slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Complex Integrated Avionic Systems and System Safety PowerPoint Presentation
Download Presentation
Complex Integrated Avionic Systems and System Safety

Loading in 2 Seconds...

play fullscreen
1 / 13

Complex Integrated Avionic Systems and System Safety - PowerPoint PPT Presentation


  • 531 Views
  • Uploaded on

Federal Aviation Administration. Complex Integrated Avionic Systems and System Safety. Presentation to: Europe/U.S. International Aviation Safety Conference Name: Ali Bahrami Date: June 9, 2005. Electronic flight inst. Ex. 757/767. Integrated display system

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Complex Integrated Avionic Systems and System Safety' - Pat_Xavi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Federal Aviation

Administration

Complex Integrated Avionic Systems and System Safety

Presentation to: Europe/U.S. International Aviation Safety ConferenceName: Ali Bahrami

Date: June 9, 2005

trends in avionics integration and complexity

Electronic flight inst.

Ex. 757/767

Integrated display system

Ex. 747-400

Expanded IMA

Ex. Falcon EASy, ERJ-170

Integrated Mod Avionics (IMA)

Ex. 777

  • Integration within closely related functions
  • Most functionality in hardware/firmware
  • Integration of most display-related avionics functions
  • Most functionality re-programmable
  • Integration of avionics + some flt. control and airplane systems
  • More generic processors & software-based functionality
Trends in Avionics: Integration and Complexity

2000

1980

1990

  • Integration of many avionics functions
  • Card-based processors in cabinet racks
trends in avionics architectures
Trends in Avionics: Architectures
  • Huge increases in:
    • Functional integration.
    • Software size and complexity.
  • Shift in techniques for isolation/independence:
    • Traditionally, redundant features were completely isolated – now they communicate with each other.
    • High/low criticality functions traditionally physically isolated from each other – now share computing and databus resources.
  • Mix of new and reused (“legacy”) software.
trends in avionics tso
Trends in Avionics: TSO
  • TSOs:
    • Traditionally, TSOs were used for simple equipment (e.g. seat belts) and well-defined “stand-alone” functions (e.g. air speed indicator). Installation issues were minimal.
    • Now, TSO requirements cover only a small fraction of the designed functionality.
    • TSO functionality may be embedded in an integrated avionics suite (“functional TSO”).
    • Vendors need TSOA to ship “brain-dead” hardware which doesn’t comply with the full TSO requirements until installed and software is loaded.
trends in avionics engineering and business practices
Trends in Avionics: Engineering and Business Practices
  • Increasing dependence on Commercial Off-the-Shelf (COTS) hardware and software. Examples:
    • Microprocessors (from PC industry).
    • Operating systems (e.g. Windows).
    • Graphic processors (from video game industry).
  • Changes in manufacturer-vendor relationships and responsibilities.
  • Global design and manufacturing of highly integrated avionics functions.
  • Shift from airframe manufacturer as “designer/builder” to “integrator/assembler.”
certification challenges
Certification Challenges
  • Integration and complexity:
    • Current processes (e.g. DO-178B/ED-12B for software) were developed with much simpler architectures in mind.
    • Experience is showing that there are complex and often unexpected “connections” between traditionally unrelated or independent functions, especially during failures.
    • Failures become more difficult to predict and diagnose.
    • It becomes less and less feasible to test all inter-related failure modes.
    • Fully integrated test facilities become more challenging and expensive to build and operate.
certification challenges7
Certification Challenges
  • Software:
    • Software-based isolation and independence is much more “fluid” and difficult to assure than relying on hardware.
    • Mixing of COTS, reused, and new software – all developed by different processes and to different standards – makes assessing the safety issues much more difficult, especially in standardized ways.
certification challenges8
Certification Challenges
  • “Functional” TSO:
    • Difficult to separate TSO issues from installation issues
      • TSO’d function may be part of the software that resides on a circuit card.
      • TSO compliance can only be assessed when installed in the host system.
      • Even simple issues like part marking become complicated.
      • TSO change processes were not developed with these complex TSO “packages” in mind.
  • Engineering and Business practices:
    • COTS products are not developed to traditional aviation standards.
    • Detailed certification data and knowledge often resides at vendor rather than manufacturer.
how the authorities have responded
How the Authorities Have Responded
  • The authorities have already taken a number of actions to support recent IMA trends and specific projects, including:
    • Development of IMA AC and TSO.
    • Development of an Order on software reuse.
    • Approval of functional TSOs.
    • Numerous DO-178B/ED-12B “workarounds.”
    • Additional relevant guidance is in work.
  • However, continued industry support is needed…
what is needed to support the trend
What is Needed to Support the Trend?
  • Current software certification methods did not envision modern IMA architectures, so we need new methods…
    • That are equally effective in ensuring safety…
    • While supporting the certification of IMA.
  • The current TSO process is not well-suited for embedded software functions, so we need new approaches to TSOA…
    • Which allow design and production approval for traditional TSO functions in IMA architectures…
    • While protecting the level of safety provided by type certification processes.
what is needed to support the trend11
What is Needed to Support the Trend?
  • When manufacturers out-source development and test:
    • New processes for authorities/manufacturer/vendor communication are needed.
  • Testing:
    • Testing of the IMA “pieces” will not find integration problems.
    • The actual airplane is not an adequate test environment for many IMA issues.
    • Full-scale integration test facilities may not be commercially viable.
    • Industry needs to help develop new approaches to integration testing that will find and characterize IMA problems before certification.
authority industry partnership
Authority-Industry Partnership
  • Cooperation is needed more than ever.
    • Traditional certification processes were developed to match past commercial practices
    • The pace of change is increasing
  • Industry will need to lead the effort to develop new methods of compliance.
    • New methods cannot just “do less” – they MUST preserve, and where possible, improve the level of safety.
    • Focus on safety-related issues while with IMA, it is more difficult to separate what is or is not “safety-related.”
summary and future perspectives
Summary and Future Perspectives
  • The authorities support industry’s efforts to advance the technology
    • Historic cooperation between the authorities and industry has been essential in developing viable and effective methods of compliance and safety assurance.
  • Cooperation is even more critical as we collectively support rapid technological advances while at the same time increase the level of safety.
  • Potential broader issue: Does the overall safety assessment process need to be revisited, to account for the migration of functionality (and failure conditions) from hardware to software?