SlideShare ist ein Scribd-Unternehmen logo

MISRA C – Recent developments and a road map to the future

AdaCore
AdaCore

Andrew Banks BSc IEng MIET FBCS CITP Frazer-Nash Research Limited, and Chairman, MISRA C Working Group

Technologie
1 von 57
Downloaden Sie, um offline zu lesen
MISRA C – Recent developments and a road map to the future Andrew Banks BSc IEng MIET FBCS CITP Frazer-Nash Research Limited, and Chairman, MISRA C Working Group
Agenda 1. Introduction a. A Quick History ... and busting two myths b. Safety v Security 2. Recent Publications a. MISRA Compliance b. Additional Security Guidelines 3. Current Activity and Road Map October 26, 20162
MISRA C – A Quick History From the beginning, to MISRA C:2012 (See “Additional Material”)
Myth Busting #1 The Misunderstanding - MISRA C is only applicable to the automotive industry The History - MISRA C was originated by the automotive industry, for the automotive industry... and we are proud of our automotive heritage. The Reality - MISRA C is applicable to any industry that requires high-integrity software - MISRA C has been adopted by many industries, including medical, rail, aerospace, space and defence. eg: • http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf • http://www.stroustrup.com/JSF-AV-rules.pdf October 26, 20164
Myth Busting #2 The Misunderstanding - MISRA C is only a safety coding standard, not a secure/security one The History - MISRA C:2012 suggests (in its vision) its use in safety-related software The Reality - MISRA C also suggests (in its vision) its applicability to any application with high integrity or high reliability requirements - Unfortunately, a perception remains... October 26, 20165
MISRA C – Safety v Security Or do we just mean “High Integrity”?
Safety v Security The difference between safety and security are largely semantic... especially at the software level Depending on the language they are talking, it might even appear that they seem being divided by a common language. - German Sicherheit v Sicherheit - Spanish Seguridad v Seguridad - French Sécurité v Sécurité - Italian Sicurezza v Sicurezza October 26, 20167
MISRA C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. But don’t just take my word for it... October 26, 20168
ISO/IEC TS 17961 – C Secure Coding Rules Produced by ISO/IEC JTC 1/SC 22/WG 14 – the same people responsible for the C standard itself Originally proposed to be based on CERT-C but significantly rationalised From the document’s Background: - “In practice, security-critical and safety-critical code have the same requirements” October 26, 20169
Safety v Security v High Integrity Secure System - Prevents risks to privacy - Considers only malicious actions - No requirement for Safety... - Garbage in, Garbage Out Safety Critical System - Prevents risks to human lives and/or the environment - Considers well-intentions (and accidental!) actions also - Inherently requires a level of Security High-Integrity and/or High-Reliability System - A system that must be trusted to work dependably - Unacceptable loss or harm may result otherwise. October 26, 201610
MISRA C – Recent Developments (1) Updates for improved Compliance
MISRA Compliance Available as a standalone document (click for free download) Compatible with MISRA C:2012 (and any future versions) Compatible with forthcoming MISRA C++:20xx No reason it cannot be applied to earlier versions of either document! October 26, 201612
MISRA Compliance Clearer definition of what is meant by MISRA Compliance - and how Compliance should be demonstrated Provides a mechanism for tailoring classification of the guidelines - introduces the Guideline Recategorization Plan Provides guidance on dealing with adopted code Clarifies/tightens the Deviation process Provides a mechanism for establishing pre-approved Permits October 26, 201613
MISRA Compliance MISRA Compliance is NOT - claimed for an organisation ... but only for a deliverable item - applicable to the software ... but to the development lifecycle MISRA Compliance does NOT mean - No deviations ... but no unresolved violations MISRA Compliance is achieved when - development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines - all violations are accepted by means of a deviation, or are against advisory guidelines and are documented as being considered acceptable. October 26, 201614
MISRA C – Guideline Categorization Three levels - Mandatory o Guidelines for which a violation is never permitted - Required o Guidelines which can only be violated when supported by a deviation - Advisory o Recommendations to be followed as far as is reasonably practicable o Violations are identified but do not required a deviation The methods planned to be used to provide enforcement of each Guideline shall be documented in a Guideline Enforcement Plan The compliance level claimed by the project shall be documented in a Guideline Compliance Summary October 26, 201615
MISRA Compliance – Guideline Recategorization Guidelines may be reclassified, depending on their base level - Mandatory o May not be reclassified - Required o May be reclassified to Mandatory - Advisory o May be reclassified up to Mandatory or Required o May be Disapplied Introduces a new Category of Disapplied o No checks performed... violations may be ignored Documented in a Guideline Recategorization Plan - Usually agreed between Acquirer and Supplier at the project outset October 26, 201616
MISRA C – Adopted Code What is Adopted Code? - Code developed outside of the current project - May or may not have been developed to comply with the Guidelines - Source code or binary/library that is adopted unchanged Examples include: - The Standard Library - Device driver files - Third-party libraries - Auto-generated code - Legacy code Note: Source code that is revised or modified in any way, within the project, is no longer considered adopted code October 26, 201617
MISRA C – Deviations Sometimes a violation may be justified - A deviation is an appropriate way of handling such a violation - Legitimate reasons may be o Code quality See ISO/IEC 25010 o Access to hardware o Adopted code integration o Non-compliant adopted code A deviation should not merely document the existence of a violation A deviation should - document the reason why it is required - be targeted in scope and specify any necessary precautions - be subject to approval by a defined process October 26, 201618
MISRA Compliance – Claiming Compliance Summary: - MISRA Compliance is achieved when development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines Evidence: - Guideline Recategorization Plan (if applicable) } Probably - Guideline Enforcement Plan } a single - Guideline Compliance Summary } document! - Deviation Records covering all violations of Required guidelines October 26, 201619
MISRA C – Recent Developments (2) Additional guidance for Security
MISRA C – Additional Security Guidelines Publication timeline met, as outlined at VDA Automotive SYS 2015... MISRA C:2012 Addendum 2 (free download) - Provides a matrix showing coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 C Secure - Demonstrates that MISRA C:2012 can justifiably claim to be a Security standard as well as a Safety Critical one! MISRA C:2012 Amendment 1 (free download) - Introduces an additional 14 targeted guidelines o 13 new Rules o 1 new Directive - Incremental update to MISRA C:2012 October 26, 201621
MISRA C:2012 Amendment 1 New Guidelines - Validation of external data 1G - Use of sizeof() on a function parameter of array type 1M - <ctype.h> functions 1M - <stdlib.h> memory comparison functions 3R - <stdlib.h> environment functions 2M - <string.h> string-handling functions 2M - <stdio.h> I/O functions – handling of EOF 1R - <error.h> handling of errno 3R October 26, 201622
