Conferences and supporting programme
Write Safe AND Secure Application Code with MISRA C:2012
When examined with a critical eye, the commonly held belief that security and safety critical code are hugely different to each other is a conundrum. Why would that be? Within the safety domain, the aim for software developers is to produce code that performs as required, whilst ensuring that erroneous behaviour does not result in an accident. Within the security domain, their aim is to produce software that performs as required whilst ensuring that manipulation of input data does not result in denial of service or the leaking of sensitive data. Best practise for the development of either safety or security critical code is to apply a formalised software development process, starting with a set of requirements and tracing those requirements through to executable code. Undefined, unspecified and implementation-defined behaviours within the C language can lead to safety or security failures. And data handling errors such as invalid values, domain violations, tainted data, leaking of confidential information can prevent both safety and security objectives from being realised. With so much commonality between the optimal development processes for safety and security critical code, it is a puzzle as to why there is a common misconception that MISRA is just for safety-related not for security-related projects. In response to that misconception, in April 2016, MISRA released “MISRA C:2012 – Addendum 2” which highlights which of the 46 C Secure rules are covered by the MISRA C: 2012 guidelines. Even MISRA C:2012 Amendment 1, written to enhance MISRA C:2012, largely enhances the language of existing checks explaining why they are important from a security perspective with reference to the ISO C Secure Guidelines, particularly with regards to the use of 'untrustworthy data.“ This presentation will discuss how the original MISRA C:2012 document has always targeted concerns such as buffer overruns and memory errors, and why that is important for both safety and security. It will explain why it promotes the detection of inconsistent data use, and why that is pertinent for all critical code. And it will explore the difference in focus between CERT C’s application centric approach to the detection of issues, in contrast to MISRA’s ethos of using design patterns to prevent their introduction. In conclusion, it will describe how the majority of MISRA rules lend themselves to automated checking, and how the associated tools and techniques lend themselves admirably to the quest to provide an outstanding level of robustness and integrity to maximise the security of connected devices in automotive, IIoT, medical devices and beyond.
--- Date: 01.03.2018 Time: 11:30 AM - 12:00 PM Location: Conference Counter NCC Ost