The Security Developer's Guide is intended for system integrators who are responsible for implementing and enforcing security policies to create and maintain a trusted execution environment.
With a wide range of evolving tactics, attackers may gain access to a system and acquire the privileges they need to take control of the system. While you can’t always prevent an attack to your system, you can defend it to reduce your loss by increasing an attacker's cost to attack.
This guide is focused on how you can design a system to defend and protect it by limiting the damage an attacker can do; for example, to your assets and reputation.
It contains best practices, examples, and refers to other documentation that may support concepts and general information in this guide.
This table may help you find what you need:
| To find out about: | See: |
|---|---|
| The importance of securing your system | Securing Your System in the User Guide |
| Levels of security for embedded systems | Levels of Security for Embedded Systems |
| Best practices for security integration | Best Practices |
| Threat models for embedded systems | Threat Models |
| Access control | |
| Use control | |
| System integrity, the secure boot process, the Merkle filesystem, and rooted chains of trust | Secure Boot |
| The steps for developing a QNX Neutrino system that uses a security policy | Tutorial: Build a system that uses a security policy |
| Event detection | Anomaly Detection (the qad utility) in the Utilities Reference |