ISO/IEC TS 17961 – C Secure Coding Coverage Coverage Method #1 #2 Comments MISRA covers fully – explicitly 22 35 Some rules stricter than Csecure MISRA covers fully – implicitly 7 3 MISRA covers fully – broad 11 8 Eg: bans dynamic memory, signal.h MISRA covers partially – broad 2 0 getenv() and related functions MISRA does not cover directly 4 0 sizeof(pointer), padding 46 46 October 26, 201623 #1 MISRA C:2012 as published #2 incorporating Amendment 1
MISRA C – Recent Developments (3) Comparison with CERT-C
CERT-C – Secure Coding Standard What is CERT-C - Produced by the Software Engineering Institute (SEI) at Carnegie Mellon University. - Sponsored by the U.S. Department of Defense - Originally proposed to be adopted as an ISO standard, but this was not progressed by WG14, who progressed a subset as ISO/IEC TS 17961 instead. The MISRA C Position - We view CERT-C as complementary to MISRA C o Most rules align with the MISRA C rules o Some small variance due to difference of focus (not just safety v security) o In particular, CERT-C considers the interface to the environment in hosted applications - Publication of comparison matrix imminent. October 26, 201625
MISRA C comparison to CERT-C Coverage Method #1 #2 Comments C11 functions out of scope 15 16 Align, threads and atomics MISRA covers fully – explicitly 41 42 Some MC rules stricter than CERT MISRA covers fully – implicitly 18 18 MISRA covers fully – restrictive 22 21 Eg: bans dynamic memory, signal.h MISRA does not cover directly 2 2 rand() 98 99 October 26, 201626 MISRA C:2012 incorporating Amendment 1 against: #1 CERT-C 2nd edition as published #2 CERT-C PDF released 30th June 2017 (adds 2 Rules, deletes 1)
MISRA C – Recent Developments (4) Technical Corrigendum 1
MISRA C – Work In Progress MISRA C:2012 Technical Corrigendum 1 - Address typographical errors and guideline clarification - Publication (as a PDF download) imminent October 26, 201628
MISRA C Road Map From MISRA C:2012 to MISRA C:201x ... and then into the future
MISRA C roadmap March 201630 MISRA C:2012 MISRA C:2012 coverage against ISO/IEC 17961:2013 MISRA C:2012 AMD1 “Security” MISRA C:2012 TC1 MISRA Compliance MISRA C:201x ISO/IEC 17961 review User feedback Embody JAMA ADC etc. Consequential amendments (editorial only?) Published in 2013 Published in 2016 Consolidate
MISRA C – Future Work Planned Way Ahead - Consider additional rules and/or rule revisions to address: o issues in the new features introduced by C11 o issues in accessing the operating environment, within hosted programs o issues in using the Standard Library (see Extra Material at the end) - Continue the review activity against o CERT-C o Common Weakness Enumeration o ... and any other sources that may become known The MISRA C Working Group welcomes feedback from all users October 26, 201631
What about C:11 MISRA C Working Group has commenced a review of the deltas: - Atomic primitives - Multi-threading - Unicode characters - Appendix F/G – ISO/IEC 60559 floating point - Appendix K – new bounds-checking functions should allow some existing rules to be revised, with pre-C11 “unsecure” functions deprecated. However, though, it is possible that this section may be deleted from the standard! - Appendix L – Analyzability We propose to create an update to the Guidelines to address undesirable behaviours. More information in due course... October 26, 201632
In Summary October 26, 201633
MISRA C – In Summary MISRA C is - widely respected as a safety-related coding standard - equally applicable as a security-related coding standard MISRA C has - evolved from an automotive standard into a pan-industry standard MISRA C will - continue to evolve as new editions of the C standard are produced - seek to address other constraints as they become identified MISRA C welcomes - feedback from the user community - approaches from prospective Working Group members October 26, 201634
Any Questions? October 26, 201635
Thank You! I would like to acknowledge the support of the members of the MISRA C Working Group for their assistance in preparing this presentation. October 26, 201636
About the speaker Biography - Chairman of MISRA-C since June 2013... ... working group member since 2007 - Over 25 years experience in developing real-time embedded software systems, across a number of industries - Chartered Fellow of the British Computer Society - Member of the Institution of Engineering & Technology Social Media AndrewBanks.com @AndrewBanks https://linkedin.com/in/AndrewBanks October 26, 201637
Extra Material October 26, 201638
MISRA C – A Quick History From the beginning, to MISRA C:2012
The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201640
The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201641
The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201642
Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201643
MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201644
MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201645
MISRA C – A Quick History From the beginning, to MISRA C:2012
The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201647
The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201648
The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201649
Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201650
MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201651
MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201652
MISRA C – Standards Conformance Freestanding v Hosted
Strict Conformance Chapter 4 of the ISO Standard mandates the following: - A conforming program is one that is acceptable to a conforming implementation. - A strictly conforming program shall use only those features of the language and library specified in the International Standard. - It shall not produce output dependent on any unspecified, undefined, or implementation-defined behavior, and shall not exceed any minimum implementation limit. MISRA C:2012 enforces this by: - Rule 1.1 A standard C environment - Rule 1.3 No occurrence of undefined or unspecified behaviour - Dir 1.1 This permits the use of implementation-defined behaviour but requires that any such use is documented October 26, 201654
Language Extensions Chapter 4 of the ISO Standard permits the following: - A conforming implementation may have extensions (including additional library functions), provided they do not alter the behaviour of any strictly conforming program. MISRA C:2012 advises against this by: - Rule 1.2 Language extensions should not be used Chapter 4 of the ISO Standard defines the following - The two forms of conforming implementation are hosted and freestanding. - A conforming hosted implementation shall accept any strictly conforming program. October 26, 201655
Conformance: Freestanding v Hosted Chapter 4 of the ISO Standard defines the following: - A conforming freestanding implementation shall accept any strictly conforming program in which the use of the features specified in the library clause is confined to the contents of the standard headers: o <float.h> o <iso646.h> o <limits.h> o <stdarg.h> o <stdbool.h> o <stddef.h > o <stdint.h> MISRA C:2012 has no explicit library-specific restrictions on these headers, except for <stdarg.h> which is prohibited by required Rule 17.1 October 26, 201656
Conformance: Freestanding v Hosted o <assert.h> Implicit restriction o <complex.h> o <ctype.h> o <errno.h> o <fenv.h> Major restrictions o <inttypes.h> o <locale.h > o <math.h> o <setjmp.h> Shall not be used o <signal.h> Shall not be used o <stdio.h> Shall not be used o <stdlib.h> Major restrictions o <string.h> o <tgmath.h> Shall not be used o <time.h> Shall not be used o <wchar.h> Shall not be used o <wctype.h> October 26, 201657 MISRA C:2012 places major restrictions (including out-right prohibition) on many of the remaining standard headers: The restricts are due to the extent of the undefined, unspecified and/or implementation defined behaviour, and the functionality is mostly associated with accessing the external environment.

