Integrated Modular Avionics Development Guidance and Certification Considerations

Similar documents
Development Guidance and Certification Considerations

List of proposed requirements for Avionics domain Annex D1.1.b to deliverable D1.1

IBM Rational Rhapsody

Incremental Functional Certification (IFC) on Integrated Modular Avionics (IMA)

IBM Rational Rhapsody

Certification Management Application Tool for Aircraft Certification Management

TERMS OF REFERENCE Special Committee (SC) 214 Standards for Air Traffic Data Communication Services Revision 10

Reaching for the sky with certified and safe solutions for the aerospace market

TERMS OF REFERENCE Special Committee (SC) 222 AMS(R)S Systems Revision 9

TERMS OF REFERENCE Special Committee (SC) 214 Standards for Air Traffic Data Communication Services Revision 11

Database Integrity Policy for Aeronautical Data

TERMS OF REFERENCE Special Committee (SC) 222 AMS(R)S Systems Revision 10

Aviation Cyber Security Efforts

3 August Software Safety and Security Best Practices A Case Study From Aerospace

Request for Proposal To develop and teach a Training Course on RTCA Airworthiness Security Documents (DO-326A, DO-355, and DO-356A)

FAA Order Simple And Complex Electronic Hardware Approval Guidance. Federal Aviation Administration

TERMS OF REFERENCE. Special Committee (SC) 223

Certification Authorities Software Team (CAST) Position Paper CAST-25

ISO/IEC JTC 1 N 13145

DO-330/ED-215 Benefits of the new Tool Qualification

AVIATION CYBER SECURITY TRAINING

RNAV 1 Approval Process

SAE IVHM Initiative. PHM Standards Panel PHM Society Conference Minneapolis September 26th David Alexander SAE Aerospace Standards Europe

HM-1 Committee for Integrated Vehicle Health Management. PHM Society Panel Discussion September 26, 2012

Composite Safety & Certification Initiatives

MARPA DOCUMENT MARPA Revision 1.1

CABIN MAINTENANCE. PANEL DISCUSSION WITH Michael Sattler, SR Technics Alex Laybros, Honeywell Ron van Baaren, CEO, ADSE.

ARINC Project Initiation/Modification (APIM)

Presented by Greg Pollari (Rockwell Collins) and Nigel Shaw (Eurostep)

WIND RIVER ANSWERS TO 50 QUESTIONS TO ASK YOUR ARINC 653 VENDOR

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

INTEGRATING SYSTEM AND SOFTWARE ENGINEERING FOR CERTIFIABLE AVIONICS APPLICATIONS

AQMS AUDITOR APPLICATION GUIDE

Software Reuse in Safety-Critical Systems. Master s Thesis Rochester Institute of Technology. Leanna Rierson

Methodology Handbook. Efficient Development of Safe Avionics Display Software with DO-178B Objectives Using Esterel SCADE. Third Edition (Revision 1)

MARPA DOCUMENT MARPA 1100 DRAFT

Indian Technical Standard Order

STRAWMAN 1 ARINC 628, SECTION 18 CABIN AND CARGO VIDEO SURVEILLANCE. This draft dated: June 2018

ISO/IEC JTC1/SC7 /N4314

ICAO S COOPERATIVE NETWORK OF TRAINING CENTRES

Safety Assurance in Software Systems From Airplanes to Atoms

Overview of Potential Software solutions making multi-core processors predictable for Avionics real-time applications

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Submission of information in the public consultation on potential candidates for substitution under the Biocidal Products Regulation

Model-Based Safety Approach for Early Validation of Integrated and Modular Avionics Architectures

Green Star Volume Certification. Process Guide

Scheme Document. For more information or help with your application contact BRE Global on +44 (0) or

S1000D Modularization Task Team

MEETING MINUTES OF THE TWENTY-NINTH MEETING JOINT RTCA SPECIAL COMMITTEE 217 EUROCAE WORKING GROUP

Introduction. Content. Training Course NAA Inspectors Training Course - Initial Airworthiness. Location(s) / Date(s) List price September 2019

