Certification Challenges for Autonomous Flight Control System Mr. David B. Homan AFRL Air Vehicles Directorate (937) 255 - 4026.

Slides:

Advertisements

Similar presentations

Jerry Gordon Lead Systems Engineer, AAI Corporation.

Advertisements

Operational Risk Management (ORM)

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:

Aviation Safety ProgramIntegrated Resilient Aircraft Control Aviation Safety ProgramIntegrated Resilient Aircraft Control Integrated Resilient Aircraft.

“We give the US Air Force its Wings” Air Force Research Laboratory Air Vehicles Directorate: Cooperative Airspace Operations 3 March 05 Air Force Research.

ASTM UMV Autonomy and Control Sub-Committee F41.01

1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.

REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Sense & Avoid for UAV Systems

Design of a Certifiably Dependable Next- Generation Air Transportation System Stephen A. JacklinMichelle M. Eshow Michael R. LowryDave McNally Ewen Denny.

System Integration Management (SIM)

Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

INTEGRATED PROGRAMME IN AERONAUTICAL ENGINEERING Coordinated Control, Integrated Control and Condition Monitoring in Uninhabited Air-Vehicles Ian Postlethwaite,

Industry Session – Mixed Criticality and Multi-Core David Corman Program Director, Cyber Physical Systems National Science Foundation 1.

Software Reliability: The “Physics” of “Failure” SJSU ISE 297 Donald Kerns 7/31/00.

THNS 2010 Open supervision platforms for smart and sustainable cities, Yves PERREAL, Strategic studies Director, THALES.

REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Flight Critical Systems Software Certification Initiative A Presentation to SAE Aerospace Control and Guidance Systems Committee, Meeting 95 2 March 05.

Condition-based Maintenance Plus Structural Integrity (CBM+SI) & the Airframe Digital Twin Pamela A. Kobryn & Eric J. Tuegel Structural Mechanics Branch.

Technology Maturation for the Automated Aerial Refueling (AAR) Project Carol Ventresca SynGenics Corporation Case Number: 88ABW , Distribution:

IMPROUVEMENT OF COMPUTER NETWORKS SECURITY BY USING FAULT TOLERANT CLUSTERS Prof. S ERB AUREL Ph. D. Prof. PATRICIU VICTOR-VALERIU Ph. D. Military Technical.

Massachusetts Institute of Technology 4 April 2003

Protecting the Public, Astronauts and Pilots, the NASA Workforce, and High-Value Equipment and Property Mission Success Starts With Safety Believe it or.

“Fly-By-Wireless” Chris Dimoulis CS 441 Fall 2013.

.1 RESEARCH & TECHNOLOGY DEVELOPMENT CENTER SYSTEM AND INFORMATION SCIENCES JHU/MIT Proprietary Titan MESSENGER Autonomy Experiment.

An Automated Airspace Concept for the Next Generation Air Traffic Control System Todd Farley, David McNally, Heinz Erzberger, Russ Paielli SAE Aerospace.

Slide 1V&V 10/2002 Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director For Information Sciences Goddard Space Flight Center, NASA

Carpe Occasio Technology SystemsSeize the Moment! Carpe OccasioTechnology Systems (COTS) Unmanned and Robotics Systems Interoperability Carpe Occasio Technology.

Johann Schumann and Pramod Gupta NASA Ames Research Center Bayesian Verification & Validation tools.

Human Supervisory Control Issues in Unmanned Vehicle Operations

1 FRENCH PROPOSAL FOR ESARR6 1 - BACKGROUND - 15/02/00 : Kick-off meeting, Presentation of the CAA/SRG input (SW01), Request from the chairman to comment.

Objectives Functionalities and services Architecture and software technologies Potential Applications –Link to research problems.

At Lewis Field Glenn Research Center Controls and Dynamics Branch Propulsion Controls and Diagnostics Research at NASA GRC – Status Report Dr. Sanjay Garg.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.

REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Welcome Experiences in the Use of MDA and UML in Developing NATO Standards 16 July 2008 Chris Raistrick, Kennedy KC.COM.

A Vision Based on Achievable Expectations Jack Howell Director / Air Navigation Bureau Agenda Item 1.

