Parasoft Logo

See Parasoft C/C++test in action!

Take a self-guided product tour.

Get Started

WEBINAR

How to Tackle Software Testing & Regulatory Compliance for IEC 61508

Industrial software systems that run manufacturing robots, electrical elevators, and even your street traffic lights have become very complex. As these types of systems increase in functional capabilities, become connected, and get smart, safety is no longer the only challenge to address. Protecting against threats and vulnerabilities with security controls is just as important.

Are you developing software for a programmable electronic safety related system? Developing safety- and security-critical software isn’t easy, but there’s a way to overcome the challenges. Automation through CI/CD modern software development practices can be part of it. Learn how to accelerate and cut costs in the delivery of software that needs to be safe, secure, and compliant to IEC 61508.

Key Takeaways

  • Understanding the IEC 61508 standard and related secure coding standards.
  • Utilizing static analysis, unit testing, and code coverage for programmable electronic systems.
  • Integrating regulatory safety and security requirements throughout the Software Development Life Cycle (SDLC).

Safety, Security, and Quality: An Intertwined Challenge

When developing software for safety-critical systems, safety is the primary concern. A device must be safe under normal operation and also when it fails. Furthermore, we must consider potential misuse and external attacks. Interestingly, the practices that enhance safety and security often also improve overall software quality and reliability. Common programming errors like overflows, memory abuses, and improper authorization are root causes for safety, security, and quality issues alike.

Understanding IEC 61508

IEC 61508 is a foundational standard for functional safety, applicable across various industries. It provides a systematic approach to incorporating safety functionality into designs, ensuring systems fail in a predictable and safe manner. The standard is built on two core principles:

  1. Following a Safety Engineering Life Cycle Process: This involves adhering to best practices throughout the entire development lifecycle, from requirements gathering to maintenance and disposal.
  2. Probabilistic Failure Approach: This principle uses metrics to measure and account for the safety impact of device failures, often quantified by Safety Integrity Levels (SIL).

The Seven Parts of IEC 61508

IEC 61508 is structured into seven parts, plus a technical report (Part 0):

  • Part 0: Introduces functional safety concepts and challenges.
  • Part 1: Provides an overview of the product safety life cycle, including analysis, realization, and operation phases.
  • Parts 2 & 3: Detail requirements for hardware and software development lifecycles, respectively, including the determination of Safety Integrity Levels (SIL).
  • Part 4: Contains definitions and abbreviations used in the standard.
  • Parts 5-7: Offer guidelines and examples for development, including methods for determining SIL and supporting documentation.

Integrating Safety and Security into the SDLC

Applying IEC 61508 requires a structured approach to the software development lifecycle. This includes:

  • Requirements Phase: Gathering all requirements, including regulatory and customer needs, and performing hazard and risk analysis. For security, a threat and risk assessment should also be conducted, incorporating requirements like secure access control and data protection.
  • Realization Phase: This involves the actual implementation and verification of the device. For hardware (Part 2), this follows a V-model approach. For software (Part 3), involves focusing on requirements, design, development, integration, verification, and validation.
  • Operation Phase: This phase covers maintenance and disposal of the system.

Key Techniques and Tools for Compliance

To meet the requirements of IEC 61508, several techniques are recommended, with the level of rigor depending on the SIL rating:

  • Traceability: Establishing bi-directional traceability between requirements, design, code, and test cases is essential. Tools can automate this process, helping to identify gaps and ensure all requirements are met.
  • Coding Standards: Adopting coding standards such as MISRA or AUTOSAR C++14 helps prevent common programming errors. For security, standards like CERT and UL 2900 are recommended.
  • Static Analysis: Tools that perform static analysis can detect potential issues like overflows, memory leaks, and pointer errors early in the development cycle. These tools should ideally be certified for use in safety-critical applications.
  • Dynamic Analysis and Testing: Unit testing, integration testing, and system testing are crucial. Test cases should be reused for regression testing to ensure that changes do not introduce new problems. Code coverage metrics, including statement, branch, and Modified Condition/Decision Coverage (MCDC), help determine the thoroughness of testing.
  • Certified Tools: Using tools that have been certified for safety-critical applications is a key requirement. This ensures that the tools themselves do not introduce flaws into the development process.

Conclusion

Developing software for safety-critical systems under standards like IEC 61508 presents significant challenges. However, by adopting a structured approach, integrating safety and security from the outset, and utilizing appropriate tools and techniques, organizations can successfully deliver reliable, safe, and compliant software. Automation through CI/CD practices can further streamline this process, reducing costs and time to market.