Empfohlen

An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012PRQA
 
Misra C Software Development Standard
Misra C Software Development StandardMisra C Software Development Standard
Misra C Software Development StandardVittorio Giovara
 
Misra c rules
Misra c rulesMisra c rules
Misra c ruleskiranyeligati
 
Misra c
Misra cMisra c
Misra cPradeep Kumar TS
 
Tilera tile64 by Ibrahem Batta
Tilera tile64 by Ibrahem BattaTilera tile64 by Ibrahem Batta
Tilera tile64 by Ibrahem BattaIbrahem Batta
 
Formal Method for Avionics Software Verification
Formal Method for Avionics Software Verification Formal Method for Avionics Software Verification
Formal Method for Avionics Software VerificationAdaCore
 
End to End Communication protection
End to End Communication protectionEnd to End Communication protection
End to End Communication protectionSibiKrishnan
 
MIPI DevCon 2020 | Why an Integrated MIPI C-PHY/D-PHY IP is Essential
MIPI DevCon 2020 | Why an Integrated MIPI C-PHY/D-PHY IP is EssentialMIPI DevCon 2020 | Why an Integrated MIPI C-PHY/D-PHY IP is Essential
MIPI DevCon 2020 | Why an Integrated MIPI C-PHY/D-PHY IP is EssentialMIPI Alliance
 

