From Silicon To Software


MISRA–AUTOSAR: Securing the Connected Car

The Motor Industry Software Reliability Association recently announced it is merging its C++ guidelines with AUTOSAR. Will this unified standard for safety-related code development be enough to safeguard the future of the connected car?

When security researchers first demonstrated that they could hack a car over the internet to control its brakes and transmission, 1.4 million vehicles were recalled to fix the software vulnerability. The infamous Jeep hack of 2015 was an expensive wake-up call for the automotive industry. Software security standards have evolved since then―but how much?

In today’s cars, software now controls everything from safety-critical systems (anti-lock brakes and power steering) to basic controls (doors and windows) to navigation and infotainment systems. These all come from different vendors. As the software supply chain gets longer―with multiple vendors contributing to the software that goes into the final product―coding standards are critical to prevent life-threatening malfunctions.

MISRA (the Motor Industry Software Reliability Association) provides guidelines for developing safety- and security-related electronic systems, embedded control systems, software-intensive applications, and standalone software.

MISRA guidelines facilitate the development of code that is:

  • Reliable enough to run in safety-critical systems
  • Secure against common code exploits
  • Portable (reusable) throughout the supply chain

The most prominent of MISRA guidelines are for projects developed using the C and C++ programming languages. These include MISRA C 2004, MISRA C++ 2008, and MISRA C 2012 standards. While MISRA C/C++ has become the de facto coding standard for automotive systems, it does not cover recent C++ language improvements nor does it reflect knowledge from recent security breaches and vulnerabilities.

So, is MISRA prepared to handle increasing connectivity, over-the-air updates, and the exponential rise in open source code? Following the recent announcement that MISRA will merge its C++ guidelines with AUTOSAR, they just might be.

AUTOSAR was founded in 2003 (nearly 10 years after MISRA) to create an open and standardized automotive software architecture. They defined the use of C++14 for safety-critical environments. This standard was designed to pick up where MISRA C++ 2008 left off, filling in a few gaps and extending rules to address dynamic memory, standard libraries, exceptions, virtual functions, and more.

AUTOSAR has released their C++ guidelines twice a year since March 2017. Their robust rule sets and publication frequency―and their development partnerships with more than 200 companies―have paved the way for automotive electrical and electronic development that is focused on performance as well as safety and security. It’s the future of C++.

MISRA will merge the AUTOSAR guidelines with their own established best practice to develop a single “go to” language subset for safety-related C++ development. The MISRA-led guidelines will incorporate the latest version of the language (C++17) and, when available, its successor (C++20).

The integrated MISRA–AUTOSAR C++ rule set will bring together the best ideas from two industry-leading organizations. More importantly, it will deliver a unified industry standard with a common set of rules―a single point of reference for all developers across the supply chain. The guidelines will evolve in lock-step with AUTOSAR’s three-year release cycle for new versions of the C++ language.

Regarding the standards merger, AUTOSAR Chairman Rick Flores said, “It is crucial for innovative industries to be supported with a common, understandable C++ language in one place―a gold source for developers. We see the universal growth in C++ usage across some of the most transformative areas of industry, from connected autonomous vehicles to the development of AI underpinning the next generation of software-intensive systems.”

Today’s car contains more than 100 million lines of code. In the next decade, the average car will contain 300 million lines of code. And as cars become more connected, hackers will increasingly target automotive apps. Synopsys is poised to help you offset these attacks with Coverity static analysis, a comprehensive and scalable solution for MISRA compliance.

Learn more about Synopsys solutions for automotive software security and quality.