• Video
  • 22-May-2012 02:16 EDT

Building Security In: The SPARK Approach to Software Development

00:21:26
Length:

Purchase Required to View Video

Short Preview Below

Software products in the automotive industry are by nature widely distributed and costly to update (recall), so high reliability is clearly of utmost importance. Just as clearly, the increasing reliance on remote access to such systems, for diagnostic and other purposes, has made security an essential requirement, and traditional techniques for software development are proving to be inadequate in dealing with these issues. Correctness by Construction is a software design and development methodology that builds reliability and security into the system from the start. It can be used to demonstrate, with mathematical rigor, a program's correctness properties while reducing the time spent during testing and debugging. This paper will discuss the use of Correctness by Construction, and its accompanying SPARK language technology, to improve automotive systems' security and reliability. (The approach can also account for safely issues, although that is not the focus of this paper.) The SPARK language and toolset avoid vulnerabilities found in other languages and can, for instance, guarantee the absence of run-time errors such as divide-by-zero or buffer overflow. Using the SPARK language and toolset, developers can verify secure information flow through the system and, more generally, demonstrate that security-related properties are achieved. The approach offered by Correctness by Construction and SPARK is in contrast with the use of so-called retrospective static analysis tools that attempt to find errors or vulnerabilities in existing code. Such tools can only demonstrate the presence of errors (which may be correctable) but cannot show how many errors remain in the system. With Correctness by Construction and SPARK, developers can ensure that errors and vulnerabilities are not introduced in the first place. Correctness by Construction and SPARK have a growing success rate in applications where failure is not tolerated and where demanding safely or security standards must be met. The technology has been adopted in safety-critical domains including avionics, air traffic control, and rail transportation, and likewise in systems that must meet the highest security levels defined in the Common Criteria (Evaluation Assurance Levels (EAL) 4 through 7). This paper discusses how to apply Correctness by Construction and the SPARK technology to improve the reliability and security of automotive systems while reducing the costs of development, debugging, and maintenance. It includes examples of previous high-security systems that have been developed using this approach and discusses the applicability of the techniques to automotive systems.

Presenter
Stuart Matthews

Buy
Select
Price
List
Purchase to View
$19.00
Learn More
Technical Paper / Journal Article
2012-04-16
TECH PPR 2012 CONG
Share
HTML for Linking to Page
Page URL
Grade
Rate It
No ratings yet

View More Video

Video
2012-02-15
Zero-dimensional, one-dimensional, and quasi-dimensional models for simulation of SI and CI engines with respect to: engine breathing and boosting; SI combustion and emissions; CI combustion and emissions; fundamentals of engine thermodynamics; thermal management; mechanical and lubrication systems; system level models for controls; system level models for vehicle fuel economy and emissions predictions. Presenter Fabio Bozza, Universita di Napoli
Video
2012-06-18
Impact of driving patterns on fuel economy is significant in hybrid electric vehicles (HEVs). Driving patterns affect propulsion and braking power requirement of vehicles, and they play an essential role in HEV design and control optimization. Driving pattern conscious adaptive strategy can lead to further fuel economy improvement under real-world driving. This paper proposes a real-time driving pattern recognition algorithm for supervisory control under real-world conditions. The proposed algorithm uses reference real-world driving patterns parameterized from a set of representative driving cycles. The reference cycle set consists of five synthetic representative cycles following the real-world driving distance distribution in the US Midwestern region. Then, statistical approaches are used to develop pattern recognition algorithm. Driving patterns are characterized with four parameters evaluated from the driving cycle velocity profiles.
Video
2012-03-21
Edgewater Computer Systems Inc. product RTEdge Platform 1.2 is a software toolset supporting proof based engineering, implementation and deployment of software components, built using the RTEdge AADL Microkernel modeling subset. This is a small subset of the AADL component model and execution semantics, covering threads and thread-groups communicating solely through asynchronous event ports and through explicitly shared data ports. Threads behavior is expressed as state machines and dispatch run time semantics is encoded in a Run-time Executive, enforcing pre-emptive priority dispatch based on statically assigned event priorities, with ceiling priority protocol access to shared data. This simple AADL microkernel semantic core can support all dispatch policies, communication and synchronization mechanisms of a fully fledged AADL run time environment, permitting the systematic use of the RTEdge static analysis tools for AADL compliant software components.
Video
2012-05-30
The sustainable use of energy and the reduction of pollutant emissions are main concerns of the automotive industry. In this context, Hybrid Electric Vehicles (HEVs) offer significant improvements in the efficiency of the propulsion system and allow advanced strategies to reduce pollutant and noise emissions. The paper presents the results of a simulation study that addresses the minimization of fuel consumption, NOx emissions and combustion noise of a medium size passenger car. Such a vehicle has a parallel-hybrid diesel powertrain with a high-voltage belt alternator starter. The simulation reproduces real-driver behavior through a dynamic modeling approach and actuates an automatic power split between the Internal Combustion Engine (ICE) and the Electric Machine (EM). Typical characteristics of parallel hybrid technologies, such as Stop&Start, regenerative braking and electric power assistance, are implemented via an operating strategy that is based on the reduction of total losses.

Related Items

Article
2016-12-02
Article
2017-03-13