Empfohlen

An Introduction to MISRA C:2012
An Introduction to MISRA C:2012An Introduction to MISRA C:2012
An Introduction to MISRA C:2012PRQA
 
Misra C Software Development Standard
Misra C Software Development StandardMisra C Software Development Standard
Misra C Software Development StandardVittorio Giovara
 
Misra c rules
Misra c rulesMisra c rules
Misra c ruleskiranyeligati
 
Misra c
Misra cMisra c
Misra cPradeep Kumar TS
 
Tilera tile64 by Ibrahem Batta
Tilera tile64 by Ibrahem BattaTilera tile64 by Ibrahem Batta
Tilera tile64 by Ibrahem BattaIbrahem Batta
 
Formal Method for Avionics Software Verification
Formal Method for Avionics Software Verification Formal Method for Avionics Software Verification
Formal Method for Avionics Software VerificationAdaCore
 
End to End Communication protection
End to End Communication protectionEnd to End Communication protection
End to End Communication protectionSibiKrishnan
 
MIPI DevCon 2020 | Why an Integrated MIPI C-PHY/D-PHY IP is Essential
MIPI DevCon 2020 | Why an Integrated MIPI C-PHY/D-PHY IP is EssentialMIPI DevCon 2020 | Why an Integrated MIPI C-PHY/D-PHY IP is Essential
MIPI DevCon 2020 | Why an Integrated MIPI C-PHY/D-PHY IP is EssentialMIPI Alliance
 
MIPI IP Modules for SoC Prototyping
MIPI IP Modules for SoC PrototypingMIPI IP Modules for SoC Prototyping
MIPI IP Modules for SoC PrototypingArasan Chip Systems
 
Imdrf tech-131209-samd-key-definitions-140901
Imdrf tech-131209-samd-key-definitions-140901Imdrf tech-131209-samd-key-definitions-140901
Imdrf tech-131209-samd-key-definitions-140901Pankaj Srivastava
 
5G Physical Channel and Signal
5G Physical Channel and Signal5G Physical Channel and Signal
5G Physical Channel and SignalTaiz Telecom
 
Arm teaching material
Arm teaching materialArm teaching material
Arm teaching materialNilesh Bhandare
 
C programming session8
C programming session8C programming session8
C programming session8Keroles karam khalil
 
summary of indian medical device rule 2017
summary of indian medical device rule 2017summary of indian medical device rule 2017
summary of indian medical device rule 2017Arshadib
 
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI Alliance
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Drew Fustini
 
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Arete-Zoe, LLC
 
C programming session6
C programming session6C programming session6
C programming session6Keroles karam khalil
 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCOREARCCORE
 
The Future of Operating Systems on RISC-V
The Future of Operating Systems on RISC-VThe Future of Operating Systems on RISC-V
The Future of Operating Systems on RISC-VC4Media
 
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERING
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERINGMULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERING
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERINGvtunotesbysree
 
Programmable logic device (PLD)
Programmable logic device (PLD)Programmable logic device (PLD)
Programmable logic device (PLD)Sɐɐp ɐɥɯǝp
 
IVDR Readiness Checklist
IVDR Readiness ChecklistIVDR Readiness Checklist
IVDR Readiness ChecklistGreenlight Guru
 
NR_Frame_Structure_and_Air_Interface_Resources.pptx
NR_Frame_Structure_and_Air_Interface_Resources.pptxNR_Frame_Structure_and_Air_Interface_Resources.pptx
NR_Frame_Structure_and_Air_Interface_Resources.pptxBijoy Banerjee
 
C programming session7
C programming session7C programming session7
C programming session7Keroles karam khalil
 
Project report of 2016 Trainee_final
Project report of 2016 Trainee_finalProject report of 2016 Trainee_final
Project report of 2016 Trainee_finalAkash Chowdhury
 
Medical Device Regulations - 510(k) Process
Medical Device Regulations - 510(k) ProcessMedical Device Regulations - 510(k) Process
Medical Device Regulations - 510(k) ProcessMichael Haessly - SSBB, CQE, CRE, CQM, CSQE, CQA
 
The ARM Architecture: ARM : ARM Architecture
The ARM Architecture: ARM : ARM ArchitectureThe ARM Architecture: ARM : ARM Architecture
The ARM Architecture: ARM : ARM Architecturesreea4
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178BAdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 

Weitere ähnliche Inhalte

Was ist angesagt?

