LDRA offers security-critical software solution
Security-critical development and certification
LDRA has released a security-critical development and certification solution to ensure the company's tool suite meets the growing demand for security-critical software.
LDRA has extended its implementation of the Cert C secure coding standard to also meet Multiple Independent Levels of Security (MILS) and Homeland Security criteria for security-critical software development.
Recognising that static analysis does not expose all software security vulnerabilities, LDRA has integrated this solution into its entire tool suite from analysis through test and requirements traceability.
With the increased dependency on software systems in mission- and safety-critical systems as well as daily infrastructure, the number of security breaches and attacks has increased.
New security vulnerabilities are discovered daily and these cause problems with inadequately protected systems, resulting in security flaws.
Studies indicate that a majority of these vulnerabilities can be traced back to a set of common programming errors.
Developing software that avoids these vulnerabilities is driving industries such as transportation, aerospace, defence, finance, and utilities, resulting in an increased interest in secure coding practices.
In addition, broader industry initiatives highlight the need to combine experience, knowledge and tools for building security into software at every phase of its development.
The common goal is to find weaknesses in source code and operational systems, as well as to achieve better understanding and management of software weaknesses in architecture and design.
The release extends LDRA's Cert C integration to adopt MILS and Homeland Security initiatives.
With this release, LDRA brings together two primary types of security - that which can be enforced by static analysis and involves adherence to specific coding rules and creating a firewall that protects a system from the outside world; and that which requires a security-critical development process and the partitioning of one security level from another within the same system.
By combining both of these approaches, LDRA enables developers to identify errant and vulnerable code at the language level and find algorithmically deviant code such as a malformed HTTP request which may be correctly coded, but represents a security breach.
To provide secure software development processes, LDRA enhanced its Zero Defect Software Development methodology, which integrates and automates software processes from requirements traceability through code, quality, and design review to unit test and test verification with the practices required by MILS/Common Criteria.
With the integration of MILS/Common Criteria, the LDRA security-critical solution also incorporates other features.
These include: structural coverage analysis and the determination of code structures which have not been exercised by the requirements-based test procedures; and control coupling that provides a visual representation of the control coupling dependence of a given software component on those components that call it or are called by it, including calling frequency.
In addition, the solution features: data coupling that provides information in both the static and dynamic analysis domains, showing all instances of the data items accessed by a software component; requirements coverage (traceability) which focuses on verification of whether code properly implements security requirements and the adequacy of those requirements; and testing and structural code coverage measurement that imposes strict structural coverage analysis objectives on the software according to the Common Criteria standard.
The China Manned Spacecraft Programme (CMSP) has selected LDRA and its tool suite to analyse complex safety-critical applications related to the Tiangong 1 spacecraft.
The Impact-E PCIe is a compact, low-power embedded PC featuring the Intel D525 Atom processor. The computer is assembled and tested within a lean manufacturing environment under ISO 9001.
Amplicon has added to its industrial embedded Impact-E series with the Impact-E PCIe, a compact fanless embedded system. Powered by an Intel Atom D525 dual-core processor, the system is suitable for multiple applications that support PCIe.
Industry is traditionally slow to adopt any new Microsoft operating system. Many industrial Windows users will have no need for the many new features on offer and will be cautious of potential bugs or security flaws. It is rarely worth considering switching to a new operating system unless you are developing a new product. For those who are making the switch, this white paper from Amplicon describes the key benefits of using Windows 7.
Drivven, a provider of automotive control and data acquisition technology, has used CompactRIO hardware and Labview software from National Instruments to prototype an engine control system for a 2004 Yamaha YZF-R6 motorcycle.