Assumptions of Use#
Operating System Assumptions of Use
|
status: draft
security: YES
safety: ASIL_B
|
||||
No Root Privileges
|
status: valid
security: YES
safety: ASIL_B
|
||||
No process running on the SW-platform shall request root privileges. Note: The root privilege is dangerous for security and safety as it destroys process isolation. |
|||||
Safe OS Function Use
|
status: valid
security: YES
safety: ASIL_B
|
||||
If an application or SW-platform component is safety relevant and uses OS functions, it shall only use the safe functions. Note: For checking the “to be expected” safe functions the developer can consider the safe function list published by the OS supplier. For QNX this can be found for example in appendices here (for one version). |
|||||
OS Public API Use
|
status: valid
security: YES
safety: ASIL_B
|
||||
All components shall only use the public API of the OS components. |
|||||
C++ Library Preference
|
status: valid
security: YES
safety: ASIL_B
|
||||
All components should prefer the use of C++ standard lib over the C lib to call a functionality. If C lib must be used, it shall not be mixed with C++ lib for the same functionality. |
|||||
Minimal Process Privileges
|
status: valid
security: YES
safety: ASIL_B
|
||||
All components shall only use the privileges that are indispensable for their function. Note1: OS safety manuals provide lists of allowed and not allowed privileges. Note2: One example is the “channel connect” - only IPC connections are allowed which are specified in the architecture. Note3: Another example is mmap_peer which would allow accessing other processes memory if wrongly used. |
|||||