About This Guide

The Security Developer's Guide is intended for system integrators who are responsible for implementing and enforcing security policies that create and maintain a trusted execution environment.

Using a wide range of evolving tactics, attackers may gain access to a system and acquire the privileges they need to take control of it. While you can’t always prevent attacks, you can defend against them and reduce your loss by increasing an attacker's cost to attack.

This guide is focused on how you can design a system to defend and protect itself, thus limiting the damage to your assets and reputation resulting from an attack.

It contains best practices, examples, and refers to other documentation that supports concepts and general information in this guide.

This table may help you find what you need:

To find out about: See:
The importance of securing your system Securing Your System in the QNX Neutrino User's Guide
Best practices for security integration Best Practices
Threat models for embedded systems Threat Models
Use control
Access control
System integrity, the secure boot process, the Merkle filesystem, and rooted chains of trust Secure Boot
Levels of security for embedded systems Levels of Security for Embedded Systems
The steps for developing a QNX Neutrino system that uses a security policy Tutorial: Build a system that uses a security policy
The API you use to create a software backend to the devcrypto service. The devcrypto plugin API (devcrypto_plugin.h)
An example software backend to the devcrypto service. Example devcrypto plugin: openssl_digest.c
The devcrypto API that provides I/O command structures. The devcrypto I/O command API (cryptodev.h)
The libsecpol API that provides functions for systems that use security policies. The libsecpol API (secpol.h)
Event detection Anomaly Detection (the qad utility entry) in the Utilities Reference