Fault management via dynamic reconfiguration for integrated modular avionics

The purpose of this research is to investigate fault management methodologies within Integrated Modular Avionics (IMA) systems, and develop techniques by which the use of dynamic reconfiguration can be implemented to restore higher levels of systems redundancy in the event of a systems fault. A proposed concept of dynamic configuration has been implemented on a test facility that allows controlled injection of common faults to a representative IMA system. This facility allows not only the observation of the response of the system management activities to manage the fault, but also analysis of real time data across the network to ensure distributed control activities are maintained. IMS technologies have evolved as a feasible direction for the next generation of avionic systems. Although federated systems are logical to design, certify and implement, they have some inherent limitations that are not cost beneficial to the customer over long life-cycles of complex systems, and hence the fundamental modular design, i.e. common processors running modular software functions, provides a flexibility in terms of configuration, implementation and upgradability that cannot be matched by well-established federated avionic system architectures. For example, rapid advances of computing technology means that dedicated hardware can become outmoded by component obsolescence which almost inevitably makes replacements unavailable during normal life-cycles of most avionic systems. To replace the obsolete part with a newer design involves a costly re-design and re-certification of any relevant or interacting functions with this unit. As such, aircraft are often known to go through expensive mid-life updates to upgrade all avionics systems. In contrast, a higher frequency of small capability upgrades would maximise the product performance, including cost of development and procurement, in constantly changing platform deployment environments. IMA is by no means a new concept and work has been carried out globally in order to mature the capability. There are even examples where this technology has been implemented as subsystems on service aircraft. However, IMA flexible configuration properties are yet to be exploited to their full extent; it is feasible that identification of faults or failures within the system would lead to the exploitation of these properties in order to dynamically reconfigure and maintain high levels of redundancy in the event of component failure. It is also conceivable to install redundant components such that an IMS can go through a process of graceful degradation, whereby the system accommodates a number of active failures, but can still maintain appropriate levels of reliability and service. This property extends the average maintenance-free operating period, ensuring that the platform has considerably less unscheduled down time and therefore increased availability. The content of this research work involved a number of key activities in order to investigate the feasibility of the issues outlined above. The first was the creation of a representative IMA system and the development of a systems management capability that performs the required configuration controls. The second aspect was the development of hardware test rig in order to facilitate a tangible demonstration of the IMA capability. A representative IMA was created using LabVIEW Embedded Tool Suit (ETS) real time operating system for minimal PC systems. Although this required further code written to perform IMS middleware functions and does not match up to the stringent air safety requirements, it provided a suitable test bed to demonstrate systems management capabilities. The overall IMA was demonstrated with a 100kg scale Maglev vehicle as a test subject. This platform provides a challenging real-time control problem, analogous to an aircraft flight control system, requiring the calculation of parallel control loops at a high sampling rate in order to maintain magnetic suspension. Although the dynamic properties of the test rig are not as complex as a modern aircraft, it has much less stringent operating requirements and therefore substantially less risk associated with failure to provide service. The main research contributions for the PhD are: 1.A solution for the dynamic reconfiguration problem for assigning required systems functions (namely a distributed, real-time control function with redundant processing channels) to available computing resources whilst protecting the functional concurrency and time critical needs of the control actions. 2.A systems management strategy that utilises the dynamic reconfiguration properties of an IMA System to restore high levels of redundancy in the presence of failures. The conclusion summarises the level of success of the implemented system in terms of an appropriate dynamic reconfiguration to the response of a fault signal. In addition, it highlights the issues with using an IMA to as a solution to operational goals of the target hardware, in terms of design and build complexity, overhead and resources

