Andrew J. Kornecki Embry Riddle Aeronautical University Daytona Beach, FL
|
|
- Kerry Blankenship
- 8 years ago
- Views:
Transcription
1 Software Aspects of Aviation Systems Certification Andrew J. Kornecki Embry Riddle Aeronautical University Daytona Beach, FL Heavily plagiarized from the works of RTCA DO-205 / EUROCAE WG-71 committee members Copyright A.J. Kornecki, 2011 page 1
2 Where I have been stuck for a quarter of century? Embry Riddle Aeronautical University teaching and research in engineering, manufacturing, marketing, management, piloting, and maintenance for aerospace ~500 full-time faculty members, 81% with a doctoral degree Bachelor, Master, and PhD programs ~4,900 students The annual operating budget of ~$240M Copyright A.J. Kornecki, 2011 page 2
3 ERAU Daytona Beach Campus College of Engineering College of Aviation: College of Business Instructional Center Copyright A.J. Kornecki, 2011 page 3
4 What so special about software in aviation? August 2005: a Malaysian Airlines Boeing ER suffered an inflight upset en-route from Perth to Kuala Lumpur The Australian TSB concluded A contributing safety factor was that an anomaly existed in the component software hierarchy Inputs from a known faulty accelerometer were allowed to be processed by the air data inertial reference unit (ADIRU) and used by the PFC, AP and other aircraft systems Example of a systems requirement error where the ADIRU would reinstate known failed accelerometers Copyright A.J. Kornecki, 2011 page 4
5 Equipment Rules (JAR/FAR ) Essential equipment must be designed to perform its intended functions The airplane systems and associated components, considered separately and in relation to other systems, must be designed so that: o The occurrence of any failure condition which would prevent the continued safe flight and landing of the airplane is extremely improbable, and o The occurrence of any other failure conditions which would reduce the capability of the airplane or the ability of the crew to cope with adverse operating conditions is improbable Copyright A.J. Kornecki, 2011 page 5
6 How aviation systems are developed? ARP4754A/ED79A Guidelines for Development of Civil Aircraft and Systems SAE International guideline to support certification of aircraft systems FAA Advisory Circular AC A System Design and Analysis, explains certification methodology ARP4761 Safety Assessment ARP4754A System Requirements correct? complete? System people Allocated to SW Allocated to HW W A L L SW and HW people RTCA DO-178C D&V processes RTCA DO-254 D&V processes Copyright A.J. Kornecki, 2011 page 6
7 Typical Avionics LRU Line Replaceable Unit include hardware in form of PLD, ASIC, and FPGA components The LRU processor contains software: BSP, RTOS, DRIVERS, LIBRARIES, and the APPLICATIONS PLD ASIC FPGA CPU BSP RTOS APP SW LIB DRIVERS SW: DO-178C HW: DO-254 Copyright A.J. Kornecki, 2011 page 7
8 Relations: System Software Hardware Aerospace Recommended Practice ARP 4761 address safety assessment as the base for development defining assurance levels Assurance level establishes the level of process rigor commensurate with the functional failure condition ARP 4754A, DO-254 and DO-178C highlight the need for systems to assess the potential system safety and system requirements impacts of derived requirements They establishes confidence that the development has been accomplished in a sufficiently disciplined manner to limit the likelihood of development errors that could impact aircraft safety They are all dependent on each other and use objectives-based tables Copyright A.J. Kornecki, 2011 page 8
9 So, what is this certification about? Certification guidelines are designed and agreed upon by the RTCA special committee Subsequent approval and regulatory AC by the FAA Airborne software (DO-178), airborne hardware (DO- 254), and CNS/ATM ground systems (DO-278) DO-178 guidelines describe software aspect of system lifecycle, planning, development, verification, configuration management, quality assurance, certification, and additional considerations The standard defines five assurance categories: from A catastrophic 10-9, B hazardous 10-7, C major 10-5, D minor 10-3, and E no effect) called software levels The guidelines address the issue of lack of software visibility at the system level Copyright A.J. Kornecki, 2011 page 9
10 Software Means of Conformance It is not feasible to assess the number or even the types of software errors, if any, that may remain after completion of a complex system design, development, and test RTCA DO-178 / EUROCAE ED-12 provides guidance and description of acceptable means for assessing and controlling the software installed in airborne systems The concept is based on five principles: o Process o Verification o Independence o Consensus o Flexibility Copyright A.J. Kornecki, 2011 page 10
11 We cannot have... Executable Object Code Applicant PROCESS Copyright A.J. Kornecki, 2011 page 11
12 So what is the secret? Standards/guidance must be written and evidence of compliance with these rules should be provided rules in form of documents defining precisely how to perform an activity (methods, means, constraints, expected outputs, etc.) consistent precise traceable developed Each requirement or design item should be verifiable thus we need to pay attention to CM and QA Copyright A.J. Kornecki, 2011 page 12
13 Configuration Management (CM) CM assists in satisfying general objectives: o Control configuration of the software throughout the software life cycle o Be able to replicate the executable object code o Control process inputs and outputs during the software life cycle o Provide baselines for review, assessment and change control o Ensure problems management and change control o Ensure archiving and recovery Copyright A.J. Kornecki, 2011 page 13
14 Quality Assurance (QA) QA is to provide evidence that: o What s done is what s described in plans o Transition criteria are reached o A conformity review of the software is conducted Main characteristics of QA o Active role during the life cycle process o Independence? Copyright A.J. Kornecki, 2011 page 14
