Security Features for System Integrators

Updated: October 28, 2024

Privilege control
Systems without passwords
Secure boot
Secure boot is a mechanism that ensures the integrity of the running system, by cryptographically verifying each stage of the boot process.
Cryptography for system integrators
QNX Neutrino supports multiple ways to access cryptography services.
Address space layout randomization (ASLR)
Address space layout randomization varies the location of data and instructions each time an executable is loaded as long as it was compiled with Position-Independent Executable (PIE) support.
Fortified system functions
QNX Neutrino RTOS fortified system functions are designed to detect out-of-bounds memory accesses by performing lightweight parameter validation at compile-time, runtime, or both.
Access control
Access control is the selective restriction of access to a resource. Access controls take many different forms and the sections below describe which ones can be used in QNX Neutrino systems.
Filesystem security
Adaptive partitioning
random
Virtualization security features
Virtual devices (vdevs) provided by QNX Hypervisor for Safety (QHS) and other QNX hypervisors.
The /proc filesystem
Application groups
Application groups are used to group processes together so they can be controlled as a group.
Hypervisor security
The QNX hypervisor is built as an extension of the QNX Neutrino microkernel. As such, it inherits the security features of the microkernel itself as well as the secure execution environment created by the microkernel. In addition, the hypervisor has additional layers that are purpose-built for secure virtual machine operation.