datasheet

Article count:1511 Read by:4580472

Hottest Technical Articles
Brembo plans to acquire Ohlins to reshape brake and suspension technology
Detailed explanation of automotive 800V system technology
How much does it cost to customize an automotive-grade ECU?
Free appointment | CAN XL International Seminar
Registration for SAIC Motor Technology Innovation Summit Forum Opens | October 30-31
How much does a car-grade ECU cost?
ARM architecture detailed explanation
CAN XL International Seminar | CiA, Bosch, Infineon, NXP, and Hongke shared their experiences
Live broadcast today | CAN XL International Seminar
Talking about the compliance of data collection
MoreDaily News
Hot WeChat Articles
Millimeter wave penetration and ST60 mechanical structure design requirements
Youli丨How to open up the Ren and Du meridians of AR/VR intelligent interaction?
I date SNEC in the spring
Why will you die if you don't sleep? To find the answer, scientists arranged these experiments丨Video
Qualcomm joins forces with Razer and Verizon to launch 5G handheld gaming device powered by Snapdragon G3x platform
Explore the meaning of Matter with Infineon!
​Free Review | GigaDevice GD32F310G-START
Bluetooth® Smart Network Processor
Yiweier sincerely invites you to participate in the 11th China International Defense Electronics Exhibition
Popular Articles
LED chemical incompatibility test to see which chemicals LEDs can be used with
Application of ARM9 hardware coprocessor on WinCE embedded motherboard
What are the key points for selecting rotor flowmeter?
LM317 high power charger circuit
A brief analysis of Embest's application and development of embedded medical devices
Single-phase RC protection circuit
stm32 PVD programmable voltage monitor
Introduction and measurement of edge trigger and level trigger of 51 single chip microcomputer
Improved design of Linux system software shell protection technology
What to do if the ABB robot protection device stops
Other WeChat Articles
Two pictures reveal the "widest bandwidth integrated RF transceiver platform"
Learn the fundamentals of PLLs, from circuit building blocks to device selection
Here’s the strategy for winning the urban spectrum war: Surviving in the crowded wireless spectrum
The secret behind the high performance of ICs used in extremely harsh high-temperature environments is...
Rejecting noise, this voltage regulator becomes the "new favorite"
New! ADI explains the 5 major application power innovation trends, the future of power development will be like this~
How to keep the infotainment device from resetting when using the car's start-stop system?
The latest work by Professor Yang Jianguo of Xi'an Jiaotong University is now online! Come and support it!
This technology, which significantly reduces fuel consumption, also needs to solve a key problem
MEMS inertial sensors easily solve the "positioning" problem of emergency rescue
Devices of possible interest
64-31211-63-0300
740X043151FP
6QDPS-048-25.32-TBR-TEU-2
HBSTCR-117-S-XXX-32-G-200-LT
GMR7590-31P5FSN513
M55342H03B29A1PT5
2113-N2-28-20
SF06H3241DTL
RNC60K6421DRRSL201
RNCS0402CKC4K93
Hot Download Recommendations
Design and research of AC charging pile for electric vehicles (20170712080946)
Research and implementation of serial communication between PC and single chip microcomputer
Detailed explanation of PCB design problems & PCB manufacturing process and instructions
Source code for Symbian mobile phone intelligent operating system, image viewing software, supports more than a dozen graphic formats.
DS2417
CAN Open Protocol and Operation Manual
Application of data control between JTAG device and PSD8XXF peripheral chip
Design of intelligent home control system based on NIOSⅡ processor
THE SYNTAX OF A PROGRAMMING LANGUAGE tells you what code it is possible to write—what the machine will
Online Bookstore Source Code
Look around
Account Entry

What exactly is software security analysis analyzing?

Latest update time:2024-05-17
    Reads:
I believe everyone is familiar with security analysis at the system and hardware levels. There is also a lot of relevant information on the Internet, so I won’t go into details here. So when it comes to software, many friends often don’t know how to start. Is it really necessary to do security analysis? What is the difference between system and hardware security analysis, how to conduct security analysis, how granular the analysis should be, etc. To address these issues, we will discuss them systematically today:


  • Where do software bugs come from?
  • Is software security analysis really necessary?
  • What exactly does software security analysis analyze?
  • Should FTA or FMEA be used for software safety analysis?
  • How to perform software security analysis?