GPM0002 E9171-based Graphics/Compute Engine

European Aviation Safety Agency

UK EPR GDA PROJECT. Name/Initials Date 30/06/2011 Name/Initials Date 30/06/2011. Resolution Plan Revision History

INSTALLATION SPECIFICATION DIGITAL TO FINE/COURSE XYZ SYNCHRO MODEL, ADC-600, P/N

Just-In-Time Certification

QUALITY ASSURANCE POLICY. Quality Assurance Policy. September 2016 Version 2.0 Policy authorised by Responsible Officer

NZQA registered unit standard 8086 version 7 Page 1 of 5. Demonstrate knowledge required for quality auditing

UK-led international standards for BIM

Verification of Requirements For Safety-Critical Software

Qualification details

Notice of Proposed Amendment Aircraft cybersecurity

The U.S. Government s Role in Standards and Conformity Assessment

Requirements for Aerospace Supplier Quality System Certification / Registration schemes for use by the IAQG Sectors

SCADE. SCADE Display Graphical Prototyping and Design. Tailored for Critical Embedded HMIs EMBEDDED SOFTWARE

CRD - NPA 11/ May 2005 Page 1 of 14 I-B. Paragraph CS / F. Fagegaltier

JARUS RECOMMENDATIONS ON THE USE OF CONTROLLER PILOT DATA LINK COMMUNICATIONS (CPDLC) IN THE RPAS COMMUNICATIONS CONTEXT

CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS

Fundamentals to Creating Architectures using ISO/IEC/IEEE Standards

KENYA ACCREDITATION SERVICE

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Efficient Development of Airborne Software with SCADE Suite

REDUCING CERTIFICATION GRANULARITY TO INCREASE ADAPTABILITY OF AVIONICS SOFTWARE

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Advisory Circular (AC)

ICB Industry Consultation Body

Rapid Integration Framework (RIF)

ehealth Network ehealth Network Governance model for the ehealth Digital Service Infrastructure during the CEF funding

Position Paper. Minimal Multicore Avionics Certification Guidance

Revised November EFESC Handbook

List of EA Publications. And International. Documents

National Certificate in Civil Defence (Response) (Level 2)

Product certification scheme requirements. Solar Photovoltaic Modules

Integration of Mixed Criticality Systems on MultiCores: Limitations, Challenges and Way ahead for Avionics

Engineering for System Assurance Legacy, Life Cycle, Leadership

List of EA Publications. Documents

Qualification details

SECTION C CATEGORY A MAINTENANCE CERTIFYING MECHANIC

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

AQMS AUDITOR AUTHENTICATION BODY AQMS AUDITOR APPLICATION GUIDE

Module 6: Network and Information Security and Privacy. Session 3: Information Security Methodology. Presenter: Freddy Tan

E9171-based Graphics/Compute Engine

Alternative Compliance with Required Navigation Performance Authorization Required (RNP AR) Database Validation Requirements

ARINC Project Initiation/Modification (APIM)

Introduction to IAEG International Aerospace Environmental Group

National Diploma in Fire and Rescue Services (Vegetation Fire Fighting - Management) (Level 5)

Practical Use of FPGAs and IP in DO-254 Compliant Systems

MCGILL UNIVERSITY/PEOPIL CONFERENCE DUBLIN OCTOBER 2018

Quality Assurance and esecurity

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

Qualification details

Transcription:

René L.C. Eveleens National Aerospace Laboratory NLR P.O. Box 90502 1006BM Amsterdam Netherlands eveleens@nlr.nl ABSTRACT From 2001 to 2005 a working group within the European Organisation for Civil Aviation Equipment (EUROCAE) has been working on the definition of development guidance and certification considerations for Integrated Modular Avionics. This paper explains the standardised terminology, the concept of incremental acceptance, the certification tasks and associated certification data and the many objectives defined in this guidance document, which will be published in 2006 as ED-124. 1.0 INTRODUCTION The use of Integrated Modular Avionics (IMA) is rapidly expanding and is found in all classes of aircraft. In recognition of this rapid growth RTCA established Special Committee 200 (SC-200) and EUROCAE established Working Group 60 (WG-60) to jointly develop a document that could be used as guidance in the design, development and application of IMA. This paper explains the background of this document, introduced the terminology and processes required for a smooth certification process of IMA. 2.0 BACKGROUND At the start of this century, within the avionics industry it was felt that there was a urgent need for guidance on development processes and certification issues for modular avionics. The modular avionics technology had come to a maturity level and industry was now ready to bring products to the market. Biggest challenge within this area is that modular avionics is a composition of building blocks, preferably supplied by different companies in the supply chain. Each supplier is supposed to bring its part to a certain level of qualification, and after this a system integrator can use these pre-qualified part in the overall certification process. To face this challenge EUROCAE founded a working group (number 60) in September 2001, which was tasked to define this guidance. Later, in November 2002, there was a merge with an RTCA steering committee (number 200). The mission of this joint working group was to propose, document and deliver means to support the certification (or approval) of modular avionics, systems integration, and hosted applications, including considerations for installation and continued airworthiness in all categories and classes of aircraft. Besides this mission, the term of reference for both WG60 and SC200 stated that the group would define key characteristics of modular avionics, define specific issues in regulatory materials and practices, aims Eveleens, R.L.C. (2006) Integrated Modular Avionics. In Mission Systems Engineering (pp. 4-1 4-18). Educational Notes RTO-EN-SCI-176, Paper 4. Neuilly-sur-Seine, France: RTO. Available from: http://www.rto.nato.int. RTO-EN-SCI-176 4-1

for stand-alone approval of individual building blocks, assure the re-use of accepted process, data, product, etc., tackle safety and performance issues, involve certification authorities and support TSO, AC, ACJ production, and have a close working relationship with other groups. During its existence the group has had a wide participation from industry (both avionics industry and aircraft integrators), certification authorities and research establishments. The final document was delivered end of 2005. RTCA has issued the document as DO-297. EUROCAE is planning to issue the document in 2006 as ED-124. 3.0 IMA TERMINOLOGY Before entering the details of development and certification processes it is important to define a common set of terminology to be use with respect to integrated modular avionics. 1 N (Software) ( Specific Hardware) (Software) Avionics Function Specific General Purpose Platform () Shared Resources (Software) (Software) (Hardware or Software) (Hardware or Software) (Hardware or Software) (Hardware or Software) Figure 1: IMA terminology The design terminology as depicted in Figure 1 [1] defines a clear distinction between IMA elements that are general purpose and those that are specific to the avionics function. When focussing on the general purpose elements there is a top-level definition for what is called a platform. In fact a platform can consist of one or more modules which can be hardware or software components. Another specific property of a platform is the fact that it has core software inside and that it can host the IMA applications. Another important term that needs to be introduced and defined is acceptance. Within the context of IMA this is defined as [1]: Acknowledgement by the certification authority that the module, application, or system complies with its defined requirements. Acceptance is recognition by the certification authority (typically in the form of a letter or stamped data sheet) signifying that the submission of data, justification, or claim of equivalence satisfies applicable guidance or requirements. The goal of acceptance is to achieve credit for future use in a certification project. The IMA building block (i.e. platform or module), 4-2 RTO-EN-SCI-176

together with the certification data that has received this acceptance, can now be used in an incremental way, building up and integrating the IMA architecture. This process is called incremental acceptance. Finally, this incremental acceptance will facilitate the certification process. 4.0 INTEGRATION AND ACCEPTANCE The development process and the certification process of IMA are very much correlated. Starting from scratch, the development process will follow a traditional V-model approach. However, ideally the development of the platform and the hosted applications is performed in parallel, which in fact forms a double-v-model. One must keep in mind that the applications can never receive stand-alone acceptance without a reference platform. Therefore, the integration steps (i.e. the upward leg of both V-models) are strongly connected, and therefore this process is better known as W-model. Task 1 Platform Task 2 Task 3 IMA System (off aircraft) Task 4 Aircraft Integration Specific Hardware Task 5 / Task 6 Figure 2: Certification tasks For each integration step a certification task can be defined, as depicted in Figure 2 [1]. Starting at the lowest level (bottom of the V) the process starts with the integration of components and modules into a platform. The certification task performed here is the platform or module acceptance. Once one application gets integrated onto the platform it will result in an application acceptance. IMA acceptance is achieved when integrating multiple applications with the platform and with one another. Then the aircraft integration task is performed when integrating the IMA system within the aircraft and with the other aircraft systems. Finally, changing the IMA system or re-using the installation in another aircraft are special cases within the acceptance process. 5.0 CERTIFICATION DATA The different certification tasks need to accepted by the certification authorities. In order to streamline this process a pre-defined set of certification data is defined. This set is strongly correlated to the know processes for defined in earlier RTCA/EUROCAE documents, for example DO-178/ED-12 [2] and DO- 254/ED-80 [3]. RTO-EN-SCI-176 4-3

