Uploaded byApollo_n
281 views

Survey/analysis of the QNX Neutrino Secure Kernel

This document summarizes a survey and analysis of security vulnerabilities in the QNX Neutrino secure kernel. It discusses how QNX Neutrino is a microkernel-based real-time operating system that implements many features as userspace applications rather than integrated kernel components. While designed to have a limited interface, Neutrino faces many of the same security threats as other UNIX-style systems. In particular, message passing between kernel components and services can enable local exploits. Additionally, the qconn and Qnet components perform little authentication. The project will address some of these vulnerabilities and demonstrate Neutrino's scalability by customizing an OS image to increase security.

Related topics:
Graphic Design

Embed presentation

Download to read offline
Survey/analysis of the QNX Neutrino Secure Kernel Wael Alnemer 100416646
QNX Neutrino RTOS is a scalable and resilient OS designed to meet the requirements of real-time embedded systems. QNX Neutrino is microkernel .In essence, may of the features (e.g. Protocol stack ,device driver, file systems) that usually considered an integrated part of monolithic kernel were shifted to be implemented as a user space applications. Although QNX Neutrino RTOS was conceived to have as limited interface as possible with user applica- tions, but that doesn’t mean it completely immune to security threats which might happened unexpectedly. Neutrino is potentially vulnerable to most of the same threats that other UNIX-style systems face. Furthermore, there are also some issues that are peculiar to Neutrino. One of the most fundamental vulnerability peculiar to Real-time OS relies on messages passing between the OS kernel, process manager and other services/applications. In QNX lingo, these are the messages passing between clients (e.g., application requesting data) and server (e.g., qconn providing data) .Such a local exploits wouldn't exist in a monolithic OS, where all drivers are located in the same address space as the kernel. Similarly, two vital Neutrino's components, qconn and Qnet, does little to no authentication at all .qconn is a server that runs on a target system and handles all incoming requests from QNX Momentics Tool Suite. Qnet is Neutrino's transparent networking protocol, it displays other Neu- trino machines on the network as they were an extensions of the local machine. In our project for Operating System Security we will address some of those vulnerabilities, with possible solutions and recommendations. Also, we will demonstrate QNX Neutrino scalability; we will illustrate the required steps needed to customize QNX Neutrino RTOS image, and how to create a bootable USB mass storage device, presumably, our system is deeply embedded. Since only the essential and the required components/modules will be included in the system image, system’s security level might be increased dramatically (e.g.,qconn and Qnet will be omitted). Abstract Fig-1 Illustrates the basic elements of our tutorial Lab experiment, such as the main hardware and software that will be used and the connections between them. Please be advised that we might not be able to obtain Board Support Package (BSP) which will be used as QNX Neutrino RTOS (Target) on time, bios.build might be used instead. Consequent- ly, step No.6 will be cancelled. Page 1 Survey/analysis of the QNX Neutrino Secure Kernel
References [1] Odell, D. Pentesting QNX Neutrino RTOS. http://www.fishnetsecuri- ty.com/6labs/blog/pentesting-qnx-neutrino-rtos (accessed 2 Feb 2014) [2] Hobbs, C. Using an IEC 61508-Certified RTOS Kernel for Safety-Critical Systems. http://ww- w.qnx.com/download/feature.html?programid=21526 (accessed 3 Feb 2014) [3] Hobbs, C. Protecting Applications Against Heisenbugs. http://www.qnx.com/download/- feature.html?programid=21289 (accessed 3 Feb 2014) [4] QNX Software Systems .QNX Neutrino RTOS V6.3 System Architecture, 2005 [5] Schaffer, J. Reid, S .The Joy of Scheduling. http://www.qnx.com/download/feature.htm- l?programid=21959 (accessed 3 Feb 2014) [6] Krten, R; updated by QNX Software Systems. Getting Started with QNX Neutrino: A Guide for Realtime Programmers, 2009 [7] Silberschatz, A. Galvin, P .Gagne. Operating System Concepts. 8th Edition 2010 Page 2 QNX Momentics IDE QNX Neutrino RTOS (Host) QNXNeutrinoRTOS(Target) OSimage Buildfile 12 3 4 6 5 Fig-1

More Related Content

PDF
Futex Scaling for Multi-core Systems
byDavidlohr Bueso
 
PDF
Minimalist Operating Systems for Containers
byEnderson Tadeu Maia
 
PPTX
File System Reliability & Virtual File in Operating System
byMeghaj Mallick
 
PPTX
Oracle on windows
byNiall Litchfield
 
DOCX
Controlling The Core
byDennis Pierce
 
PDF
Analyzing The Security Features Of Apache Cassandra Database
byAlirezaAzhdari2
 