Q: What is the source of the software bug?


Generally speaking, compared with system and hardware failures, software failures or bugs are systemic failures, that is, deterministic failures caused by human design negligence, errors, etc. These failures must be modified and adjusted accordingly. eliminate.


But specifically, systematic failures or bugs in software show different characteristics depending on the level of the software:


1

Software unit or function level:


Examples : Function statement syntax errors, variable errors, calculation logic errors, infinite loops, missing function writing, missing definitions, etc.

Features : Strong certainty, easy to reproduce, easy to eliminate, mostly static characteristics.

2

Software architecture level:

Examples : execution timing errors, data flow errors, interface errors, resource preemption, etc.

Features : Difficult to reproduce and troubleshoot, related to FFI (Free from Interference), essentially caused by random hardware failures, but only manifested as results at the software level, often showing dynamic characteristics, and even impossible or difficult to reproduce .


Q: Is software security analysis really necessary?


To address the problem of systematic software failures, ISO 26262 generally reduces the possibility of systematic failures as much as possible through the constraints of the secure development process, that is, strict development process requirements and test completeness requirements.

Therefore, theoretically speaking, even if there is no software security analysis process, through strict security development process constraints (the higher the ASIL level, the stricter the security development process constraints), the systemic failure problem of software has been effectively controlled. This is also what some friends believe There is no reason why specialized software security analysis is necessary.


But this conclusion is not entirely correct, or at least in actual operation, software security analysis is still necessary. I think the main reasons are :


1

As the complexity of automotive software continues to increase, the development of software components involves the collaborative work of multiple development teams. The interactions and dynamic attributes of software components are also becoming more complex. It is difficult to fully cover software failure issues with simple software safety development process constraints. .

2

Software failures at the system architecture level often have dynamic processes and are difficult to identify through software security development process constraints .

3

ISO 26262 Part 6 specifically defines the requirements for software safety analysis, which is also one of the new additions to the 2018 version.

4

The application of non-white-box models such as machine learning (AI) reduces the interpretability of software and increases the possibility of failure. Although architecture-based security analysis does not make non-white-box models completely interpretable, it helps analyze it from a logical level. Potential failure issues.


To sum up, software security analysis is still very necessary, especially for software systems with more complex or highly dynamic characteristics.


Q: What exactly is software security analysis analyzing?


In the previous first question "What are the sources of software bugs?", we talked about that software systemic failures mostly exist at two levels, namely the software unit and software architecture levels.


Since failures at the software unit level are mostly static in nature, they can basically be covered by process constraints. In addition, the security analysis workload at the software unit level is huge, and the actual operation feasibility is not high. Failures at the architecture level mostly involve running timing, data flow issues, etc., which have obvious dynamic characteristics and high complexity. The software security development process Constraints are not easy to detect and need to be further identified through security analysis, and corresponding security measures must be formulated to supplement and implement software security requirements. This time, iterations will be carried out to ultimately improve software security issues!


Therefore, the object of software security analysis is the software architecture, with the focus on analyzing the functional safety issues that may be caused by the dynamic characteristics of the architecture, rather than the syntax, logic and other errors at the code level of the specific software unit. Such software security analysis is more meaningful and practical .


As for the dynamic characteristics of software, the most common and important failure problem is the problem of interference between elements (FFI, Free From Inteference) caused by different ASIL levels, or the coexistence of safety and non-safety-related software, namely:

— Timing and execution;
- Memory;
— Information exchange.


Therefore, during the software security analysis process, it is necessary to focus on the corresponding software security analysis based on the above issues.


So the next question is, the software architecture itself has different granularity. Which granularity should we analyze?


This issue is not stipulated in ISO 26262. I personally think this issue can be considered from two perspectives:


1

Based on the complexity of the software architecture, select a granularity that can be implemented within the project cycle. However, in order to ensure the effectiveness and completeness of the analysis, the granularity should not be too large.

