Addendum 2 from the MISRA C guidelines came out in 2016, deepening the specifications for security and broadening the strategies beyond automotive.
MISRA C is a set of software development guidelines for the C programming language developed by the Motor Industry Software Reliability Association (MISRA). The guidelines aim to facilitate code safety, security, portability, and reliability in embedded systems. MISRA has evolved into a widely accepted model for best practices by leading developers in sectors including automotive, aerospace, telecom, medical devices, defense, railway, and others.
The MISRA C guidelines, including the MISRA C:2012 Amendment 1 security guidelines, were created to help engineers write safer, more secure, and more maintainable code. The MISRA guidelines provide a map to the ISO/IEC 17961:2013 C language Security Guidelines. The specifications offer code examples that are addressed by the MISRA security guidelines, showing how to detect and eliminate violations before code is compiled.
The Liverpool Data Research Associates (LDRA) have been working to promote the guidelines to embedded developers. “MISRA is a broad term. We’re focused on addendum 2 for the security space. The addendum looks at undefined behaviors that are not allowed, and those that need to be managed,” Jay Thomas, director of field engineering at LDRA, told Design News. “The addendum goes into undefined behaviors as well as unspecified behaviors. If you don’t get them right, your code may not run right is certain areas.”
LDRA works to develop and support safety- and security-critical industry standards. LDRA representatives comprise four of the 11 positions on the MISRA C committee, and the company provides support for MISRA rules through the LDRA tool suite, LDRArules, and LDRAlite for ARM DS-5 software products.
MISRA C has traditionally been deeply oriented toward the automotive industry, since it was conceived in support of automotive code. “In the automotive space, we see a lot of testing in different environments. We see a lot of changing of test and execution environments, which is fine if you understand what might change,” said Thomas. “Addendum 2 is about the things that can lead to security defects. You have to pay attention to those so you can avoid the defects.”
New Guidance for Use Beyond the Auto World
In April 2016, MISRA published MISRA Compliance:2016, which provides enhanced guidance for achieving compliance to MISRA C and MISRA C++. The new guidance aims to help developers achieve compliance with MISRA coding guidelines while also establishing pre-approved permits for deviation and tailoring the classification of guidelines.
The addendums were developed as a response to the use MISRA C beyond the auto industry. “MISRA C 2012 has been around since 2012, the addendums have been around since 2016. They were developed because MISRA was designed for the motor industry, but then we’ve seen it used in medical and aircraft applications,” said Thomas. “Since it’s becoming more widely used – and all devices are more connected – it has become more important to get the code right.”
Pushing the Guidelines Down the Supply Chain
The adjustments to MISRA C were also promoted by the proliferation of connected devices. It was also prompted by automakers who were pushing the guidelines down their supply chains. “Security has become more of a focus because everything has become more interconnected,” said Thomas. “We’re seeing the prime manufacturers in auto as dictating ISO processes and MISRA to their subcomponent vendors. They’ve included their suppliers in the process to ensure they are delivering compliant products.”
Thomas expects the introduction of addendum 2 to help ensure security in automotive, from the OEMS down to through their suppliers. “It’s impossible to say for certain, but with everything we’ve seen, the addendum should help with security defects,” said Thomas. “This is an industry-wide adoption. Some subcomponent vendors are more interested than others, but now the prime contractors are asking for this from their subcomponent vendors. The prime manufacturers are looking to enforce this on their subcomponent manufacturers.”
Thomas will present the session, Prtect the Weak Link in Embedded Systems with MISRA C Security Guidelines at the Embedded Systems Conference in Boston on May 4.