EN 
DE Read on!
Embedded Safety & Security: Table of Contents
- Standards and QM – Everything will be better
- Security as a strategy – quality before functionality
- Security as a strategy – protection against viruses, worms, hackers & Co.
- Development process – The root of the problem
- Looking to the future – addressing future challenges today
- Quality features – Less is more
Part I: Standards and QM – Everything will get better
Safety – what is it, and what kind of safety are we even talking about? Fortunately, the terms functional safety and security have now become established in German-speaking countries as well. According to the definition in the IEC 61508 standard, functional safety describes a state that is free from unacceptable risks of impairment and can therefore be considered hazard-free. Security encompasses the area of potential external attacks on a system, which in turn can affect functional safety. But how can it be determined whether an embedded software system is sufficiently secure? After all, supposedly secure systems unfortunately repeatedly prove to be insecure or even dangerous. The potential for danger is significant, both in the private and in the business, i.e., professional, sphere. This is especially true when sources of danger are not yet known and it is therefore unclear in which situations a system is expected to prove its worth.
Requirement: Adhere to the state of the art.
Because it's nearly impossible to predict the sources of danger or malfunction in an innovative system during operation, it's crucial to develop according to the current state of science and technology to counter accusations of negligence. This means nothing more and nothing less than achieving the necessary safety using the currently available and justifiable means.
Inherent improvement of security – 3 rules
What general options exist for improving the operational reliability of software systems during development? Essentially, the requirement is to adhere to certain programming rules to avoid (systematic) errors during development. There are various ways to improve software quality:
- Firstly, an important part of art is to limit oneself, which means nothing other than either refraining from dangerous constructs or not allowing them.
- Secondly, simplifying the syntax also makes a valuable contribution. This simplifies writing and reading programs. The potential of syntax simplification lies in preventing errors from occurring in the first place through improved clarity.
- Thirdly, related elements should be grouped together during development. This ensures easier understanding and a better overview.
Image 1: Related things can be grouped together.
The right programming language
High-quality software development is based on the same rules that define secure systems through standards. A consistently implemented quality management process is therefore half the battle. Object-oriented programming languages are already equipped with built-in tools that facilitate the implementation of these rules. For example, C++ supports the principle that related elements should be grouped together during development. Enumeration types, for instance, can be created within a structure definition without consuming any memory. But C++ also makes it easy to improve the operational reliability of the software in practical use. For example, pointers, which often lead to errors in code creation, can frequently be replaced by references, which simplifies syntax and can even eliminate the need for security checks.
ISO 26262 – Standardized safety
The ISO 26262 standard specifies requirements for safety-related electrical/electronic systems in motor vehicles based on the current state of science and technology and the associated basic standards. The aim is always to ensure the functional safety of a system with electrical/electronic components in a motor vehicle. Unfortunately, its description of its application remains rather vague. Therefore, the question arises:
How to implement it?
It is essential to have the appropriate tools and resources to implement the requirements of the standard and to demonstrate that these requirements have actually been met. More generally, a crucial issue is the ability to demonstrate that work has been carried out in accordance with the current state of science and technology, and that everything technically feasible and justifiable has been implemented. Compliance with the standard is therefore a critical point that cannot be taken seriously enough, especially considering liability issues. It should be noted, however, that certification is not required by the standard itself, but rather proof of qualified personnel, for example, through appropriate regular training.
Image 2: The less functionality, the more security. The more meaningfully code is combined during programming, the lower the error rate and the greater the security that can be achieved.
Qualification of software tools
In this context, it's important to emphasize that the qualification of the software tools used is a crucial point. There's a possibility that the tools themselves introduce errors that the programmer/developer isn't even aware of – they simply don't notice them. Stefan Kriso (Robert Bosch GmbH) says that it's essential „… to clarify the probability that faulty content output by the tool can be discovered at a later stage in the development process, for example through reviews or tests.“ This is a challenging task.
Complete Trend Guide „Embedded Safety & Security“ Download as PDF.
MicroConsult supports you with training and coaching on the topic of embedded safety and security:
Functional safety (FuSi) of electronics and their software according to IEC 61508 and ISO 26262
Security foundations for embedded systems
ISO SAE 21434 Road Vehicles – Cybersecurity Engineering
Security: Cryptography and secure systems
Security: Secure updates and booting – Practical implementation for modern embedded systems
Training & coaching on all other topics in our portfolio can be found here. here.
Furthermore, there is the possibility to explore the topic area Embedded Safety & Security also in tailor-made workshops to address. They are tailored to the specific needs of tasks, projects, teams, and roles.
Get in touch with us! Contact form
Download the complete trend guide
Embedded Safety & Security