Aircraft-Level IMA Certification Plan and V&V Plan System-Level IMA Certification Plan and V&V Plan / Acceptance Plan #1 Acceptance Plan #n Figure 3: IMA planning data Figure 3 [1]shows how the planning data is related within the IMA certification process. Starting at the top-level, the Aircraft-Level IMA certification plan and verification and validation (V&V) plan should describe how the process will be performed. The lower level document fit within this scheme. At the bottom level there are the traditional plans for software/hardware aspects of certification (PSAC/PHAC) together with the environmental qualification plans (EQP). The same document trees are defined for requirements data and compliance data. 6.0 CONCLUSIONS Integrated Modular Avionics technology has introduced the possibility to fragment the certification process into several steps, which is called incremental acceptance. The incremental process will benefit from a common understanding and common approach to IMA development and certification. The document recently published by RTCA and shortly to be published by EUROCAE has a wide acceptance of both industry and certification authorities. The document provides guidance on a common development process and defines the related certification tasks. It is strongly recommended to use this guidance in future IMA projects. 4-4 RTO-EN-SCI-176

7.0 REFERENCES [1] RTCA DO-297 / EUROCAE ED-124 (to be issued), Integrated Modular Avionics (IMA) [2] RTCA DO-178 / EUROCAE ED-12, Software Considerations in Airborne Systems and Equipment Certification. [3] RTCA DO-254 / EUROCAE ED-80, Design Assurance Guidance for Airborne Electronic Hardware RTO-EN-SCI-176 4-5

ANNEX: PRESENTATION SLIDES Integrated Modular Avionics René L.C. Eveleens National Aerospace Laboratory NLR P.O. Box 90502 1006BM Amsterdam RTO SCI LS-176: Mission System Engineering November 2006 Overview IMA Certification Guidance introduction to avionics certification processes certification guidance EUROCAE WG60 background the definition of IMA goal of the guidance document the concept of "incremental acceptance" IMA certification guidance document conclusion IMA development guidance and certification considerations Nov2006 2 4-6 RTO-EN-SCI-176

Introduction System verification (1/2) differences / similarities with normal testing? main difference certification by an independent third party: certification authority other differences / similarities basically depend on your development and testing maturity... no requirements means: testing in the dark! IMA development guidance and certification considerations Nov2006 3 Introduction System verification (2/2) verification according to RTCA DO-178 the evaluation of the results of a process to ensure correctness and consistency with respect to the inputs and standards to that process. testing according to RTCA DO-178 the process of exercising a system or system component to verify that it satisfies specified requirements and to detect errors. but testing cannot show the absence of errors therefore extensive verification effort required requirements analysis and traceability consistent documentation IMA development guidance and certification considerations Nov2006 4 RTO-EN-SCI-176 4-7