15 Safety Assessment & Requirements Start QA PLANNING PHASE System Requirements Develop Plans, Standards, Checklists Develop Traceability Lifecycle Implement CM Verification & Validation High Level Requirements Certification Conformity Review Integration Logic & Code Architecture & Design Low Level Requirements DEVELOPMENT AND VERIFICATION PHASE Copyright A.J. Kornecki, 2011 page 15
16 40 years of DO-178 History Progress: o DO-178 (1982) artifacts, document, traceability, testing o DO-178A (1985) process, testing, components, criticality levels, reviews, waterfall methodology o DO-178B (1992) integration, transition criteria, diverse development methods, data, tools In 1992, software engineering was 24 years old... Two revisions in ten years, then twenty years nothing? Striving for a better consensus, taking into account : o legacy from the clarification groups o lessons learnt in applying DO-178B / ED-12B o newly available industrial means and technologies Copyright A.J. Kornecki, 2011 page 16
17 Long Awaited Transition to DO-178C SC-205/WG-71 joint committee comprised of seven sub-groups sponsored by RTCA and EUROCAE Terms of Reference: Correct Known Errors, Make Guidance More Usable, Allow Current and Future Technologies/Methods to Be Utilized Designed to reduce subjectivity and address modern software technologies Six years of committee work, 22 plenary meetings and countless sub-group meetings, concluding with the final plenary at ERAU November 15-18, 2011 Approved by RTCA/EUROCAE (Nov 2011/Jan 2012) FAA to publish an Advisory Circulars (AC) recognizing DO-178C and related work products (supplements) Copyright A.J. Kornecki, 2011 page 17
18 SC-205/WG-71 Committee Organization USA: SC-205, RTCA, Inc. o Jim Krodel (Pratt & Whitney) Chair o Leslie Alford (Boeing) Secretary o Barbara Lingberg, FAA Representative o Hal Moses, RTCA Representative Europe: WG-71, EUROCAE o Gerard Ladier (Airbus) Chair o Ross Hannan, (Sigma Associates Aerospace) Secretary o Jean-Luc Delamaide, EASA Representative o Roland Mallwitz, EUROCAE Representative SG1: Document Integration: Gasiorowski (WCS)/Ashpole (Silver Aten) SG2: Issues & Rationale: Moyer (Rockwell Collins)/Hannan (Sigma) SG3: Tool Qualification: Rierson (Digital Safety)/Pothon (ACG) SG4: Model Based Design: Lillis (Goodrich)/Lionne (EADS) SG5: Object Oriented Technologies: Chelini (Verocel)/Hunt (AICAS) SG6: Formal Methods: Hayhurst (NASA)/Brown (Rolls Royce) SG7: Special Considerations & CNS/ATM: Heck (Boeing)/Stewart (NATS) Copyright A.J. Kornecki, 2011 page 18
19 DO-178C/ED-12C: Content clarification and improvement in consistency and accuracy separation of why? from how? evolution of the why? DO-178C ED-12C AIRBORNE SYSTEMS Interface Spec Supplement Object Oriented Supplement Formal Methods Supplement Model Based Supplement Tools DO-278A / ED-109A CNS/ATM DO-248C/ED-94C FAQ/DP/RATIONALE Copyright A.J. Kornecki, 2011 page 19
20 DO178C Objectives The main element of DO178C are tables of objectives related to: planning, development, verification (requirements, design, coding), testing, verification of verification, configuration management, quality assurance, and certification liaison process Each table includes entries for objective (identifier, description, reference), applicability by software level (A-D), output (description, reference), and control category (CC1,CC2) by software level There is distinction of objectives to be satisfied either with or without independence The number of objectives differs for different levels The focus is on the lifecycle transition criteria Each supplement provides domain specific guidance and additional entries to the tables of objectives (or an additional table) Copyright A.J. Kornecki, 2011 page 20
21 Example: DO-178C Table of Objectives (one of many) Copyright A.J. Kornecki, 2011 page 21
22 DO178C Software Life-cycle Data plan for software aspect of certification (PSAC) software development plan (SWDP) software verification plan (SWVP) software configuration management plan (SCMP) software quality assurance plan (SQAP) requirements, design and code standards software requirements specification data (SWRS) software design specification data (SWDS) source and executable code verification procedures and test cases (SWTC) verification results life-cycle software configuration index (SWCI) problem reports records: o configuration management (CM) o quality assurance (QA) software accomplishment summary (SWAS) Copyright A.J. Kornecki, 2011 page 22
23 DO-178/ED-12: PROCESS DO-178/ED-12 is primarily a process-oriented document => Set of requirements on the processes (planning, development, verification, etc.) and their outputs The occurrence of any failure condition which would prevent the continued safe flight and landing of the airplane is extremely improbable => Evidences on the fulfilment of these requirements vary depending on the software criticality level PRINCIPLE 1: PROCESS We can t get clean water from a dirty pipe Copyright A.J. Kornecki, 2011 page 23
24 DO-178/ED-12: Life Cycle and Processes Definition of three separate processes that will be combined for a given project to describe its life cycle: o Planning (organization/plans) o Development (specification, design, coding, integration) o Integral (verification, configuration management, quality assurance, certification liaison) Define for each process: o assurance objectives o means of achieving those objectives o process input data o process activities o process products o transition criteria Copyright A.J. Kornecki, 2011 page 24
25 DO-178/ED-12: VERIFICATION The most important section of DO-178/ED-12 o Many more pages in the document o Workload incurred (e.g. for A380: four lines of test for one line of embedded code ) Integral process => applies to all processes used to detect and identify errors introduced during development Approaches: Analysis (quantitative examination), Review (qualitative inspection), Test (functional and structural coverage) PRINCIPLE 2: VERIFICATION A clean pipe may not deliver clean water thus filters are used to detect and eliminate impurities Copyright A.J. Kornecki, 2011 page 25
