I'm just wrapping up my first semester teaching a new course on embedded system software. It covers code quality, safety, and security. Below is table of lecture handouts.
NOTE: there is an update here:
https://users.ece.cmu.edu/~koopman/lectures/index.html#642
which includes newer course notes and quite a few YouTube videos of these lectures.
You should use that URL instead of this blog post, but I've left this post as-is for Fall 2017.
18-642 Embedded System Software Engineering
Prof. Philip Koopman, Carnegie Mellon University, Fall 2017
Note that in Spring 2018 these are likely to be updated, so if want to see the latest also check the main course page: https://www.ece.cmu.edu/~ece642/ For other lectures and copyright notes, please see my general lecture notes & video page: https://users.ece.cmu.edu/~koopman/lectures/index.html
NOTE: there is an update here:
https://users.ece.cmu.edu/~koopman/lectures/index.html#642
which includes newer course notes and quite a few YouTube videos of these lectures.
You should use that URL instead of this blog post, but I've left this post as-is for Fall 2017.
18-642 Embedded System Software Engineering
Prof. Philip Koopman, Carnegie Mellon University, Fall 2017
| Slides | Topics | |
| 1 | Course Introduction | Software is eating the world; embedded applications and markets; bad code is a problem; coding is 0% of software; truths and management misconceptions |
| 2 | Software Development Processes | Waterfall; swiss cheese model; lessons learned in software; V model; design vs. code; agile methods; agile for embedded |
| 3 | Global Variables | Global vs. static variables; avoiding and removing globals |
| 4 | Spaghetti Code | McCabe Cyclomatic Complexity (MCC); SCC; Spaghetti Factor (SF) |
| 5 | Unit Testing | Black box testing; white box testing; unit testing strategies; MCDC coverage; unit testing frameworks (cunit) |
| 6 | Modal Code/Statecharts | Statechart elements; statechart example; statechart implementation |
| 7 | Peer Reviews | Effective code quality practices, peer review efficiency and effectiveness; Fagan inspections; rules for peer review; review report; perspective-based reviews; review checklist; case study; economics of peer review |
| 8 | Code Style/Humans | Making code easy to read; good code hygiene; avoiding premature optimization; coding style |
| 9 | Code Style/Language | Pitfalls and problems with C; language use guidelines and analysis tools; using language wisely (strong typing); Mars Climate Orbiter; deviations & legacy code |
| 10 | Testing Quality | Smoke testing, exploratory testing; methodical test coverage; types of testing; testing philosophy; coverage; testing resources |
| 11 | Requirements | Ariane 5 flight 501; rules for good requirements; problematic requirements; extra-functional requirements; requirements approaches; ambiguity |
| 12 | System-Level Test | First bug story; effective test plans; testing won't find all bugs; F-22 Raptor date line bug; bug farms; risks of bad software |
| 13 | SW Architecture | High Level Design (HLD); boxes and arrows; sequence diagrams (SD); statechart to SD relationship; 2011 Health Plan chart |
| 14 | Integration Testing | Integration test approaches; tracing integration tests to SDs; network message testing; using SDs to generate unit tests |
| 15 | Traceability | Traceability across the V; examples; best practices |
| 16 | SQA isn't testing | SQA elements; audits; SQA as coaching staff; cost of defect fixes over project cycle |
| 17 | Lifecycle CM | A400M crash; version control; configuration management; long lifecycles |
| 18 | Maintenance | Bug fix cycle; bug prioritization; maintenance as a large cost driver; technical debt |
| 19 | Process Key Metrics | Tester to developer ratio; code productivity; peer review effectiveness |
| 33 | Date Time Management | Keeping time; time terminology; clock synchronization; time zones; DST; local time; sunrise/sunset; mobility and time; date line; GMT/UTC; leap years; leap seconds; time rollovers; Zune leap year bug; internationalization. |
| 21 | Floating Point Pitfalls | Floating point formats; special values; NaN and robots; roundoff errors; Patriot Missile mishap |
| 23 | Stack Overflow | Stack overflow mechanics; memory corruption; stack sentinels; static analysis; memory protection; avoid recursion |
