dependability modelling and assessment of avionics
play

Dependability Modelling and Assessment of Avionics Systems with - PowerPoint PPT Presentation

Dec 11, 2022 •243 likes •447 views

Dependability Modelling and Assessment of Avionics Systems with Altarica. P. Bieber, Ch. Castel, G. Durrieu, Ch. Seguin, C. Pagetti, L. Sagaspe 1 General Problem Avionics are complex systems A380 (safety critical avionics): +100

  1. Dependability Modelling and Assessment of Avionics Systems with Altarica. P. Bieber, Ch. Castel, G. Durrieu, Ch. Seguin, C. Pagetti, L. Sagaspe 1

  2. General Problem • Avionics are complex systems – A380 (safety critical avionics): • +100 computers connected to the main Aicraft network, • ~10 000 data flows transmitted over the network • Structured Design – Modular design • Systems : Flight Control, Flight Management, Flight parameters, … – Layered design • functional architecture/allocation/ hardware architecture • Complex Design Process – Several actors: • System designers -> functional architecture • Platform designers -> hardware architecture • Integrator -> allocation 2

  3. General Goal • Support the safety assessment of avionics systems – using Altarica models – and taking into account the current design process • Apply the approach on case-studies – Dassault Mirage Terrain Following/Terrain Avoidance – Airbus systems (ADIRS, Fuel On Board,…) – Astrium ATV (Automatic Transfer Vehicle) 3

  4. Overview • Avionics Platform Design – Functional and hardware description – Allocation • Safe Resource Allocation Process – Failure Propagation Modelling – Safety Requirements Validation – Independence requirement derivation • Advanced Topics – Allocation Generation by Constraint Solving – Installation related risks – Automatical production of Altarica models – Middleware Modelling 4

  5. Functional Architecture • Function and Data flows VL ADIRU SEC – ADIRU: x3 – SEC: x6 – VL : x18 5

  6. Hardware Architecture Interconnected resources – Bus, Switch, CPU, … 6

  7. Allocation • Described as tables – well formalized at detailed design stages – but often missing at earlier design stages VL_ADIRU1_SEC3A : ADIRU_Hard_1,AFDX_SW- 1,AFDX_SW-1,AFDX_SW- 9,SEC3A 7

  8. Overview • Avionics Platform Design – Functional and hardware description – Allocation • Safe Resource Allocation Process – Failure Propagation Modelling – Safety Requirements Validation – Independence requirement derivation • Advanced Topics – Allocation Generation by Constraint Solving – Installation related risks – Automatical production of Altarica models – Middleware Modelling 8

  9. Functional Architecture Safety Model • Failure Propagation Model built using predefined nodes in an Altarica Library • Qualitative Safety Requirement: – « No double failure of dataflows between ADIRU and SEC shall cause the loss of all SEC functions » – « No double failure of dataflows between ADIRU and SEC shall cause the undetected erroneous behaviour of all SEC functions » 9

  10. Safety Requirement Assessment • Automatic Generation of the fault-tree from the model Size Loss Erroneous 1 0 0 – Generation of minimal cut sets 2 0 0 3 VL_ADIRU1_ADR_SEC1A.fail_erroneous, 0 0 4 0 0 VL_ADIRU2_ADR_SEC1A.fail_erroneous 5 0 0 6 VL_ADIRU1_ADR_SEC1B.fail_erroneous 5832 8748 7 1944 972 VL_ADIRU2_ADR_SEC1B.fail_erroneous 8 216 0 9 8 0 VL_ADIRU1_ADR_SEC2A.fail_erroneous Total 8000 9720 VL_ADIRU2_ADR_SEC2A.fail_erroneous Proba 2.0 e-24 3.0 e-24 – Computation of probabilities 10

  11. Hardware + Allocation models • Hardware model – very basic model • Allocation model – Common cause failure – Use Broadcast to group failure F1 F2 F3 event of the resource with Res failure events of all supported functions and data flows 11

  12. Impact of allocation on Safety requirements • Allocation of shared resources to functions and data- flows creates Common Mode Failures. VL_ADIRU1_ADR_SEC1A.fail_erroneous, VL_ADIRU2_ADR_SEC1A.fail_erroneous Switch1.fail_erroneous VL_ADIRU1_ADR_SEC1B.fail_erroneous Allocate (SEC1A,1B connected to Switch1, VL_ADIRU2_ADR_SEC1B.fail_erroneous SEC2A connected to Switch2) Switch2.fail_erroneous VL_ADIRU1_ADR_SEC2A.fail_erroneous VL_ADIRU2_ADR_SEC2A.fail_erroneous • Compare before/after allocation: • Decrease size of minimal cut sets, • increase probability of FC occurrence 12 • Is this impact acceptable ?

