dependability modelling and assessment of avionics
play

Dependability Modelling and Assessment of Avionics Systems with - PowerPoint PPT Presentation

Dec 11, 2022 •243 likes •445 views

Dependability Modelling and Assessment of Avionics Systems with Altarica. P. Bieber, Ch. Castel, G. Durrieu, Ch. Seguin, C. Pagetti, L. Sagaspe 1 General Problem Avionics are complex systems A380 (safety critical avionics): +100

  1. Dependability Modelling and Assessment of Avionics Systems with Altarica. P. Bieber, Ch. Castel, G. Durrieu, Ch. Seguin, C. Pagetti, L. Sagaspe 1

  2. General Problem • Avionics are complex systems – A380 (safety critical avionics): • +100 computers connected to the main Aicraft network, • ~10 000 data flows transmitted over the network • Structured Design – Modular design • Systems : Flight Control, Flight Management, Flight parameters, … – Layered design • functional architecture/allocation/ hardware architecture • Complex Design Process – Several actors: • System designers -> functional architecture • Platform designers -> hardware architecture • Integrator -> allocation 2

  3. General Goal • Support the safety assessment of avionics systems – using Altarica models – and taking into account the current design process • Apply the approach on case-studies – Dassault Mirage Terrain Following/Terrain Avoidance – Airbus systems (ADIRS, Fuel On Board,…) – Astrium ATV (Automatic Transfer Vehicle) 3

  4. Overview • Avionics Platform Design – Functional and hardware description – Allocation • Safe Resource Allocation Process – Failure Propagation Modelling – Safety Requirements Validation – Independence requirement derivation • Advanced Topics – Allocation Generation by Constraint Solving – Installation related risks – Automatical production of Altarica models – Middleware Modelling 4

  5. Functional Architecture • Function and Data flows VL ADIRU SEC – ADIRU: x3 – SEC: x6 – VL : x18 5

  6. Hardware Architecture Interconnected resources – Bus, Switch, CPU, … 6

  7. Allocation • Described as tables – well formalized at detailed design stages – but often missing at earlier design stages VL_ADIRU1_SEC3A : ADIRU_Hard_1,AFDX_SW- 1,AFDX_SW-1,AFDX_SW- 9,SEC3A 7

  8. Overview • Avionics Platform Design – Functional and hardware description – Allocation • Safe Resource Allocation Process – Failure Propagation Modelling – Safety Requirements Validation – Independence requirement derivation • Advanced Topics – Allocation Generation by Constraint Solving – Installation related risks – Automatical production of Altarica models – Middleware Modelling 8

  9. Functional Architecture Safety Model • Failure Propagation Model built using predefined nodes in an Altarica Library • Qualitative Safety Requirement: – « No double failure of dataflows between ADIRU and SEC shall cause the loss of all SEC functions » – « No double failure of dataflows between ADIRU and SEC shall cause the undetected erroneous behaviour of all SEC functions » 9

  10. Safety Requirement Assessment • Automatic Generation of the fault-tree from the model Size Loss Erroneous 1 0 0 – Generation of minimal cut sets 2 0 0 3 VL_ADIRU1_ADR_SEC1A.fail_erroneous, 0 0 4 0 0 VL_ADIRU2_ADR_SEC1A.fail_erroneous 5 0 0 6 VL_ADIRU1_ADR_SEC1B.fail_erroneous 5832 8748 7 1944 972 VL_ADIRU2_ADR_SEC1B.fail_erroneous 8 216 0 9 8 0 VL_ADIRU1_ADR_SEC2A.fail_erroneous Total 8000 9720 VL_ADIRU2_ADR_SEC2A.fail_erroneous Proba 2.0 e-24 3.0 e-24 – Computation of probabilities 10

  11. Hardware + Allocation models • Hardware model – very basic model • Allocation model – Common cause failure – Use Broadcast to group failure F1 F2 F3 event of the resource with Res failure events of all supported functions and data flows 11

