aviation electronics europe - munich 21st april 2016 · pdf filesafety certification -...

1 | April 27, 2016 | Proprietary | © 2015 Curtiss-Wright

Defense Solutions Division

Aviation Electronics Europe - Munich 21st April 2016

COTS and Safety Certifiability in the Military and Aerospace Industry

Paul Hart

Chief Technology Officer & Technical Fellow

Curtiss-Wright Avionics & Electronics


Key Market Trends

Investment - No cost plus program or end-customer funding, primes are required to invest

Schedule - Primes need to demonstrate capability quicker – TTM is critical.

Increase use of COTS - COTS is being mandated by end customer to reduce cost and TTM

Reliability - Reliability challenges with new technology and processes

Safety Certification - Traditional military primes need to demonstrate DO-254 solutions

whereas once they only needed DO-178

Cost - With defense budgets continuing to tighten, cost is critical

Security - To support FMS and domestic systems, primes need to secure the systems to

protect critical IP

New Environmental Requirements - Solutions need to be RoHS, REACH, and/or CE certified

to support US FMS sales

Lifecycle - Shorter technology lifecycles and increasing program lifecycles


Regulations & Industry Standards

EUROCAE, Paris European Organisation for Civil Aviation Equipment

Working Groups

MOPS ED-xxx Minimum Operational Performance Specification

ARINC/SAE Standards

Annapolis MD, USAAEEC Committee

RTCA Standards

DO-160G Environmental Qualification/EMC

DO-254 Complex Hardware

DO-178C Software Certification


Design Assurance Levels: DO-254 Hardware – DO-178C Software

DAL A – Catastrophic: Failure results in preventing the aircraft from continuing safely and/or landing

Air Data Computers, Ice Detection, Data Concentrator Units, Flight Control Computers, Fly by Wire, Cockpit Flight Displays

DAL B – Hazardous: Failure results in serious or fatal injuries to the aircraft occupants

Ice Protection, Standby Flight Displays, Instrument Landing System, Landing Gear Control

DAL C – Major: Failure results in causing discomfort or injuries to the occupants

Navigation Systems – GPS, Yaw Damper, Environmental Control Systems, Autothrottle Computer

DAL D – Minor: Failure results in causing some inconvenience to the occupants

Flight Data Recorder, Data Acquisition System, Air Conditioning, Cabin Lighting

DAL E - No Effect In Flight Entertainment


Examples of Design Assurance Level DAL-A/B Avionics

Onboard Oxygen Generation Systems

Engine Electronic Controllers/FADEC

Engine Ignition Systems

In-Flight Fuel Dispensing

PCU - Power Control Units: Rudder, Horizontal Stablilizer, Ailerons

Flap Electronic Control Unit, Spoiler/Speedbrake Control System

TAWS - Terrain Awareness Warning Systems/GPWS - Ground Proximity

Warning Systems, TCAS - Traffic Alert & Collision Avoidance Systems

Air Data Computers

Radio Altimeters

Data Concentrator Units

Flight Control Computers/Fly By Wire

Flight Management & Guidance Computer

Angle of Attack

Stall Warning & Protection

IMA - Integrated Modular Architecture

Cockpit Flight Displays/EFIS - Primary Flight

Displays, Navigation Displays

Enhanced Flight Vision System

Helmet Mounted Displays

Engine Indication & Crew Alerting System

Flight Warning Computer

Hydraulic Power Management

Electrical Power Management

Fire Protection

AFDX Network (Avionics Full Duplex=Flight Critical Ethernet)

AS6802 Time Triggered Protocol (TTP) Ethernet

ARINC 825 Flight Critical CANbus Network

Recorder Release Units (Deployable Recorders)

Transmit Inhibit/Interlock Devices

MFC - Multi Function Units for Control Surface, Landing Gear Actuation and Braking

Systems (rudder, aileron, flap, speedbrake/spoilers, landing gear, reverse thrust

deployment, braking control)

