Safety Assessment ICAS 2010
|
|
- Stuart Garrett
- 5 years ago
- Views:
Transcription
1 Preliminary Design of Future Reconfigurable IMA Platforms Safety Assessment ICAS 2010 Pierre Bieber, Julien Brunel, Eric Noulard, Claire Pagetti,Thierry Planche, Frédéric Vialard and all the Scarlett partners September 23 th, 2010
2 Outline 1. Reconfiguration for IMA-2G 1. Novelties of IMA-2G 2. Goals of IMA-2G Reconfiguration 3. SCARLETT Reconfiguration Architecture 2. Safety Assessment 1. Goals and Methodology of the assessment 2. Hazard Assessment 3. Model based Safety Assessment Page 2
3 IMA-1G cpiom-3 IOM C1 C2 IOM A429 AFDX A AFDX B cpiom-1 A1 A2 A3 cpiom-1 A1 A2 A3 Cpiom-5 E1 E2 cpiom-7 L1 G1 G2 L2 C1 L3 C2 R3 R2 cpiom-7 R1 G1 G2 Cpiom-5 E1 E2 Avionics world cpiom-2 B1 B2 B3 cpiom-2 B1 B2 B3 IOM cpiom-4 D1 D2 D3 D4 cpiom-4 D1 D2 D3 D4 IOM SCI SCI Open world Page 3
4 IMA-2G Novelties IMA-2G Will separate I/O (RDC) from computing resource (CPM) Will bring enhanced performance enabling a greater number of applications to be hosted on the same module Will allow the reconfiguration on some applications Page 4
5 Scarlett Platform Architecture Principles Avionics world RDC RDC E1 E2 C1 C2 B1 B2 B3 A1 A2 A3 SCI F1 F2 L1 G1 G2 L2 D1 D2 D3 D4 C4 C2 C1 L3 C2 R3 R2 Cabinet 1 R1 D1 D2 D3 D4 SCI G1 G2 A1 A2 A3 Cpm C3 E1 E2 B1 B2 B3 RDC RDC IMA 2G glossary: DME = Distributed Modular electronics RDC = Remote Data Concentrator RPC = Remote Power Controller REU = Remote Electronic Unit CPM = Computing Processing Module Spare = application free resource Open world Page 5
6 Reconfiguration purpose Reconfiguration should not necessarily improve the safety, but it shall not have a negative impact on it Reconfiguration shall improve the operational reliability Limit the number of flight delays, cancellations, diversions caused by a suspected or confirmed fault of a CPM (including the time spent to detect and to correct the fault). Focus on faults of CPM that host applications whose loss has an impact on operational reliability according to the (Minimum Equipment List) MEL Equipment Number for nominal mode Number of failures Condition and limitation Pilot action CPIOM One may be inoperative provided alarm 1 is not raised. CPIOM May be inoperative Switch 8 6 May be inoperative provided alarm 2 is not raised, alarm 3 is not raised. GO IF GO GO IF Other CPIOM not mentioned NO GO Page 6
7 Reconfiguration Architecture Reconfiguration Supervisor 4 Config. Selector Centralised Maintenance SystemS Cabinet Manager Fault Detection Module Test Deactivate CPM 10 Reconf. Sequencer Activate SPR Reconf Monitor Load Network Load SPR 9 Conf Checker Data Loading CPM SPR Network Cabinet Platform Reconfiguration Supervisor a new function which is responsible for taking reconfiguration decision, applying the best reconfiguration and managing reconfiguration information offline (i.e. design time) : elaboration of possible reconfigurations online (operational part) : selection of the best reconfiguration. Page 7
8 Reconfiguration execution overview RS module-3 module-1 C1 C2 A1 A2 A3 4 Config. Selector Reconf. Sequencer CM1 module-8 H1 H2 CM2 module-1 module-9 I1 I2 I3 A1 A2 A3 MEL module-5: NO GO try a reconfiguration 1. Failure detection 2. Selection of a valid configuration 3. Execution of a reconfiguration 4. Verification activities module-5 E1 E2 module-2 B1 B2 B3 module-7 D G1 G2 D D D D D spare-1 D module-7 D G1 G2 module-5 module-8 module-2 E1 E2 B1 B2 B3 CM3 module-4 D1 D2 D3 D4 module-4 D1 D2 D3 D4 CM4 2 3 Module Test Deactivate CPM 5 8 Activate SPR Reconf Monitor CMS 1 Diagnostic agent 6 7 Load Network Load SPR 9 Conf Checker DL The platform reaches a new configuration and all functions execute Page 8
9 Outline 1. Reconfiguration for IMA-2G 1. Novelties of IMA-2G 2. Goals of IMA-2G Reconfiguration 3. SCARLETT Reconfiguration Architecture 2. Safety Assessment 1. Goals and Methodology of the assessment 2. Hazard Assessment 3. Model based Safety Assessment Page 9
10 Safety Assessment Methodology Goal : study and evaluate the impact of the behaviour of the system when functions and CPM fail Safety Assessment WP1.5 Aircraft level requirements WP1.1 High level safety requirements Define Safety requirements for the reconfiguration FHA (functional hazard analysis) systems, hazards safety requirements System level requirements WP1.2 Hazard assessment Study for each function (CMS_fault_detection, CM_module_test, ) the impact on reconfiguration of their misbehaviour Preliminary system safety assessment PSSA (preliminary system safety assessment) Functions allocation safety assessment Preliminary DME architecture WP1.3 Formal model based approach Modelling in AltaRica Exhaustive minimal cut sets Automatic tool (Cecilia OCAS) Page 10