MIPI IP Modules for SoC Prototyping
MIPI IP Modules for SoC PrototypingMIPI IP Modules for SoC Prototyping
MIPI IP Modules for SoC PrototypingArasan Chip Systems
 
Imdrf tech-131209-samd-key-definitions-140901
Imdrf tech-131209-samd-key-definitions-140901Imdrf tech-131209-samd-key-definitions-140901
Imdrf tech-131209-samd-key-definitions-140901Pankaj Srivastava
 
5G Physical Channel and Signal
5G Physical Channel and Signal5G Physical Channel and Signal
5G Physical Channel and SignalTaiz Telecom
 
summary of indian medical device rule 2017
summary of indian medical device rule 2017summary of indian medical device rule 2017
summary of indian medical device rule 2017Arshadib
 
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI Alliance
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Drew Fustini
 
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Arete-Zoe, LLC
 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCOREARCCORE
 
The Future of Operating Systems on RISC-V
The Future of Operating Systems on RISC-VThe Future of Operating Systems on RISC-V
The Future of Operating Systems on RISC-VC4Media
 
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERING
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERINGMULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERING
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERINGvtunotesbysree
 
Programmable logic device (PLD)
Programmable logic device (PLD)Programmable logic device (PLD)
Programmable logic device (PLD)Sɐɐp ɐɥɯǝp
 
IVDR Readiness Checklist
IVDR Readiness ChecklistIVDR Readiness Checklist
IVDR Readiness ChecklistGreenlight Guru
 
NR_Frame_Structure_and_Air_Interface_Resources.pptx
NR_Frame_Structure_and_Air_Interface_Resources.pptxNR_Frame_Structure_and_Air_Interface_Resources.pptx
NR_Frame_Structure_and_Air_Interface_Resources.pptxBijoy Banerjee
 
Project report of 2016 Trainee_final
Project report of 2016 Trainee_finalProject report of 2016 Trainee_final
Project report of 2016 Trainee_finalAkash Chowdhury
 
The ARM Architecture: ARM : ARM Architecture
The ARM Architecture: ARM : ARM ArchitectureThe ARM Architecture: ARM : ARM Architecture
The ARM Architecture: ARM : ARM Architecturesreea4
 

Was ist angesagt? (20)

MIPI IP Modules for SoC Prototyping
MIPI IP Modules for SoC PrototypingMIPI IP Modules for SoC Prototyping
MIPI IP Modules for SoC Prototyping
 
Imdrf tech-131209-samd-key-definitions-140901
Imdrf tech-131209-samd-key-definitions-140901Imdrf tech-131209-samd-key-definitions-140901
Imdrf tech-131209-samd-key-definitions-140901
 
5G Physical Channel and Signal
5G Physical Channel and Signal5G Physical Channel and Signal
5G Physical Channel and Signal
 
Arm teaching material
Arm teaching materialArm teaching material
Arm teaching material
 
C programming session8
C programming session8C programming session8
C programming session8
 
summary of indian medical device rule 2017
summary of indian medical device rule 2017summary of indian medical device rule 2017
summary of indian medical device rule 2017
 
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
 
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
 
C programming session6
C programming session6C programming session6
C programming session6
 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCORE
 
The Future of Operating Systems on RISC-V
The Future of Operating Systems on RISC-VThe Future of Operating Systems on RISC-V
The Future of Operating Systems on RISC-V
 
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERING
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERINGMULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERING
MULTIPLE CHOICE QUESTIONS ON COMMUNICATION PROTOCOL ENGINEERING
 
Programmable logic device (PLD)
Programmable logic device (PLD)Programmable logic device (PLD)
Programmable logic device (PLD)
 
IVDR Readiness Checklist
IVDR Readiness ChecklistIVDR Readiness Checklist
IVDR Readiness Checklist
 
NR_Frame_Structure_and_Air_Interface_Resources.pptx
NR_Frame_Structure_and_Air_Interface_Resources.pptxNR_Frame_Structure_and_Air_Interface_Resources.pptx
NR_Frame_Structure_and_Air_Interface_Resources.pptx
 
C programming session7
C programming session7C programming session7
C programming session7
 
Project report of 2016 Trainee_final
Project report of 2016 Trainee_finalProject report of 2016 Trainee_final
Project report of 2016 Trainee_final
 
Medical Device Regulations - 510(k) Process
Medical Device Regulations - 510(k) ProcessMedical Device Regulations - 510(k) Process
Medical Device Regulations - 510(k) Process
 
The ARM Architecture: ARM : ARM Architecture
The ARM Architecture: ARM : ARM ArchitectureThe ARM Architecture: ARM : ARM Architecture
The ARM Architecture: ARM : ARM Architecture
 

Andere mochten auch

An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178BAdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...AdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsAdaCore
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...AdaCore
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesAdaCore
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...AdaCore
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsAdaCore
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsAdaCore
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityAdaCore
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation KernelAdaCore
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkAdaCore
 

Andere mochten auch (20)

An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178B
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic Assistants
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics Devices
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related Systems
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core Platforms
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
 

Ähnlich wie MISRA C – Recent developments and a road map to the future

MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016Andrew Banks
 
VDA 2015 Presentation - Full
VDA 2015 Presentation - FullVDA 2015 Presentation - Full
VDA 2015 Presentation - FullAndrew Banks
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceJoe Garza
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
 
operational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfoperational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfVishalKashyap15069
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTIoT613
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
OSS Metrics for Market Readiness
OSS Metrics for Market ReadinessOSS Metrics for Market Readiness
OSS Metrics for Market ReadinessOW2
 
Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Jim Meyer
 
MISRA-Compliance-2020
MISRA-Compliance-2020MISRA-Compliance-2020
MISRA-Compliance-2020Massimo Talia
 
MISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdfMISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdfTamilKumaran31
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, RomaniaDICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, RomaniaInstitute e-Austria Timisoara
 
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...Nesma
 

Ähnlich wie MISRA C – Recent developments and a road map to the future (20)

MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016
 
VDA 2015 Presentation - Full
VDA 2015 Presentation - FullVDA 2015 Presentation - Full
VDA 2015 Presentation - Full
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conference
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
operational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfoperational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdf
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
OSS Metrics for Market Readiness
OSS Metrics for Market ReadinessOSS Metrics for Market Readiness
OSS Metrics for Market Readiness
 
Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?
 
