Secure embedded software – choosing the right coding standard

This article compares state-of-the-art coding standards and explains how adherence to them can help developers deliver more secure C and C++ code.


By Richard Bellairs, PRQA                        Download PDF version of this article


An increasing number of products that touch our daily lives are connected to the internet. This brings many benefits, but also introduces potential security vulnerabilities. It is imperative that the software powering these products is developed with security in mind. Adoption of a strong coding standard that addresses known security issues has been shown to deliver more secure products. Enforcing this standard with automated code analysis tools will help to ensure products are delivered on time and in budget.

The pace of change in consumer products is amazing and the rate of innovation continues to accelerate. A new generation of connected devices and socially oriented services continues to impact our lives in profound ways, from the use of voice-activated speakers to control our smart homes to the hundreds of sensors that are used to control traffic in our cities more effectively. The widespread adoption of connected devices raises concerns over their security and our privacy.

Security of software is a hot topic, and one that every organization must address effectively. C remains the dominant language for embedded software development in consumer products, with C++ growing in popularity. There is no shortcut to achieving software security; reducing the risk it poses requires a concerted effort, and an appreciation of best practice industry guidelines.

Applying coding standards to the development of safety-critical software is a widely adopted practice, but coding standards that target security issues are still relatively new. Demand for software security standards has increased as a result of the Internet of Things (IoT); the security of data and the connections between devices have been shown to have serious security flaws. Some examples of high-profile failures include the hacking of TrendNet nanny cams and the failure of Nest thermostats due to a flawed software update. Security and privacy breaches not only put users at risk, but also have the potential to cause significant damage to company reputation. As such, security is a commercial imperative.

Recognition of the importance of security has increased over recent years. New security-focused coding standards have emerged alongside the more mature safety-critical standards. Although the underlying goals are different, their recommendations frequently overlap. Most of the coding standards considered in this article use rules to prohibit aspects of a language that are considered inappropriate by the issuing standards body. In addition, they prescribe ways to enrich the development process and the language effectiveness. In some respects, they define a new language, with specific emphasis on delivering greater security, improved predictability, increased robustness and better maintainability. Today most popular coding standards for security are the CERT C Secure Coding Standard; MISRA C:2012; and the C Secure Coding Rules (ISO/IEC TS 17961:2013).

For the purposes of comparison, the coding standards covered in this article have been assessed using nine categories, some of which include a qualitative indication of how the coding standards perform. The performance indicator (1 to 3 stars) is derived from considerations and impressions PRQA has collected from its wide customer base which, by any measure, can be considered an official endorsement of any standard. We categorized the standards as follows:

Industry: the original industry sector targeted by the coding standard.

Reference language version: the version of the C Standard that is currently used as a reference for the coding guidelines. This is important as it can influence the choice of coding standard for a project; for example, if C11 is to be used (for instance, because some of its features make it the most applicable for a given application) MISRA C:2012 is not a good candidate unless specific compliancy requirements make it necessary.

Automatic enforceability: the ease of creation of automatic checks for the guidelines that don’t result in false positives. This is usually related to how strictly or loosely specific guidelines are defined.

Coverage: a qualitative indication of the breadth of the coding standard scope and the number of guidelines defined. The broader the scope, the higher the educational value of the coding standard, but a broad scope can also bring complexity in terms of guideline maintenance and tool coverage.

Market adoption: the level of usage of the coding standard for real-world projects, in terms of formal compliance requirements (for example in functional safety applications) and voluntary usage to improve overall software quality.

Tool availability: the market availability of an automated code analysis tool to enforce the coding standard. This tends to be linked with the standards level of market adoption.

Evolution: a quickly evolving standard adapts better to feedback from the users and provides faster introduction of new features. This can be considered good for consumer products but bad for other sectors. CERT C uses two methods for publishing its guidelines; a web-based wiki, and a PDF document freely available. The wiki evolves faster than the latter.

Resources: this can include references to the C language standard, to other standards, papers, articles or other common knowledge bases that may be helpful.

Examples: descriptions to illustrate the issues related to the violation of a specific guideline and compliant solutions.

Figure 1. This simple flow chart helps to make an informed choice.

 

There is no single best standard for secure coding. Selection must consider many different aspects, such as the duration of the project (where stability of the reference is more important), the version of the language being used and the existence of legacy code. The simple flow chart in figure 1 can help to make an informed choice.

Scenario 1. If the requirements dictate compliance with a recognized coding standard (a typical scenario would be a safety-critical application) then the choice should be MISRA C. The latest version of this standard is MISRA C:2012 Amendment 1. If a previous version of MISRA is mandated (for example MISRA C:2004) then the project will benefit from the addition of the security rules provided by ISO/IEC 17961:2013 (some work will be required to match the C version and remove any overlap – a good footprint would be the Addendum 2 of MISRA C:2012 “Coverage of MISRA C:2012 against ISO/IEC 17961:2012 C Secure”).

 

 

 

 

 

 

 

 

 

 

 

 

Figure 2. Comparison table of CERT C, MISRA C: 2012, and IEC/ISO 17961:2013 €

Scenario 2. If the application has no compliancy requirements, and if there are no high-performance needs that would sacrifice code portability it is still recommended to adopt a high integrity perspective. In this case the recommendation would also be to use MISRA C:2012.

Scenario 3. In both previous scenarios CERT C could offer valuable support from a security perspective, and the recommendation would be to adopt CERT C in parallel with the suggested standards (in the flow chart this is indicated by a dashed line). However, if a high-integrity approach is not taken the MISRA C:2012 standard could be seen as too restrictive for the specific application, in this case the recommendation would be to only apply CERT C in order to achieve a good level of code security.

