Hardening Embedded Systems: A Deep Dive into Vulnerability Handling and Secure Development

June 19, 2025

A Deep Dive into Vulnerability Handling and Secure Development

Embedded systems are everywhere. From the cars we drive to the medical devices that keep us healthy, and the industrial control systems that control industry. Securing them isn't just a good idea; it's becoming a legal requirement. How do we ensure these systems are robust against ever-evolving cyber threats? Here are some essential strategies, from vulnerability handling to toolchain optimizations.

The EU Cyber Resilience Act (CRA): A New Era for Embedded Security

The EU Cyber Resilience Act (CRA) is a game changer. It puts the onus on manufacturers to actively seek out, fix, and disclose vulnerabilities in their embedded devices according to EU CRA Essential Requirements.

What does this actually mean? This does not mean slapping on a firewall and calling it a day. The CRA demands a proactive approach, including:

  • Software Bill of Materials (SBoM): Know your ingredients. An SBoM identifies all components within your system. It is a detailed nutritional label for your software, allowing you to quickly assess the impact of newly discovered vulnerabilities.
  • Timely Security Updates: Patches need to be deployed, and deployed fast. The CRA emphasizes the importance of addressing vulnerabilities with security updates in a timely manner. Regular testing is key to ensure updates don't introduce new problems.
  • Vulnerability Disclosure: Honesty is the best policy. Manufacturers must publish details of addressed vulnerabilities through security advisories.
  • Coordinated Vulnerability Disclosure Policy: Have a plan in place for how you'll handle vulnerability reports from external researchers.
  • Secure Update Distribution: Ensure updates are delivered securely to prevent tampering.
  • Prompt Dissemination: Making sure that those updates are out there ASAP.

Let’s not forget the need to notify cybersecurity authorities about exploited vulnerabilities. And while the CRA sets a minimum bar, voluntary reporting is always encouraged.

Leveraging Your Toolchain for Enhanced Security

Your development toolchain is more powerful than you think. Compilers like GCC and Clang offer a wealth of options to bolster security. Let's unpack some key compiler warnings:

  • -Wconversion-Wsign-conversion, and -Wstrict-overflow: These flags are your first line of defense against integer-related vulnerabilities. Integer overflows, sign errors, and unintended type conversions can lead to unexpected behavior and security holes.
  • -Warray-bounds and -Wstringop-overflow: Memory safety is paramount. These warnings help detect potential buffer overflows, a classic source of vulnerabilities.
  • Format String Vulnerabilities: Be extra careful when using user-supplied input in format strings. Your toolchain can help you catch these insidious bugs.
  • Thread Safety Analysis: Concurrency introduces complexity, and complexity introduces bugs.

Microservices: A Path to Better Security?

Extracting microservices from a monolithic architecture can seem daunting, but can lead to enhanced security and maintainability. Think of operator terminals for machines. How many times do OEMs reinvent the wheel for standard features? Ready-made microservices can provide a better solution Extracting Microservices from a Modular Monolith.

Why consider microservices? Maybe the feature isn't core to your business. Maybe you need to reduce time to market, scale your team, or improve user authentication and resilience.

The key is well-defined, technology-agnostic interfaces. The Ports-and-Adapters architecture is your friend here. Imagine a future where SoMs (Solutions on Modules) offer ready-made microservice solutions. OEMs can focus on their core competencies, rather than reinventing the wheel.

The Perils of Coupling: Lessons from Software-Defined Vehicles

Software-Defined Vehicles (SDVs) are the future, right? But with great power comes great responsibility – and the potential for spectacular failures. One critical factor often overlooked is architectural coupling Architectural Coupling Killed Software.

Traditional vehicles, constrained by wiring limitations and single-function ECUs, naturally fostered low coupling and high cohesion. SDVs, with their high-bandwidth communications, pub/sub models, and centralized hardware/software, can inadvertently incentivize high coupling and low cohesion. This can destroy incentives for better designs and lead to system failures.

Conway's Law reminds us that organizational structures mirror system architectures. If your teams are siloed and communication is poor, your software architecture will likely reflect that.

The Importance of Standards: SAE J3018 and Beyond

Testing autonomous vehicles on public roads is serious business. A safety driver isn't enough. Conforming to SAE J3018 is crucial for operational safety SAE J3018 for Operational Safety.

J3018 covers a wide range of aspects:

  • Driver training
  • Workload management
  • Route selection
  • Pre-trip protocols
  • Driver monitoring
  • Post-test debriefing
  • Incident response

Supplement J3018 with ISO 26262 for safety-critical mechanisms. For driverless cargo vehicles, you can adapt J3018 by installing a temporary safety driver seat or using a chase car to mimic vehicle geometry.

Formal Verification: The Ultimate Safety Net

What if you could prove the absence of runtime errors in your embedded systems? That's the promise of formal verification. By using mathematical techniques, we can analyze code and guarantee that certain types of errors, such as buffer overflows and memory leaks, simply cannot occur. Formal verification offers mathematical proof of memory-safe software, and is a critical part of ensuring zero runtime errors.

Tools like TrustInSoft Analyzer employ formal verification and abstract interpretation to provide unparalleled assurance in C/C++ code. It helps in detecting a range of issues, including undefined behavior, use after free, integer overflow and memory leaks. Imagine knowing, with mathematical certainty, that your code is free from these vulnerabilities. This gives a unique approach to embedded software testing.

And let's not forget cybersecurity compliance. Regulatory standards like ISO 26262 and DO-178C are increasingly demanding rigorous verification methods. Formal verification can help you meet these requirements and demonstrate the safety and security of your systems.

Going Forward

Securing embedded systems is a multifaceted challenge. It requires a combination of proactive vulnerability handling, secure coding practices, robust toolchains, and rigorous verification methods. By embracing standards like the EU CRA and SAE J3018, and leveraging techniques like formal verification, we can build embedded systems that are more resilient, reliable, and safe.

Want to learn more about how formal verification can protect your embedded systems? Contact our team today.

Book a demo

Newsletter