Introduction Certification processes INTENDED AIRCRAFT FUNCTION Function, Failure and Safety Information Safety Assessment [SAE ARP 4761] Avionics System Development Processes [SAE ARP4754] System Design Functional System Functions and requirements Supporting Processes Hardware Development Life-Cycle [RTCA DO-254] Software Development Life-Cycle [RTCA DO178B] Certification Coordination Safety Assessment Requirements Validation Implementation verification Configuration Management Process Assurance Avionics System Integration and Test Qualification Avionics/Electronics Integrity Program CERTIFICATION GUIDANCE THROUGH: SAE ARP 4754 Certification considerations for highly-integrated or complex aircraft systems SAE ARP 4761 Safety Assessment Process Guidelines & Methods RTCA DO-178B Software Considerations in Airborne Systems and Equipment Certification RTCA DO-254 EUROCAE ED-80 Design Assurance Guidance for Airborne Electronic Hardware RTCA DO-160D Environmental Test Specifications MIL-HDBK-87244 (USAF) Avionics/Electronics Integrity Concept Exploration Demonstration/Validation Engineering/Manufacturing Development Production Operation & Support IMA development guidance and certification considerations Nov2006 5 Certification guidance DO-178B overview: introduction Not a development standard: a guideline for certification Emphasis on requirements-based development Emphasis on verification/testing Based on a system safety assessment, software is assigned a safety criticality level Safety according to DO-178B: increasing verification/testing effort with increasing software levels IMA development guidance and certification considerations Nov2006 6 4-8 RTO-EN-SCI-176

Certification guidance Software criticality levels Software Level Aircraft level Criticality Meaning A Catastrophic Aircraft destroyed, Many fatalities B Hazardous Damage to aircraft, Crew overextended, Occupants hurt, some fatal C Major Large reduction in safety margins, occupants injury D Minor Little effect on operation of aircraft and crew workload E No effect No effect on operation of aircraft or crew workload IMA development guidance and certification considerations Nov2006 7 Certification guidance Life cycle processes Software planning process (1 table with process objectives and outputs by software level) Software development processes (1 table) Software verification processes (5 tables) [next slide] Software configuration management process (1 table) Software quality assurance process (1 table) Certification liaison process (1 table) IMA development guidance and certification considerations Nov2006 8 RTO-EN-SCI-176 4-9

Certification guidance Objective tables (example) IMA development guidance and certification considerations Nov2006 9 Certification guidance Software Lifecycle Data Items Plan for Sw Aspects of Cert. (PSAC) Software Dev. Plan Executable Object Code Software Ver. Plan Software Ver Cases and Procs Software CM Plan Software Verification Results Software QA Plan Software LifeCycle Environment Software Rqmts Stnds Software Design Stnds Software Code Stnds Software Rqmts Data Design Description Source Code Configuration Index Software Configuration Index Problem Reports Software CM Records Software Quality Assurance Records SW Accomplishments Summary IMA development guidance and certification considerations Nov2006 10 4-10 RTO-EN-SCI-176

Certification guidance The DO-178B verification/testing process: (global) specification Level E: no activities (DO-178B not applicable) Level D: test coverage of high-level requirements Level C: level D + test coverage of low-level requirements + structural coverage: 100 % statement coverage Level B: level C + structural coverage: 100 % decision coverage Level A: level B + structural coverage: 100 % modified condition/decision coverage, based on object code IMA development guidance and certification considerations Nov2006 11 WG60/SC200 background -facts EUROCAE WG60 (start: Sept 2001) title: Integrated Modular Avionics (IMA) joined with RTCA SC-200 (Nov 2002) chairmen and secretaries WG60 co-chair: René Eveleens (NLR) WG60 co-secretary: David Brown (Airbus UK) SC200 co-chair: Cary Spitzer (Avionicon) SC200 co-secretary: John Lewis (FAA) IMA development guidance and certification considerations Nov2006 12 RTO-EN-SCI-176 4-11

WG60/SC200 background -mission propose, document and deliver means to support the certification (or approval) of modular avionics, systems integration, and hosted applications, including considerations for installation and continued airworthiness in all categories and classes of aircraft IMA development guidance and certification considerations Nov2006 13 WG60/SC200 background -terms of reference modular avionics define key characteristics specific issues in regulatory materials and practices stand-alone approval re-use of accepted process, data, product, etc. safety and performance issues involvement of certification authorities support TSO, AC, ACJ production close working relationship with other groups other topics fault management and health monitoring, safety, environmental qualification, configuration management, development assurance, incremental qualification, single-event-upset, electrical systems, etc. IMA development guidance and certification considerations Nov2006 14 4-12 RTO-EN-SCI-176