11 Functional Hazard Analysis Safety requirements Loss of reconfiguration: Applications hosted by the faulty CPM are not hosted by a Spare Module (No Safety Effect). Erroneous reconfiguration: Applications hosted by the faulty CPM provide incorrect output due to the reconfiguration (Hazardous to Catastrophic) Hazard Assessment For each function, study the effect on reconfiguration of its loss (no output is computed when it is needed) and its erroneous behaviour (an incorrect output is computed). For function faults that lead to erroneous reconfiguration, study mitigation functions that would limit the impact of these faults. Function Mode Effect Mitigation Fault Detection lost lost Not needed err err Module Test Module Test lost lost Not needed err lost Not needed Page 11
12 Model based approach 1/3 Formal model using AltaRica AltaRica is an automata based approach. Language developed by University of Bordeaux/Labri in the 90s. Numerous tools support AltaRica: OCAS (Dassault Aviation), RAMSES (Airbus), AltaTools (LABRI), Applicable techniques: simulation, sequence generation, fault tree generation, stochastic simulation, Petri nets, Reconfiguration Functions Platform Observers Page 12
13 Model-based approach 2/3 1. Define Component Interfaces num_failed_cpm faulty CPM identity CMS fault detection i1,,i5 Health Status treated CPM fault treated 2. Define Nominal Behaviour 3. Define Dysfunctional Behaviour node CMS_fault_detection node flownode CMS_fault_detection flow num_failed_cpm:0..5:out; flow num_failed_cpm:0..5:out; i1,..,i5:{ok, lost, silent}:in; i1,..,i5:{ok, treated:bool:in; i1,..,i5:{ok, lost, silent}:in; lost, silent}:in; treated:bool:in; state state ds: state {ok, lost, erroneous}; s:{idle, detect, failed}; a: a: 0..5; 0..5; event event event to_idle, trans to detect, to_failed, fail_loss, fail_err; trans trans ij ij = = assert lost and s = idle - to_detect -> -> s s := := detect, a a := := j; j; s s = = detect and treated and not (ij (ij =lost) - - to_idle to_idle -> -> s:= s:= idle, idle, a :=0; a :=0; s s = = init detect and treated and ij ij =lost - -to_failed -> -> s:=failed, s:=failed, a:=0; a:=0; assert ds= ok - fail_loss -> ds := lost; num_cpm_failed ds= extern ok - fail_err = -> a; ds := erroneous; init assert s,a:= num_cpm_failed edon idle,0; = case { extern ds=ok : a, law ds=lost (<event : 0, to_idle>) = "Dirac(0)"; law ds=erroneous (<event to_failed>) and a=0 = "Dirac(0)"; : 0, law ds=erroneous (<event to_detect>) and a=5 = :"Dirac(0)"; 1, edon else a+1 }; init ds:= ok; s,a:= idle,0; extern law (<event to_idle>) = "Dirac(0)"; law (<event to_failed>) = "Dirac(0)"; law (<event to_detect>) = "Dirac(0)"; edon Page 13
14 Model based approach 3/3 Simulation Nominal mode => see demo1 Loss of reconfiguration => see demo2 Sequence generation Example of failure condition: «the reconfiguration system does not impact an healthy platform, meaning that a failure (a series of failures) of the reconfiguration system does not transform a GO situation into a NOGO one» Coding of an observer See demo3 Page 14
15 Results Preliminary Safety Assessment Results Based on the generation of combination of function and equipments faults leading to the selected Failure Conditions Verification of Qualitative Safety Requirements e.g.«no single failure shall lead to the loss of Reconfiguration» Feedback for the Designers Need to address Inadvertent Deactivation of CPM Improve interaction between Module test and Deactivate CPM Off-line configurations Enumeration of the number of configurations Depending on the reconfiguration capabilities (local, reconfigurable spare ) Pierre Bieber, Eric Noulard, Claire Pagetti, Thierry Planche and François Vialard. Preliminary Design of Future Reconfigurable IMA Platforms. In 2nd Workshop on Adaptive and Reconfigurable Embedded Systems (APRES'09), Grenoble, October SIGBED Review, Volume 6, Number 3. Page 15
16 Reconfiguration policy Generic rules for the reconfiguration (defined off-line). Policy 1: no priority among avionics applications. Once a spare has been occupied, no other application can be hosted on this spare. If a spare fails, the hosted applications are not reconfigured. Policy 2: priority level assigned to the applications. Once a spare has been occupied, no other application can be hosted on this spare. A spare is also reconfigurable. Page 16
17 Number of configurations module level reconfiguration Local reconfiguration: a module can only be reconfigured in the same cabinet, with the policy 1 C 0 k sm k k bm Asm c configurations For c=4, bm=5, sm=1 => 1296 configurations Distant reconfiguration: a module can only be reconfigured in the any cabinet, with the policy 1 0 k ( c sm) C c A k bm k c sm configurations For c=4, bm=5, sm=1 => configurations Page 17
18 Perspectives Work in progress Investigation of Segregation Requirements and DAL Way forward Deal with other reconfiguration scenarios (multi-cabinet, in-flight, ) Investigate the impact of network failures THANK YOU FOR YOUR ATTENTION Page 18