A Virtual Laboratory for Aviation and Airspace Prognostics Research

Integration of Unmanned Aerial Vehicles (UAVs), autonomy, spacecraft, and other aviation technologies, in the airspace is becoming more and more complicated, and will continue to do so in the future. Inclusion of new technology and complexity into the airspace increases the importance and difficulty of safety assurance. Additionally, testing new technologies on complex aviation systems and systems of systems can be challenging, expensive, and at times unsafe when implementing real life scenarios. The application of prognostics to aviation and airspace management may produce new tools and insight into these problems. Prognostic methodology provides an estimate of the health and risks of a component, vehicle, or airspace and knowledge of how that will change over time. That measure is especially useful in safety determination, mission planning, and maintenance scheduling. In our research, we develop a live, distributed, hardware- in-the-loop Prognostics Virtual Laboratory testbed for aviation and airspace prognostics. The developed testbed will be used to validate prediction algorithms for the real-time safety monitoring of the National Airspace System (NAS) and the prediction of unsafe events. In our earlier work1 we discussed the initial Prognostics Virtual Laboratory testbed development work and related results for milestones 1 & 2. This paper describes the design, development, and testing of the integrated tested which are part of milestone 3, along with our next steps for validation of this work. Through a framework consisting of software/hardware modules and associated interface clients, the distributed testbed enables safe, accurate, and inexpensive experimentation and research into airspace and vehicle prognosis that would not have been possible otherwise. The testbed modules can be used cohesively to construct complex and relevant airspace scenarios for research. Four modules are key to this research: the virtual aircraft module which uses the X-Plane simulator and X-PlaneConnect toolbox, the live aircraft module which connects fielded aircraft using onboard cellular communications devices, the hardware in the loop (HITL) module which connects laboratory based bench-top hardware testbeds and the research module which contains diagnostics and prognostics tools for analysis of live air traffic situations and vehicle health conditions. The testbed also features other modules for data recording and playback, information visualization, and air traffic generation. Software reliability, safety, and latency are some of the critical design considerations in development of the testbed

Application Agreement and Integration Services

Application agreement and integration services are required by distributed, fault-tolerant, safety critical systems to assure required performance. An analysis of distributed and hierarchical agreement strategies are developed against the backdrop of observed agreement failures in fielded systems. The documented work was performed under NASA Task Order NNL10AB32T, Validation And Verification of Safety-Critical Integrated Distributed Systems Area 2. This document is intended to satisfy the requirements for deliverable 5.2.11 under Task 4.2.2.3. This report discusses the challenges of maintaining application agreement and integration services. A literature search is presented that documents previous work in the area of replica determinism. Sources of non-deterministic behavior are identified and examples are presented where system level agreement failed to be achieved. We then explore how TTEthernet services can be extended to supply some interesting application agreement frameworks. This document assumes that the reader is familiar with the TTEthernet protocol. The reader is advised to read the TTEthernet protocol standard [1] before reading this document. This document does not re-iterate the content of the standard

An Approach for the Assessment of System Upset Resilience

This report describes an approach for the assessment of upset resilience that is applicable to systems in general, including safety-critical, real-time systems. For this work, resilience is defined as the ability to preserve and restore service availability and integrity under stated conditions of configuration, functional inputs and environmental conditions. To enable a quantitative approach, we define novel system service degradation metrics and propose a new mathematical definition of resilience. These behavioral-level metrics are based on the fundamental service classification criteria of correctness, detectability, symmetry and persistence. This approach consists of a Monte-Carlo-based stimulus injection experiment, on a physical implementation or an error-propagation model of a system, to generate a system response set that can be characterized in terms of dimensional error metrics and integrated to form an overall measure of resilience. We expect this approach to be helpful in gaining insight into the error containment and repair capabilities of systems for a wide range of conditions

Hardware Certification for Real-time Safety-critical Systems: State of the Art

This paper discusses issues related to the RTCA document DO-254 Design Assurance Guidance for Airborne Electronic Hardware and its consequences for hardware certification. In particular, problems related to circuits’ compliance with DO-254 in avionics and other industries are considered. Extensive literature review of the subject is given, including current views on and experiences of chip manufacturers and EDA industry with qualification of hardware design tools, including formal approaches to hardware verification. Some results of the authors’ own study on tool qualification are presented

