QNX Neutrino RTOS Secure Kernel

An embedded system can only be as secure as the operating system (OS) upon which it is built. In fact, an OS needs to provide different levels of privilege for different applications, mediation to verify all accesses, and a mechanism for resource protection.

Secure microkernel by design

QNX Software Systems offers one of the most comprehensive networking solutions for connected and distributed industrial systems.

A microkernel RTOS provides protective barriers between processes including networking and filesystems, which are typically within the kernel memory space in monolithic operating systems.

The QNX® Neutrino® RTOS Secure Kernel delivers the foundation that aerospace, defense, security, and other companies need to address stringent safety and security requirements for mission-critical applications. Having proven its products in applications ranging from battlefield communications to the space shuttle, QNX Software Systems has certified the QNX Neutrino RTOS Secure Kernel to Common Criteria ISO/IEC 15408 Evaluation Assurance Level (EAL) 4+. This is the first full-featured RTOS certified under the common criteria standard. It is also the first RTOS to include symmetric multiprocessing (SMP) support for multi-core processors and unique QNX Neutrino adaptive partitioning technology in the certification. QNX Neutrino RTOS Secure Kernel 6.4.0 was released early 2009.

Build secure systems

The QNX Neutrino RTOS Secure Kernel is more secure than other commercial operating systems not only because of certifications but also because only a microkernel can provide proper isolation amongst all aspects of a system, including file systems and networking stacks. Its unique adaptive partitioning technology guarantees system resources for applications while preventing rogue software from denying resources to other parts of the system. During overload conditions, this technology enforces hard resource guarantees, ensuring applications receive their budgeted share of resources.

Create fault tolerant applications

Time-tested and field-proven, the QNX Neutrino RTOS is built on a true microkernel architecture. Under this system, every driver, application, protocol stack, and file system runs outside the kernel in the safety of memory protected user space. Virtually any component can fail and be automatically restarted without affecting other components or the kernel. Further, the QNX Neutrino RTOS provides an optional high availability framework for monitoring critical software and keeping it running even after faults. No other commercial RTOS provides such a high level of fault containment and recovery. Inherently modular, the QNX Neutrino RTOS lets you dynamically upgrade modules, introduce new features, or deploy bug fixes — without costly downtime or system outages.

Rely on standards for secure programming

Engineered to the POSIX standard (1003.1-2001 POSIX.1), the QNX Neutrino RTOS provides a well understood programming API with predictable and reliable behavior – a key ingredient to secure systems. A POSIX API prevents the use of proprietary interfaces with the potential for insecure behavior and misunderstood results.

The POSIX standard has many other benefits. POSIX demands proper adherence to user and group privileges and security defaults that prevent, if necessary, high privilege access to system resources. Using POSIX programming also gives developers the power to port legacy and open-source UNIX, Linux, and Internet code with just a simple recompile. With standard APIs, developers can reuse application code, avoid costly delays and shorten their learning curve — accelerating development cycles and reducing time to market.

Leverage transparent development

QNX Software System’s unique Foundry27 community provides access to QNX developers, RTOS source code, forums, and project roadmaps. Relying on obscurity has never been good for security and QNX provides full access to all of the core operating system source code plus much of the supporting network, filesystems, and tools. A key element of secure software is the visibility and understanding of the user community in its design and operation. No person, group or entity has an advantage over any other because of unique access to hidden source code. The QNX approach is to provide transparency not only in source code but also in the product development cycle as a whole.

Feature Summary

Common Criteria (ISO/IEC 15408) EAL4+ Certified Secure

Stringent standard for security and development processes used in development
EAL4+ certification (first full featured RTOS)
Includes multiprocessing (SMP) support for multi-core processors and unique adaptive partitioning technology
POSIX PSE 52 support of the broadest range of POSIX API specifications
Well understood programming API with predictable behavior
Correct user and group privilege management and enforcement

High availability and fault tolerance

Heartbeat for early fault detection
Intelligent restart and transparent reconnection

Open transparent development

Foundry27 community access to QNX developers, source, forums, and project roadmaps
Source code visibility and access to all key areas of the OS technology – no hidden, proprietary implementation

Microkernel architecture

Dynamically upgradable services and applications
Fine-grained fault isolation and recovery
Message-passing design for modular, well-formed systems

Adaptive partitioning

Guaranteed system resources to build secure, reliable systems without compromising performance and flexibility

Predictable realtime performance

Preemptive scheduler with choice of scheduling methods
Distributed priority inheritance

To see the CSE list of certified products http://www.cse-cst.gc.ca/its-sti/services/cc/cp-pc-eng.html.