Home » IoT Embedded Systems » Focus » Achieving safety and security in IoT SoC development

Achieving safety and security in IoT SoC development

[Contributed Story] Cost of hardware, robustness of the communication channels, and safety-security form a critical triade for the IoT ecosystem.

By Dr. Mike Bartley – TVS

There are three gating factors to the widespread uptake of many classes of IoT ecosystem. The first is the cost of the hardware, which in many use cases needs to be as close to zero as possible. The second is the robustness of the communications channels, without which an Internet of Things devolves into just Things. The third is the safety and security of the overall ecosystem, from the devices themselves to the data and analysis they enable.

Think about IoT opportunities such as drones, smart cities and automated health care, all of which have obvious safety and security issues. Companies that want to enter these markets will need to review their development practices to ensure they comply with the relevant industry safety standards.

AS an example, Let’s walk through the safety and security implications of entering the rapidly growing automotive sector, which is seeing the rapid introduction of mandatory safety features and near-ubiquitous driver-assistance systems for vehicles.

Companies that want to expand into this and similarly attractive new markets from a base in another sector, such as consumer electronics, will have to learn a whole new set of development procedures. Applications such as back-up cameras, lane–keeping and eCall emergency assistance all have safety implications that require close scrutiny of hardware and software development processes to ensure compliance to the automotive safety standard ISO26262.

Consider a lane-keeping assistant as an example. A hazard analysis might identify lane departure as a hazard and derive a functional safety requirement to “manage excessive motor torque”. This might be achieved by detecting excessive torque, providing a driver alert, diagnostic logs and system deactivation. An Automotive Safety Integrity Level (ASIL) will be assigned through a risk analysis and by combining Severity, Exposure and Controllability. The lane-keeping assistant is likely to be assigned ASIL D, the highest classification, which represents likely potential for severely life-threatening or fatal injury in the event of a malfunction. This requires the highest level of assurance that the dependent safety goals are sufficient and have been achieved.

Take automotive connectivity as another example. The increasing amount of data flowing to and from vehicles creates a security risk, which needs to be considered during any hazard analysis and mitigated during hardware and software development to avoid introducing security vulnerabilities. Much like safety, security needs to be considered throughout the development process, from initial architecture through to code development and testing strategies.

For compliance to ISO26262 and other standards (such as DO254/178 for avionics) both the hardware and software development must follow stringent processes.

For example, a full requirements analysis must be performed involving all stakeholders. The resulting system requirements must be partitioned between hardware and software and traced through the development processes (which are still typically assumed to follow a V-model). This traceability includes both the hardware verification and software testing that provides the proof of implementation. TVS strongly advocates achieving this traceability through a requirements-driven verification approach, in which verification tasks are linked back to the requirements and features from which they are derived.

These tasks are becoming increasingly varied as companies adopt advanced verification techniques. For example, higher levels of safety will require detection of memory errors using ECC (error correction codes), which might best be verified through formal verification at the block level, simulation at the SoC level, and emulation for HW-SW co-verification. Keeping track of verification results generated by each of these approaches, and correlating their results across the entire development cycle, becomes a challenge in itself. TVS’s asureSIGN requirements-driven management and verification tool enables results from a wide range of hardware verification and software-testing techniques to be collected in a results database than can record historic verification results. This is important for tracking progress through the project and for safety compliance, which mandates retention of verification results.

New entrants to the automotive IC sector, especially those whose current main concern is time-to-market, may need to substantially update their development processes. For example, they often use internal scripts as part of the CAD flow – and these will have to be qualified, even though the work required to qualify such scripts often outweighs their usefulness.

To help systems developers understand the challenge, TVS worked with partners OneSpin and Emenda to offer a seminar entitled “Achieving Safety Compliance in Hardware and Software Development”, the results of which are now available on line.

OneSpin is a formal verification vendor and used the seminar to demonstrate how hardware functions such as ECC can be verified through property checking. Emenda is a tool supplier that presented a new approach to software testing for certified projects, covering dynamic testing, source code analysis, and architectural and security concerns for the main software standards IEC 61508, IEC 62304, DO-178 and ISO 26262. TVS outlined how to follow a requirements-driven approach to safety compliance.

Further information on TVS’s products and services is available on the TVS website.

About TVS

TVS (Test and Verification Solutions Ltd) provides services and products to organisations developing complex products in the microelectronics and embedded systems industries. Such organisations use TVS to verify their hardware and software products, employ industry best practice and manage peaks in development and testing programmes. TVS’s embedded software testing services includes onsite/offshore testing support including assistance with safety certification and security testing. TVS hardware verification services include onsite/offshore verification support and training in advanced verification methodologies. TVS also offers Verification IPs and its own Verification (EDA) signoff tool.


Mike_BartleyTVS Company Contact

Dr. Mike Bartley – TVS

+44 7796 307958


Great information delivered straight to your inbox

Leave a Reply

Your email address will not be published. Required fields are marked *