About This Guide

The Security Developer's Guide is intended for system integrators who are responsible for implementing and enforcing security policies to create and maintain a trusted execution environment.

With a wide range of evolving tactics, attackers may gain access to a system and acquire the privileges they need to take control of the system. While you can’t always prevent an attack to your system, you can defend it to reduce your loss by increasing an attacker's cost to attack.

This guide is focused on how you can design a system to defend and protect it by limiting the damage an attacker can do; for example, to your assets and reputation.

It contains best practices, examples, and refers to other documentation that may support concepts and general information in this guide.

This table may help you find what you need:

To find out about: See:
The importance of securing your system Securing Your System in the User Guide
Levels of security for embedded systems Levels of Security for Embedded Systems
Best practices for security integration Best Practices
Threat models for embedded systems Threat Models
Access control
Use control
System integrity, the secure boot process, the Merkle filesystem, and rooted chains of trust Secure Boot
The steps for developing a QNX Neutrino system that uses a security policy Tutorial: Build a system that uses a security policy
Event detection Anomaly Detection (the qad utility) in the Utilities Reference