UAV Autopilot Systems - Datalink

transceivers

GPS/IMU sensing & processing

Control Surface Actuation


EASA/FAA Proposed Rulemaking for Unmanned Air Systems

75,000ft

50,000ft

25,000ft

Weight

Toy

Drones

Altitude

Tactical UAVs

Certified Commercial Drones

55lbs

500ft

Strategic UAVs

HALE/HAPS


DO-254 & DO-178C Certification at Board Level

RTOS

BSP

Drivers / Libraries

Application Software

CPU

PLD

FPGA

DO-254

DO-178C


DO-254 Artifacts for DAL A-B-C

• Plan for hardware aspects of certification

• Hardware Verification Plan

• Top-level drawing

• Hardware Accomplishment Summary

• Hardware Design Plan

• Hardware Validation Plan

• Hardware Configuration Management Plan

• Hardware Requirements

• Hardware Design Data

• Assembly Drawings/Installation Control Drawings

• Hardware Traceability Data

• Hardware Review and Analysis Results

• Hardware Test Procedures

• Hardware Test Results

ARTIFACT KIT SUPPORTING DOCUMENTS (IF REQUESTED BY AUTHORITIES)


DO-178C Artifacts for DAL A-B-C

• Plan for Software Aspects of Certification (PSAC)

• Quality Assurance Plan (QAP)

• Software Configuration Management Plan (SCMP)

• Configuration Management Records

• Quality Assurance Records

• Software Requirements Data (SRD)

• Software Design Description (SDD)

• Software Coding, Development, and Requirements Standards

• Software Verification Results (SVR)

• Trace Matrices

• Data and Control Coupling Results and Analysis

• Structural Coverage Results and Analysis Report

• Software Accomplishment Summary (SAS)


DO-160G Environmental Qualification & EMC

RTCA/DO-160G Section Description Category4 Temperature and Altitude A2

4.5.5 In-Flight Loss of Cooling P

5 Temperature Variation C

6 Humidity A2

7 Operational Shocks and Crash Survivability B

8 Vibration R(B,B1)

9 Explosion Proofness X

10 Waterproofness Y

11 Fluids Susceptibility F

12 Sand and Dust D

13 Fungus Resistance F

14 Salt Spray X

15 Magnetic Effect (Compass Safe Distance) A2

16 Power Input A(XX)

17 Voltage Spike A

18 Audio Frequency Conducted Susceptibility - Power Input R(B,B1)

19 Induced Signal Susceptibility CWX

20 Radio Frequency Susceptibility RR

21 Emission of Radio Frequency Energy L

22 Lightning Induced Transient Susceptibility A2J2L2

23 Lightning Direct Effects X

24 Icing X

25 Electrostatic Discharge A

26 Flammability C

Safety &

Airworthiness

Sections

Performance

Sections

Example

Categoriesbased on avionics

installed in Airborne

Inhabited Cargo

(AIC) location


Safety Certifiable COTS


Increasing Demand for COTS DO-254 Safety Critical Solutions

• Ongoing digitization of cockpits

• Commercial technology advancements enable increased sophistication

• Growing use of common avionics subsystems in military and commercial aircraft

• Increasing number of military aircraft that fly over civil population centers

• Use of Synthetic Vision Systems (SVS) for landing increases the Design Assurance

Level (DAL) of mission computers

• Increased FAA scrutiny on US Military self certification

Why is demand increasing?


What are the Benefits of COTS DO-254 Safety Critical Solutions?

• Cost effective

• Improves reliability, quality and maintainability

• Reduces risk

• Accelerated Time to Market

• Collaboration between primes and suppliers to provide support for selected RTOS

vendors and graphics drivers

• Required artifacts available for the modules

• Functionally equivalent modules available for air-cooled lab use along with rear

transition modules for easy interface to I/O


What Products are Available?

• Single Board Computers

• P5020, P3041

• Embedded Graphics Controllers

• E4690, E8860

• System I/O

• MIL-STD-1553, ARINC-429, serial, analog

• Following open industry standards such as VPX

• Strong pipeline of products in development


ARP4754A: System Development Process

• Safety monitoring requirements

• Functional requirements


Design Assurance Levels (DAL) Guidance for CBAs

• EASA CM No.: EASA CM - SWCEH - 001 Issue No.: 01, section 7

• “For equipment and CBAs of DALs/IDALs A, B, C or D, the ED-80/DO-254 objectives of Appendix A that are defined for

level D should be applied.”

