dramatically (e.g.,qconn and Qnet will be omitted). Abstract Fig-1 Illustrates the basic elements of our tutorial Lab experiment, such as the main hardware and software that will be used and the connections between them. Please be advised that we might not be able to obtain Board Support Package (BSP) which will be used as QNX Neutrino RTOS (Target) on time, bios.build might be used instead. Consequent- ly, step No.6 will be cancelled. Page 1 Survey/analysis of the QNX Neutrino Secure Kernel
References [1] Odell, D. Pentesting QNX Neutrino RTOS. http://www.fishnetsecuri- ty.com/6labs/blog/pentesting-qnx-neutrino-rtos (accessed 2 Feb 2014) [2] Hobbs, C. Using an IEC 61508-Certified RTOS Kernel for Safety-Critical Systems. http://ww- w.qnx.com/download/feature.html?programid=21526 (accessed 3 Feb 2014) [3] Hobbs, C. Protecting Applications Against Heisenbugs. http://www.qnx.com/download/- feature.html?programid=21289 (accessed 3 Feb 2014) [4] QNX Software Systems .QNX Neutrino RTOS V6.3 System Architecture, 2005 [5] Schaffer, J. Reid, S .The Joy of Scheduling. http://www.qnx.com/download/feature.htm- l?programid=21959 (accessed 3 Feb 2014) [6] Krten, R; updated by QNX Software Systems. Getting Started with QNX Neutrino: A Guide for Realtime Programmers, 2009 [7] Silberschatz, A. Galvin, P .Gagne. Operating System Concepts. 8th Edition 2010 Page 2 QNX Momentics IDE QNX Neutrino RTOS (Host) QNXNeutrinoRTOS(Target) OSimage Buildfile 12 3 4 6 5 Fig-1

Recommended

Futex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsFutex Scaling for Multi-core Systems
Futex Scaling for Multi-core Systems
Davidlohr Bueso
 
Minimalist Operating Systems for Containers
Minimalist Operating Systems for ContainersMinimalist Operating Systems for Containers
Minimalist Operating Systems for Containers
Enderson Tadeu Maia
 
File System Reliability & Virtual File in Operating System
File System Reliability & Virtual File in Operating System File System Reliability & Virtual File in Operating System
File System Reliability & Virtual File in Operating System
Meghaj Mallick
 
Oracle on windows
Oracle on windowsOracle on windows
Oracle on windows
Niall Litchfield
 
Controlling The Core
Controlling The CoreControlling The Core
Controlling The Core
Dennis Pierce
 
Analyzing The Security Features Of Apache Cassandra Database
Analyzing The Security Features Of Apache Cassandra DatabaseAnalyzing The Security Features Of Apache Cassandra Database
Analyzing The Security Features Of Apache Cassandra Database
AlirezaAzhdari2
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
James Morris
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
James Morris
 

Recommended

Futex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsFutex Scaling for Multi-core Systems
Futex Scaling for Multi-core Systems
Davidlohr Bueso
 
Minimalist Operating Systems for Containers
Minimalist Operating Systems for ContainersMinimalist Operating Systems for Containers
Minimalist Operating Systems for Containers
Enderson Tadeu Maia
 
File System Reliability & Virtual File in Operating System
File System Reliability & Virtual File in Operating System File System Reliability & Virtual File in Operating System
File System Reliability & Virtual File in Operating System
Meghaj Mallick
 
Oracle on windows
Oracle on windowsOracle on windows
Oracle on windows
Niall Litchfield
 
Controlling The Core
Controlling The CoreControlling The Core
Controlling The Core
Dennis Pierce
 
Analyzing The Security Features Of Apache Cassandra Database
Analyzing The Security Features Of Apache Cassandra DatabaseAnalyzing The Security Features Of Apache Cassandra Database
Analyzing The Security Features Of Apache Cassandra Database
AlirezaAzhdari2
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
James Morris
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
James Morris
 
Exploiting rateless codes in cloud storage systems
Exploiting rateless codes in cloud storage systemsExploiting rateless codes in cloud storage systems
Exploiting rateless codes in cloud storage systems
ieeepondy
 
Directions in SELinux Networking
Directions in SELinux NetworkingDirections in SELinux Networking
Directions in SELinux Networking
James Morris
 
Lcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiLcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigai
Kohei KaiGai
 
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
James Morris
 
Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFS
James Morris
 
Open ZFS Keynote (public)
Open ZFS Keynote (public)Open ZFS Keynote (public)
Open ZFS Keynote (public)
Dustin Kirkland
 
Psdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storagePsdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storage
ZTech Proje
 
Secure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protectionSecure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protection
Inka Traktman
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas
 
Phase1
Phase1Phase1
Phase1
Sachin Thomas
 
Creating a Playbook to Exploit the Long Tail of IoT
Creating a Playbook to Exploit the Long Tail of IoTCreating a Playbook to Exploit the Long Tail of IoT
Creating a Playbook to Exploit the Long Tail of IoT
Aricent
 