Choosing the right coding standard to adopt when developing secure code will depend on many factors, such as an understanding of the features and benefits of each standard and how they could meet the requirements of the current development project. The process shown in this article focuses on the ability to perform automated testing with tools such as PRQA static analyzers QA·C and QA·C++. Such tools perform deep analysis of software code to prevent, detect and eliminate defects and automatically enforce coding rules to ensure standards compliance.


Related


TestOps - The Next Level in Electronic Test

How can you speed overall product development, improve your team’s efficiency, and accelerate time-to-market? Adopt a TestOps approach. Just like software developers did with DevOps, brin...

Hardware-based AES Encrypted Storage Solution

Secure data encryption is essential for a wide variety of mission-critical applications pertaining to both civilian matters and national security. These sectors both require comprehensive safeguards t...

Give Your Product a Voice with Alexa

Join us for a deep dive into the system architecture for voice-enabled products with Alexa Built-In. Device makers can use the Alexa Voice Service (AVS) to add conversational AI to a variety of produc...

The two big traps of code coverage

Code coverage is important, and improving coverage is a worthy goal. But simply chasing the percentage is not nearly so valuable as writing stable, maintainable, meaningful tests. By Arthur Hick...

 

nVent Schroff at Embedded World 2019

The theme of the nVent Schroff booth at Embedded World 2019 was “Experience Expertise – Modularity, Performance, Protection and Design”. Join us as our experts give an overview of th...


Garz & Fricke Interview at Embedded World 2019 with Dr. Arne Dethlefs: We are strengthening our presence in North America

Through its US subsidiary, located in Minnesota, Garz & Fricke is providing support for its growing HMI and Panel-PC business in the USA and Canada while also strengthening its presence in North A...


SECO's innovations at embedded world 2019

In a much larger stand than in previous years, at embedded world 2019 SECO showcases its wide range of solutions and services for the industrial domain and IoT. Among the main innovations, in this vid...


Design and Manufacturing Services at Portwell

Since about two years Portwell is part of the Posiflex Group. Together with KIOSK, the US market leader in KIOSK systems, the Posiflex Group is a strong player in the Retail, KIOSK and Embedded market...


Arrow capabilities in design support

Florian Freund, Engineering Director DACH at Arrow Electronics talks us through Arrow’s transformation from distributor to Technology Platform Provider and how Arrow is positioned in both, Custo...


Arm launches PSA Certified to improve trust in IoT security

Arm’s Platform Security Architecture (PSA) has taken a step forward with the launch of PSA Certified, a scheme where independent labs will verify that IoT devices have the right level of securit...


DIN-Rail Embedded Computers from MEN Mikro

The DIN-Rail system from MEN is a selection of individual pre-fabricated modules that can variably combine features as required for a range of embedded Rail Onboard and Rail Wayside applications. The ...


Embedded Graphics Accelerates AI at the Edge

The adoption of graphics in embedded and AI applications are growing exponentially. While graphics are widely available in the market, product lifecycle, custom change and harsh operating environments...


ADLINK Optimizes Edge AI with Heterogeneous Computing Platforms

With increasing complexity of applications, no single type of computing core can fulfill all application requirements. To optimize AI performance at the edge, an optimized solution will often employ a...


Synchronized Debugging of Multi-Target Systems

The UDE Multi-Target Debug Solution from PLS provides synchronous debugging of AURIX multi-chip systems. A special adapter handles the communication between two MCUs and the UAD3+ access device and pr...


Smart Panel Fulfills Application Needs with Flexibility

To meet all requirement of vertical applications, ADLINK’s Smart Panel is engineered for flexible configuration and expansion to reduce R&D time and effort and accelerate time to market. The...


Artificial Intelligence

Morten Kreiberg-Block, Director of Supplier & Technology Marketing EMEA at Arrow Electronics talks about the power of AI and enabling platforms. Morten shares some examples of traditional designin...


Arrow’s IoT Technology Platform – Sensor to Sunset

Andrew Bickley, Director IoT EMEA at Arrow Electronics talks about challenges in the IoT world and how Arrow is facing those through the Sensor to Sunset approach. Over the lifecycle of the connected ...


AAEON – Spreading Intelligence in the connected World

AAEON is moving from creating the simple hardware to creating the great solutions within Artificial Intelligence and IoT. AAEON is offering the new solutions for emerging markets, like robotics, drone...


Arrow as a Technology Provider drive Solutions selling approach

Amir Sherman, Director of Engineering Solutions & Embedded Technology at Arrow Electronics talks about the transition started couple of years ago from a components’ distributor to Technology...


Riding the Technology wave

David Spragg, VP, Engineering – EMEA at Arrow Electronics talks about improvements in software and hardware enabling to utilize the AI capabilities. David shares how Arrow with its solutions is ...


ASIC Design Services explains their Core Deep Learning framework for FPGA design

In this video Robert Green from ASIC Design Services describes their Core Deep Learning (CDL) framework for FPGA design at electronica 2018 in Munich, Germany. CDL technology accelerates Convolutional...


Microchip explains some of their latest smart home and facility solutions

In this video Caesar from Microchip talks about the company's latest smart home solutions at electronica 2018 in Munich, Germany. One demonstrator shown highlights the convenience and functionalit...


Infineon explains their latest CoolGaN devices at electronica 2018

In this video Infineon talks about their new CoolGaN 600 V e-mode HEMTs and GaN EiceDRIVER ICs, offering a higher power density enabling smaller and lighter designs, lower overall system cost. The nor...


Analog Devices demonstrates a novel high-efficiency charge pump with hybrid tech

In this video Frederik Dostal from Analog Devices explains a very high-efficiency charge-pump demonstration at their boot at electronica 2018 in Munich, Germany. Able to achieve an operating efficienc...