Reconfiguration as a mean to enhance platform availability
SCAlable & ReconfigurabLe Electronics platforms and Tools - Towards the next generation of Integrated Modular Avionics Reconfiguration as a mean to enhance platform availability Workshop APRES 2009 Pierre
More informationFROM SAFETY MODELS TO SECURITY MODELS: PRELIMINARY LESSONS LEARNT
1 / 22 FROM SAFETY MODELS TO SECURITY MODELS: PRELIMINARY LESSONS LEARNT Pierre Bieber Julien Brunel ONERA/DTIM, TOULOUSE, FRANCE THE FRENCH AEROSPACE LAB CONNECTED AIRCRAFT 2 / 22 CONNECTED AIRCRAFT :
More informationPreliminary Design of Future Reconfigurable IMA Platforms
Preliminary Design of Future Reconfigurable IMA Platforms Pierre Bieber Thierry Planche Airbus, Toulouse, France Eric Noulard François Vialard Airbus, Toulouse, France Claire Pagetti ABSTRACT The next
More informationSCAlable & ReconfigurabLe Electronics platforms and Tools SCARLETT
SCAlable & ReconfigurabLe Electronics platforms and Tools SCARLETT From the Integrated Modular Avionics the First Generation architecture to the Distributed Modular Electronics solution Page 1 Collaborative
More informationModel-Based Safety Approach for Early Validation of Integrated and Modular Avionics Architectures
Model-Based Safety Approach for Early Validation of Integrated and Modular Avionics Architectures Marion Morel THALES AVIONICS S.A.S., 31036 Toulouse, France marion.morel@fr.thalesgroup.com Abstract. Increasing
More informationAltaRica models and tools for system safety assessment Best practices and lessons learnt from the aerospace domain
AltaRica models and tools for system safety assessment Best practices and lessons learnt from the aerospace domain 29/10/2014 Christel.Seguin@onera.fr Tutorial outline System Safety Assessment AltaRica
More informationResearch on Model-based IMA Resources Allocation Xiao Zhang1, a, Lisong Wang2, b
4th International Conference on Machinery, Materials and Computing Technology (ICMMCT 2016) Research on Model-based IMA Resources Allocation Xiao Zhang1, a, Lisong Wang2, b 1 School of Computer Science
More informationARINC 653 Based Time-Critical Application for European SCARLETT Project.
ARINC 653 Based Time-Critical Application for European SCARLETT Project. Tomasz Rogalski, Slawomir Samolej, Andrzej Tomczyk 3 Rzeszow University of Technology, ul. W. Pola, 39-959 Rzeszow, Poland The SCAlable
More informationExCuSe A Method for the Model-Based Safety Assessment of Simulink and Stateflow Models
ExCuSe A Method for the Model-Based Safety Assessment of Simulink and Stateflow Models MATLAB Expo 2018 2018-06-26 München Julian Rhein 1 Outline Introduction Property Proving Application to Safety Assessment
More informationA Model-Checking Approach to Analyse Temporal Failure Propagation with AltaRica
A Model-Checking Approach to Analyse Temporal Failure Propagation with AltaRica Alexandre Albore, Silvano Dal Zilio, Guillaume Infantes, Christel Seguin, Pierre Virelizier To cite this version: Alexandre
More informationNew Challenges for Future Avionic Architectures.
New Challenges for Future Avionic Architectures. Pierre Bieber, Frédéric Boniol, Marc Boyer, Eric Noulard, Claire Pagetti To cite this version: Pierre Bieber, Frédéric Boniol, Marc Boyer, Eric Noulard,
More informationList of proposed requirements for Avionics domain Annex D1.1.b to deliverable D1.1
Collaborative Large-scale Integrating Project Open Platform for EvolutioNary Certification Of Safety-critical Systems List of proposed requirements for domain to deliverable D1.1 Work Package: WP1: Use
More informationSafety Assessment of AltaRica models via Symbolic Model Checking
Safety Assessment of AltaRica models via Symbolic Model Checking Marco Bozzano a, Alessandro Cimatti a, Oleg Lisagor b, Cristian Mattarei a, Sergio Mover a, Marco Roveri a, Stefano Tonetta a a Fondazione
More informationSystem-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)
System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex) AADL Standards Meeting June 6., 2011 Jean-Pierre Talpin, INRIA Parts of this presentation are joint work with Paul,
More informationModel-based System Engineering for Fault Tree Generation and Analysis
Model-based System Engineering for Fault Tree Generation and Analysis Nataliya Yakymets, Hadi Jaber, Agnes Lanusse CEA Saclay Nano-INNOV, Institut CARNOT CEA LIST, DILS, 91 191 Gif sur Yvette CEDEX, Saclay,
More informationOff-line (Optimal) Multiprocessor Scheduling of Dependent Periodic Tasks
Off-line (Optimal) Multiprocessor Scheduling of Dependent Periodic Tasks Julie Barot, Frédéric Boniol, Mikel Cordovilla, Eric Noulard, Claire Pagetti ONERA, Toulouse, France SAC 2012 March, 27th 2012 1
More informationThe development process of the Online S3 project. Anastasia Panori, INTELSPACE Innovation Technologies S.A.
