LDRA, a Tasking Company, and a leader in automated software verification, traceability and standards compliance, today announced that the LDRA tool suite now provides comprehensive functional safety and cybersecurity software verification capabilities to meet airworthiness requirements for airborne systems. These new capabilities enhance existing security analysis, verification and reporting capabilities to simplify and accelerate compliance with aviation cybersecurity standards DO-326B and DO-356A up to Security Assurance Level (SAL) 3 as well as the airborne software safety standard DO-178C up to Design Assurance Level (DAL) A for commercial aviation. This integrated approach minimizes functional safety and security certification challenges and risks while reducing cost and speeding time-to-market.

Driven by the rapid growth of urban air mobility (UAM) and unmanned aerial systems (UAS), airborne systems are increasingly being connected to external sources. This raises new security threats and introduces greater system complexity that can lead to critical failures. Security requirements designed to prevent these issues in aerospace applications can be difficult and time-consuming to implement without the right tools. DO-326B defines the processes and activities for identifying and mitigating cybersecurity vulnerabilities and DO-356A provides guidance and objectives to meet the requirements for each safety assurance level (SAL).

“With the advent of DO-326B, cybersecurity is not optional for airborne systems,” said Ian Hennell, Operations Director, LDRA. “Developers simply cannot afford to allow security vulnerabilities that could compromise mission success or passenger safety. With more security analysis, verification and reporting capabilities specifically targeted at aviation applications, embedded developers can consider security and safety together at the same time. This is truly the best method for addressing these security and safety threats before they arise as the alternative of implementing them separately duplicates efforts unnecessarily and is more time consuming.”

Security analysis features

The new LDRA tool suite ensures developers can easily meet several key parts of these standards by offering:

- Secure coding practices: the tool suite prevents vulnerabilities from entering code in the first place through compliance with secure coding standards such as MISRA, CERT, and CWE.

- Refutation analysis through smart fuzzing. Verifying that code is secure in this way can be done in part through TBextremePlus, which allows users to automatically check against conditions that can cause buffer overflows such as null and reallocated pointers. As a result, developers can eliminate vulnerabilities in the code through both static and dynamics analysis.

- Robustness testing: Evaluates how software behaves under unexpected, invalid, or extreme inputs or operating conditions.

Other important capabilities of the expanded LDRA tool suite for airborne systems include:

- Security requirements traceability

- Memory corruption testing

- Code coverage and path testing

- Data flow and control flow analysis

- Data coupling and control coupling analysis

- Taint analysis

- Concurrency checking

- Coding standards compliance

See It at Embedded World North America

LDRA will showcase the new security for aerospace capabilities at Embedded World North America, in Anaheim, November 4-6.