26 DO-178/ED-12 Example: Verification Process A-3.2 Accuracy & Consistency A-3.3 HW Compatibility A-3.4 Verifiability A-3.5 Conformance A-3.7 Algorithm Accuracy A-4. 8 Architecture Compatibility A-4.9 Consistency A-4.10 HW Compatibility A-4.11 Verifiability A-4.12 Conformance A-4.13 Partition Integrity Software Architecture System Requirements (A-2: 1, 2) High-Level Requirements (A-2: 3, 4, 5) A-3.1 Compliance A-3.6 Traceability A-4.1 Compliance A-4.6 Traceability Low-Level Requirements A-4.2 Accuracy & Consistency A-4.3 HW Compatibility A-4.4 Verifiability A-4.5 Conformance A-4.7 Algorithm Accuracy Compliance: with requirements Conformance: with standards A7 Verification of verification (Functional & Structural coverage) A-5.2 Compliance A-5.3 Verifiability A-5.4 Conformance A-5.6 Accuracy & Consistency (A-2: 6) Source Code A-5.1 Compliance A-5.5 Traceability A-6.3 Compliance A-6.4 Robustness A-5. 7 Complete & Correct (A-2: 7) Executable Object Code A-6.5 Compatible With Target A-6.1 Compliance A-6.2 Robustness Copyright A.J. Kornecki, 2011 page 26
27 DO-178/ED-12: INDEPENDENCE Certification Liaison the objective is to ensure effective communication and understanding between the applicant and the certification authorities Means: o The Plan for Software Aspects of Certification (PSAC), given to the Authorities as early as possible o Reviews carried out by the certification authorities software specialists as much as they want o Software Accomplishment Summary(SAS) o Software Configuration Index (SCI) PRINCIPLE 3: INDEPENDENCE Potentially opposite interests are at stake thus independent authorities assess the process and product Copyright A.J. Kornecki, 2011 page 27
28 DO-178/ED-12: CONSENSUS Joint meetings RTCA SC-205 and EUROCAE WG-71 with openness and consensus principle o more than 1,200 people registered on the WEB site o ~120 attendees in each meeting: aircraft/engine manufacturers, equipment suppliers, authorities, scientists and consultants o the final text agreed by each of the attendees PRINCIPLE 4: CONSENSUS All the interests must be taken into account to build a guidance recognized by all concerned specialists and actors Copyright A.J. Kornecki, 2011 page 28
29 DO-178/ED-12: FLEXIBILITY DO-178B/ED-12B takes into account the inputs, constraints, and requirements from all stakeholders forging a consensus between airframe manufacturers, equipment suppliers, certification authorities DO-178B/ED-12B attempts to stay not prescriptive on the means thus less sensitive to technology evolution PRINCIPLE 5: FLEXIBILITY Only requirements are mandatory, not the means of achieving them and thus building the pipe is to be dealt with by the suppliers Copyright A.J. Kornecki, 2011 page 29
30 SC-205/WG-71 Committee Work Products 1. DO-178C/ED-12C Software Considerations in Airborne Systems and Equipment Certification 2. DO-248C/ED-94C Supplemental Information for DO-178C and DO-278A 3. DO-278A/ED-109A Software Integrity Assurance Considerations for Communication, Navigation, Surveillance, and Air Traffic Management (CNS/ATM) 4. DO-330/ED-215 Software Tool Qualification Considerations 5. DO-331/ED-216 Model-Based Development and Verification Supplement to DO-178C and DO-278A 6. DO-332/ED-217 Object Oriented Technology & Related Techniques Supplement to DO-178C and DO-278A 7. DO-333/ED-218 Formal Methods Supplement to DO-178C & DO-278A Copyright A.J. Kornecki, 2011 page 30
31 Tools Supplement (1) Necessary when processes required by the rest of the document are eliminated, reduced or automated by the use of a software tool whose outputs are not verified Three qualification criteria depending on the risk associated to the tool usage o Criteria 1: Development Tool o Criteria 2: Verification Tool which could have an impact on the resulting software and is used to justify the elimination or reduction of: a verification process other than that automated by the tool, or a development process which could have an impact on the resulting software o Criteria 3: Verification Tool Copyright A.J. Kornecki, 2011 page 31
32 Two distinct roles are defined : Tools Supplement (2) o The user defines needs (Tool Operational Requirements - TOR) and validate the tool in its usage context o The developer defines development specification (Tool Requirements -TR), develops the tool, and provides the tool life cycle data Sharing activities between these two roles are defined for COTS tools Combination of the qualification criteria with the software level to give the TQL - Tool Qualification Level Developer oriented new table of objectives Copyright A.J. Kornecki, 2011 page 32
33 Tools Supplement (3) TQL 5 needs only contracting authority requirements, mainly concentrating on the TOR defining all the user requirements including the validation of the tool versus the need expressed in the avionics PSAC + Impact of known problems on the TOR TQL 4 adds project management requirements: o TOR reviews (complete, accurate, and consistent) o Definition of processes in plans o Definition of the TR and verification of TOR o Verification of the tool and TR coverage o Configuration and change managements TQL 1/2/3 add multiple implementation requirements which depend on the level of the final product software which is developed with the tool Copyright A.J. Kornecki, 2011 page 33
34 Model Based Technology Supplement Provides guidance on how model-based development and verification (MBDV) can produce software that meets the DO-178C objectives Use of models supports: o Unambiguous documentation of requirements and architecture o Use of automated code generation o Use of automated test generation Models can be used for system requirements Analysis tools for verification of the requirements and architecture Testing is still required! Copyright A.J. Kornecki, 2011 page 34