The development process of the Online S3 project Anastasia Panori, INTELSPACE Innovation Technologies S.A. Online S3 Final Workshop, Brussels 25 04 2018 Some general information Proposal submission: September
More informationFormal Modelling and Safety Analysis of an Avionic Functional Architecture with Alloy
Formal Modelling and Safety Analysis of an Avionic Functional Architecture with Alloy Julien Brunel 1, David Chemouil 1, Vincent Ibanez 2, and Nicolas Meledo 2 1 Onera/DTIM, F-31055 Toulouse, France, firstname.lastname@onera.fr
More informationAutomatic Architecture Hardening Using Safety Patterns
Automatic Architecture Hardening Using Safety Patterns November 4, 2014 Authors: Kevin Delmas, Rémi Delmas, Claire Pagetti e-mail: prenom.nom@onera.fr 1 / 29 Context Application The typical application
More informationFPGAs in radiation-harsh environments
FPGAs in radiation-harsh environments 1 Application examples AFDX Used on new commercial aircrafts from Boeing and Airbus Main communication interface Safety level up to DAL-A Mission computers Used on
More informationDistributed IMA with TTEthernet
Distributed IMA with thernet ARINC 653 Integration of thernet Georg Gaderer, Product Manager Georg.Gaderer@tttech.com October 30, 2012 Copyright TTTech Computertechnik AG. All rights reserved. Introduction
More informationModel-Based Testing for the Second Generation of Integrated Modular Avionics
Model-Based Testing for the Second Generation of Integrated Modular Avionics Christof Efkemann and Jan Peleska University of Bremen FB3/AGBS Bibliothekstraße 1, 28359 Bremen, Germany {chref, jp@tzi.de
More informationIntegration of Mixed Criticality Systems on MultiCores: Limitations, Challenges and Way ahead for Avionics
Integration of Mixed Criticality Systems on MultiCores: Limitations, Challenges and Way ahead for Avionics TecDay 13./14. Oct. 2015 Dietmar Geiger, Bernd Koppenhöfer 1 COTS HW Evolution - Single-Core Multi-Core
More informationFormal Modeling of BPEL Workflows Including Fault and Compensation Handling
Formal Modeling of BPEL Workflows Including Fault and Compensation Handling Máté Kovács, Dániel Varró, László Gönczy kovmate@mit.bme.hu Budapest University of Technology and Economics Dept. of Measurement
More informationThe Integration of a Prototype Pitch Control Application with IMA2G Devices
AUTOMATYKA/ AUTOMATICS 2013 Vol. 17 No. 1 http://dx.doi.org/10.7494/automat.2013.17.1.93 S³awomir Samolej*, Tomasz Rogalski**, Grzegorz Kopecki**, Andrzej Tomczyk** The Integration of a Prototype Pitch
More informationA Viewpoint-Based Approach for Formal Safety Security Assessment of System Architectures
A Viewpoint-Based Approach for Formal Safety Security Assessment of System Architectures Julien Brunel, David Chemouil, Laurent Rioux, Mohamed Bakkali, Frédérique Vallée To cite this version: Julien Brunel,
More informationIssues in Programming Language Design for Embedded RT Systems
CSE 237B Fall 2009 Issues in Programming Language Design for Embedded RT Systems Reliability and Fault Tolerance Exceptions and Exception Handling Rajesh Gupta University of California, San Diego ES Characteristics
More informationSafety-critical Partitioned Software Architecture
Safety-critical Partitioned Software Architecture Seung Chung, Dan Dvorak, Dave Hecox, Greg Horvath Jet Propulsion Laboratory California Institute of Technology 2009-11-05 Copyright 2009 California Institute
More informationA Modeling Framework for Schedulability Analysis of Distributed Avionics Systems. Pujie Han MARS/VPT Thessaloniki, 20 April 2018
A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems Pujie Han MARS/VPT Thessaloniki, 20 April 2018 Index Background Approach Modeling Case study Index Background Approach Modeling
More informationSafety Assurance in Software Systems From Airplanes to Atoms
Safety Assurance in Software Systems From Airplanes to Atoms MDEP Conference on New Reactor Design Activities Session Digital I&C: Current & Emerging Technical Challenges September 07 Dr. Darren Cofer
More informationFinal Project Report. Abstract. Document information
Final Project Report Document information Project Title Improved 1090 MHz ADS-B Ground station capacity and security Project Number 15.04.06 Project Manager Thales Deliverable Name Final Project Report
More informationAUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.