• CBA – Circuit Board Assembly

• FAA Advisory Circular AC No: 20-152

• “This AC recognizes the guidance in RTCA/DO-254 applies specifically to complex custom micro-coded components with

hardware design assurance levels of A, B, and C, such as ASICs, PLDs, and FPGAs.”

• “NOTE: We recognize that the hardware life cycle data for commercial-off-the-shelf (COTS) microprocessors may not be

available to satisfy the objectives of RTCA/DO-254. Therefore, we don’t intend that you apply RTCA/DO-254 to COTS

microprocessors. There are alternative methods or processes to ensure that COTS microprocessors perform their intended

functions and meet airworthiness requirements. Coordinate your plans for alternative methods or processes with us early in

the certification project.”


Differences in Safety Certification: EASA vs. FAA

DAL A, B, or C (FAA)DAL D (EASA)


COTS Standard Product Requirements

• Developing DO-254 standard COTS products that are accepted

worldwide• Development and artifacts that meet both FAA and EASA requirements for DAL C

through DAL A

• DER approved process and SOI audits (Curtiss-Wright practice)

• Meeting environmental requirements including RoHS, REACH and CE certification


Multiple Operating System Options

• Wind River

• VxWorks CERT Platform – Certified Operating System based on VxWorks compliant with ED-12B/DO-178B

• VxWorks 653 Platform – Operating System featured from VxWorks with an ARINC653 API supporting DO-197

• Green Hills Software

• INTEGRITY-178B tuMP which offers an ARINC653 API

• INTEGRITY Multivisor: a hypervisor that offers virtualization to help in hosting a wide diversity of Operating Systems

• SYSGO

• PikeOS a micro-kernel offering - both an RTOS and a virtualization concept

• Lynx Software Technologies

• LynxOS-178a RTOS offering via Virtual Machine - a virtualization concept

• FAA – accepted Reusable Software Component (RSC)

• DDC-I

• DEOS, a RTOS certified up to Level A supporting ARINC653 part 4


Essential DO-254 Services

Curtiss-Wright Safety Certifiable COTS products are supported by the same proven service capabilities

offered today on standard product COTS, essential for DO-254 products

• Franchise Only Supply (FOS)

• Protects against counterfeit material

• Configuration Management (CM)

• Control over configuration of the product

• Longevity Of Supply (LOS)

• Extends life of product

• Longevity Of Repair (LOR)

• Extends period of repair support


COTS Graphics Processors

• Curtiss-Wright partners with CoreAVI for Graphics Processors• 20 year supply program

• Industrial screened parts

• DO-254 supporting artifacts

• OpenGL drivers developed to DO-178 DAL A with available artifacts

• Tailor drivers to optimize performance

• RTOS agnostic

• Solutions and guidance on approaches to Hazardously Misleading Information (HMI) mitigation strategies

• Solutions addressing mixed graphics criticality levels


Graphics Drivers

• Certifiable up to and including DO-178C DAL A

• OpenGL SC 1.x Certifiable Driver includes:

• Conformation to Khronos™ OpenGL SC 1.x specification

• Static memory management

• Deterministic display lists

• 100% structural coverage (statement, DC, MC/DC)

• Drivers are deployed driving Primary Flight Displays and Synthetic Vision Systems (SVS)

• Safety Certifiable version of OpenGL ES 2.0 API will be supported

• Universal Video Decoder (UVD) driver is also certifiable

• Video Compression Encoder (VCE) driver is also certifiable

• Available from Curtiss-Wright


Curtiss-Wright’s History of Providing Safety Certifiable Solutions

• Curtiss-Wright has a long and established capability in providing DO-254 and DO-178 Safety

Certifiable product solutions, including:

• Flight Data Recorders

• Air Data Computers

• Multi-function controllers

• COTS boards

• Several custom board level products have been developed to DO-254/178 including:

• cPCI PPC SBC; Platform : A400M, DAL-C

• Custom PPC SBC; Platform : A400M, DAL-C

• Data comparator card, FAA; DAL-C


Come See Us

For more information come see us at our booth


Defense Solutions Division

Thank You !

Q&APaul Hart

[email protected]

mailto:[email protected]

aviation electronics europe - munich 21st april 2016 · pdf filesafety certification -...

Documents