WG60/SC200 background -participants wide participation industry (avionics and aircraft integrators) certification authorities research establishments overview of companies involved FAA, CAA, DGAC, Airbus, Boeing, Honeywell, NASA, ARINC, Thales, Rockwell Collins, Diehl, Smiths Aerospace, Transport Canada, BAE Systems, NLR, TTTech, Pilatus etc. IMA development guidance and certification considerations Nov2006 15 WG60/SC200 background - status IMA development guidance and certification considerations RTCA issued DO-297 EUROCAE planned to issue ED-124 IMA development guidance and certification considerations Nov2006 16 RTO-EN-SCI-176 4-13

the definition of IMA -terminology 1 N (Software) ( Specific Hardware) (Software) Avionics Function Specific General Purpose Platform () Shared Resources (Software) (Software) (Hardware or Software) (Hardware or Software) (Hardware or Software) (Hardware or Software) IMA development guidance and certification considerations Nov2006 17 the definition of IMA -periphery goal availability integrity safety health monitoring and fault management composability stakeholders certification authorities certification applicant IMA system integrator platform and module suppliers application suppliers maintenance organization IMA development guidance and certification considerations Nov2006 18 4-14 RTO-EN-SCI-176

the definition of IMA -characteristics key characteristics platform and hosted applications shared resources robust partitioning application programming interface (API) health monitoring and fault management Typical Hardware s Typical Software s Common Hardware Back Plane Power Supply CPU & Memory Data Bus Real Time Executive Built-in Test On-board Maintenance System Protocol I/O Processing Common Software Specific Software Specific Hardware I/O IMA development guidance and certification considerations Nov2006 19 goal of the guidance document quote WG60/SC200 mission: support the certification (or approval) of modular avionics, systems integration, and hosted applications, including considerations for installation and continued airworthiness in all categories and classes of aircraft IMA development guidance and certification considerations Nov2006 20 RTO-EN-SCI-176 4-15

the concept of incremental acceptance definition a process for obtaining credit toward approval and certification by accepting or finding that an IMA module, application, and/or off-aircraft IMA system complies with specific requirements. Credit granted for individual tasks contributes to the overall certification goal Integration Activity Integrate components and/or modules to form a platform Acceptance Tasks Task 1 and/or platform acceptance Integrate a single application with the platform Task 2 acceptance (software and/or hardware) Integrate multiple applications with the platform(s) and one another Task 3 IMA system acceptance Integrate IMA system with aircraft and its systems Identify changes and their impacts, and need for re-verification Identify and use IMA components on other IMA systems and installations Task 4 Task 5 Task 6 Aircraft integration Change Reuse IMA development guidance and certification considerations Nov2006 21 document - certification tasks Task 1 Platform Task 2 Task 3 IMA System (off aircraft) Task 4 Aircraft Integration Specific Hardware Task 5 / Task 6 IMA development guidance and certification considerations Nov2006 22 4-16 RTO-EN-SCI-176

document - certification data Aircraft-Level IMA Certification Plan and V&V Plan System-Level IMA Certification Plan and V&V Plan / Acceptance Plan #1 Acceptance Plan #n IMA development guidance and certification considerations Nov2006 23 document - objective tables example: IMA platform development process objectives ID Objective Summary Doc ref Life Cycle Data Description Life Cycle Data Reference Control Category 1 Failure reporting process is defined and in place to support continued airworthiness requirements for IMA system components which may be used in more that one IMA system. 3.6 Aircraft Instructions for Continued Airworthiness and/or IMA System Certification Plan (or other lower level component s plan) ICAW CC1 IMA development guidance and certification considerations Nov2006 24 RTO-EN-SCI-176 4-17

Conclusion conclusion IMA certification considerations document jointly prepared by RTCA / EUROCAE DO-297 / ED-124 incremental acceptance guidance on definition of IMA design considerations certification tasks broad scope of stakeholders wide acceptance industry certification authorities IMA development guidance and certification considerations Nov2006 25 4-18 RTO-EN-SCI-176

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback