Middleware, development tools, realtime operating system
software and services for superior embedded design
 
 
Home
Networking + Telecom

The security of any network element can only be as secure as the OS upon which it is built. Fundamentally, all resources required for execution should be secured. These include access to memory, CPU, the kernel and hardware resources. The OS needs to provide different levels of privilege for different applications and mediation to verify all accesses and a mechanism must exist to provide resource protection.

In a real time executive, everything is compiled together and runs at the same privilege level. In such a model, there can be no mediation and by default, full access to all resources is available to all elements within the executive. Typically, the memory management unit (MMU) is not utilized and therefore no protection is available.

A monolithic kernel improves this by providing protection at the application level. This model provides applications with separation of privilege and mediation. Protection is provided via the MMU. However, in such a model device drivers, file systems and protocol stacks are all compiled into the kernel and the shortcomings identified for a realtime executive apply equally to a monolithic kernel.

A microkernel, by its nature extends this concept of securing resources to include all elements of the system including applications, drivers, filesystems and stacks. Full separation of privilege and complete mediation are provided. The protection provided by the MMU similarly applies to all system elements. As there is no user modifiable code in the kernel, privilege levels and mediation are not relevant concepts. The kernel does, however, continue to benefit from memory protection.

Security Protocols

In addition to the full IPv4/IPv6 stack provided by QNX as part of its base product offering, QNX provides a full suite of security protocols. These include IPSec, IKE, SSL, SSH, IP Filtering, NAT and others to enable developers to leverage existing implementations for network elements requiring security protocols.

Hardware Acceleration

Increasingly, processor vendors are incorporating specialized blocks for cryptographic acceleration. By taking advantage of these blocks, developers can offload computationally intensive algorithms to dramatically improve throughput while freeing up the CPU for additional processing.

The QNX networking stack takes full advantage of cryptographic acceleration by offloading encryption and authentication algorithms including DES, 3DES, AES, MD5 and SHA-1. The stack further supports the Open Cryptography Framework to provide application level access to the underlying security hardware.

Get QNX Momentics
Software downloads for the entire developer community
Foundry27
Networking Project NOW AVAILABLE
Relevant technologies
QNX Neutrino RTOS
QNX Momentics
Resources
Product Briefs
QNX Neutrino Product Brief
Networking and Telecom Market Brief
Brochures
QNX Momentics Brochure
QNX Neutrino Brochure
Web seminars
Core Networking 6.4: QNX Neutrino's Next Gen Networking Stack and Foundry27
Whitepapers
Lowering the Development Costs of Network Elements through Software Partitioning
From Tightly Coupled to Network Distributed
Making the Switch to RapidIO
Documents
QNX Product Portfolio Diagram
How to buy
Product delivery options
Technical support
Support plans
Member login
 
Harman InternationalAll content ©2004-2008, QNX Software Systems