35 Object Oriented Technology Supplement Provides guidance on how object-oriented and related techniques can produce software that meets the DO- 178C objectives OOT Basic Concepts o Classes and Objects o Types and Type Safety o Hierarchical Encapsulation o Polymorphism o Function Passing and Closures o Method Dispatch OOT Key Features and Related Techniques include: inheritance, parametric polymorphism, overloading, type conversion, software exceptions handling, dynamic memory management, virtualization Copyright A.J. Kornecki, 2011 page 35
36 Formal Methods Technology Supplement (1) Formal methods - mathematically based techniques for the specification, development, and verification of SW Formal Models - unambiguous syntax and semantics o Syntax rules for the notation used for the model so that models can only be constructed in a certain way o A model constructed using the correct syntax can only be interpreted one way Formal Analysis - deductive methods (e.g. theorem proving), model checking, and abstract interpretation Copyright A.J. Kornecki, 2011 page 36
37 Formal Methods Technology Supplement (2) The Formal Analysis (FA) may replace: o reviews & analysis o conformance test versus /HLR et /LLR o software integration tests o robustness tests FA may help for the verification of compatibility with the hardware FA cannot replace HW/SW integration test Structural Coverage demonstrated by: o each requirement is completely covered o requirements are complete in regards of the attended function o no non expected dependencies between output and input data o there is no dead code Copyright A.J. Kornecki, 2011 page 37
38 Summary : differences between DO-178B and C Fixed Known Errors Updated text to ensure use of specific terms is consistent throughout DO-178 Identified "hidden" objectives Coordinated flow between software (DO-178C) and system (ARP 4754A) processes Expanded/Clarified definitions for dead code and deactivated code Clarified that structural coverage analysis of data and control coupling between code components should be based on the results of the requirements-based tests Improved definition for Modified Condition/Decision Coverage (MCDC) to allow "Masking MCDC" and "Short Circuits" Clarified tool qualification guidance and moved it to its own supplement Removed some objectives for Level D software Created supplements for technology specific guidance (for example, modeling, object oriented technology (OOT) and formal methods) Formalized requirement for traceability data; previously implied but expected Introduced Parameter Data Items (configuration files) as a software life cycle data item A parameter data item (PDI) is a set of data that influence the behavior of the software without modifying the Executable Object Code and that is managed as a separate configuration item. Examples include databases and configuration tables. Added "Activities" to the Annex tables Synchronized Annex tables with DO-278A Copyright A.J. Kornecki, 2011 page 38
The new software standard for the avionic industry: goals, changes and challenges
WHITEPAPER DO-178C/ED-12C The new software standard for the avionic industry: goals, changes and challenges SVEN NORDHOFF Aerospace Certification / Process Assurance & SPICE Assessor sven.nordhoff@sqs.com
More informationDO-178C: A New Standard for Software Safety Certification
Presentation cover page EU DO-178C: A New Standard for Software Safety Certification North American Headquarters: 104 Fifth Avenue, 15 th Floor New York, NY 10011 USA +1-212-620-7300 (voice) +1-212-807-0162
More informationSAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.
SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.com DIGITAL FLIGHT / SOLUTIONS Presentation Outline DO-178 Overview
More informationThe Impact of RTCA DO-178C on Software Development
Cognizant 20-20 Insights The Impact of RTCA DO-178C on Software Development By following DO-178C, organizations can implement aeronautical software with clear and consistent ties to existing systems and
More informationCERTIFICATION MEMORANDUM
EASA CM No.: EASA CM SWCEH 002 Issue: 01 EASA CERTIFICATION MEMORANDUM EASA CM No.: EASA CM - SWCEH 002 Issue: 01 Issue Date: 11 th of August 2011 Issued by: Software & Complex Electronic Hardware section
More informationSubject Software Aspects of Certification
EASA NOTIFICATION OF A PROPOSAL TO ISSUE A CERTIFICATION MEMORANDUM EASA Proposed CM No.: EASA CM - SWAEH 002 Issue: 02 Issue Date: 22 nd of October 2013 Issued by: Safety, Software & Airborne Electronic
More informationDO-178B/C Differences Tool
FAA/AVS DO-178B/C Differences Tool Revision: 8 DATE: 9/16/213 Revision History Date Rev Change summary 7/21/213 Draft 1 Draft Release - prototype 7/22/213 Draft 2 Draft Release for review 7/23/213 Draft
More informationCertification of a Scade 6 compiler
Certification of a Scade 6 compiler F-X Fornari Esterel Technologies 1 Introduction Topic : What does mean developping a certified software? In particular, using embedded sofware development rules! What
More informationCertification Authorities Software Team (CAST) Position Paper CAST-9
Certification Authorities Software Team (CAST) Position Paper CAST-9 Considerations for Evaluating Safety Engineering Approaches to Software Assurance Completed January, 2002 NOTE: This position paper
More informationDesign & Manufacture Seminar SOFTWARE SECURITY & DESIGN ASSURANCE JAYSON ROWE SENIOR ENGINEER AVIONICS
Design & Manufacture Seminar SOFTWARE SECURITY & DESIGN ASSURANCE JAYSON ROWE SENIOR ENGINEER AVIONICS Aircraft Network Security Development was required for B787 B787 over 1400 Loadable Software Parts
More informationCertification Authorities Software Team (CAST) Position Paper CAST-26
Certification Authorities Software Team (CAST) Position Paper CAST-26 VERIFICATION INDEPENDENCE COMPLETED January 2006 (Rev 0) NOTE: This position paper has been coordinated among the software specialists
