Building more secure embedded software with code coverage analysis
David and Mike Kleidermacher, Green Hills Software
embedded.com (September 18, 2013)
A comprehensive test regimen, including functional, regression, performance, and coverage testing, is one of the best mechanisms to assure that software is reliable and secure. Indeed, testing is an important component of many high-assurance development standards and guidance documents, such as that promulgated by the U.S. Food and Drug Administration.
In addition, two approaches to testing are almost always required to ensure security. First, all software within security-critical components must be covered by some form of functional test: white-box, black box, fault-based, error-based and stress.. Then coverage is verified using code coverage tools. Further, all security-critical software must be traceable to the software’s component requirements. Software that fails to trace back to a test and to a requirement is more likely to introduce latent security vulnerabilities.
To read the full article, click here
Related Semiconductor IP
- HBM4 PHY IP
- Ultra-Low-Power LPDDR3/LPDDR2/DDR3L Combo Subsystem
- HBM4 Controller IP
- IPSEC AES-256-GCM (Standalone IPsec)
- Parameterizable compact BCH codec
Related Articles
- Five steps to reliable, low-cost, bug-free software with static code analysis
- Embedded Software Unit Testing with Ceedling
- SoC Test and Verification -> Coverage analysis essential in ATE
- Code Coverage is Crucial in the IP Qualification Process
Latest Articles
- A 14ns-Latency 9Gb/s 0.44mm² 62pJ/b Short-Blocklength LDPC Decoder ASIC in 22FDX
- Pipeline Stage Resolved Timing Characterization of FPGA and ASIC Implementations of a RISC V Processor
- Lyra: A Hardware-Accelerated RISC-V Verification Framework with Generative Model-Based Processor Fuzzing
- Leveraging FPGAs for Homomorphic Matrix-Vector Multiplication in Oblivious Message Retrieval
- Extending and Accelerating Inner Product Masking with Fault Detection via Instruction Set Extension