Aircraft Electric Secondary Power

Technologies resulted to aircraft power systems and aircraft in which all secondary power is supplied electrically are discussed. A high-voltage dc power generating system for fighter aircraft, permanent magnet motors and generators for aircraft, lightweight transformers, and the installation of electric generators on turbine engines are among the topics discussed

Design of a distributed data acquisition system for the ITER’s neutral beam

The International Thermonuclear Experimental Reactor (ITER) is a groundbreaking interna- tional collaboration aimed at developing fusion energy as a clean, safe, and virtually limitless source of power that brings together scientists, engineers, and experts from 35 countries to con- struct and operate the world’s largest experimental fusion reactor. Through the fusion of hy- drogen isotopes, ITER seeks to replicate the process that powers the sun and stars, harnessing the immense energy released to generate electricity. With its ambitious goals and cutting-edge technology, ITER represents a significant milestone in the pursuit of sustainable and abundant energy for the future. As part of the ITER project, the development of several systems of plasma heating is needed to achieve fusion conditions in order to reach plasma ignition. One of such heating systems is the Heating Neutral Beam (HNB), which is designed to inject a energetic beam of neutral atoms into the plasma and heat the fusion plasma by coulomb collisions of such with the plasma. This system requires of several components such as power supplies, cryopumps and cooling components working together in order to achieve a controlled and safe operation of the HNB. It also needs to work coordinated with the experimental control with high availability. The neutral beam control system is, therefore, responsible for the correct and safe operation of the two HNB units installed at ITER. The project presents an overview of the instrumentation and control system currently being developed for the Neutral Beam units and presents the development and design of a remote distributed data acquisition system prototype for the Neutral Beam instrumentation and control system. The performance of the prototype will be measured and evaluated to determine if such solution is fit for ITER requirements and can therefore be implemented into the Neutral Beam control system and other control systems within the reactor components. This project was developed under the Traineeship program by the European Joint Undertaking for ITER and the Development of Fusion Energy, Fusion For Energy (F4E). This report presents the work the author performed during such contract and under the guidance of the program’s supervisor

Aircraft assembly process design for complex systems installation and test integration.

The assembly line planning process connects product design and manufacturing through translating design information to assembly integration sequence. The assembly integration sequence defines the aircraft system components installation and test precedence of an assembly process. From a systems engineering view point, this activity is part of the complex systems integration and verification process. At the early conceptual design phase of assembly line planning, the priority task of assembly process planning is to understand product complexities in terms of systems interactions, and generate the installation and test sequence to satisfy the designed system function and meet design requirements. This research proposes to define these interactions by using systems engineering concept based on traceable RFLP (Requirement, Functional, Logical and Physical) models and generate the assembly integration sequence through a structured approach. A new method based on systems engineering RFLP framework is proposed to generate aircraft installation and test sequence of complex systems. The proposed method integrates aircraft system functional and physical information in RFLP models and considers these associated models as new engineering data sources at the aircraft early development stage. RFLP modelling rules are created to allow requirements, functional, logical and physical modes be reused in assembly sequence planning. Two case studies are created to examine the method. Semi- structured interviews are used for research validation. The results show that the proposed method can produce a feasible assembly integration sequence with requirements traceability, which ensures consistency between design requirements and assembly sequences.PhD in Aerospac

Study of multi-megawatt technology needs for photovoltaic space power systems, volume 2

Possible missions requiring multimegawatt photovoltaic space power systems in the 1990's time frame and power system technology needs associated with these missions are examined. Four specific task areas were considered: (1) missions requiring power in the 1-10 megawatt average power region; (2) alternative power systems and component technologies; (3) technology goals and sensitivity trades and analyses; and (4) technology recommendations. Specific concepts for photovoltaic power approaches considered were: planar arrays, concentrating arrays, hybrid systems using Rankine engines, thermophotovoltaic approaches; all with various photovoltaic cell component technologies. Various AC/DC power management approaches, and battery, fuel cell, and flywheel energy storage concepts are evaluated. Interactions with the electrical ion engine injection and stationkeeping system are also considered