  12. Impact of allocation on Safety requirements • Allocation of shared resources to functions and data- flows creates Common Mode Failures. VL_ADIRU1_ADR_SEC1A.fail_erroneous, VL_ADIRU2_ADR_SEC1A.fail_erroneous Switch1.fail_erroneous VL_ADIRU1_ADR_SEC1B.fail_erroneous Allocate (SEC1A,1B connected to Switch1, VL_ADIRU2_ADR_SEC1B.fail_erroneous SEC2A connected to Switch2) Switch2.fail_erroneous VL_ADIRU1_ADR_SEC2A.fail_erroneous VL_ADIRU2_ADR_SEC2A.fail_erroneous • Compare before/after allocation: • Decrease size of minimal cut sets, • increase probability of FC occurrence 12 • Is this impact acceptable ?

  13. Derivation of Segregation Requirements • Extract segregation requirements from the safety assessment results in order to avoid allocation common mode failures Size Safety Objective Minimal Cut Sets 3 Data-flows shall be segregated 3 Data-flows out of 5 shall be segregated 13

  14. Overview • Avionics Platform Design – Function and architecture description – Allocation • Safe Resource Allocation Process – Failure Propagation Modelling – Safety Requirements Validation – Independence requirement derivation • Advanced Topics – Allocation Generation by Constraint Solving – Installation related risks – Automatical production of Altarica models – Middleware Modelling 14

  15. Allocation Generation by Constraint Solving • Formalisation of allocation constraints – {0,1} linear inequalities . • Variables : – allotc(task,cpu) : {0,1} – allodb(data,bus) : {0,1} connected(cpu,bus) or connected(bus,cpu) : {0,1} – • Inequalities – Any task has to be allocated to one and only cpu allotc(t,c1) +…+ allotc(t,cn) = 1 – Two segregated tasks should not be allocated to the same cpu allotc(t1,c) + allotc(t2,c) + segregated(t1,t2) < 2 – A connection (C,B) is used if there exists a data flow D and its producing task T such D is allocated to B and T is allocated to C. • Criterion – Minimise the number of used connections 15

  16. Tool Support for Constraint Solving • Generation of constraints • Call to solvers (ILOG solver, satzoo) • Visualisation of allocations Goal= 8 16

  17. Installation Related Assessment 3D model • Assess the impact of equipment installation on Safety Requirements • Link functional architecture model with Digital Aircraft mockup (CATIA, IRIS) – Similar to the modelling of allocation of functions on hardware • Study the effect of tyre or engine burst on functions Altarica model 17

  18. ATV Case Study Functional hardware Middleware • Software dependability oriented model: – More detailed functional Architecture, simpler hardware model – Add a model of middleware services « between » functional view and Hardware architecture view to study new kind of failure propagations in the temporal domain 18

  19. Automated Production of Altarica models • Generate dependability models – Industrial need : decrease the modelling effort – AADL (Avionics Architecture Description Language) to Altarica model transformation – AADL models structured in layers • Hardware and allocation : similar to Altarica, easy to transform • Functional architecture : more expressive, not so easy to transform… – AADL Error Annex • AADL special notation for failure propagation models • Adapted for Software failure propagation modelling • Limited tool-support (by now) 19

  20. Conclusion – Further work • Requirement driven engineering – Organize the design activities – Define what models should be built and what analysis should be performed • Models for software dependability – Model more accurately software • Optimise avionics architecture with respect to several viewpoints : – real-time performances, operational reliability, installation, Electro-magnetic Interference, … 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Modelling avionics communicating systems: successes, failures, challenges Marc Boyer ONERA

Modelling avionics communicating systems: successes, failures, challenges Marc Boyer ONERA

Modelling avionics communicating systems: successes, failures, challenges Marc Boyer ONERA The French Aerospace Lab Dagstuhl Seminar on Network Calculus March 8-11, 2015 1/30 Marc Boyer Modelling avionics systems Disclaimer some

345 views • 33 slides
Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of a system can be carried out either: experimentally (heuristic) : a system prototype is built and empirical statistical data are used to evaluate

