Login
Registration
Network Security

TCP/IP, TLS/SSL & Encryption

As embedded devices increasingly become part of the ‘Internet of Things’, the quality of network software is at the center of the debate about security. Recent high profile security issues have resulted in widespread damage to the reputation of technology companies and compromised the privacy of their customers. Many of the most damaging security problems have occurred because of poor code quality caused by lack of an appropriate development process. HCC applies coding methods and processes used in functional safety to ensure the quality and security of its software is verifiably high.  

Risk Assessment

In any secure network development, the first objective is to assess the risk posed to the system and its users if security is breached. Any appropriate assessment should include the risk presented by the way in which the security and network software are developed. Regardless of whether the software is commercial or open-source, the question should be asked – is the risk of security breaches due to coding errors significant? Given the large number of users affected by such errors to date, there may be commercial and legal consequences for companies using security software developed without appropriate processes. Simply adding new test cases after problems have happened is not a sufficient response.

High Quality Process

Many of the defects discovered have occurred as a consequence of a lack of rigor in the software development life cycle process. The issue of process must be addressed if application developers want to demonstrate their product is secure. HCC use a process developed for functional safety applications to develop network security products. This ensures that developing organizations can demonstrate they took every step possible to ensure minimal risk to customers.

 

Functional Safety Standards Used to Improve Security

The aerospace, industrial, medical, and transport industries already use software processes based on V model development which are defined by IEC 61508 and other similar standards. Research data shows that not only does this reduce defects significantly, but in many cases it can reduce the cost of software management over its life cycle. The Heartbleed defect is a case in point. The information publically available states the software did not check the scope of a protocol variable and then processed it blindly. Standard V model development would include unit testing and boundary case analysis/testing that would have instantly alerted developers to the issue. This detection would have been reinforced by other requirements of the life-cycle process. The costs incurred financially for the industry to fix this problem are staggering never mind the impact such breaches have to a company’s reputation.

Verification Provided

HCC supplies network and security software with documented compliance with MISRA coding standards, full static and dynamic test, and 100% MC-DC analysis. This not only dramatically reduces the risk of defects but ensures you can show evidence that you took appropriate steps to care for Static Analysis.

Static Analysis

MISRA has become a ‘best-practice’ coding standard, widely used in the medical, industrial, telecom and aerospace industries. HCC has developed its own rigorous coding standard to create a concise, strongly typed subset of the C language for use in embedded communications systems. The result is clean, clear and robust code without ambiguities. It can be used on the most critical embedded applications. Full compliance documentation with MISRA-C:2004, developed using the LDRA Tool Suite, is supplied to customers to help them integrate with existing development processes and to confirm that the highest standards of compliance have been met. The software and documentation are capable of meeting some of the requirements for many standards including IEC61508 SIL3, FDA510(k) and EU certification for various industries.

MC/DC Testing

“Modified Condition/Decision Coverage” is used by HCC in all network, security and encryption software. The US FAA describe MC/DC testing as


“Every point of entry and exit in the program has been invoked at least once, every condition in a decision in the program has taken all possible outcomes at least once, every decision in the program has taken all possible outcomes at least once, and each condition in a decision has been shown to independently affect”


A detailed test report is provided with all network and security software to verify the test methods, conditions and results.

100% Source Code Coverage

All software is exposed to a rigorous series of automated tests which ensures that all source code can be demonstrated to have been tested. All tests are provided and test reports are supplied with software modules.

100% Object Code Coverage

All software is exposed to a rigorous series of automated tests which ensures that all source code can be demonstrated to have been tested. All tests are provided and test reports are supplied with software modules.

 
FOLLOW HCC-EMBEDDED
NEWSLETTER
 
Sitemap
Privacy Policy
Terms & Conditions
Copyright (C) HCC Embedded

Copyright © 2017 HCC_Embedded