PDF
Linux Kernel Security Overview - KCA 2009
byJames Morris
 
PDF
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
byJames Morris
 
Futex Scaling for Multi-core Systems
byDavidlohr Bueso
 
Minimalist Operating Systems for Containers
byEnderson Tadeu Maia
 
File System Reliability & Virtual File in Operating System
byMeghaj Mallick
 
Oracle on windows
byNiall Litchfield
 
Controlling The Core
byDennis Pierce
 
Analyzing The Security Features Of Apache Cassandra Database
byAlirezaAzhdari2
 
Linux Kernel Security Overview - KCA 2009
byJames Morris
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
byJames Morris
 

What's hot

PDF
Exploiting rateless codes in cloud storage systems
byieeepondy
 
PDF
Directions in SELinux Networking
byJames Morris
 
PDF
Lcj pg sql-lt-kaigai
byKohei KaiGai
 
PDF
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
byJames Morris
 
PDF
Adding Extended Attribute Support to NFS
byJames Morris
 
PDF
Open ZFS Keynote (public)
byDustin Kirkland
 
PDF
Psdot 12 a secure erasure code-based cloud storage
byZTech Proje
 
PDF
Secure deduplication-evault-endpoint-protection
byInka Traktman
 
PDF
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
byAnne Nicolas
 
PPT
Phase1
bySachin Thomas
 
Exploiting rateless codes in cloud storage systems
byieeepondy
 
Directions in SELinux Networking
byJames Morris
 
Lcj pg sql-lt-kaigai
byKohei KaiGai
 
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
byJames Morris
 
Adding Extended Attribute Support to NFS
byJames Morris
 
Open ZFS Keynote (public)
byDustin Kirkland
 
Psdot 12 a secure erasure code-based cloud storage
byZTech Proje
 
Secure deduplication-evault-endpoint-protection
byInka Traktman
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
byAnne Nicolas
 
Phase1
bySachin Thomas
 

Viewers also liked

PDF
Creating a Playbook to Exploit the Long Tail of IoT
byAricent
 
PDF
Hacking QNX
byricardomcm
 
PPTX
Practical Security Assessments of IoT Devices and Systems
byOllie Whitehouse
 
PPTX
Using an Open Source Threat Model for Prioritized Defense
byEnclaveSecurity
 
PPTX
Analyzing Vulnerabilities in the Internet of Things
byIke Clinton
 
PDF
iOS secure app development
byDusan Klinec
 
PDF
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
by44CON
 
PDF
IOS Encryption Systems
byPeter Teufl
 
PPTX
Embedded Security in ARM-based microcontrollers
byteam-WIBU
 
PPTX
UPC router reverse engineering - case study
byDusan Klinec
 
PPTX
Infineon Car Security
byInfineon Technologies AG
 
Creating a Playbook to Exploit the Long Tail of IoT
byAricent
 
Hacking QNX
byricardomcm
 
Practical Security Assessments of IoT Devices and Systems
byOllie Whitehouse
 
Using an Open Source Threat Model for Prioritized Defense
byEnclaveSecurity
 
Analyzing Vulnerabilities in the Internet of Things
byIke Clinton
 
iOS secure app development
byDusan Klinec
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
by44CON
 
IOS Encryption Systems
byPeter Teufl
 
Embedded Security in ARM-based microcontrollers
byteam-WIBU
 
UPC router reverse engineering - case study
byDusan Klinec
 
Infineon Car Security
byInfineon Technologies AG
 

Similar to Survey/analysis of the QNX Neutrino Secure Kernel

PPTX
Qnx
byGuevarra Institute of Technology
 
PPTX
QNX OS
byGuevarra Institute of Technology
 
DOCX
Qnx os
byStudent
 
PPTX
Qnx 120227023226-phpapp01
byKishore Wrecks
 
PDF
Review of QNX
byRobert-Emmanuel Mayssat
 
PPTX
Qnx os
byStudent
 
PDF
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
byPROIDEA
 
PDF
QNX Software Systems
byRobert-Emmanuel Mayssat
 
PDF
QNX Sales Engineering Presentation
byRobert-Emmanuel Mayssat
 
PPT
Real Time Operating Systems
byAshwani Garg
 
PDF
rtos-160730105504.pdf
byAswathRangaraj1
 
PPT
QNX-Neutrino-by-Pranshu-Gupta-2003-Fall.ppt
byVisitantP
 
PPT
Rtos
byVinay Diddi
 
PPT
QNX-Neutrino-by-Pranshu-Gupta-2003-Fall.ppt
byssuser4c32a8
 
PDF
Hands on with embedded linux using zero hardware
byRajesh Sola
 
PPTX
5th
byErm78
 
PDF
embedded-linux-120203.pdf
bytwtester
 
PPT
Rt linux-lab1
byJOLLUSUDARSHANREDDY
 
Qnx
byGuevarra Institute of Technology
 
QNX OS
byGuevarra Institute of Technology
 
Qnx os
byStudent
 
Qnx 120227023226-phpapp01
byKishore Wrecks
 
Review of QNX
byRobert-Emmanuel Mayssat
 
Qnx os
byStudent
 
[CONFidence 2016]: Alex Plaskett, Georgi Geshev - QNX: 99 Problems but a Micr...
byPROIDEA
 