470 views • 25 slides
MODELLING &amp; ASSESSMENT (RESRAD) Why? Modelling Cant measure everything

MODELLING &amp; ASSESSMENT (RESRAD) Why? Modelling Cant measure everything

MODELLING &amp; ASSESSMENT (RESRAD) Why? Modelling Cant measure everything Need to make predictions when designing new facilities Assessment Waste management and disposal Compliance with regulatory requirements

690 views • 54 slides
Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

8/27/2013 Dependability and Security with Dependability and Security with Clouds of Clouds lessons learned from n years of research Miguel Correia WORKSHOP ON DEPENDABILITY AND INTEROPERABILITY IN WORKSHOP ON DEPENDABILITY AND

657 views • 26 slides
Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino,

Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino,

Dependability and Performance Assessment of Dynamic C ONNECT ed Systems Antonia Bertolino, Felicita Di Giandomenico ISTI-CNR Joint work with A. Calabro, F. Lonetti, M. Martinucci, P. Masci, N. Nostro, A. Sabetta Outline V&amp;V in C

1.51k views • 109 slides
AVIATION AVIONICS AND INSTRUMENTS Your Premier Supplier of Avionics, Instrument and Accessory MRO

AVIATION AVIONICS AND INSTRUMENTS Your Premier Supplier of Avionics, Instrument and Accessory MRO

AVIATION AVIONICS AND INSTRUMENTS Your Premier Supplier of Avionics, Instrument and Accessory MRO Services 1 Who We Are Premier source for Avionics, Instrument and Accessory MRO - FAA FAR145 maintenance facility Located in Freeport,

488 views • 16 slides
Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture &amp; Dependability Valrie Issarny INRIA Joint work with Apostolos Zarras, Christos Kloukinas, Ferda Tartanoglou 1 Outline Dependability concepts SA and dependability analysis Automated dependability

1.45k views • 87 slides
1 Dependability Management Achieving dependability in WS Architectures Testing web services

1 Dependability Management Achieving dependability in WS Architectures Testing web services

Setting the scene Deutsche Bank AG has agreed to outsource two internal business processes to Accenture Ltd. as part of Dependability of its ambitious program to cut costs and Web Service Architectures increase efficiency by moving

357 views • 7 slides
Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs Institute of Information Technology University of Duisburg-Essen, Germany kochs@uni-duisburg.de safety do, the idea is to extend dependability to

575 views • 3 slides
An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

University Of Paderborn Software Engineering Group Prof. Dr. W. Schfer An Architecture for An Architecture for Configurable Dependability of Configurable Dependability of Application Services Application Services Matthias Tichy

422 views • 11 slides
System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009 Outline 2 Motivation Dependability Definition Dependability attributes Attribute relevance Threads Fault model

717 views • 29 slides
Safety, Dependability and Performance Analysis of Extended AADL Models 1 Marco Bozzano 2 Alessandro

Safety, Dependability and Performance Analysis of Extended AADL Models 1 Marco Bozzano 2 Alessandro

Safety, Dependability and Performance Analysis of Extended AADL Models 1 Marco Bozzano 2 Alessandro Cimatti 2 Marco Roveri 2 Joost-Pieter Katoen 1 Viet Yen Nguyen 1 Thomas Noll 1 1 Software Modelling and Verification Group RWTH Aachen University,

833 views • 54 slides
Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University ICSE Workshop on Architecting Dependable Systems May 2002 scher lis@cmu.edu Dependability and Architecture Dependability Reliance that

158 views • 13 slides
Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

The trade-off betw een energy consumption and dependability consumption and dependability Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology Gteborg, Sweden Trade-offs in Computer System Design

363 views • 22 slides
Dependability in the real world Dependability in the real world p Dependability needs arise from

Dependability in the real world Dependability in the real world p Dependability needs arise from

P redicting redicting V alue from alue from D esign esign Mary Shaw with Ashish Arora, Shawn Butler, Vahe Poladian, Chris Scaffidi Carnegie Mellon University http://www.cs.cmu.edu/~shaw/ Institute for Software Research, International 1