MISRA-Compliance-2020
MISRA-Compliance-2020MISRA-Compliance-2020
MISRA-Compliance-2020
 
MISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdfMISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdf
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, RomaniaDICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
 
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
 
Cps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iranCps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iran
 

Mehr von AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 

Mehr von AdaCore (18)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
 

Kürzlich hochgeladen

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Kürzlich hochgeladen (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

MISRA C – Recent developments and a road map to the future

  • 1. MISRA C – Recent developments and a road map to the future Andrew Banks BSc IEng MIET FBCS CITP Frazer-Nash Research Limited, and Chairman, MISRA C Working Group
  • 2. Agenda 1. Introduction a. A Quick History ... and busting two myths b. Safety v Security 2. Recent Publications a. MISRA Compliance b. Additional Security Guidelines 3. Current Activity and Road Map October 26, 20162
  • 3. MISRA C – A Quick History From the beginning, to MISRA C:2012 (See “Additional Material”)
  • 4. Myth Busting #1 The Misunderstanding - MISRA C is only applicable to the automotive industry The History - MISRA C was originated by the automotive industry, for the automotive industry... and we are proud of our automotive heritage. The Reality - MISRA C is applicable to any industry that requires high-integrity software - MISRA C has been adopted by many industries, including medical, rail, aerospace, space and defence. eg: • http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf • http://www.stroustrup.com/JSF-AV-rules.pdf October 26, 20164
  • 5. Myth Busting #2 The Misunderstanding - MISRA C is only a safety coding standard, not a secure/security one The History - MISRA C:2012 suggests (in its vision) its use in safety-related software The Reality - MISRA C also suggests (in its vision) its applicability to any application with high integrity or high reliability requirements - Unfortunately, a perception remains... October 26, 20165
  • 6. MISRA C – Safety v Security Or do we just mean “High Integrity”?
  • 7. Safety v Security The difference between safety and security are largely semantic... especially at the software level Depending on the language they are talking, it might even appear that they seem being divided by a common language. - German Sicherheit v Sicherheit - Spanish Seguridad v Seguridad - French Sécurité v Sécurité - Italian Sicurezza v Sicurezza October 26, 20167
  • 8. MISRA C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. But don’t just take my word for it... October 26, 20168
  • 9. ISO/IEC TS 17961 – C Secure Coding Rules Produced by ISO/IEC JTC 1/SC 22/WG 14 – the same people responsible for the C standard itself Originally proposed to be based on CERT-C but significantly rationalised From the document’s Background: - “In practice, security-critical and safety-critical code have the same requirements” October 26, 20169
  • 10. Safety v Security v High Integrity Secure System - Prevents risks to privacy - Considers only malicious actions - No requirement for Safety... - Garbage in, Garbage Out Safety Critical System - Prevents risks to human lives and/or the environment - Considers well-intentions (and accidental!) actions also - Inherently requires a level of Security High-Integrity and/or High-Reliability System - A system that must be trusted to work dependably - Unacceptable loss or harm may result otherwise. October 26, 201610
  • 11. MISRA C – Recent Developments (1) Updates for improved Compliance
  • 12. MISRA Compliance Available as a standalone document (click for free download) Compatible with MISRA C:2012 (and any future versions) Compatible with forthcoming MISRA C++:20xx No reason it cannot be applied to earlier versions of either document! October 26, 201612
  • 13. MISRA Compliance Clearer definition of what is meant by MISRA Compliance - and how Compliance should be demonstrated Provides a mechanism for tailoring classification of the guidelines - introduces the Guideline Recategorization Plan Provides guidance on dealing with adopted code Clarifies/tightens the Deviation process Provides a mechanism for establishing pre-approved Permits October 26, 201613
  • 14. MISRA Compliance MISRA Compliance is NOT - claimed for an organisation ... but only for a deliverable item - applicable to the software ... but to the development lifecycle MISRA Compliance does NOT mean - No deviations ... but no unresolved violations MISRA Compliance is achieved when - development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines - all violations are accepted by means of a deviation, or are against advisory guidelines and are documented as being considered acceptable. October 26, 201614
  • 15. MISRA C – Guideline Categorization Three levels - Mandatory o Guidelines for which a violation is never permitted - Required o Guidelines which can only be violated when supported by a deviation - Advisory o Recommendations to be followed as far as is reasonably practicable o Violations are identified but do not required a deviation The methods planned to be used to provide enforcement of each Guideline shall be documented in a Guideline Enforcement Plan The compliance level claimed by the project shall be documented in a Guideline Compliance Summary October 26, 201615