Safety-Critical Systems 7 Summary T V - Lifecycle model System Acceptance System Integration & Test Module Integration & Test Requirements Analysis.

CS551 - Lecture 5 1 CS551 Lecture 5: Quality Attributes Yugi Lee FH #555 (816)

Issues and Challenges for Co-operative UAV Missions Chris Halliday and Tony Dodd.

Effective State Awareness Information is Enabling for System Prognosis Mark M. Derriso Advanced Structures Branch Air Vehicles Directorate Air Force Research.

Intelligent Systems Software Assurance Symposium 2004 Bojan Cukic & Yan Liu, Robyn Lutz & Stacy Nelson, Chris Rouff, Johann Schumann, Margaret Smith July.

CS4730 Real-Time Systems and Modeling Fall 2010 José M. Garrido Department of Computer Science & Information Systems Kennesaw State University.

Advantages of Time-Triggered Ethernet

Mixed Criticality Systems: Beyond Transient Faults Abhilash Thekkilakattil, Alan Burns, Radu Dobrin and Sasikumar Punnekkat.

Real-Time Systems, Events, Triggers. Real-Time Systems A system that has operational deadlines from event to system response A system whose correctness.

Integrated System Health Management Design Study Integrated System Health Management (ISHM) Design Study Jim MacConnell Consensus Technology, LLC 2200.

Boeing-MIT Collaborative Time- Sensitive Targeting Project July 28, 2006 Stacey Scott, M. L. Cummings (PI) Humans and Automation Laboratory

Meeting #96 Brian Van Vliet Chief, Control Sciences Division AFRL/VAC; Air Force Research Laboratory AEROSPACE.

1 Power to the Edge Agility Focus and Convergence Adapting C2 to the 21 st Century presented to the Focus, Agility and Convergence Team Inaugural Meeting.

ESA Harwell Robotics & Autonomy Facility Study Workshop Autonomous Software Verification Presented By: Rick Blake.

Approved for public release; distribution is unlimited. 10/7/09 Autonomous Systems Sensors – The Front End of ISR Mr. Patrick M. Sullivan SPAWAR ISR/IO.

1 DFRC SUAS Program Operations and Risk Management Approach for Small UAS Presented to the Certification Working Group 6/26/2008 Brad Flick/DFRC Chief.

SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.

Control-Theoretic Approaches for Dynamic Information Assurance George Vachtsevanos Georgia Tech Working Meeting U. C. Berkeley February 5, 2003.

Introduction to Avionics Mac Mollison. What I Want to Talk About l What do we mean by “avionics”? l What is the focus of this course?

High Fidelity Simulation as a Route to Certification Autonomous Systems: Legal / Regulatory Aspects and V&V Workshop 22 nd February 2016 Dr. M. Jump.

ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.

Mapping Formal Methods to NASA Capability Needs Connecting the Dots Dr. Michael Lowry.

SRA 2016 – Strategic Research Challenges Design Methods, Tools, Virtual Engineering Jürgen Niehaus, SafeTRANS.

Enabling Team Supervisory Control for Teams of Unmanned Vehicles

John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins

Intelligent Systems Software Assurance Symposium 2004

November 18 July 2008 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Task Group 4e definitions Date.

Team: ______Houston Euler________

How S-18 processes help make systems trustworthy

Engineering Autonomy Mr. Robert Gold Director, Engineering Enterprise

John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins

Luca Simoncini PDCC, Pisa and University of Pisa, Pisa, Italy

Presentation transcript:

Certification Challenges for Autonomous Flight Control System Mr. David B. Homan AFRL Air Vehicles Directorate (937)

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS To be effective assets in the force structure and mission plans, UAS’s must … Be Safe & Reliable Be Responsive & Effective Be Interoperable Not Adversely Effect Operations Capability Cooperative Airspace Operations Background

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS Background: Flight Safety and Manned/Unmanned Functional Migration Flight Critical Mission Critical Manned Aircraft Unmanned Aircraft Flight Mgmt Vehicle Mgmt Mission Mgmt Vehicle Mgmt On-board Off-board On-board Off-board Pilot is Integrator and Contingency Manager; FMS is mostly advisory. Flight Mgmt FMS and VMS provide Integration and Contingency Mgmt; Operator manages at high-level. Situational awareness Situational awareness? For UAVs, “Pilot Function” becomes huge design and V&V issue