More informationParameters for Efficient Software Certification
Parameters for Efficient Software Certification Roland Wolfig, e0327070@student.tuwien.ac.at Vienna University of Technology, Real-Time Systems Group 1 Abstract Software certification is a common approach
More informationDO-178B compliance: turn an overhead expense into a competitive advantage
IBM Software Rational Aerospace and Defense DO-178B compliance: turn an overhead expense into a competitive advantage 2 DO-178B compliance: turn an overhead expense into a competitive advantage Contents
More informationRTCA DO-178B/EUROCAE ED-12B
27 RTCA DO-178B/EUROCAE ED-12B Thomas K. Ferrell Ferrell and Associates Consulting Uma D. Ferrell Ferrell and Associates Consulting 27.1 Introduction Comparison with Other Software Standards Document Overview
More informationAC 20-148 REUSABLE SOFTWARE COMPONENTS
AC 20-148 REUSABLE SOFTWARE COMPONENTS December 7, 2004 12/7/04 AC 20-148 CONTENTS Paragraph Title Page 1. Purpose....1 2. Motivation for this Guidance....1 3. Document Overview...1 4. General Guidelines
More informationAdvisory Circular. U.S. Department of Transportation Federal Aviation Administration
U.S. Department of Transportation Federal Aviation Administration Advisory Circular Subject: Airborne Software Assurance Date: 07/19/2013 AC No: 20-115C Initiated by: AIR-120 Change: 1. Purpose of this
More informationCertification Authorities Software Team (CAST) Position Paper CAST-13
Certification Authorities Software Team (CAST) Position Paper CAST-13 Automatic Code Generation Tools Development Assurance Completed June 2002 NOTE: This position paper has been coordinated among the
More informationCertification Authorities Software Team (CAST) Position Paper CAST-3
Certification Authorities Software Team (CAST) Position Paper CAST-3 Guidelines for Assuring the Software Aspects of Certification When Replacing Obsolete Electronic Parts Used in Airborne Systems and
More informationAutomating Code Reviews with Simulink Code Inspector
Automating Code Reviews with Simulink Code Inspector Mirko Conrad, Matt Englehart, Tom Erkkinen, Xiaocang Lin, Appa Rao Nirakh, Bill Potter, Jaya Shankar, Pete Szpak, Jun Yan, Jay Clark The MathWorks,
More informationWORKSHOP RC 2011. EVI Integração de Sistemas Junho de 2011 Eng. Nelson José Wilmers Júnior
WORKSHOP RC 2011 EVI Integração de Sistemas Junho de 2011 Eng. Nelson José Wilmers Júnior Comparison between ARP4754 A Guidelines for Development of Civil Aircraft and Systems (2010) and ARP4754 Certification
More informationCertification Authorities Software Team (CAST) Position Paper CAST-10
Certification Authorities Software Team (CAST) Position Paper CAST-10 What is a Decision in Application of Modified Condition/Decision Coverage (MC/DC) and Decision Coverage (DC)? Completed June 2002 NOTE:
More informationBest practices for developing DO-178 compliant software using Model-Based Design
Best practices for developing DO-178 compliant software using Model-Based Design Raymond G. Estrada, Jr. 1 The MathWorks, Torrance, CA Eric Dillaber. 2 The MathWorks, Natick, MA Gen Sasaki 3 The MathWorks,
More informationSoftware Review Job Aid - Supplement #1
Software Review Job Aid - Supplement #1 1010011101010011110001101001101101101101000100100010101011100010110 1010011101010011110001101001101101101101000100101110101011100010111 0110100110110110110100010010001010101110001011000100111010100111100
More informationENEA: THE PROVEN LEADER IN SAFETY CRITICAL AVIONICS SYSTEMS
ENEA: THE PROVEN LEADER IN SAFETY CRITICAL AVIONICS SYSTEMS info@enea.com. www.enea.com For over 40 years, we have been one of the fastest growing avionics consulting companies in the world. Today our
More informationMeeting DO-178B Software Verification Guidelines with Coverity Integrity Center
Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center May, 2009 Thomas Schultz Director of Product Strategy, Coverity, Inc. Executive Summary Development organizations that create
More information3 August 2014. Software Safety and Security Best Practices A Case Study From Aerospace
3 August 2014 Software Safety and Security Best Practices A Case Study From Aerospace Agenda Introduction Why Aviation? ARINC 653 Real-time Linux on Xen (ARLX) Safety Artifacts for ARLX Security Artifacts
More informationRev 1 January 16, 2004
1010011101010011110001101001101101101101000100110010101011100010110 0110100110110110110100010010001010101110001011000100111010100111100 1110100110110110110100010010001010101110001011000100111010100111100
More informationQualtech Consulting Inc.
Qualtech Consulting Inc. Who We Are Founded in 1996 Based in Lakewood Ranch, Florida Todd R. White, President Solution Provider Airborne Software Certification Airborne Software Certification Ground-Based
More informationARINC 653. An Avionics Standard for Safe, Partitioned Systems
ARINC 653 An Avionics Standard for Safe, Partitioned Systems 1 Courtesy of Wind River Inc. 2008 IEEE-CS Seminar June 4 th, 2008 Agenda Aerospace Trends IMA vs. Federated ARINC 653 Main concepts Safety
More information1. Software Engineering Overview
1. Overview 1. Overview...1 1.1 Total programme structure...1 1.2 Topics covered in module...2 1.3 Examples of SW eng. practice in some industrial sectors...4 1.3.1 European Space Agency (ESA), software
More informationasuresign Aero (NATEP Grant MA005)
asuresign Aero (NATEP Grant MA005) WP2 Workshop: Identification of Needs for Tool Support in Meeting Aircraft Avionics Systems, Hardware & Software Certification Standards Dr Chris Harper Systems & Safety
More informationSCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-178B LEVEL A & B
SCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-78B LEVEL A & B TABLE OF CONTENTS. INTRODUCTION..... PURPOSE..... RELATED DOCUMENTS..... GLOSSARY... 9.. CONVENTIONS..... RELATION WITH OTHER PLANS....6. MODIFICATION
More informationCertification Authorities Software Team (CAST) Position Paper CAST-15