  • 16. MISRA Compliance – Guideline Recategorization Guidelines may be reclassified, depending on their base level - Mandatory o May not be reclassified - Required o May be reclassified to Mandatory - Advisory o May be reclassified up to Mandatory or Required o May be Disapplied Introduces a new Category of Disapplied o No checks performed... violations may be ignored Documented in a Guideline Recategorization Plan - Usually agreed between Acquirer and Supplier at the project outset October 26, 201616
  • 17. MISRA C – Adopted Code What is Adopted Code? - Code developed outside of the current project - May or may not have been developed to comply with the Guidelines - Source code or binary/library that is adopted unchanged Examples include: - The Standard Library - Device driver files - Third-party libraries - Auto-generated code - Legacy code Note: Source code that is revised or modified in any way, within the project, is no longer considered adopted code October 26, 201617
  • 18. MISRA C – Deviations Sometimes a violation may be justified - A deviation is an appropriate way of handling such a violation - Legitimate reasons may be o Code quality See ISO/IEC 25010 o Access to hardware o Adopted code integration o Non-compliant adopted code A deviation should not merely document the existence of a violation A deviation should - document the reason why it is required - be targeted in scope and specify any necessary precautions - be subject to approval by a defined process October 26, 201618
  • 19. MISRA Compliance – Claiming Compliance Summary: - MISRA Compliance is achieved when development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines Evidence: - Guideline Recategorization Plan (if applicable) } Probably - Guideline Enforcement Plan } a single - Guideline Compliance Summary } document! - Deviation Records covering all violations of Required guidelines October 26, 201619
  • 20. MISRA C – Recent Developments (2) Additional guidance for Security
  • 21. MISRA C – Additional Security Guidelines Publication timeline met, as outlined at VDA Automotive SYS 2015... MISRA C:2012 Addendum 2 (free download) - Provides a matrix showing coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 C Secure - Demonstrates that MISRA C:2012 can justifiably claim to be a Security standard as well as a Safety Critical one! MISRA C:2012 Amendment 1 (free download) - Introduces an additional 14 targeted guidelines o 13 new Rules o 1 new Directive - Incremental update to MISRA C:2012 October 26, 201621
  • 22. MISRA C:2012 Amendment 1 New Guidelines - Validation of external data 1G - Use of sizeof() on a function parameter of array type 1M - <ctype.h> functions 1M - <stdlib.h> memory comparison functions 3R - <stdlib.h> environment functions 2M - <string.h> string-handling functions 2M - <stdio.h> I/O functions – handling of EOF 1R - <error.h> handling of errno 3R October 26, 201622
  • 23. ISO/IEC TS 17961 – C Secure Coding Coverage Coverage Method #1 #2 Comments MISRA covers fully – explicitly 22 35 Some rules stricter than Csecure MISRA covers fully – implicitly 7 3 MISRA covers fully – broad 11 8 Eg: bans dynamic memory, signal.h MISRA covers partially – broad 2 0 getenv() and related functions MISRA does not cover directly 4 0 sizeof(pointer), padding 46 46 October 26, 201623 #1 MISRA C:2012 as published #2 incorporating Amendment 1
  • 24. MISRA C – Recent Developments (3) Comparison with CERT-C
  • 25. CERT-C – Secure Coding Standard What is CERT-C - Produced by the Software Engineering Institute (SEI) at Carnegie Mellon University. - Sponsored by the U.S. Department of Defense - Originally proposed to be adopted as an ISO standard, but this was not progressed by WG14, who progressed a subset as ISO/IEC TS 17961 instead. The MISRA C Position - We view CERT-C as complementary to MISRA C o Most rules align with the MISRA C rules o Some small variance due to difference of focus (not just safety v security) o In particular, CERT-C considers the interface to the environment in hosted applications - Publication of comparison matrix imminent. October 26, 201625
  • 26. MISRA C comparison to CERT-C Coverage Method #1 #2 Comments C11 functions out of scope 15 16 Align, threads and atomics MISRA covers fully – explicitly 41 42 Some MC rules stricter than CERT MISRA covers fully – implicitly 18 18 MISRA covers fully – restrictive 22 21 Eg: bans dynamic memory, signal.h MISRA does not cover directly 2 2 rand() 98 99 October 26, 201626 MISRA C:2012 incorporating Amendment 1 against: #1 CERT-C 2nd edition as published #2 CERT-C PDF released 30th June 2017 (adds 2 Rules, deletes 1)
  • 27. MISRA C – Recent Developments (4) Technical Corrigendum 1
  • 28. MISRA C – Work In Progress MISRA C:2012 Technical Corrigendum 1 - Address typographical errors and guideline clarification - Publication (as a PDF download) imminent October 26, 201628
  • 29. MISRA C Road Map From MISRA C:2012 to MISRA C:201x ... and then into the future
  • 30. MISRA C roadmap March 201630 MISRA C:2012 MISRA C:2012 coverage against ISO/IEC 17961:2013 MISRA C:2012 AMD1 “Security” MISRA C:2012 TC1 MISRA Compliance MISRA C:201x ISO/IEC 17961 review User feedback Embody JAMA ADC etc. Consequential amendments (editorial only?) Published in 2013 Published in 2016 Consolidate
