Enhancing Code Excellence: The Path to Ultimate Safety & Security

Frank van den Beuken from PRQA explores the future of safety and security in assisted and autonomous driving.

Cars are transforming from being largely mechanical devices controlled by humans to fully autonomous vehicles. We’re nearing a critical point as most new cars now come with advanced driver-assistance systems (ADAS) like lane tracking, autonomous emergency braking, and enhanced vision systems. Meanwhile, fully autonomous cars are being tested extensively.

These advanced systems rely on sensors, actuators, radar, and lidar, all communicating through networks and controlled by microcontrollers. Essentially, modern cars are becoming ‘internets on wheels.’ They also communicate with each other (vehicle-to-vehicle or V2V), with infrastructure (V2I) like traffic lights, and with satellites for navigation.

At the core of these systems is software—over 100 million lines of code. This includes not just application code, but also operating systems, middleware for network communications, and interfaces for sensors and driver displays.

However, as cars become more complex, security and safety concerns grow. With V2X communications, cars are more vulnerable to cyber attacks. There has already been an instance where a third party remotely took control of a Jeep. Newer vulnerabilities can also come from car users themselves. Many cars use on-board diagnostics (OBD) to monitor engine parameters, and the OBD-II connector is publicly available. Bluetooth OBD connectors let drivers check engine health via mobile phones, potentially opening the system to unauthorized access. Research from the University of Michigan even demonstrated hacking into a large truck and a school bus through a direct OBD connection.

Given the vast amounts of software, safety is paramount. The case of unintended acceleration in Toyota vehicles highlighted that legacy code often isn’t up to current standards. Therefore, new code must meet much higher standards of safety.

To address this, ISO 26262 was introduced five years ago as a specific safety standard for the automotive industry. It adapts the IEC 61508 functional safety standard to the needs of electrical and electronic systems in passenger cars. ISO 26262 covers the entire lifecycle of these safety-related systems, including software quality requirements.

The standard categorizes risks using Automotive Safety Integrity Levels (ASILs), which range from A (lowest) to D (highest) based on the severity of risk, probability of exposure, and controllability. There’s also a QM (quality management) level that indicates no requirement to adhere to ISO 26262, leaving quality to the discretion of the development organization.

The controllability factor assumes the driver is appropriately trained and compliant with traffic laws. When autonomous driving systems are in use, laws will need to adjust so that drivers don’t have to pay attention unless prompted by the system. Reliable driver notification and fallback to human control are crucial; if the system fails to notify the driver, they might not be able to take over in time.