AUTOBEST: A microkernel-based system (not only) for automotive applications Marc Bommert, Alexander Züpke, Robert Kaiser vorname.name@hs-rm.de Outline Motivation AUTOSAR ARINC 653 AUTOBEST Architecture
More informationDependability tree 1
Dependability tree 1 Means for achieving dependability A combined use of methods can be applied as means for achieving dependability. These means can be classified into: 1. Fault Prevention techniques
More informationAvionics Systems Hosted on a distributed modular electronics Large scale demonstrator for multiple type of aircraft
MAKS Avionics onference August 27 th, 2015 Moscow, ussia Avionics Systems Hosted on a distributed modular electronics Large scale demonstrator for multiple type of aircraft Presented by Marc GATTI (THALES
More informationApproaches to Certification of Reconfigurable IMA Systems Paul Hollow, John McDermid, Mark Nicholson, University of York, UK Abstract
Approaches to Certification of Reconfigurable IMA Systems Paul Hollow, John McDermid, Mark Nicholson, University of York, UK Abstract The aerospace industry have been investigating integrated modular avionics
More informationLecture 5 Safety Analysis FHA, HAZOP
Lecture 5 Safety Analysis FHA, HAZOP Introduction While designing a safety-critical system usually several safety analysis techniques are applied The idea is to achieve completeness of safety requirements,
More informationIntegrated Modular Avionics Development Guidance and Certification Considerations
René L.C. Eveleens National Aerospace Laboratory NLR P.O. Box 90502 1006BM Amsterdam Netherlands eveleens@nlr.nl ABSTRACT From 2001 to 2005 a working group within the European Organisation for Civil Aviation
More informationNew Logic Modeling Paradigms for Complex System Reliability and Risk Analysis
New Logic Modeling Paradigms for Complex System Reliability and Risk Analysis Antoine Rauzy Chair Blériot-Fabre* - Ecole Centrale de Paris Ecole Polytechnique FRANCE Antoine.Rauzy@ecp.fr http://www.lgi.ecp.fr/pmwiki.php/pagesperso/arauzy
More informationContract-based design, model checking, and model-based safety assessment
Contract-based design, model checking, and model-based safety assessment An integrated view Alessandro Cimatti Fondazione Bruno Kessler, Trento, Italy Take away message Beyond model checking: new generation
More informationDTU IMM. MSc Thesis. Analysis and Optimization of TTEthernet-based Safety Critical Embedded Systems. Radoslav Hristov Todorov s080990
DTU IMM MSc Thesis Analysis and Optimization of TTEthernet-based Safety Critical Embedded Systems Radoslav Hristov Todorov s080990 16-08-2010 Acknowledgements The work for this master thesis project continued
More informationSPECIFICATION FOR THE SUPPLY OF A BATTERY MONITORING SYSTEM
SPECIFICATION FOR THE SUPPLY OF A BATTERY MONITORING SYSTEM ESG20020202-3-2 February 27 th 2008 Project number reference:- File Number:- Prepared by:- Company:- Address:- Copy Number:- of Intentionally
More informationStatic analysis of concurrent avionics software
Static analysis of concurrent avionics software with AstréeA Workshop on Static Analysis of Concurrent Software David Delmas Airbus 11 September 2016 Agenda 1 Industrial context Avionics software Formal
More informationInternode Complaint Handling Policy
Internode Complaint Handling Policy This article will outline our Complaint Handling Policy. While we always aim to provide you with awesome customer service, if you haven t received the service you expected,
More informationSUPPORTING THE DESIGN OF DISTRIBUTED INTEGRATED MODULAR AVIONICS SYSTEMS WITH BINARY PROGRAMMING
DocumentID: 281221 SUPPORTING THE DESIGN OF DISTRIBUTED INTEGRATED MODULAR AVIONICS SYSTEMS WITH BINARY PROGRAMMING B. Annighöfer, F. Thielecke, Hamburg University of Technology, Nesspriel 5, 21129 Hamburg,
More informationDevelopment Guidance and Certification Considerations
Integrated Modular Avionics Development Guidance and Certification Considerations René L.C. Eveleens National Aerospace Laboratory NLR P.O. Box 90502 1006BM Amsterdam RTO SCI LS-176: Mission System Engineering
More informationDNP 3.0 Communication User s Manual
MV Network management MV/LV substations remote monitoring Merlin Gerin Easergy Range Easergy FLAIR 200C DNP 3.0 Communication User s Manual Summary SUMMARY...3 SOFTWARE CONFIGURATION...4 DEVICE PROFILE
More informationDiscussion of Failure Mode Assumptions for IEEE 802.1Qbt
Discussion of Failure Mode Assumptions for IEEE 802.1Qbt Wilfried Steiner, Corporate Scientist wilfried.steiner@tttech.com www.tttech.com Page 1 Clock Synchronization is a core building block of many RT
More informationResilient Smart Grids
Resilient Smart Grids André Teixeira Kaveh Paridari, Henrik Sandberg KTH Royal Institute of Technology, Sweden SPARKS 2nd Stakeholder Workshop Cork, Ireland March 25th, 2015 Legacy Distribution Grids Main
More informationEUROCAE ED-122 / RTCA DO-306 Oceanic SPR Standard
Oceanic SPR Standard ICAO NAT PBCS Workshop, Feb 2013 Presented by Jerome CONDIS RTCA SC-214 / EUROCAE WG-78 Co-chair 1 History SC189 / WG53 1 2 3 4 ED100 / DO 258 : Interoperability Requirements for ATS
More informationModel-Based Testing for the Second Generation of Integrated Modular Avionics
Model-Based Testing for the Second Generation of Integrated Modular Avionics Christof Efkemann, Jan Peleska Department of Computer Science and Mathematics University of Bremen Bremen, Germany Email: {chref,
