LDRA helps ensure automotive cybersecurity with support for SAE J3061
LDRA announced support within the LDRA tool suite for SAE International’s Surface Vehicle Recommended Practice J3061. The tool suite now provides an ISO 26262–compliant cybersecurity development process for critical automotive applications that must be secure to ensure safety, including advanced driver assistance systems (ADAS), autonomous vehicles, infotainment, steering and braking, adaptive cruise control, and lane departure warning systems.
The LDRA tool suite supports the following J3061 processes and requirements related to ISO 26262, among others, for automotive applications:
- SAE J3061 section 8.6.2: Methods for verification of the architectural design accomplished through control flow and data flow analysis. LDRA static analysis tools provide a view into the hierarchical structure of software components, cohesion within the components, coupling among the software components, and data and control flow analysis for ASIL A through ASIL D.
- SAE J3061 section 8.6.5: Software unit design to ensure the objective of specifying software units in accordance with software architectural design. The LDRA tool suite supports the use of coding guidelines such as MISRA, CERT, and CWE for more secure, reliable, and maintainable code, identifying coding errors and security vulnerabilities so that they can be addressed immediately. The tool suite’s static analysis capabilities ensure that the architectural design and unit implementation principles required by ISO 26262-6:2011 can be checked automatically.
- SAE J3061 Section 8.6.6: Code reviews throughout software design and implementation. The LDRA tool suite automates the code review process to increase efficiency and reduce opportunity for human error in comparison to peer code reviews. Static analysis can identify vulnerabilities in code that may meet the syntactic requirements of the language while still containing unpredictable or undefined behaviors.
- SAE J3061 Section 8.6.7: Software unit testing and SAE J3061 Section 8.6.8: Software integration testing. Safety-related units must be run on the target, and the test results must comply with the safety and security requirements. The LDRA tool suite supports testing on both development and target platforms using the same test cases, and also supports robustness testing, which is complementary to fuzz testing (recommended by J3061). Boundary value analysis, conditional value analysis, error guessing, and error seeding tests are supported.
- SAE J3061 Section 8.6.9: Verification/validation of software cybersecurity requirements. During implementation, the LDRA tool suite conducts cybersecurity tests covering all software cybersecurity requirements to verify that the actual results match the requirement results. The tool suite's bidirectional traceability mechanism ensures that these requirements are fulfilled. LDRA tools have been certified by TÜV SÜD and TÜV Saar in safety-critical environments under ISO 26262.
The LDRA tool suite for automotive with support for SAE J3061 is available now. An in-depth white paper on applying SAE J3061 to ISO 26262 processes with the LDRA tool suite can be downloaded at http://ldra.com/automotive/.