Tools, partnerships provide security for software

  • 11-Feb-2014 05:29 EST

Klocwork’s tools check for security issues as software is being written.

Security is becoming a major factor for automakers, driven by several of the dominant industry trends. Connectivity and increasing volumes of software are among the factors prompting many design teams to partner with security specialists.

In recent months, suppliers and automakers announced joint programs. Renault is partnering with AVG Technologies and Visteon is working closely with Secunet, for example. The most recent came early this year when Klocwork became part of the QNX Automotive Safety Program for ISO 26262. Klocwork, recently acquired by Rogue Wave Software, makes a source code analysis tool that alerts developers to potential security vulnerabilities or reliability issues.

“The program looks for anomalies and other issues without running the software,” said Steven Howard, Software Quality Consultant at Klocwork. “It looks through the parts of code that have potential issues like boundary overruns and memory leaks. These checks can occur while code is being written, sort of like a spell-check program.”

The auto industry didn’t have many concerns until recent trends highlighted potential vulnerabilities. Infotainment systems can be a primary avenue for malware since radio head units connect with smart phones and telematics systems. If hackers find a breach anywhere, they can potentially assault any of the millions of lines of code in a vehicle. Design teams creating this software have largely acknowledged the need to address security issues.

“When vehicles get to the point of having millions of lines of code that includes packages from open source libraries and has a mix and match of software from different suppliers, automakers have to check it out thoroughly,” said Philip O’Hara, Klocwork’s Director for Europe, Middle East and Africa. “Three years ago, most of them were content to implement the MISRA standard, but in the last two years there’s been a complete change in this environment.”

The negative publicity Target stores received after the retailer’s security was breached highlight the potential fallout from leaving vulnerabilities in code. Howard noted that design teams need to test individual programs and assess the interactions between multiple programs.

“Developers want to make sure the code is secure so hackers won’t make the company fall over,” he said. “This software tells programmers where problems are in the code. It also looks at the overall system.”

Klocwork is among the many companies that provide software tools that let developers check their work throughout the design process, beginning in the early stages of development. These virtual tests help find errors early in the process, helping to make physical prototypes a place to prove simulation results instead of a place to detect bugs.

“Traditionally, the only way to test code is to run it,” Howard said. “The longer you wait to find problems, the more it costs to fix them.”

HTML for Linking to Page
Page URL
Rate It
0.00 Avg. Rating

Read More Articles On

Focused on the near-term safety-improvement potential underlying autonomous-driving technology, Toyota - counter to much of the auto industry - sees real promise in developing SAE Level 2-3 systems.
Connectivity spawns need for security designed-in from the beginning, a complex issue that spans many disciplines.
If there’s any doubt that connectivity is the next wave for advanced features and functions, it should dissipate after CES 2017. A multitude of advances in over the air updates and security will be shown in Las Vegas in January, setting the stage for much of the auto industry’s technology rollouts throughout the year.
Emerging markets and technologies are both creating openings for Taiwanese suppliers. China’s burgeoning automotive market is a primary target for companies that focus on OEM sales, while emerging technologies like LEDs and head-up displays (HUD) are also providing opportunities.

Related Items

Training / Education
Training / Education