Securing Software Code Development for ADAS

Author : Jill Britton, Director of Compliance, Perforce

07 November 2023

Advanced driver assistance system (ADAS) implementations have become the norm on many modern road vehicles, whether as standard or an optional extra. Unsurprisingly, autonomous cars will take this functionality to another level. This article looks at the software development aspect.

ADAS systems play a critical role in improving safety by reducing human error. However, they can only perform that role if they are robust, safe and secure. Since they are highly dependent on software, their code must adhere to stringent standards and processes.
 
Software development has been identified as one of the leading causes of vulnerabilities that can subsequently lead to system malfunction or malicious cyberattacks. Its processes must therefore prioritise security as well as safety and performance. 
 
Software complexity
According to Perforce’s 2023 State of Automotive Software Development Report, most ADAS software developers surveyed use programming languages such as C and C++ (42% and 68% respectively). While these languages provide greater scope for innovation, they also allow more room for interpretation by developers, of whom even the most experienced may inadvertently introduce errors.
 
The increasingly complex nature of developing software for these systems adds another challenge. Beyond the drivetrain, modern road vehicles must likewise manage infotainment or connectivity to IoT systems. In addition, it is becoming more difficult to isolate all these individual components from each other, due to electronic control unit (ECU) consolidation - whereby several systems may co-exist on the same one. 
 
ADAS categorisation is based on the level of automation provided, ranging from level 0 (no driving automation) through to level 5 (full driving automation). Level 1 addresses automated functions such as lane-keeping assistance, cruise control and automatic emergency braking. Other levels have greater complexity, with more demanding requirements leading to greater challenges in guaranteeing safety and security.
 
Relevant industry standards
Fortunately, various resources and best practices are available to guide automotive software development teams. For example, ISO 26262 (which deals with the functional safety of road vehicles) is a widely used risk-based standard for vehicle-based electric/electronic systems, including ADAS components. As well as identifying processes necessary throughout the system lifecycle, ISO 26262 includes automotive safety integrity levels (ASILs). These ASILs measure the risk of each component, and thus the specific processes its development must follow.
 
Complementary to ISO 26262 is ISO/PAS 21448, dealing with the safety of the intended functionality in road vehicles. Also known as SOTIF, it addresses safety hazards that do not result from system failures, but are due to functional insufficiencies or other limitations of the system, as well as foreseeable misuse by the driver. It typically applies to ADAS level 1 and, as it only covers faults not addressed by other standards, is not intended for existing functions (like airbags or dynamic stability control).
 
The latest standard to be published (in 2021) of particular relevance to ADAS is ISO 21434. It focuses on cybersecurity risks in the electronic systems of road vehicles. In the same way that ISO 26262 addresses safety, ISO 21434 addresses security right across the software development lifecycle - from design, development and test, through to decommissioning. Its future importance in software development is already becoming clear, as 78% of Perforce’s survey respondents expect to comply with ISO 21434.
 
Coding standards
Important companions to functional standards are coding standards, which are sets of rules/guidelines created by groups of experts who share their knowledge of the use of programming languages to help ensure code being developed is safe and secure. Use of a coding standard helps to identify and remove vulnerabilities while the code is being written.
 
Some functional standards, such as ISO 26262 and ISO 21434, require the use of a coding standard. In the automotive industry, there are some well-established candidates - notably MISRA, AUTOSAR and CERT C. MISRA provides guidelines for developing software for critical systems written in C and C++, with the latest updates being released just this year. AUTOSAR C++14 was originally developed for use with the AUTOSAR Adaptive Platform for connected and autonomous vehicles. CERT publishes secure coding standards for C, C++ and Java.
 
Best practice adoption
Having functional and coding standards available is only the beginning. They then need to be applied, and for busy development teams this must not become an onerous addition to their workloads. Consequently, many organisations use static analysis to enforce coding standards as part of their secure software development lifecycle. This examines code without running it, raising alerts when rule violations are detected. By performing this analysis automatically in the background, developers receive early feedback and can confidently develop code, knowing it is compliant (otherwise it will be flagged).
 
At the same time, these software tools also help to improve the quality of other software development processes - such as speeding up code reviews, reducing manual testing efforts and showing developers what ‘clean code’ looks like (effectively helping them to enhance their coding skills). Other tools that are often part of the secure software development lifecycle include software composition analysis, dynamic code analysis, version control, plus automated testing.  
 
Having a security-focused culture is also critical. It is reassuring to hear that 75% of organisations say they provide security training/tools, according to Perforce’s survey. Emphasis on security needs to be a top-down commitment, but additionally it makes sense to involve development teams in the selection of supporting tools. This helps to encourage buy-in rather than resistance.

Beyond ADAS, security has to be a priority in the development of any modern automotive system. As software complexity increases, the volumes of code and the size of projects are reaching a point where it is hard (if not impossible) to manage them manually - making it vital to have tools and processes in place to support functional and coding standards. Now is the time to create a solid security-first software development environment.
 


Contact Details and Archive...

Print this page | E-mail this page