  • 31. MISRA C – Future Work Planned Way Ahead - Consider additional rules and/or rule revisions to address: o issues in the new features introduced by C11 o issues in accessing the operating environment, within hosted programs o issues in using the Standard Library (see Extra Material at the end) - Continue the review activity against o CERT-C o Common Weakness Enumeration o ... and any other sources that may become known The MISRA C Working Group welcomes feedback from all users October 26, 201631
  • 32. What about C:11 MISRA C Working Group has commenced a review of the deltas: - Atomic primitives - Multi-threading - Unicode characters - Appendix F/G – ISO/IEC 60559 floating point - Appendix K – new bounds-checking functions should allow some existing rules to be revised, with pre-C11 “unsecure” functions deprecated. However, though, it is possible that this section may be deleted from the standard! - Appendix L – Analyzability We propose to create an update to the Guidelines to address undesirable behaviours. More information in due course... October 26, 201632
  • 34. MISRA C – In Summary MISRA C is - widely respected as a safety-related coding standard - equally applicable as a security-related coding standard MISRA C has - evolved from an automotive standard into a pan-industry standard MISRA C will - continue to evolve as new editions of the C standard are produced - seek to address other constraints as they become identified MISRA C welcomes - feedback from the user community - approaches from prospective Working Group members October 26, 201634
  • 36. Thank You! I would like to acknowledge the support of the members of the MISRA C Working Group for their assistance in preparing this presentation. October 26, 201636
  • 37. About the speaker Biography - Chairman of MISRA-C since June 2013... ... working group member since 2007 - Over 25 years experience in developing real-time embedded software systems, across a number of industries - Chartered Fellow of the British Computer Society - Member of the Institution of Engineering & Technology Social Media AndrewBanks.com @AndrewBanks https://linkedin.com/in/AndrewBanks October 26, 201637
  • 39. MISRA C – A Quick History From the beginning, to MISRA C:2012
  • 40. The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201640
  • 41. The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201641
  • 42. The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201642
  • 43. Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201643
  • 44. MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201644
  • 45. MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201645
  • 46. MISRA C – A Quick History From the beginning, to MISRA C:2012
  • 47. The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201647
  • 48. The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201648
  • 49. The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201649
  • 50. Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201650
  • 51. MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201651
  • 52. MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201652
  • 53. MISRA C – Standards Conformance Freestanding v Hosted
  • 54. Strict Conformance Chapter 4 of the ISO Standard mandates the following: - A conforming program is one that is acceptable to a conforming implementation. - A strictly conforming program shall use only those features of the language and library specified in the International Standard. - It shall not produce output dependent on any unspecified, undefined, or implementation-defined behavior, and shall not exceed any minimum implementation limit. MISRA C:2012 enforces this by: - Rule 1.1 A standard C environment - Rule 1.3 No occurrence of undefined or unspecified behaviour - Dir 1.1 This permits the use of implementation-defined behaviour but requires that any such use is documented October 26, 201654
  • 55. Language Extensions Chapter 4 of the ISO Standard permits the following: - A conforming implementation may have extensions (including additional library functions), provided they do not alter the behaviour of any strictly conforming program. MISRA C:2012 advises against this by: - Rule 1.2 Language extensions should not be used Chapter 4 of the ISO Standard defines the following - The two forms of conforming implementation are hosted and freestanding. - A conforming hosted implementation shall accept any strictly conforming program. October 26, 201655
  • 56. Conformance: Freestanding v Hosted Chapter 4 of the ISO Standard defines the following: - A conforming freestanding implementation shall accept any strictly conforming program in which the use of the features specified in the library clause is confined to the contents of the standard headers: o <float.h> o <iso646.h> o <limits.h> o <stdarg.h> o <stdbool.h> o <stddef.h > o <stdint.h> MISRA C:2012 has no explicit library-specific restrictions on these headers, except for <stdarg.h> which is prohibited by required Rule 17.1 October 26, 201656
  • 57. Conformance: Freestanding v Hosted o <assert.h> Implicit restriction o <complex.h> o <ctype.h> o <errno.h> o <fenv.h> Major restrictions o <inttypes.h> o <locale.h > o <math.h> o <setjmp.h> Shall not be used o <signal.h> Shall not be used o <stdio.h> Shall not be used o <stdlib.h> Major restrictions o <string.h> o <tgmath.h> Shall not be used o <time.h> Shall not be used o <wchar.h> Shall not be used o <wctype.h> October 26, 201657 MISRA C:2012 places major restrictions (including out-right prohibition) on many of the remaining standard headers: The restricts are due to the extent of the undefined, unspecified and/or implementation defined behaviour, and the functionality is mostly associated with accessing the external environment.