More informationPanel: Research on Complex Enterprise Systems of Systems. Complex Adaptive Systems Conference 14-NOV-2013
Panel: Research on Complex Enterprise Systems of Systems Complex Adaptive Systems Conference 14-NOV-2013 Dan DeLaurentis School of Aeronautics & Astronautics and Center for Integrated Systems in Aerospace
More informationA Verification Method for Software Safety Requirement by Combining Model Checking and FTA Congcong Chen1,a, Fuping Zeng1,b, Minyan Lu1,c
International Industrial Informatics and Computer Engineering Conference (IIICEC 2015) A Verification Method for Software Safety Requirement by Combining Model Checking and FTA Congcong Chen1,a, Fuping
More informationTechnical presentation
TOWARDS A COGNITIVE COMPUTING PLATFORM SUPPORTING A UNIFIED APPROACH TOWARDS PRIVACY, SECURITY AND SAFETY (PSS) OF IOT SYSTEMS The VESSEDIA Project Technical presentation Armand PUCCETTI, CEA Rome, 11th
More informationUSE CASE 8 MAINTENANCE ENGINEER MONITORS HEALTH OF PRIMARY EQUIPMENT
E USE CASE 8 MAINTENANCE ENGINEER MONITORS HEALTH OF PRIMARY EQUIPMENT Use Case Title Maintenance Engineer monitors health of primary equipment Use Case Summary Monitor an existing field implementation...substation
More informationOptimised Embedded Distributed Controller for Automated Lighting Systems
Optimised Embedded Distributed Controller for Automated Lighting Systems Alie El-Din Mady, Menouer Boubekeur and Gregory Provan Prof. Gregory Provan Cork Complex Systems Lab Computer Science Department,
More informationSoftware architecture in ASPICE and Even-André Karlsson
Software architecture in ASPICE and 26262 Even-André Karlsson Agenda Overall comparison (3 min) Why is the architecture documentation difficult? (2 min) ASPICE requirements (8 min) 26262 requirements (12
More informationOn the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR
1 / 16 On the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR Philipp Rümmer Oxford University, Computing Laboratory philr@comlab.ox.ac.uk 8th KeY Symposium May 19th 2009
More informationFault Tolerance. Basic Concepts
COP 6611 Advanced Operating System Fault Tolerance Chi Zhang czhang@cs.fiu.edu Dependability Includes Availability Run time / total time Basic Concepts Reliability The length of uninterrupted run time
More informationUpdate on Behavior Language for Embedded Systems with Software for Proof Based Analysis of Behavior
October 19, 2010 BLESS Progress Report (1) Update on Behavior Language for Embedded Systems with Software for Proof Based Analysis of Behavior Brian Larson Multitude Corporation October 19, 2010 October
More informationAADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment
AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment Julien Delange Peter Feiler David P. Gluch John Hudak October 2014 TECHNICAL REPORT CMU/SEI-2014-TR-020 Software Solutions Division
More informationManaging temporal allocation in Integrated Modular Avionics
Managing temporal allocation in Integrated Modular Avionics Nesrine Badache, Katia Jaffrès-Runser, Jean-Luc Scharbarg and Christian Fraboul University of Toulouse IRIT-INPT/ENSEEIHT 2, rue Charles Camichel,
More informationPublications and Training Solutions Course Syllabus:
COURSE TITLE: Pro Line Fusion Global 5000/6000 RC Level I/ATA Level III Operations & Flightline Maintenance EQUIPMENT TYPE: EQUIPMENT NOMENCLATURE PART NUMBER Adaptive Flight Display AFD-6520 822-2332-100
More informationICS Regent. Communications Package for W INTERPRET. Guarded Peer-Link Communications (T3831) PD-6041
ICS Regent PD-6041 Communications Package for W INTERPRET Guarded Peer-Link Communications (T3831) Issue 1, March, 06 The WINTERPRET Communications Package is an add-in software package that allows you
More informationEvaluation of numerical bus systems used in rocket engine test facilities
www.dlr.de Chart 1 > Numerical bus systems > V. Schmidt 8971_151277.pptx > 13.06.2013 Evaluation of numerical bus systems used in rocket engine test facilities Volker Schmidt Pavel Georgiev Harald Horn
More informationFault Tolerance. Chapter 7
Fault Tolerance Chapter 7 Basic Concepts Dependability Includes Availability Reliability Safety Maintainability Failure Models Type of failure Crash failure Omission failure Receive omission Send omission
More informationEnhancing the RAMSAS method for Systems Reliability Analysis through Modelica
7th MODPROD Workshop on Model-Based Product Development February 05-06, 2013 Linköping University, Sweden Enhancing the RAMSAS method for Systems Reliability Analysis through Modelica Alfredo Garro and
More informationCertification of the Galileo SIS The GALCERT Project
Certification of the Galileo SIS The GALCERT Project Prepared by: Prof. Dr. P. Hecker - C. Butzmuehlen Presented by: K. Hartwig - DLR ZEL-GNSS 2008 TABLE OF CONTENTS 2 The Mission Goal of the GALCERT Project
More informationAutomatic Refinement and Code Generation - lessons learned -
Automatic Refinement and Code Generation - lessons learned - Thierry Lecomte thierry.lecomte@clearsy.com (*) Inspired from llvm.org/docs/img/debugging.gif C L E A R S Y System Engineering Plan Introduction
More informationWelcome to the safety functions configuration training module for ACS880 Cabinet-built industrial drives.
