Embedded Safety, Security For Automotive Systems Development

September 2019 Technology LDRA Embedded Safety Security Automotive Systems Development

The automotive industry is transitioning towards mobility that is set to turn connected and eventually autonomous and for such trends to turn into reality, safe performance of numerous electronic systems is of critical importance. The short intervals for development of new products and technologies have also added the burden of quicker turnaround times for developing features and models. The role of virtual validation in the advancement of next-generation automotive technologies is rapidly increasing, especially with the large amount of testing required for features like autonomous driving.

There is a strong requirement for embedded safety and security to be developed and validated efficiently for the purpose of providing solutions for future automotive mobility trends. To this end, we spoke with three experts in the area of embedded software development – Andrew Banks, Chairman – MISRA C and BSI Software Testing Working Group, Technical Specialist, LDRA UK (L); David A Johnson, CFSE, CSP, Senior Safety/Security Engineer at exida LLC, USA (C); Dr Eckhardt Holz, Senior Advisor Functional Safety, ANSYS Medini Technologies, Germany (R). They were part of the recently-organised fifth edition of Embedded Safety & Security Summit (ESSS) 2019 by LDRA.

EMBEDDED & FUNCTIONAL SAFETY, SECURITY FOR AUTOMOTIVE

MISRA and MISRA C in particular was created by the automotive industry for the automotive industry, and has been subsequently adopted worldwide by other industries, noted Banks. He said these software development guidelines are the best ones available for the C and C++ languages. The MISRA and MISRA C guidelines are available to address the undefined behaviours that these languages perform, so as to carry out basic coding properly.

Functional safety within the automotive world can be summed up by ISO 26262 safety standards. The second edition of this safety standard provides a process that guides users on how likely threats should be assessed throughout the lifecycle of the vehicle, explained Banks. He added that ISO 26262 mentions that security needs to be considered, although the current document for security is from SAE, called J3061, which comes out of the US. This is mostly a system-level guidance, which proves the point that safety and security are one and the same at the software level. Nonetheless, it provides guidance at the vehicle platform system level that has been contributed into a joint working group of ISO and SAE for a collaborative standard that is undergoing work. This joint standard is ISO/SAE 21434, which is focussed on cybersecurity engineering for road vehicles, he observed. However, neither of the above standards focus on autonomy, but there are a number of groups within the automotive community that are coming together to address this future mobility technology.

ANSYS Medini provides a comprehensive tool for functional safety, which supports all requirements for safety covering OEMs, component suppliers as well as suppliers of semiconductor pieces like microcontrollers, noted Dr Holz. He said the tool supports analysis on three levels, with the first being Fault Tree Analysis (FTA) on a qualitative or quantitative level. The second solution, which is a complimentary method to FTA, is Failure Mode and Effects Analysis (FMEA) analysis methodology that supports different standards like VDA and AIAG as well as the upcoming joint American-European standards on FMEA. Dr Holz further added that the final analysis is in the form of supporting technologies, such as Hazardous Operation Analysis (HAZOP) and Hazard Risk Analysis. In terms of solutions offered to companies developing hardware, Dr Holz said the company offers all these techniques in a quantitative manner.

The foundation of a safety system is in defining a safety function and ensuring it works when it is supposed to, noted Johnson. He added that there are two critical parts in making sure that safety systems function properly. The first is in making the safety system reliable and consistent, in terms of requirements management, design & architecture, analysis tools, testing & verification methods. The second area is from cybersecurity perspective, where the system is well-protected from attacks and vulnerabilities. ISO 26262 defines basic foundational requirements that go into cyber systems in the form of good encryption, authentication as well as management of resources.

CONNECTED VEHICLES & AUTONOMOUS DRIVING

It is observed that even with a driver behind the steering wheel, a vehicle is not safe or secure and is susceptible to being hacked. Banks said that in the case of autonomous vehicles, even if a driver is present, as in the case of Level 3/4 type of car, a timely human intervention may be possible while being hacked. He further added that in a Level 5 fully-autonomous vehicle, there is no means for the driver to take control at all, leading to a hacker being able to remotely control the vehicle and deciding the path of the vehicle.

Similarly, within the connected environment, there have been cases of drivers hacking into the vehicle-to-infrastructure (V2I) system to control traffic lights due to their openness. This requires a safe and secure infrastructure system that can authenticate and validate instructions, otherwise possibly leading to catastrophic results. Banks noted that safety and security are vital and need to be seen as a pair, since one cannot be considered without the other.

There are two other important updates coming up within the scope of ADAS and autonomous vehicles – Cybersecurity and Safety of the Intended Functionality (SOTIF). Cybersecurity is now being addressed since the new ISO standard refers to it, with regulations in the US asking carmakers to take cybersecurity into account. The company is currently running its beta version of its solution to address cybersecurity, which will be soon released as an official version. The second area of SOTIF is something that ANSYS Medini is going to be offering in its latest release, which will come out in September. SOTIF standard currently addresses ADAS but not autonomous vehicles, noted Dr Holz. However, he observed that the standard does include future work in the direction of autonomous vehicles in its scope.

exida, a certification company offers such processes for 26262 standards in the area of safety and cybersecurity, and the automotive standards bank a lot on safety standards, said Johnson. While the company does not directly offer certifications for autonomous vehicles, Johnson noted that the new ISO/SAE 21434 will try to address autonomous vehicle functions. He added that once that standard is out, exida will study the new standard and become familiar with it before offering certification for such mobility trends.

ESSS 2019

LDRA recently organised the fifth edition of the Embedded Safety & Security Summit (ESSS) 2019, which focussed on the theme ‘Enabling a Safe and Secure Tomorrow.’ The event brought together the global embedded technology community including embedded system designers, developers, testers, technology partners, regulators, armed forces and industry experts from the aerospace & defence, automotive and industrial sectors.

The event was organised with support from partners and industry bodies, featuring over 20 speakers from five countries, who presented technical papers in two dedicated tracks. The first track covered the topic of embedded safety and security, while the second track looked into automotive functional safety and security. The event provided the industry with an opportunity to interact and forge relationships with the vibrant tech community. Dr Holz noted that the event encompassed a variety of topics, which complement each other nicely and have been brought together within the overall context of embedded systems and safety of embedded systems.

ROUND-UP

A common idea derived from the interaction with these experts is that it is imperative that safety and security are not thought of at the end of the development process, but taken into account from the start of vehicle development, to be able to design and implement these features as the development progresses, noted Banks. Meanwhile, Dr Holz noted that the standards in the development of safety and security are significant, especially since these regulations are developed in accordance with various markets, and this also enables manufacturing of improved products that can be easily exported to global markets. The evolution of autonomous vehicle technologies will see increased role of safety and security requirements in the development of such systems, in order to get their design right the first time, and save time that is of essence to the automotive industry.

TEXT: Naveen Arul