Safety And Security In The Future For Assisted and Autonomous Driving

by Dr. Frank van den Beuken


It is vital this software behaves reliably. Other software tasks, such as modelling the sensor data, may be less critical, but even for these risk analysis will be needed.


Traffic laws will need to change to accommodate automated driving systems, particularly in the area of liability and privacy. Each country has its own traffic laws and there are legislative initiatives in many jurisdictions.

In the USA nationally, the National Highway Traffic Safety Administration has proposed a formal classification system that defines five levels ranging from when the driver completely controls the vehicle at all times up to the vehicle performing all safety critical functions for the entire trip, with the driver not expected to control the vehicle at any time.

Individual states vary in their approach: Nevada was the first state to authorise the operation of autonomous vehicles, to test autonomous driving technology on public roads, in 2011, followed by California, Florida, Michigan, North Dakota, Tennessee and Washington DC.

A European research project named Automated Driving Applications & Technologies for Intelligent Vehicles began in January 2014 and develops various automated driving functions for daily traffic by dynamically adapting the level of automation to situation and driver status. The project also addresses legal issues that might impact successful market introduction.

Vehicle & Road Automation (VRA) is a support action funded by the European Union to create a collaboration network of experts and stakeholders working on deployment of automated vehicles and its related infrastructure. VRA partners with some OEMs and suppliers, but most partners are research institutes and universities. VRA has identified a list of legal and regulatory issues in the EU.

Volkswagen has appealed for collective European legal actions, including progressive amendment of ECE Regulation 79 (also a UN rule) on steering equipment. This demands that the driver can, at any time, override the function and remain in primary control at all times.

The Japanese government plans to develop laws to govern use of driverless cars. The government also created a classification of automated driving into four classes, including one for completely autonomous driving.

In China, Baidu (often called China’s Google) is also working on a self-driving car with BMW. China’s legislation is quite flexible so the government has more power to put the required changes in place. However, they will have to deal with the same complex issues as other countries.

India is also thinking about autonomous driving, but there are major challenges, one of them being the slow-moving legislation and the difficulty in imposing the expected rules because of different infrastructure.

Development approaches

In this context, how do you create code that is both safe and secure? As mentioned, ISO 26262 puts forward a process for software development, which includes use of coding standards and code checking tools.

System security starts with designing in features that will contribute to a secure result, such as; application separation, particularly segregating with firewalls, safety critical applications (such as steering and brakes) from those less critical, particularly those that communicate with the outside world (such as infotainment), limiting communication, checking and validating data that is communicated and more.

As most software in this area is written in C a good starting point for safe and secure code is MISRA C:2012 (MISRA 3). This provides a set of guide lines for writing C programs, which as well as avoiding undefined behaviour, includes rules that improve maintainability, testability, portability and readability of the source code. There is also a large overlap between MISRA rules and ISO 26262-6 compliance tables, making MISRA a compelling choice when ISO 26262 compliance is required.

Recently MISRA has published amendment 1 to MISRA 3. This has 14 new rules to extend still further MISRA’s coverage of the development of secure systems.

Tools are an important part of developing in accordance with 26262. Static code analysis tools are an important part of managing code quality, providing both a quality control on the code and measuring its adherence to coding standards, like MISRA. Test tools provide further confidence in the software, while verification tools measure how well the software is doing what the designer intended.

It is possible to develop safe and secure systems for vehicles, and organisations that have remodelled their development processes to conform to ISO 26262 have discovered that, after the initial introduction and learning phase, they are also reaping gains in productivity.



Please enter your comment!
Please enter your name here