2

You can consider software architecture analysis at the software scheduling level.


In addition, it is important to note that security analysis at the software architecture level does not distinguish between different ASIL levels, and all ASIL levels must be performed!



Q: Should FTA or FMEA be used for software security analysis?


In ISO 26262, Part 6 Appendix E, it is mentioned that inductive or deductive methods can be used to identify design defects, conditions, faults or failures that can trigger a causal chain and lead to a violation of safety requirements.


In actual operation, it is recommended to use the inductive analysis method, namely FMEA (or STPA), mainly because :


1

FMEA's analysis process from cause to result is more suitable for the needs of software safety analysis, that is, using the software architecture as the basis for analysis to identify potential software failures.

2

There are no top-level failure goals similar to safety goals at the software level. Software safety analysis is not a process of detailing and decomposing safety requirements, but a supplementary examination of the deficiencies of the original design.



Q: How to perform software security analysis?


When talking about software security analysis earlier, inductive analysis methods are mostly used. Taking FMEA as an example, the basic security analysis steps remain the same, but some steps are omitted. There are also certain differences in the specific execution process:


Step 1 : Determine the scope and object of analysis


Determine the object and scope of analysis, use software architecture input as the basis for security analysis, and select the appropriate software architecture granularity.


Software architecture needs to describe the static aspects of the relevant software (e.g., a block diagram representation showing functional elements and their interfaces/relationships) as well as the dynamic aspects (e.g., sequence diagrams, timing diagrams, scheduling diagrams, or statechart representations).


Safety analysis and associated failure analysis of software architecture can follow functional and/or processing chains, taking into account both static and dynamic aspects.


Step 2 : Software module structure analysis


List all software modules in the software architecture corresponding to the analysis object, and initially distinguish whether they are related to security.

It should be noted here that the software modules involved here not only include modules that have been assigned software security requirements, but also include normal functional software modules within the scope of analysis!

Step Three : Failure Mode Analysis


Analyze the failure modes of software modules one by one, where you can use guide words to generate questions to examine the specific functions or characteristics of the architectural elements. When using guide words, perform a safety-oriented analysis of the specific function or feature of each design element repeatedly using the guide words until all predetermined guide words have been examined.


Guidance words related to execution, scheduling or communication and corresponding possible failure examples are shown in the following figure:


Taking function O in the software architecture in step 1 as an example, by applying the guide words in the above table, the following software fault can be obtained:

Take this as an example to analyze the possible failures of all software modules. This step is also the most time-consuming part of the entire software security analysis process.


Step 4 : Develop safety improvement measures


Based on the failure modes identified in the previous step, formulate corresponding security improvement measures, derive corresponding software security requirements if necessary, and update the software architecture. Repeat the above steps until the probability of software failure is low enough!



Latest articles about

Understanding the OSI Model Using Logistics 
Talk about the controversy of the maximum load of 375 kg for new energy vehicles 
What is the car moose test? 
Live Preview | AUTOSAR SOME/IP Technology Interpretation 
AP AUTOSAR Hard-Core Technology (5): Diagnostic Management 
How much does it cost to customize an automotive-grade ECU? 
Live broadcast today | CAN XL International Seminar 
“Customers are not afraid, so what are you afraid of?” - Reflection on the value of static analysis of automotive software 
Detailed explanation of the control algorithm of the electromechanical brake system (EMB) - Taking Tongyu Automobile and Feige Intelligent as examples 
[Opening this week] SAE-AWC 2024 Automotive EEA Innovation Technology Forum | Free registration 

 
EEWorld WeChat Subscription

 
EEWorld WeChat Service Number

 
AutoDevelopers

About Us Customer Service Contact Information Datasheet Sitemap LatestNews

Room 1530, Zhongguancun MOOC Times Building,Block B, 18 Zhongguancun Street, Haidian District,Beijing, China Tel:(010)82350740 Postcode:100190

Copyright © 2005-2024 EEWORLD.com.cn, Inc. All rights reserved 京ICP证060456号 京ICP备10001474号-1 电信业务审批[2006]字第258号函 京公网安备 11010802033920号