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS Background: V&V Requirements Flight Critical Mission Critical System Focus is Performance/Security Performance Metric: Throughput and Bandwidth [event driven] Assurance Metric: Probability of Mission Success [Simplex or Back- up] Confidence Rqmt: Performance and security are validated. Consequence of Failure: Potential mission failure System Focus is Performance/Assurance Performance Metric: Sampling Rate and Latency [time triggered] Assurance Metric: Probability of Loss of Control and N x Fail Op/Fail Safe [Triplex or Quad] Confidence Rqmt: Performance and Assurance must be validated; [Failure Modes and Effects Testing] Consequence of Failure: Loss of Aircraft, potential loss of life Rule of Thumb: When you mix mission with flight criticality, the testing is held to most stringent requirement. Consequence of Failure: Loss of Aircraft, potential loss of life Developmental Timeline: Flight Critical ready by First Flight! Any changes requires Total Re-test! Flight Critical V&V isn’t just a software issue, it’s a system issue!! Failure Modes and Effects Testing

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS New Capabilities Challenge V&V Mixed Criticality Architecture: Non-obtrusive co-existence of mixed criticality Adaptive/Learning/Multi-Modal Functions: Indeterminate or untraceable functionality Mixed Initiative/Authority Mgmt: Human/autonomy or autonomy/autonomy interactions Multi-Entity Systems: Functions that encompass multiple platforms. Sensor Fusion/Integration: Highly confident sensor-derived information These new systems/capabilities Need to be affordably provable New Capabilities (and increasing complexity) are presenting new challenges to the V&V problem.

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS Mixed Criticality Challenge How can we separate the mission and flight critical functionality as to guarantee safety? SOA: Middleware that provides time/space partitioning (ARINC 653). Issue: Both Criticalities use common HW resources (i.e. processors, backplanes, busses etc); how do we determine PLOC and fault tolerance? Understand failure mechanisms for partitioning Non-critical function must not take out shared resources…Or the probability of its occurrence is predictable… Need guarantee on fault tolerance A A A B B C backplanes Serial bus Processors X X X Answer may reside in a SW/HW architecture specifically designed for mixed operation

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS Adaptive/Learning/Multimodal Challenge How can we trust functionality that we may not be able to fully test? SOA: We must try to test the complete functional envelope (till $$ runs out…)! Issue: Some new Control capabilities are untraceable and/or non-deterministic Adaptive systems Huge test space Perfect Input data Learning systems Environmental stimuli Lost memory Multi-modal systems Mode transition stability Mode synchronization Recovery mode Answer may reside in bounding the function in run- time to known safe behavior.

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS Mixed Initiative Challenge How can man and autonomy safely interact? SOA: Human operator always get authority! Issue: Human operator may not have all the information or be able to comprehend situation in real-time: Situational Awareness versus Response Time Assessment of UAV mode/state/health Assessment of surrounding environment “Consequence of mishap” is a factor Complete system health is a factor Workload is a factor AF Poster Child: Auto-Aerial Refueling (AAR) Answer may reside in a authority management specification that would allow the correct party to have decision authority.

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS Multi-Entity Challenge How can trust systems with multiple players to safely perform cooperative functions? SOA: Keep humans away and hope for the best… Issue: Entities participating in the coordinated function may not be part of individual V&V testing: Linked Interface Control Documents? Entities with different manufacturers? System Configuration Management? Mission-specific programming? Answer may reside in a specification for contingency management, based on system degradation

VACC Technical Paper Nr. VAO Cleared for Public Release on 11 Aug 04. AFRL-WS High Confidence Sensing Challenge How can we trust visual/radar systems for flight critical functions? SOA: Brute force and analytic redundancy Issue: Mission-style sensors don’t have acceptable real-time methods for FDIR… Sensors will likely be multi-function! Redundant HW may not be answer, redundant information? Built-in-test may not provide good real-time coverage. Reliable signal processing/sensor fusion software Answer may reside in sensor designs that compensate for sensor degradation and plan for contingencies