Welcome to the safety functions configuration training module for ACS880 Cabinet-built industrial drives. 1 After viewing this presentation you will be able to describe: The functionality of cabinet-built
More informationDSTHM-2 COMBINED T AND RH DUCT TRANSMITTER. Mounting and operating instructions
Mounting and operating instructions Table of contents SAFETY AND PRECAUTIONS 3 PRODUCT DESCRIPTION 4 ARTICLE CODES 4 INTENDED AREA OF USE 4 TECHNICAL DATA 4 STANDARDS 4 OPERATIONAL DIAGRAMS 5 WIRING AND
More informationPattern-Based Analysis of an Embedded Real-Time System Architecture
Pattern-Based Analysis of an Embedded Real-Time System Architecture Peter Feiler Software Engineering Institute phf@sei.cmu.edu 412-268-7790 Outline Introduction to SAE AADL Standard The case study Towards
More informationDatalink performances
Datalink performances Outcome of the Datalink Performance Monitoring activities Jacky Pouzet Head of Communication and Frequency Coordination Unit WAC Madrid, March 2018 The Big Picture EC EASA Reminder:
More informationThe Verification and Validation activity for a railway control system
The Verification and Validation activity for a railway control system Davide Alagna, Alessandro Romei [alagna.davide@asf.ansaldo.it, romei.alessandro@asf.ansaldo.it] RAMS Department Geneva, 19 th September
More informationReaching for the sky with certified and safe solutions for the aerospace market
www.tttech.com/aerospace Reaching for the sky with certified and safe solutions for the aerospace market More about our certified and safe products inside Advancing safe technologies, improving human lives
More informationComputer-Based Control System Safety Requirements
Computer-Based Control System Safety Requirements International Space Station Program Revision B November 17, 1995 National Aeronautics and Space Administration International Space Station Program Johnson
More informationPublications and Training Solutions Course Syllabus:
COURSE TITLE: Boeing 787 Familiarization PREREQUISITES: Students should have basic knowledge of aircraft avionics systems and a working command of the English language (interpreters are available for special
More informationDiagnosis in the Time-Triggered Architecture
TU Wien 1 Diagnosis in the Time-Triggered Architecture H. Kopetz June 2010 Embedded Systems 2 An Embedded System is a Cyber-Physical System (CPS) that consists of two subsystems: A physical subsystem the
More information16-Channel Digital Output Module 120Vac/dc
Triguard SC300E MDO16FNS 16-Channel Digital Output Module 120Vac/dc (MDO16FNS) Issue 4 October 2005 INTRODUCTION PURPOSE The 120Vac/dc Digital Output Module MDO16FNS provides the output control interface
More informationLCM. The Network Is NOT Transparent SPAZIO IT LCM - FDIR. October 2015
SPAZIO IT LCM - FDIR LCM The Network Is NOT Transparent Maurizio Martignano Spazio IT Soluzioni Informatiche s.a.s Via Manzoni 40 46030 San Giorgio di Mantova, Mantova http://www.spazioit.com 1 Agenda
More informationCprE 458/558: Real-Time Systems. Lecture 17 Fault-tolerant design techniques
: Real-Time Systems Lecture 17 Fault-tolerant design techniques Fault Tolerant Strategies Fault tolerance in computer system is achieved through redundancy in hardware, software, information, and/or computations.
More informationDigital Output Module 8-Channel Version for Zone 2 Series 9475/
> 8-channel digital output > Intrinsically safe outputs Ex ia > For Ex i solenoid valves and display elements > Line fault monitoring per channel > Diagnostics based on NE107 > Module can be replaced in
More informationHow to reduce the integration time Issues and Potential Solutions. Christophe GINESTET
How to reduce the integration time Issues and Potential Solutions Christophe GINESTET August 29th, 2013 Summary SYSTeam Overview The benefits of virtual integration Gateway between virtual and real integration
More informationThe AltaRica 3.0 Project for Model-Based Safety Assessment
The AltaRica 3.0 Project for Model-Based Safety Assessment Tatiana Prosvirnova Michel Batteux Pierre-Antoine Brameret Abraham Cherfi Thomas Friedlhuber Jean-Marc Roussel Antoine Rauzy LIX - Ecole Polytechnique,
More informationIntroduction to AADL 1
Introduction to AADL 1 M. Filali joint work with Bernard Berthomieu, Jean-Paul Bodeveix, Christelle Chaudet, Silvano Dal Zilio, François Vernadat IRIT-CNRS ; University of Toulouse, France LAAS-CNRS ;
More informationINTEGRATING SYSTEM AND SOFTWARE ENGINEERING FOR CERTIFIABLE AVIONICS APPLICATIONS
INTEGRATING SYSTEM AND SOFTWARE ENGINEERING FOR CERTIFIABLE AVIONICS APPLICATIONS Thierry Le Sergent Mathieu Viala Alain Le Guennec Frédéric Roméas thierry.lesergent@esterel-technologies.com mathieu.viala@esterel-technologies.com
More informationWorkpackage WP2.5 Platform System Architecture. Frank Badstübner Ralf Ködel Wilhelm Maurer Martin Kunert F. Giesemann, G. Paya Vaya, H.