Hacking QNX
Hacking QNXHacking QNX
Hacking QNX
ricardomcm
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
EnclaveSecurity
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
Ike Clinton
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app development
Dusan Klinec
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON
 
IOS Encryption Systems
IOS Encryption SystemsIOS Encryption Systems
IOS Encryption Systems
Peter Teufl
 
Embedded Security in ARM-based microcontrollers
Embedded Security in ARM-based microcontrollersEmbedded Security in ARM-based microcontrollers
Embedded Security in ARM-based microcontrollers
team-WIBU
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case study
Dusan Klinec
 
Infineon Car Security
Infineon Car SecurityInfineon Car Security
Infineon Car Security
Infineon Technologies AG
 
Nanokernel
NanokernelNanokernel
Nanokernel
Abu Azzam
 

More Related Content

What's hot

Lcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiLcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigai
Kohei KaiGai
 
Psdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storagePsdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storage
ZTech Proje
 

What's hot (10)

Exploiting rateless codes in cloud storage systems
Exploiting rateless codes in cloud storage systemsExploiting rateless codes in cloud storage systems
Exploiting rateless codes in cloud storage systems
 
Directions in SELinux Networking
Directions in SELinux NetworkingDirections in SELinux Networking
Directions in SELinux Networking
 
Lcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiLcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigai
 
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
 
Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFS
 
Open ZFS Keynote (public)
Open ZFS Keynote (public)Open ZFS Keynote (public)
Open ZFS Keynote (public)
 
Psdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storagePsdot 12 a secure erasure code-based cloud storage
Psdot 12 a secure erasure code-based cloud storage
 
Secure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protectionSecure deduplication-evault-endpoint-protection
Secure deduplication-evault-endpoint-protection
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
 
Phase1
Phase1Phase1
Phase1
 

Viewers also liked

Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
Ike Clinton
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON
 
Embedded Security in ARM-based microcontrollers
Embedded Security in ARM-based microcontrollersEmbedded Security in ARM-based microcontrollers
Embedded Security in ARM-based microcontrollers
team-WIBU
 

Viewers also liked (11)

Creating a Playbook to Exploit the Long Tail of IoT
Creating a Playbook to Exploit the Long Tail of IoTCreating a Playbook to Exploit the Long Tail of IoT
Creating a Playbook to Exploit the Long Tail of IoT
 
Hacking QNX
Hacking QNXHacking QNX
Hacking QNX
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app development
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
 
IOS Encryption Systems
IOS Encryption SystemsIOS Encryption Systems
IOS Encryption Systems
 
Embedded Security in ARM-based microcontrollers
Embedded Security in ARM-based microcontrollersEmbedded Security in ARM-based microcontrollers
Embedded Security in ARM-based microcontrollers
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case study
 
Infineon Car Security
Infineon Car SecurityInfineon Car Security
Infineon Car Security
 

Similar to Survey/analysis of the QNX Neutrino Secure Kernel

Ap 06 4_10_simek
Ap 06 4_10_simekAp 06 4_10_simek
Ap 06 4_10_simek
Nguyen Vinh
 
Black berry playbook security part one
Black berry playbook security part oneBlack berry playbook security part one
Black berry playbook security part one
Yury Chemerkin
 
TASK & RESOURCE SELF-ADAPTIVE EMBEDDED REAL-TIME OPERATING SYSTEM MICROKERNEL...
TASK & RESOURCE SELF-ADAPTIVE EMBEDDED REAL-TIME OPERATING SYSTEM MICROKERNEL...TASK & RESOURCE SELF-ADAPTIVE EMBEDDED REAL-TIME OPERATING SYSTEM MICROKERNEL...
TASK & RESOURCE SELF-ADAPTIVE EMBEDDED REAL-TIME OPERATING SYSTEM MICROKERNEL...
cscpconf
 
Task & resource self adaptive
Task & resource self adaptiveTask & resource self adaptive
Task & resource self adaptive
csandit
 

Similar to Survey/analysis of the QNX Neutrino Secure Kernel (20)

Nanokernel
NanokernelNanokernel
Nanokernel
 
Ap 06 4_10_simek
Ap 06 4_10_simekAp 06 4_10_simek
Ap 06 4_10_simek
 
Qnx os
Qnx os Qnx os
Qnx os
 
Black berry playbook security part one
Black berry playbook security part oneBlack berry playbook security part one
Black berry playbook security part one
 
Factors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxFactors Affecting the System Safety || Linux
Factors Affecting the System Safety || Linux
 
QNX OS
QNX OSQNX OS
QNX OS
 
Qnx
QnxQnx
Qnx
 
TASK & RESOURCE SELF-ADAPTIVE EMBEDDED REAL-TIME OPERATING SYSTEM MICROKERNEL...
TASK & RESOURCE SELF-ADAPTIVE EMBEDDED REAL-TIME OPERATING SYSTEM MICROKERNEL...TASK & RESOURCE SELF-ADAPTIVE EMBEDDED REAL-TIME OPERATING SYSTEM MICROKERNEL...
TASK & RESOURCE SELF-ADAPTIVE EMBEDDED REAL-TIME OPERATING SYSTEM MICROKERNEL...
 
