Certifying Security, the Presidential Debate & ESC Minneapolis

Posted by: Thom Denholm

Like many Americans, I watched the debate on Monday night, and was pretty disappointed at the candidate’s answers regarding Cyber Attacks. Neither provided anything of substance in their answers, but with these attacks are becoming more sophisticated and having the backing of foreign states, the answer has to be more than just encryption. 

In terms of the defense, code security means planning for and preventing malicious attempts to change the code. Denying buffer overruns and SQL injections are just a few entries on a long list of techniques to keep your software safe. Perhaps the best solution here is using a bulletproof coding standard, which brings me to one of my presentations at ESC Minneapolis last week.

My second session was presented on Thursday at 11:00. After introducing MISRA C 2012 to the audience, I gave a rundown on Datalight’s experience in writing the Reliance Edge file system to that coding standard. While the full slides are linked below, I’d like to share a few highlights of our MISRA C 2012 experience: 

We made many important discoveries about working with MISRA C 2012 that I share in the full presentation, but here are a few highlights:  

* Start with an expert. To kick off our project, we brought in expert help to describe the goals of MISRA and get the team fired up. This is a recommended step, especially for teams unused to the rigorous MISRA approach. We were able to learn from the experience of other teams and heard anecdotes about teams who had not followed the standard and found themselves regretting it.

* Depth of involvement. Without previous experience, we chose to hold ourselves to the “letter of the law” for MISRA, going well beyond static analysis tools. This involved creating some new processes and modifying others. Choosing this path was more labor intensive than we expected, and in the post-mortem discussion our team suggested future projects might want to consider a less stringent approach.

* Certification a forethought. One of the reasons we chose MISRA C 2012 was to help with future certification of this software. While the DO-178 certification describes more of a process than a coding standard, the MISRA documentation we created ended up being most of the required documentation for full certification. As a bonus, the reduced lines of code makes this software product more easily verifiable by a certification team.

We had some good questions from the audience afterwards, finishing the session earlier than the other classes. This allowed us to be first in line for the buffet lunch. Coincidentally, most of the group sat together and lunch and a few more questions came up.

I thoroughly enjoyed my trip to Minneapolis for the Embedded Systems Conference, and if one of the keynote speakers is correct, we’ll all be attending through VR in the next few years.  See you then!


Certifiable Security Presentation

Comments (0)

Add a Comment

Allowed tags: <b><i><br>Add a new comment: