AdaCore Blog

Security Considerations in Light Launcher Software

by Jose Ruiz

When Latitude began creating their small satellite launcher, Zephyr, they recognized the importance of selecting the correct programming language and development tools to support their efforts. They chose to work with high-integrity software experts AdaCore.

Latitude, which closed a Series B funding round in January 2024, is currently preparing for Zephyr's first flight, which will occur in late 2025.

In this article, Jose Ruiz, a Product Manager at AdaCore, explores two essential factors to consider when selecting secure software for your space industry projects: memory-safe languages and formal verification.

In the competitive New Space industry, ingenuity, reliability, and cost-effectiveness are paramount. When developing new projects, the correct choice of programming language is critical. By prioritizing memory safety and embracing formal verification, organizations can enhance their software's resilience against vulnerabilities and demonstrate compliance with regulatory expectations.

Memory-safe programming languages

Memory safety is a crucial concept in software development. It addresses how an application handles memory operations such as reading, writing, allocation, and deallocation. A memory-safe application operates within the bounds of its allocated memory (it doesn't access or modify memory locations that it's not allowed to access). Improper memory management can result in severe problems in software reliability. Languages that aren't memory-safe also negatively impact stability, developer productivity, and application performance.

Organizations can substantially diminish software vulnerabilities by leveraging languages engineered to preempt memory safety issues, such as buffer overflows and use-after-free errors.

Introducing formal verification

Formal verification frameworks are instrumental in assessing the correctness of hardware and software design operations by applying formal mathematical proofs. These frameworks ensure the correctness of underlying algorithms within a system.

Despite adopting memory-safe programming languages, vulnerabilities persist in software systems. Testing alone is insufficient to comprehensively address these vulnerabilities due to the inherent complexities of code. Formal methods offer a systematic approach to demonstrating correctness and integrate verification into the development process.

The importance of compliance

Additionally, formal verification facilitates compliance with regulatory requirements and industry standards by providing concrete evidence of software correctness and security. Whether adhering to data privacy regulations, cybersecurity protocols, or quality assurance benchmarks, formal verification offers a robust framework for meeting and exceeding regulatory expectations.

Latitude and Zephyr

Latitude judged Ada and SPARK to have the best support for sound software engineering practice for their 200kg capacity launcher in LEO, thus reducing life cycle costs while meeting real-time embedded systems performance and predictability requirements.

You can read more about the partnership here in our case study.

Posted in #Latitude   

About Jose Ruiz

Jose Ruiz

Dr. Jose Ruiz is a Product Manager at AdaCore with 25 years of experience in embedded safety-critical real-time systems, having authored/coauthored over 40 papers in that area. He received his Ph.D. degree for his work in the field of real-time and multimedia systems, including scheduling policies and resource management in real-time operating systems.

He is an expert in certification of high-integrity system in aeronautics, space and railway domains, and he has been involved in the certification/qualification of run-time libraries and automatic code generators from modeling languages.

Throughout his career he has worked on the definition of language profiles for embedded systems, and the design and implementation of the run-time support required for executing on bare-metal targets.