Abstract
The usage of complex Microcontroller Units (MCUs) in avionics systems constitutes a challenge in assuring their safety. They are not always developed according to the assurance requirements accepted by the aerospace industry. These Commercial off-the-shelf (COTS) hardware components usually target other domains like the telecommunication branch, because of the volume of sales and reduced liability. In the last years MCUs developed in compliance to the ISO 26262 have been released on the market for safety-related automotive applications. The avionics market could profit taking credit for some of the activities conducted in developing these MCUs. In this paper we present evaluation results based on comparing assurance activities from ISO 26262 that could be considered for compliance to relevant assurance guidance for COTS MCU in avionics.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Including CA recommendations that supplement this DA approach.
- 2.
This should not imply an equivalence or comparability between ASIL and Development Assurance Level (DAL).
- 3.
Including all derived requirements that have to be validated to ensure that they not cause any hazardous condition.
- 4.
None of these listed documents are binding guidance material (unless so specified by CA for the project), although they are usually used by CAs to query the safety of COTS usage before approvals are granted.
- 5.
In the Certification Authorities Software Team (CAST) working group representatives from EASA and FAA working together.
- 6.
Recommended also by RTCA/DO-254.
- 7.
The term ECMP in the CM is misleading because typically such a process does not perform profound functional assurance activities.
- 8.
We separated the activity (5) in (5.1) usage domain verification and usage domain validation (5.2).
- 9.
Actually, we consider partitioning aspects as a specific part of the usage domain analysis, because MCU properties shall be verified on device level.
- 10.
The metric to determine a PSE as sufficient is also defined in the CM.
- 11.
Part five of the standard is about product development at the hardware level.
- 12.
This demonstrates reasonableness of a dedicated COTS assurance process see Sect. 2.2.
- 13.
It is assumed that the full functional scope of the MCU is used and in that case it will be not practical to verify it on that extent on device level.
References
RTCA: DO-254 Design Assurance Guidance for Airborne Electronic Hardware (2000)
FAA: AC 20–152, June 2005
CAST: CAST-32A: Multi-core Processors, November 2016
CAST: CAST-29: Use of COTS Graphical Processors (CGP) in Airborne Display Systems, February 2007
EASA: EASA CM - SWCEH - 001 Development Assurance of Airborne Electronic Hardware, March 2012
ISO: ISO 26262 Road vehicles - Functional safety (2011)
Schwierz, A., Seifert, G., Hiergeist, S.: Funktionale Sicherheit in Automotive und Avionik: Ein Staffellauf. In: Proceedings of the Automotive - Safety & Security. GI-Edition - Lecture Notes in Informatics, LNI, pp. 13–25 (2017)
Schwierz, A., Forsberg, H.: Design assurance evaluation of microcontrollers for safety critical avionics. In: 2017 IEEE/AIAA 36th Digital Avionics Systems Conference, DASC, pp. 1–9. IEEE (2017)
Mutuel, L.: Electronic DOT/FAA/TC-17/50: Commercial Off-The-Shelf Airborne Hardware Assurance Methods—Phase 3—Embedded Controllers (2017)
DeWalt, M., McCormick, G.F.: Technology independent assurance method. In: 2014 IEEE/AIAA 33rd Digital Avionics Systems Conference, DASC, pp. 8A1-1–8A1-14. IEEE (2014)
Jean, X., Mutuel, L., Brindejonc, V.: Assurance methods for COTS multi-cores in avionics. In: IEEE (eds.) 35th DASC - Digital Avionics Systems Conference. IEEE (2016)
SAE Aerospace: ARP4754A: Guidelines for Development of Civil Aircraft and Systems (2010)
ISO: ISO 15026–1: Systems and software engineering - Systems and software assurance - Part 1: Concepts and vocabulary (2013)
Holloway, C.M.: Explicate ’78: uncovering the implicit assurance case in DO-178C. In: Parsons, M., Anderson, T. (eds.) Engineering Systems for Safety, pp. 205–225. Safety-Critical Systems Club (2015)
Mahapatra, R.N., Bhojwani, P., Lee, J.: DOT/FAA/AR-08/14: Microprocessor Evaluations for Safety-Critical, Real-Time Applications: Authority for Expenditure No. 43 Phase 2 Report, June 2008
Condra, L., Horan, G., Forsberg, H., et al.: DOT/FAA/TC-16/57: Commercial Off-The-Shelf Airborne Electronic Hardware Issues and Emerging Solutions: Authority for Expenditure No. 75 Report (2017)
Faubladier, F., Rambaud, D.: EASA.2008/1: Safety Implications of the use of system-on-chip (SoC) on commercial-of-the-shelf (COTS) devices in airborne critical applications (2008)
Mutuel, L., Jean, X., Brindejonc, V., Roger, A., Megel, T., Alepins, E.: DOT/FAA/TC-16/51: Assurance of Multicore Processors in Airborne Systems (2017)
Strasburger, J.: FAA Status on Multi-Core Processors (2014)
Bieth, P., Brindejonc, V.: EASA.2012.C15: COTS-AEH -Use of complex COTS (Commercial-Off-The-Shelf) in airborne electronic hardware - failure mode and mitigation, April 2014
NXP: Safety Manual for MPC5744P, June 2014
ST: Safety application guide for SPC56ELx family, January 2018
TI: Safety Manual for TMS570LC4x Hercules ARM Safety MCUs, September 2016
Acknowledgment
This paper is sponsored by the Airbus Defense and Space endowed professorship “System Technology for safety-related Applications” supported by “Stifterverband für die Deutsche Wissenschaft e.V.”. MDHs work in this paper is supported by the Swedish Knowledge Foundation within the project DPAC.
Disclaimer. Although this paper contributes to a reuse argumentation aligned to the regulatory position of CAs, it does not represent them. Only one way to formulate a reuse argument is suggested which has to be finalized in a project context by specific considerations of safety risks and an evaluation of functional or performance requirements in respect to the required integrity level of the avionics systems.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Schwierz, A., Forsberg, H. (2018). Assurance Benefits of ISO 26262 Compliant Microcontrollers for Safety-Critical Avionics. In: Gallina, B., Skavhaug, A., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2018. Lecture Notes in Computer Science(), vol 11093. Springer, Cham. https://doi.org/10.1007/978-3-319-99130-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-99130-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99129-0
Online ISBN: 978-3-319-99130-6
eBook Packages: Computer ScienceComputer Science (R0)