654 views • 63 slides
Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor {tim,johnmc}@cs.clemson.edu School of Computing Clemson University 1 Problem Statement How do we predict and evaluate the dependability of a software

733 views • 24 slides
Struktur Data &amp; Algoritme ( Data Structures &amp; Algorithms ) Sorting Denny (

Struktur Data &amp; Algoritme ( Data Structures &amp; Algorithms ) Sorting Denny (

Struktur Data &amp; Algoritme ( Data Structures &amp; Algorithms ) Sorting Denny ( denny@cs.ui.ac.id ) Suryana Setiawan ( setiawan@cs.ui.ac.id ) Fakultas I lm u Kom puter Universitas I ndonesia Sem ester Genap - 2 0 0 4 / 2 0 0 5 Version 2 .0

458 views • 27 slides
Software development in AppStat B. K egl / AppStat 1 AppStat: Applied Statistics and Machine

Software development in AppStat B. K egl / AppStat 1 AppStat: Applied Statistics and Machine

Software development in AppStat B. K egl / AppStat 1 AppStat: Applied Statistics and Machine Learning AppStat: Apprentissage Automatique et Statistique Appliqu ee Bal azs K egl Linear Accelerator Laboratory, CNRS/University of

584 views • 57 slides
The Dueling Bandits Problem Yisong Yue Collaborators Yanan

The Dueling Bandits Problem Yisong Yue Collaborators Yanan

The Dueling Bandits Problem Yisong Yue Collaborators Yanan Vincent Josef Sui Zhuang Broder Joel Thorsten Bobby Burdick Joachims Kleinberg

791 views • 76 slides
Fast Bayesian automatic Fast Bayesian automatic adaptive quadrature adaptive quadrature Gh.

Fast Bayesian automatic Fast Bayesian automatic adaptive quadrature adaptive quadrature Gh.

Fast Bayesian automatic Fast Bayesian automatic adaptive quadrature adaptive quadrature Gh. Adam, S. Adam LIT-JINR Dubna, Russia &amp; IFIN-HH Bucharest, Romania Invited Lecture at the RO-LCG 2014 conference, November 3-5, 2014 Outline

551 views • 52 slides
Outline Corpus Evidence and Compound Structure: The Case of Italian NN Compounds 1 Introduction

Outline Corpus Evidence and Compound Structure: The Case of Italian NN Compounds 1 Introduction

Introduction Introduction Candidate compound extraction and classification Candidate compound extraction and classification Typology of Italian NN compounds Typology of Italian NN compounds Distributional analysis 1: properties of compounds

315 views • 7 slides
Extreme F-measure Maximization Kalina Jasinska 1 Karlson Pfannschmidt 2 obert Busa-Fekete 2 nski 1

Extreme F-measure Maximization Kalina Jasinska 1 Karlson Pfannschmidt 2 obert Busa-Fekete 2 nski 1

Extreme F-measure Maximization Kalina Jasinska 1 Karlson Pfannschmidt 2 obert Busa-Fekete 2 nski 1 R Krzysztof Dembczy 1 Intelligent Decision Support Systems Laboratory (IDSS), Pozna n University of Technology, Poland 2 Department of

1.41k views • 140 slides
The Constitutional Court, TES and sustainable workforce solutions A consideration of the NUMSA |

The Constitutional Court, TES and sustainable workforce solutions A consideration of the NUMSA |

The Constitutional Court, TES and sustainable workforce solutions A consideration of the NUMSA | Assign Services matter and the way forward for stakeholders 1 What motivates the dispute 1. Legal interpretation: yes, but why? 2. Political

543 views • 26 slides
Computational humanities Computational humanities 2019-07-17 Michael Piotrowski humanities.

Computational humanities Computational humanities 2019-07-17 Michael Piotrowski humanities.

1/37 Computational humanities Computational humanities 2019-07-17 Michael Piotrowski humanities. this summer school Franco Moretti (Hackler and Kirsten 2016, p. 5) tive and computational mean something. But, frankly, I

373 views • 19 slides

More recommend