  13. Derivation of Segregation Requirements • Extract segregation requirements from the safety assessment results in order to avoid allocation common mode failures Size Safety Objective Minimal Cut Sets 3 Data-flows shall be segregated 3 Data-flows out of 5 shall be segregated 13

  14. Overview • Avionics Platform Design – Function and architecture description – Allocation • Safe Resource Allocation Process – Failure Propagation Modelling – Safety Requirements Validation – Independence requirement derivation • Advanced Topics – Allocation Generation by Constraint Solving – Installation related risks – Automatical production of Altarica models – Middleware Modelling 14

  15. Allocation Generation by Constraint Solving • Formalisation of allocation constraints – {0,1} linear inequalities . • Variables : – allotc(task,cpu) : {0,1} – allodb(data,bus) : {0,1} connected(cpu,bus) or connected(bus,cpu) : {0,1} – • Inequalities – Any task has to be allocated to one and only cpu allotc(t,c1) +…+ allotc(t,cn) = 1 – Two segregated tasks should not be allocated to the same cpu allotc(t1,c) + allotc(t2,c) + segregated(t1,t2) < 2 – A connection (C,B) is used if there exists a data flow D and its producing task T such D is allocated to B and T is allocated to C. • Criterion – Minimise the number of used connections 15

  16. Tool Support for Constraint Solving • Generation of constraints • Call to solvers (ILOG solver, satzoo) • Visualisation of allocations Goal= 8 16

  17. Installation Related Assessment 3D model • Assess the impact of equipment installation on Safety Requirements • Link functional architecture model with Digital Aircraft mockup (CATIA, IRIS) – Similar to the modelling of allocation of functions on hardware • Study the effect of tyre or engine burst on functions Altarica model 17

  18. ATV Case Study Functional hardware Middleware • Software dependability oriented model: – More detailed functional Architecture, simpler hardware model – Add a model of middleware services « between » functional view and Hardware architecture view to study new kind of failure propagations in the temporal domain 18

  19. Automated Production of Altarica models • Generate dependability models – Industrial need : decrease the modelling effort – AADL (Avionics Architecture Description Language) to Altarica model transformation – AADL models structured in layers • Hardware and allocation : similar to Altarica, easy to transform • Functional architecture : more expressive, not so easy to transform… – AADL Error Annex • AADL special notation for failure propagation models • Adapted for Software failure propagation modelling • Limited tool-support (by now) 19

  20. Conclusion – Further work • Requirement driven engineering – Organize the design activities – Define what models should be built and what analysis should be performed • Models for software dependability – Model more accurately software • Optimise avionics architecture with respect to several viewpoints : – real-time performances, operational reliability, installation, Electro-magnetic Interference, … 20

Recommend

Modelling avionics communicating systems: successes, failures, challenges Marc Boyer ONERA

Modelling avionics communicating systems: successes, failures, challenges Marc Boyer ONERA

Modelling avionics communicating systems: successes, failures, challenges Marc Boyer ONERA The French Aerospace Lab Dagstuhl Seminar on Network Calculus March 8-11, 2015 1/30 Marc Boyer Modelling avionics systems Disclaimer some

345 views • 33 slides
Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of a system can be carried out either: experimentally (heuristic) : a system prototype is built and empirical statistical data are used to evaluate

470 views • 25 slides
MODELLING &amp; ASSESSMENT (RESRAD) Why? Modelling Cant measure everything

MODELLING &amp; ASSESSMENT (RESRAD) Why? Modelling Cant measure everything

MODELLING &amp; ASSESSMENT (RESRAD) Why? Modelling Cant measure everything Need to make predictions when designing new facilities Assessment Waste management and disposal Compliance with regulatory requirements

690 views • 54 slides
Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

8/27/2013 Dependability and Security with Dependability and Security with Clouds of Clouds lessons learned from n years of research Miguel Correia WORKSHOP ON DEPENDABILITY AND INTEROPERABILITY IN WORKSHOP ON DEPENDABILITY AND

657 views • 26 slides
Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino,

Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino,

Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino, Felicita Di Giandomenico ISTI-CNR Joint work with A. Calabro, F. Lonetti, M. Martinucci, P. Masci, N. Nostro, A. Sabetta Outline V&amp;V in C

1.51k views • 109 slides
AVIATION AVIONICS AND INSTRUMENTS Your Premier Supplier of Avionics, Instrument and Accessory MRO

AVIATION AVIONICS AND INSTRUMENTS Your Premier Supplier of Avionics, Instrument and Accessory MRO

AVIATION AVIONICS AND INSTRUMENTS Your Premier Supplier of Avionics, Instrument and Accessory MRO Services 1 Who We Are Premier source for Avionics, Instrument and Accessory MRO - FAA FAR145 maintenance facility Located in Freeport,

488 views • 16 slides
Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos Zarras, Christos Kloukinas, Ferda Tartanoglou 1 Outline Dependability concepts SA and dependability analysis Automated dependability

1.45k views • 87 slides
1 Dependability Management Achieving dependability in WS Architectures Testing web services

1 Dependability Management Achieving dependability in WS Architectures Testing web services

Setting the scene Deutsche Bank AG has agreed to outsource two internal business processes to Accenture Ltd. as part of Dependability of its ambitious program to cut costs and Web Service Architectures increase efficiency by moving

