The Motor Industry Software Reliability Association (MISRA) is an organization whose mandate is “to provide assistance to the automotive industry in the application and creation within vehicle systems of safe and reliable software.” MISRA’s steering committee steering is made up of a mixture of automotive manufactures, such as Ford and Jaguar, component suppliers as well as The University of Leeds.
While MISRA is commonly known for it’s safety and security standards for the automotive industry, this organization produces comprehensive software guidelines which aim to standardize code safety, security and reliability in software used in a variety of sectors.
Their most well-known set of security compliance guidelines, MISRA C, first launched in 1998, is in its fourth edition which was released in April 2016 and has evolved to become the model for software best practices far beyond simply the automotive industry as embedded systems in a wide range of industries rely on MISRA to facilitate code safety and reliability. These industries include, but are not limited to, aerospace, telecom, medical devices, defense, railway, and others.
Brief History of MISRA-C Security Compliance
Today, MISRA’s standard is simply known as MISRA Compliance after earlier iterations were known as MISRA C followed by the year of their release.
MISRA-C:1998 included 127 rules, of which 93 are required and 34 are advisory which were numbered in sequence from 1 to 12. These rules were originally put together by a group of software engineers at the Austin Rover Group (ARG) spring 1997 who sent a draft C coding standard to the Programming Research Ltd (PRL) who in turn encouraged them to turn this draft into a stronger set of rules which evolved into MISRA C:1998, or “Guidelines for the use of the C language in vehicle based software.”
Six years later, in 2004, “Guidelines for the use of the C language in critical systems”, or MISRA-C:2004 was released which included a number of changes to the original set of guidelines. This standard now grew to 142 rules where 122 “required” and 20 “advisory” rules are divided into 21 categories ranging from “Environment” to “Run-time failures.”
Following MISRA-C:2004 came MISRA-C:2012 which was released in 2013 and expanded support to the C99 version of the C language and included 143 rules and 16 “directives” whose compliance remains open to interpretation. These are classified as mandatory, required, or advisory.
In April 2016, MISRA released MISRA Compliance:2016, switching the C, which previously referred to the C level of programming, which included detailed guidance on how to achieve compliance for both MISRA C and MISRA C++.
Securing the Systems that Protect Our Nations
Given the that the C language is prone to an enormous family of buffer overflow vulnerabilities, it’s critical that the systems that control some of the most advanced weapons on the planet are written with secure coding.
Prior to MISRA C security compliance, militaries around the world, including the American Department of Defense (DoD) avoided using code written in C for safety critical applications. Today, MISRA facilitates code safety, security and reliability in various elements of the NASA program and the Lockheed-Martin F-35 joint strike fighter which is one of the most advanced weapons platforms in the world.
What makes the case of the F-35 particularly interesting, is that in 2009, reports circulated that foreign spies had downloaded several terabytes of data related to the plane’s design and electronics systems prompting speculation that as a response, Lockheed-Martin had been fortifying any potentially vulnerable hardware and software against any future cyber attacks.
MISRA C – Security Against Buffer Overflow
The damage that buffer overflow attacks can have on both general purpose systems as well as the special purpose embedded systems that operate various control and weapons systems located on various platforms used by armed services. Aircraft carriers, fighter jets, submarines and nuclear missile silos have thousands of such components which, if attacked by malicious parties, could lead to devastating consequences. MISRA security compliance provides the assurances against a multitude of buffer overflow attacks which could threaten the security of weapons delivery platforms and transportation vehicles.
Read about the role source code analysis plays in eliminating buffer overflow attacks here.