Guidelines for application Deliverable n. D25.6 Guidelines for application Sub Project SP2 ADAS development platform Workpackage WP2.5 Platform System Architecture Tasks T2.5.4 Guidelines for applications
More informationthese developments has been in the field of formal methods. Such methods, typically given by a
PCX: A Translation Tool from PROMELA/Spin to the C-Based Stochastic Petri et Language Abstract: Stochastic Petri ets (SPs) are a graphical tool for the formal description of systems with the features of
More informationPeople tell me that testing is
Software Testing Mark Micallef mark.micallef@um.edu.mt People tell me that testing is Boring Not for developers A second class activity Not necessary because they are very good coders 1 What is quality?
More informationCOMPASS GRAPHICAL MODELLER
COMPASS GRAPHICAL MODELLER Viet Yen Nguyen Software Modelling and Verification Group RWTH Aachen University Final Presentation Days, April 2012, ESTEC Christian Dehnert, Joost-Pieter Katoen, Thomas Noll
More informationA Customizable Monitoring Infrastructure for Hardware/Software Embedded Systems
A Customizable Monitoring Infrastructure for Hardware/Software Embedded Systems Martial Chabot and Laurence Pierre TIMA Lab. (CNRS-INPG-UJF), 46 Av. Félix Viallet, 38031 Grenoble, France Abstract. The
More informationPart 2: Basic concepts and terminology
Part 2: Basic concepts and terminology Course: Dependable Computer Systems 2012, Stefan Poledna, All rights reserved part 2, page 1 Def.: Dependability (Verlässlichkeit) is defined as the trustworthiness
More informationManaging Hazards and Incidents Managers, Supervisors and SHR Guide
1.1. Introduction This guide is for Managers, Supervisors and Safety and Health Representatives to help navigate the functions used to manage hazards and incidents in your role as a Manger, Supervisor
More informationInhalt. Description of Certification Procedure ISO 22000, HACCP and DIN 15593
Inhalt 1. CERTIFICATION PROCEDURE... 2 1.1 Audit Preparation... 2 1.2 Audit Stage 1... 2 1.3 Audit Stage 2 Certification Audit... 3 1.4. Issue of Certificate... 3 2. SURVEILLANCE AUDIT... 3 3. RECERTIFICATION
More informationControl engineering information VARYCONTROL VAV Units VAV Compact flow rate controller BC0 BF0
Control engineering information VARYCONTROL VAV Units flow rate controller BC0 BF0 The art of handling air Contents 1 General information 3 Correct use 3 Materials 3 Maintenance 3 2 Field of application,
More informationState IT in Tough Times: Strategies and Trends for Cost Control and Efficiency
State IT in Tough Times: Strategies and Trends for Cost Control and Efficiency NCSL Communications, Financial Services and Interstate Commerce Committee December 10, 2010 Doug Robinson, Executive Director
More informationRNAV 1 Approval Process
RNAV 1 Approval Process JAA Temporary Guidance Material TGL 10 Published November 2000 P-RNAV meets all PBN requirements for RNAV 1 Operations using DME/DME or GNSS EASA transposing JAA guidance into AMC
More informationFlexRay International Workshop. FAN analysis
FlexRay International Workshop 16 th and 17 th April, 2002 Munich FAN analysis Dipl. Inf. Jens Lisner - University of Essen Project FAN - Goals Verify the design of FlexRay in particular: countermeasures
More informationDigital Output Module 8-Channel Version for Zone 1 Series 9475/
www.stahl.de > 8-channel digital output > Intrinsically safe outputs Ex ia > For Ex i solenoid valves and display elements > Additional Ex i control input for "Plant STOP" (acc. IEC61508 up to SIL2) >
More informationIf you have any questions regarding this survey, please contact Marcell Reid at or Thank you for your support!
ABBVIE GLOBAL SUPPLIER SUSTAINBILITY PROGRAM Annual Supplier Sustainability As an important supplier to AbbVie, we would like to document and assess your company s activities and progress regarding sustainability
More informationSyllabus Instructors:
Introduction to Real-Time Systems Embedded Real-Time Software Lecture 1 Syllabus Instructors: Dongsoo S. Kim Office : Room 83345 (031-299-4642) E-mail : dskim@iupui.edu Office Hours: by appointment 2 Syllabus
More information