Certification Authorities Software Team (CAST) Position Paper CAST-15 Merging High-Level and Low-Level Requirements Completed February 2003 NOTE: This position paper has been coordinated among the software
More informationUsing CMM with DO-178B/ED-12B for Airborne System Development
Using CMM with DO-178B/ED-12B for Airborne System Development WHITE PAPER Author : Narasimha Swamy (Project Manager, Avionics Practice) Most aircraft companies develop onboard systems software for civilian
More informationIntroduction to a Requirements Engineering Framework for Aeronautics
J. Software Engineering & Applications, 2010, 3, 894-900 doi:10.4236/jsea.2010.39105 Published Online September 2010 (http://www.scirp.org/journal/jsea) Introduction to a Requirements Engineering Framework
More informationThe evolving ARINC 653 standard and it s application to IMA
The evolving ARINC 653 standard and it s application to IMA Alex Wilson Senior Program Manager Wind River November 13 th 2007 IMA and ARINC 653 Agenda DO-297 Certification of IMA under DO-297 Conclusions
More informationWIND RIVER RTCA DO-178 SOFTWARE CERTIFICATION SERVICES
WIND RIVER RTCA DO-178 SOFTWARE CERTIFICATION SERVICES Wind River Professional Services RTCA DO-178 Practice provides software certification services to help our customers address their demanding software
More informationMethodological Handbook. Efficient Development of Safe Avionics Software with DO-178B Objectives Using SCADE Suite
Efficient Development of Safe Avionics Software with DO-178B Objectives Using SCADE Suite CONTACTS Legal Contact Esterel Technologies SA Parc Euclide - 8, rue Blaise Pascal 78990 Elancourt FRANCE Phone:
More informationRequirements Engineering Management Findings Report
DOT/FAA/AR-08/34 Air Traffic Organization NextGen & Operations Planning Office of Research and Technology Development Washington, DC 20591 Requirements Engineering Management Findings Report May 2009 Final
More informationF-22 Raptor. Agenda. 1. Motivation
Model-Based Software Development and Automated Code Generation for Safety-Critical Systems F-22 Raptor for the Seminar Advanced Topics in Software Engineering for Safety-Critical Systems Cause: Bug in
More informationCreating Competitive Advantage: The role for ALM in the PLM world
Creating Competitive Advantage: The role for ALM in the PLM world Michael Azoff Principal Analyst, Ovum michael.azoff@ovum.com Version 9 Oct, 2014 1 Copyright Ovum. All rights reserved. Ovum is a subsidiary
More informationMerging Safety and Assurance: The Process of Dual Certification for Software
Merging Safety and Assurance: The Process of Dual Certification for Software Carol Taylor, Jim Alves-Foss, and Bob Rinker Center for Secure and Dependable Systems University of Idaho Track 5 250-B High
More informationTITLE: Control of Software
Page 1 of 8 TITLE: Control of Software WARNING This document is the property of United Technologies Corporation (UTC). You may not possess, use, copy or disclose this document or any information in it,
More informationSafety-Critical Systems: Processes, Standards and Certification
Fachbereich 17 - Mathematik/Informatik Arbeitsgruppe Softwaretechnik Warburger Straße 100 33098 Paderborn Safety-Critical Systems: Processes, Standards and Certification for the Seminar Analysis, Design
More informationCERTIFICATION MEMORANDUM
EASA CERTIFICATION MEMORANDUM EASA CM No.: EASA CM - SWCEH - 001 Issue: 01 Revision: 01 Issue Date: 09 th of March 2012 Issued by: Software & Complex Electronic Hardware section Approved by: Head of Certification
More informationQuality in Aviation Software. Chris Hartgroves C.Eng. CQP Design Assurance SELEX Galileo
Quality in Aviation Software Chris Hartgroves C.Eng. CQP Design Assurance SELEX Galileo CQI North London : October 13 th 2011 Contents Introduction Terminology Historical context Poor quality aerospace
More informationSoftware Development Tools for Safety-Critical, Real-Time Systems Handbook
DOT/FAA/AR-06/35 Air Traffic Organization Operations Planning Office of Aviation Research and Development Washington, DC 20591 Software Development Tools for Safety-Critical, Real-Time Systems Handbook
More informationHow To Understand The Requirements Of The Software Safety Handbook
DOT/FAA/AR-01/116 Office of Aviation Research Washington, D.C. 20591 Software Service History Handbook January 2002 Final Report This document is available to the U.S. public through the National Technical
More informationTECH. Requirements. Why are requirements important? The Requirements Process REQUIREMENTS ELICITATION AND ANALYSIS. Requirements vs.
CH04 Capturing the Requirements Understanding what the customers and users expect the system to do * The Requirements Process * Types of Requirements * Characteristics of Requirements * How to Express
More informationSafety Analysis and Certification of Open Distributed Systems. P. M. Conmy; Department of Computer Science, University of York, York, YO10 5DD U.K.
Safety Analysis and Certification of Open Distributed Systems P. M. Conmy; Department of Computer Science, University of York, York, YO10 5DD U.K. M. Nicholson; Department of Computer Science, University
More informationThe Comprehensive and Fully Compliant Certification Solution. Certification Services
The Comprehensive and Fully Compliant Certification Solution "This applicant saved a lot of time and money using your fast track to compliance package. I would highly recommend your DER consulting service,
More informationInteractive Guidance for Safety Critical Avionics
ABD0200 DO-254 ARP 4754 ABD0100 ARP 4761 DO-178B/C Interactive Guidance for Safety Critical Avionics visualizing certification contexts managing process complexity tracing project progress accelerating
More informationConfiguration Management
Configuration Management Co Al Florence This presenter s affiliation with the MITRE Corporation is provided for identification purposes only and is not intended to convey or imply MITRE s concurrence with
More informationAspects logiciels de la certification avionique et vérification statique : une nouvelle ère?