Task & resource self adaptive
Task & resource self adaptiveTask & resource self adaptive
Task & resource self adaptive
 
Security Center.pdf
Security Center.pdfSecurity Center.pdf
Security Center.pdf
 
Clusetrreport
ClusetrreportClusetrreport
Clusetrreport
 
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
 
Ipsn08 tiny ecc-ieee
Ipsn08 tiny ecc-ieeeIpsn08 tiny ecc-ieee
Ipsn08 tiny ecc-ieee
 
Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation
 
hier
hierhier
hier
 
Futex ppt
Futex pptFutex ppt
Futex ppt
 
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...Setting up a private cloud for academic environment with OSS by Zoran Pantic ...
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...
 
Hybrid kernel
Hybrid kernelHybrid kernel
Hybrid kernel
 
Cluster computing report
Cluster computing reportCluster computing report
Cluster computing report
 
In a monolithic kerne1
In a monolithic kerne1In a monolithic kerne1
In a monolithic kerne1
 

Survey/analysis of the QNX Neutrino Secure Kernel

  • 1. Survey/analysis of the QNX Neutrino Secure Kernel Wael Alnemer 100416646
  • 2. QNX Neutrino RTOS is a scalable and resilient OS designed to meet the requirements of real-time embedded systems. QNX Neutrino is microkernel .In essence, may of the features (e.g. Protocol stack ,device driver, file systems) that usually considered an integrated part of monolithic kernel were shifted to be implemented as a user space applications. Although QNX Neutrino RTOS was conceived to have as limited interface as possible with user applica- tions, but that doesn’t mean it completely immune to security threats which might happened unexpectedly. Neutrino is potentially vulnerable to most of the same threats that other UNIX-style systems face. Furthermore, there are also some issues that are peculiar to Neutrino. One of the most fundamental vulnerability peculiar to Real-time OS relies on messages passing between the OS kernel, process manager and other services/applications. In QNX lingo, these are the messages passing between clients (e.g., application requesting data) and server (e.g., qconn providing data) .Such a local exploits wouldn't exist in a monolithic OS, where all drivers are located in the same address space as the kernel. Similarly, two vital Neutrino's components, qconn and Qnet, does little to no authentication at all .qconn is a server that runs on a target system and handles all incoming requests from QNX Momentics Tool Suite. Qnet is Neutrino's transparent networking protocol, it displays other Neu- trino machines on the network as they were an extensions of the local machine. In our project for Operating System Security we will address some of those vulnerabilities, with possible solutions and recommendations. Also, we will demonstrate QNX Neutrino scalability; we will illustrate the required steps needed to customize QNX Neutrino RTOS image, and how to create a bootable USB mass storage device, presumably, our system is deeply embedded. Since only the essential and the required components/modules will be included in the system image, system’s security level might be increased dramatically (e.g.,qconn and Qnet will be omitted). Abstract Fig-1 Illustrates the basic elements of our tutorial Lab experiment, such as the main hardware and software that will be used and the connections between them. Please be advised that we might not be able to obtain Board Support Package (BSP) which will be used as QNX Neutrino RTOS (Target) on time, bios.build might be used instead. Consequent- ly, step No.6 will be cancelled. Page 1 Survey/analysis of the QNX Neutrino Secure Kernel
  • 3. References [1] Odell, D. Pentesting QNX Neutrino RTOS. http://www.fishnetsecuri- ty.com/6labs/blog/pentesting-qnx-neutrino-rtos (accessed 2 Feb 2014) [2] Hobbs, C. Using an IEC 61508-Certified RTOS Kernel for Safety-Critical Systems. http://ww- w.qnx.com/download/feature.html?programid=21526 (accessed 3 Feb 2014) [3] Hobbs, C. Protecting Applications Against Heisenbugs. http://www.qnx.com/download/- feature.html?programid=21289 (accessed 3 Feb 2014) [4] QNX Software Systems .QNX Neutrino RTOS V6.3 System Architecture, 2005 [5] Schaffer, J. Reid, S .The Joy of Scheduling. http://www.qnx.com/download/feature.htm- l?programid=21959 (accessed 3 Feb 2014) [6] Krten, R; updated by QNX Software Systems. Getting Started with QNX Neutrino: A Guide for Realtime Programmers, 2009 [7] Silberschatz, A. Galvin, P .Gagne. Operating System Concepts. 8th Edition 2010 Page 2 QNX Momentics IDE QNX Neutrino RTOS (Host) QNXNeutrinoRTOS(Target) OSimage Buildfile 12 3 4 6 5 Fig-1