| 25 | Race Conditions | Therac 25; race condition example; disabling interrupts; mutex; blocking time; priority inversion; priority inheritance; Mars Pathfinder |
| 27 | Data Integrity | Sources of faults; soft errors; Hamming distance; parity; mirroring; SECDED; checksum; CRC |
| 20 | Safety+Security Overview | Challenges of embedded code; it only takes one line of bad code; problems with large scale production; your products live or die by their software; considering the worst case; designing for safety; security matters; industrial controls as targets; designing for security; testing isn't enough Fiat Chrysler jeep hack; Ford Mytouch update; Toyota UA code quality; Heartbleed; Nest thermostats; Honda UA recall; Samsung keyboard bug; hospital infusion pumps; LIFX smart lightbulbs; German steel mill hack; Ukraine power hack; SCADA attack data; Shodan; traffic light control vulnerability; hydroelectric plant vulnerability; zero-day shopping list |
| 22 | Dependability | Dependability; availability; Windows 2000 server crash; reliability; serial and parallel reliability; example reliability calculation; other aspects of dependability |
| 24 | Critical Systems | Safety critical vs. mission critical; worst case and safety; HVAC malfunction hazard; Safety Integrity Levels (SIL); Bhopal; IEC 61508; fleet exposure |
| 26 | Safety Plan | Safety plan elements; functional safety approaches; hazards & risks; safety goals & safety requirements; FMEA; FTA; safety case (GSN) |
| 28 | Safety Requirements | Identifying safety-related requirements; safety envelope; Doer/Checker pattern |
| 29 | Single Points of Failure | Fault containment regions (FCR); Toyota UA single point failure; multi-channel pattern; monitor pattern; safety gate pattern; correlated & accumulated faults |
| 30 | SIL Isolation | Isolating different SILs, mixed-SIL interference sources; mitigating cross-SIL interference; isolation and security; CarShark hack |
| 31 | Redundancy Management | Bellingham WA gasoline pipeline mishap; redundancy for availability; redundancy for fault detection; Ariane 5 Flight 501; fail operational; triplex modular redundancy (TMR) 2-of-3 pattern; dual 2-of-2 pattern; high-SIL Doer/Checker pattern; diagnostic effectiveness and proof tests |
| 32 | Safety Architecture Patterns | Supplemental lecture with more detail on patterns: low SIL; self-diagnosis; partitioning; fail operational; voting; fail silent; dual 2-of-2; Ariane 5 Flight 501; fail silent patterns (low, high, mixed SIL); high availability mixed SIL pattern |
| 34 | Security Plan | Security plan elements; Target Attack; security requirements; threats; vulnerabilities; mitigation; validation |
| 35 | Cryptography | Confusion & diffusion; Caesar cipher; frequency analysis; Enigma; Lorenz & Colossus; DES; AES; public key cryptography; secure hashing; digital signatures; certificates; PKI; encrypting vs. signing for firmware update |
| 36 | Security Threats | Stuxnet; attack motivation; attacker threat levels; DirectTV piracy; operational environment; porous firewalls; Davis Besse incident; BlueSniper rifle; integrity; authentication; secrecy; privacy; LG Smart TV privacy; DoS/DDos; feature activation; St. Jude pacemaker recall |
| 37 | Security Vulnerabilities | Exploit vs. attack; Kettle spambot; weak passwords; master passwords; crypto key length; Mirai botnet attack; crypto mistakes; LIFX revisited; CarShark revisited; chip peels; hidden functionality; counterfeit systems; cloud connected devices; embedded-specific attacks |
| 38 | Security Mitigation Validation | Password strength; storing passwords & salt/pepper/key stretching; Adobe password hack; least privilege; Jeep firewall hack; secure update; secure boot; encryption vs. signing revisited; penetration testing; code analysis; other security approaches; rubber hose attack |
| 39 | Security Pitfalls | Konami code; security via obscurity; hotel lock USB hack; Kerckhoff's principle; hospital WPA setup hack; DECSS; Lodz tram attack; proper use of cryptography; zero day exploits; security snake oil; realities of in-system firewalls; aircraft infotainment and firewalls; zombie road sign hack |
Note that in Spring 2018 these are likely to be updated, so if want to see the latest also check the main course page: https://www.ece.cmu.edu/~ece642/ For other lectures and copyright notes, please see my general lecture notes & video page: https://users.ece.cmu.edu/~koopman/lectures/index.html