Mai 2003 Presenté par Gérard LADIER Head of Software Methods/Quality Group Avionics & Simulation Products Airbus France Aspects logiciels de la certification avionique et vérification statique : une nouvelle
More informationHow To Improve The Performance Of Anatm
EXPLORATORY RESEARCH IN ATM David Bowen Chief ATM 4 th May 2015 1 ATM Research in Europe HORIZON Transport Challenges smart, green and integrated transport FlightPath 2050 five challenges to aviation beyond
More informationReverse Engineering Software and Digital Systems
NOT FAA POLICY OR GUIDANCE LIMITED RELEASE DOCUMENT 04 SEPTEMBER 2013 DOT/FAA/AR-xx/xx Federal Aviation Administration William J. Hughes Technical Center Aviation Research Division Atlantic City International
More informationIBM Rational Rhapsody
IBM Rational Rhapsody IBM Rational Rhapsody Kit for DO-178B/C Overview Version 1.8 License Agreement No part of this publication may be reproduced, transmitted, stored in a retrieval system, nor translated
More informationUnderstanding Compliance with Automatic Dependent Surveillance Broadcast (ADS-B) Out
Understanding Compliance with Automatic Dependent Surveillance Broadcast (ADS-B) Out White Paper Doc No.: WHTP-2013-14-05 Revised, October 2014 Safely guiding pilots and their passengers worldwide for
More informationFormal Specification and Verification of Avionics Software
Formal Specification and Verification of Avionics Software June 7th, 2006 Outline 1 Introduction Software in the avionics domain Certification requirements Object-oriented technologies 2 Specification
More informationRequirements Management John Hrastar
Requirements Management John Hrastar NASA Project Management Conference March 30-31, 2004 University of Maryland Conference Center Introduction Three aspects of requirements management Requirements in
More informationSOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT
SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT Mar 31, 2014 Japan Aerospace Exploration Agency This is an English translation of JERG-2-610. Whenever there is anything ambiguous in this document, the original
More informationWhy it may be time to consider Certified Avionics for UAS (Unmanned Aerial Vehicles/Systems) White paper
Why it may be time to consider Certified Avionics for UAS (Unmanned Aerial Vehicles/Systems) White paper UAS growth There are a number of different UAS types flying today in multiple applications. There
More informationMKS Integrity & CMMI. July, 2007
& CMMI July, 2007 Why the drive for CMMI? Missed commitments Spiralling costs Late delivery to the market Last minute crunches Inadequate management visibility Too many surprises Quality problems Customer
More informationCivil Aviation and CyberSecurity Dr. Daniel P. Johnson Honeywell Aerospace Advanced Technology
Civil Aviation and CyberSecurity Dr. Daniel P. Johnson Honeywell Aerospace Advanced Technology Outline Scope Civil aviation regulation History Cybersecurity threats Cybersecurity controls and technology
More informationCertification Authorities Software Team (CAST) Position Paper CAST-18
Certification Authorities Software Team (CAST) Position Paper CAST-18 Reverse Engineering in Certification Projects Completed June 2003 (Rev 1) NOTE: This position paper has been coordinated among the
More informationDate: 07/20/07 Initiated by: AFS-800
Advisory Circular Subject: Use of Class 1 or Class 2 Electronic Flight Bag (EFB) Date: 07/20/07 Initiated by: AFS-800 AC No: 91-78 1. PURPOSE. This advisory circular (AC) provides aircraft owners, operators,
More informationSafety Management Challenges for Aviation Cyber Physical Systems
Safety Management Challenges for Aviation Cyber Physical Systems Prof. R. John Hansman & Roland Weibel MIT International Center for Air Transportation rjhans@mit.edu, weibel@mit.edu Challenges Target Level
More informationAn Interactive Video Teletraining Course. IVT Course 62823 Self-Study Video Course 25823
Software Change Impact Analysis An Interactive Video Teletraining Course IVT Course 62823 Self-Study Video Course 25823 Developed and Presented by Leanna Rierson FAA, National Resource Specialist For Aircraft
More informationAssessment of Software Development Tools for Safety-Critical, Real-Time Systems
DOT/FAA/AR-06/36 Air Traffic Organization Operations Planning Office of Aviation Research and Development Washington, DC 20591 Assessment of Software Development Tools for Safety-Critical, Real-Time Systems
More informationIntroduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 6 : Product Development Software Level
ISO 26262 the Emerging Automotive Safety Standard Agenda Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 4 : Product Development System Level Part 6 : Product Development
More informationR214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM
The American Association for Laboratory Accreditation Document Revised: R214: Specific Requirements: Information Technology Testing Laboratory Accreditation July 13, 2010 Program Page 1 of 26 R214 SPECIFIC
More informationCertification Cost Estimates for Future Communication Radio Platforms
Certification Cost Estimates for Future Communication Radio Platforms NOTICE: Price indications in this document are based on information from negotiated prices. Therefore, such prices are indicative and
More informationJSF Software Safety Process: Providing Developmental Assurance
JSF Software Safety Process: Providing Developmental Assurance Mike Bridges, Lockheed Martin Aeronautics 2007 Lockheed Martin Corporation Systems and Software Technology Conference 18-21 June 2007 Tampa
More informationDr. Brian Murray March 4, 2011
Event that could lead to an accident GM Autonomy HAZARD 1 Q=6e-7 Event that could lead to a hazard Control to prevent HAZARDOUS EVENT 1 HAZARDOUS EVENT 1 HAZARD CONTROL 1 r=6e-008 Q=0.0006 Q=0.001 Q=0.001
More informationTitle & Image NATIONAL CIVIL AVIATION ADMINSTRATION. Advisory Circular
Title & Image NATIONAL CIVIL AVIATION ADMINSTRATION Advisory Circular Subject: CREW RESOURCE MANAGEMENT TRAINING PROGRAMME Issuing Office: [Identity of Office of NCAA issuing ] Document No.: [NCAA AC #]
More informationIntegrating System Safety and Software Assurance
Integrating System Safety and Software Assurance Systems Certification and Integrity Directorate of Aviation Engineering Directorate General Technical Airworthiness 1 Overview Integration of software assurance
More informationTechnical Data Sheet SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers
661 Solutions for ARINC 661 Compliant Systems SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers SCADE Solutions for ARINC 661 Compliant
More informationReaping the benefits of Reusable Software Components
Safety & Security for the Connected World Reaping the benefits of Reusable Software Components The Significance of FAA Reusable Software Component Certification Mark Pitchford The conflicting demands on
More informationIntroduction into IEC 62304 Software life cycle for medical devices
Introduction into IEC 62304 Software life cycle for medical devices Christoph Gerber 4. September 2008 SPIQ 9/5/2008 1 Agenda Current Picture Regulatory requirements for medical device software IEC 62304
More information5 Certifiable safe airborne software process analyses
Certifiable safe airborne software process analyses 97 5 Certifiable safe airborne software process analyses Published as E. Kesseler, Applying theory to practise, Airworthy software measured and analysed,
More informationImplementation of ANSI/AAMI/IEC 62304 Medical Device Software Lifecycle Processes.
Implementation of ANSI/AAMI/IEC 62304 Medical Device Software Lifecycle Processes.. www.pharmout.net Page 1 of 15 Version-02 1. Scope 1.1. Purpose This paper reviews the implementation of the ANSI/AAMI/IEC
More information8. Master Test Plan (MTP)
8. Master Test Plan (MTP) The purpose of the Master Test Plan (MTP) is to provide an overall test planning and test management document for multiple levels of test (either within one project or across
More informationApplying CMMI SM In Information Technology Organizations SEPG 2003
Applying CMMI SM In Information Technology Organizations Mark Servello, Vice President Jim Gibson, Senior Consultant ChangeBridge, Incorporated Page 1 Portions Copyright 2002 Carnegie Mellon University
More informationSoftware Life Cycle Process - DO-178B
1(19) Cross reference tables for H ProgSäk (E) and DO-178B A comparison has been made between requirement areas covered by H ProgSäk (E) and DO-178B respectively. Tables for correspondences and differences
More information074-8432-552 Page 1 of 7 Effective Date: 12/18/03 Software Supplier Process Requirements
Page 1 of 7 Software Supplier Process Requirements 1.0 QUALITY SYSTEM FRAMEWORK 1.1 QUALITY POLICY The Seller shall document and implement a quality program in the form of Quality manual or detailed Quality
More informationFlight-Critical Data Integrity Assurance for Ground-Based COTS Components
DOT/FAA/AR-06/2 Office of Aviation Research and Development Washington, DC 20591 Flight-Critical Data Integrity Assurance for Ground-Based COTS Components March 2006 Final Report This document is available
More informationDO-254 Requirements Traceability
DO-254 Requirements Traceability Louie De Luna, Aldec - June 04, 2013 DO-254 enforces a strict requirements-driven process for the development of commercial airborne electronic hardware. For DO-254, requirements
More informationWork Performance Statement
Work Performance Statement Enterprise Date Services Service Management Tool Introduction Acronyms, and Abbreviations AQS FAA Office of Quality, Integration and Executive Services ARB Airmen Records Building
More informationImproving Embedded Software Test Effectiveness in Automotive Applications
Improving Embedded Software Test Effectiveness in Automotive Applications Author, D Brook Document Number: CODETESTTECHWP Rev. 0 11/2005 As the automotive industry introduces more and more safety-critical,
More informationCHAPTER 7 Software Configuration Management
CHAPTER 7 Software Configuration Management ACRONYMS CCB CM FCA MTBF PCA SCCB SCI SCM SCMP SCR SCSA SEI/CMMI SQA SRS USNRC INTRODUCTION Configuration Control Board Configuration Management Functional Configuration
More informationQuality Assurance Program Plan. July 2006. U.S. Department of Energy Office of Legacy Management
U. S. Department of Energy Office of Legacy Management July 2006 July 2006 Page i DOE-LM Policy Statement The U.S. Department of Energy (DOE) Office of Legacy Management (LM) performs long-term surveillance
More informationISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY
ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY Dr. Gregg Wildes DornerWorks www.dornerworks.com Embedded Systems Engineering for Security and Safety-Critical Systems Where Hardware
More informationA cross-domain comparison of software development assurance standards
A cross-domain comparison of software development assurance standards Emmanuel Ledinot (1), Jean-Marc Astruc (2), Jean-Paul Blanquart (3), Philippe Baufreton (4), Jean-Louis Boulanger (5), Hervé Delseny
More informationSESAR Air Traffic Management Modernization. Honeywell Aerospace Advanced Technology June 2014
SESAR Air Traffic Management Modernization Honeywell Aerospace Advanced Technology June 2014 Honeywell in NextGen and SESAR Honeywell active in multiple FAA NextGen projects ADS-B Surface Indicating and
More informationAssessment of changes to functional systems in ATM/ANS and the oversight thereof
Assessment of changes to functional systems in ATM/ANS and the oversight thereof Entry Point North Seminar: The changing landscape of ATM Safety Malmo, 26 th -27 th May 2015 Jose L Garcia-Chico Gomez ATM/ANS
More informationYour Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.
INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. February 2013 1 Executive Summary Adnet is pleased to provide this white paper, describing our approach to performing
More informationSTSG Methodologies and Support Structure
STSG Methodologies and Support Structure STSG Application Life Cycle Management STSG utilizes comprehensive lifecycle tools that are fully integrated and provide capabilities for most of the roles in its
More informationAEROSPACE QUALITY MANAGEMENT SYSTEM - 9100
AEROSPACE QUALITY MANAGEMENT SYSTEM - 9100 Dale K. Gordon Rolls-Royce Royce North America Past Chairman Americas Aerospace Quality Group April 11th, 2003 Edinburgh General Assembly 1 of 24 Aerospace Quality
More informationQuality Assurance Manual for Flight Procedure Design
Doc 9906 AN/472 Quality Assurance Manual for Flight Procedure Design Volume 1 Flight Procedure Design Quality Assurance System Approved by the Secretary General and published under his authority First
More information