Detecting Cyber-Security Vulnerabilities in Legacy Safety-Critical Software

Security flaws in automotive software have catastrophic consequences. Modern automotive engineers must assess the software not only for performance and reliability but also for safety and security. This paper presents a tool to verify software for safety and security. The tool was originally developed for Department of Defense (DoD) to detect cybersecurity vulnerabilities in legacy safety-critical software with tight performance constraints and small memory footprint. We show how the tool and techniques developed for verifying legacy safety-critical software can be applied to automotive and embedded software using real world case studies. We also discuss how this tool can be extended for software comprehension.