357 views • 7 slides
Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs Institute of Information Technology University of Duisburg-Essen, Germany kochs@uni-duisburg.de safety do, the idea is to extend dependability to

575 views • 3 slides
An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

University Of Paderborn Software Engineering Group Prof. Dr. W. Schfer An Architecture for An Architecture for Configurable Dependability of Configurable Dependability of Application Services Application Services Matthias Tichy

422 views • 11 slides
System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009 Outline 2 Motivation Dependability Definition Dependability attributes Attribute relevance Threads Fault model

717 views • 29 slides
Safety, Dependability and Performance Analysis of Extended AADL Models 1 Marco Bozzano 2 Alessandro

Safety, Dependability and Performance Analysis of Extended AADL Models 1 Marco Bozzano 2 Alessandro

Safety, Dependability and Performance Analysis of Extended AADL Models 1 Marco Bozzano 2 Alessandro Cimatti 2 Marco Roveri 2 Joost-Pieter Katoen 1 Viet Yen Nguyen 1 Thomas Noll 1 1 Software Modelling and Verification Group RWTH Aachen University,

833 views • 54 slides
Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University ICSE Workshop on Architecting Dependable Systems May 2002 scher lis@cmu.edu Dependability and Architecture Dependability Reliance that

158 views • 13 slides
Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

The trade-off betw een energy consumption and dependability consumption and dependability Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology Gteborg, Sweden Trade-offs in Computer System Design

363 views • 22 slides
Dependability in the real world Dependability in the real world p Dependability needs arise from

Dependability in the real world Dependability in the real world p Dependability needs arise from

P redicting redicting V alue from alue from D esign esign Mary Shaw with Ashish Arora, Shawn Butler, Vahe Poladian, Chris Scaffidi Carnegie Mellon University http://www.cs.cmu.edu/~shaw/ Institute for Software Research, International 1

654 views • 63 slides
Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor {tim,johnmc}@cs.clemson.edu School of Computing Clemson University 1 Problem Statement How do we predict and evaluate the dependability of a software

733 views • 24 slides
Lip6 meeting Sharing perspectives 20 th February 2019 Avionics Products &amp; Simulation -

Lip6 meeting Sharing perspectives 20 th February 2019 Avionics Products &amp; Simulation -

Lip6 meeting Sharing perspectives 20 th February 2019 Avionics Products &amp; Simulation - Missions Airbus Avionics Equipment supplier Simulations Models &amp; Platforms provider Develop excellence on the full scope of hardware Develop

228 views • 8 slides
DENETS ghly DE pendable IP-based NET works and S ervices NODES Winter School and Seminar

DENETS ghly DE pendable IP-based NET works and S ervices NODES Winter School and Seminar

Dependability Assessment of Two Network Supported Automotive Applications Ossama Hamouda, Mohamed Kaniche, Karama Kanoun DENETS ghly DE pendable IP-based NET works and S ervices NODES Winter School and Seminar Dependability and Computer

498 views • 37 slides
Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano

Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano

Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano Overview Dependability : &quot; [..] the trustworthiness of a computing system which allows reliance to be justifiably placed on the service it delivers

818 views • 30 slides
CPS Applications Heechul Yun Note: Some slides are adopted from Prof. Pellizzoni 1 Outline

CPS Applications Heechul Yun Note: Some slides are adopted from Prof. Pellizzoni 1 Outline

CPS Applications Heechul Yun Note: Some slides are adopted from Prof. Pellizzoni 1 Outline Avionics Automotive Systems 2 Avionics Electronic systems on an aircraft Avionics = Aviation + electronics Multiple subsystems:

797 views • 50 slides
Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on

Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on

UVA Dependability Research Group Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on Architecting Dependable Systems John Knight University of Virginia Joint work with Elisabeth Strunk UVA

566 views • 40 slides
Integrated Modular Integrated Modular Federal Aviation Administration Avionics Approval

Integrated Modular Integrated Modular Federal Aviation Administration Avionics Approval

Integrated Modular Integrated Modular Federal Aviation Administration Avionics Approval Avionics Approval Concerns Concerns Presented to: FAA Software and Airborne Electronic Hardware Conference By: Gregg Bartley ANM-111/AIR-20 Date: August

488 views • 32 slides
Modelling Security of Critical Infrastructures: A Survivability Assessment guez , Jos e

Modelling Security of Critical Infrastructures: A Survivability Assessment guez , Jos e

Modelling Security of Critical Infrastructures: A Survivability Assessment guez , Jos e Merseguer , Simona Bernardi Ricardo J. Rodr { rjrodriguez, jmerse, simonab } @unizar.es All wrongs reversed Dpto. de Inform

983 views • 39 slides
Dependability Evaluation Robin Bloomfield, Bev Littlewood Centre for Software Reliability, City

Dependability Evaluation Robin Bloomfield, Bev Littlewood Centre for Software Reliability, City

no: 1 Dependability Evaluation Robin Bloomfield, Bev Littlewood Centre for Software Reliability, City University, London Adelard, London December 2001 CSR no: 2 Background ! Dependability problems no longer simply concern computer systems

117 views • 7 slides

More recommend