QNX Software Systems
byRobert-Emmanuel Mayssat
 
QNX Sales Engineering Presentation
byRobert-Emmanuel Mayssat
 
Real Time Operating Systems
byAshwani Garg
 
rtos-160730105504.pdf
byAswathRangaraj1
 
QNX-Neutrino-by-Pranshu-Gupta-2003-Fall.ppt
byVisitantP
 
Rtos
byVinay Diddi
 
QNX-Neutrino-by-Pranshu-Gupta-2003-Fall.ppt
byssuser4c32a8
 
Hands on with embedded linux using zero hardware
byRajesh Sola
 
5th
byErm78
 
embedded-linux-120203.pdf
bytwtester
 
Rt linux-lab1
byJOLLUSUDARSHANREDDY
 

Survey/analysis of the QNX Neutrino Secure Kernel

  • 1.
    Survey/analysis of the QNXNeutrino Secure Kernel Wael Alnemer 100416646
  • 2.
    QNX Neutrino RTOSis a scalable and resilient OS designed to meet the requirements of real-time embedded systems. QNX Neutrino is microkernel .In essence, may of the features (e.g. Protocol stack ,device driver, file systems) that usually considered an integrated part of monolithic kernel were shifted to be implemented as a user space applications. Although QNX Neutrino RTOS was conceived to have as limited interface as possible with user applica- tions, but that doesn’t mean it completely immune to security threats which might happened unexpectedly. Neutrino is potentially vulnerable to most of the same threats that other UNIX-style systems face. Furthermore, there are also some issues that are peculiar to Neutrino. One of the most fundamental vulnerability peculiar to Real-time OS relies on messages passing between the OS kernel, process manager and other services/applications. In QNX lingo, these are the messages passing between clients (e.g., application requesting data) and server (e.g., qconn providing data) .Such a local exploits wouldn't exist in a monolithic OS, where all drivers are located in the same address space as the kernel. Similarly, two vital Neutrino's components, qconn and Qnet, does little to no authentication at all .qconn is a server that runs on a target system and handles all incoming requests from QNX Momentics Tool Suite. Qnet is Neutrino's transparent networking protocol, it displays other Neu- trino machines on the network as they were an extensions of the local machine. In our project for Operating System Security we will address some of those vulnerabilities, with possible solutions and recommendations. Also, we will demonstrate QNX Neutrino scalability; we will illustrate the required steps needed to customize QNX Neutrino RTOS image, and how to create a bootable USB mass storage device, presumably, our system is deeply embedded. Since only the essential and the required components/modules will be included in the system image, system’s security level might be increased dramatically (e.g.,qconn and Qnet will be omitted). Abstract Fig-1 Illustrates the basic elements of our tutorial Lab experiment, such as the main hardware and software that will be used and the connections between them. Please be advised that we might not be able to obtain Board Support Package (BSP) which will be used as QNX Neutrino RTOS (Target) on time, bios.build might be used instead. Consequent- ly, step No.6 will be cancelled. Page 1 Survey/analysis of the QNX Neutrino Secure Kernel
  • 3.
    References [1] Odell, D.Pentesting QNX Neutrino RTOS. http://www.fishnetsecuri- ty.com/6labs/blog/pentesting-qnx-neutrino-rtos (accessed 2 Feb 2014) [2] Hobbs, C. Using an IEC 61508-Certified RTOS Kernel for Safety-Critical Systems. http://ww- w.qnx.com/download/feature.html?programid=21526 (accessed 3 Feb 2014) [3] Hobbs, C. Protecting Applications Against Heisenbugs. http://www.qnx.com/download/- feature.html?programid=21289 (accessed 3 Feb 2014) [4] QNX Software Systems .QNX Neutrino RTOS V6.3 System Architecture, 2005 [5] Schaffer, J. Reid, S .The Joy of Scheduling. http://www.qnx.com/download/feature.htm- l?programid=21959 (accessed 3 Feb 2014) [6] Krten, R; updated by QNX Software Systems. Getting Started with QNX Neutrino: A Guide for Realtime Programmers, 2009 [7] Silberschatz, A. Galvin, P .Gagne. Operating System Concepts. 8th Edition 2010 Page 2 QNX Momentics IDE QNX Neutrino RTOS (Host) QNXNeutrinoRTOS(Target) OSimage Buildfile 12 3 4 6 5 Fig-1