论文信息 - Dissecting QNX

Dissecting QNX

T his work concerns a dissection of QNX: a proprietary, real-time operating system aimed at the embedded market. QNX is used in many sensitive and critical devices in different industry verticals and while some prior security research has discussed QNX, mainly as a byproduct of BlackBerry mobile research, there is no prior work on QNX exploit mitigations and secure random number generators. In this work, carried out as part of the master’s thesis of the first author, we present the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX versions up to and including QNX 6.6 and the brand new 64-bit QNX 7.0 released in March 2017. We uncover a variety of design issues and vulnerabilities which have significant implications for the exploitability of memory corruption vulnerabilities on QNX as well as the strength of its cryptographic ecosystem.

A. Abbasi | J. Wetzels

[1] Hector Marco Gisbert,et al. On the Effectiveness of Full-ASLR on 64-bit Linux , 2014 .

[2] Ismael Ripoll,et al. Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems , 2016 .

[3] Eric Wustrow,et al. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices , 2012, USENIX Security Symposium.

[4] Daniel Martin Gomez. BlackBerry PlayBook Security: Part one , 2011 .

[5] Reducing the Effective Entropy of GS Cookies , 2007 .

[6] Bruce Schneier,et al. Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator , 1999, Selected Areas in Cryptography.

[7] Héctor Marco Gisbert. Cyber-security protection techniques to mitigate memory errors exploitation , 2016 .

[8] Hagen Fritsch. Buﬀer overﬂows on linux-x86-64 , 2009 .

[9] Hovav Shacham,et al. Welcome to the Entropics: Boot-Time Entropy in Embedded Devices , 2013, 2013 IEEE Symposium on Security and Privacy.

[10] Ismael Ripoll,et al. Preventing Brute Force Attacks Against Stack Canary Protection on Networking Servers , 2013, 2013 IEEE 12th International Symposium on Network Computing and Applications.

[11] Tanja Lange,et al. Factoring RSA keys from certified smart cards: Coppersmith in the wild , 2013, IACR Cryptol. ePrint Arch..