Projection Operator: A Step Towards Certification of Adaptive Controllers

One of the major barriers to wider use of adaptive controllers in commercial aviation is the lack of appropriate certification procedures. In order to be certified by the Federal Aviation Administration (FAA), an aircraft controller is expected to meet a set of guidelines on functionality and reliability while not negatively impacting other systems or safety of aircraft operations. Due to their inherent time-variant and non-linear behavior, adaptive controllers cannot be certified via the metrics used for linear conventional controllers, such as gain and phase margin. Projection Operator is a robustness augmentation technique that bounds the output of a non-linear adaptive controller while conforming to the Lyapunov stability rules. It can also be used to limit the control authority of the adaptive component so that the said control authority can be arbitrarily close to that of a linear controller. In this paper we will present the results of applying the Projection Operator to a Model-Reference Adaptive Controller (MRAC), varying the amount of control authority, and comparing controller s performance and stability characteristics with those of a linear controller. We will also show how adjusting Projection Operator parameters can make it easier for the controller to satisfy the certification guidelines by enabling a tradeoff between controller s performance and robustness

Closing the Certification Gaps in Adaptive Flight Control Software

Over the last five decades, extensive research has been performed to design and develop adaptive control systems for aerospace systems and other applications where the capability to change controller behavior at different operating conditions is highly desirable. Although adaptive flight control has been partially implemented through the use of gain-scheduled control, truly adaptive control systems using learning algorithms and on-line system identification methods have not seen commercial deployment. The reason is that the certification process for adaptive flight control software for use in national air space has not yet been decided. The purpose of this paper is to examine the gaps between the state-of-the-art methodologies used to certify conventional (i.e., non-adaptive) flight control system software and what will likely to be needed to satisfy FAA airworthiness requirements. These gaps include the lack of a certification plan or process guide, the need to develop verification and validation tools and methodologies to analyze adaptive controller stability and convergence, as well as the development of metrics to evaluate adaptive controller performance at off-nominal flight conditions. This paper presents the major certification gap areas, a description of the current state of the verification methodologies, and what further research efforts will likely be needed to close the gaps remaining in current certification practices. It is envisioned that closing the gap will require certain advances in simulation methods, comprehensive methods to determine learning algorithm stability and convergence rates, the development of performance metrics for adaptive controllers, the application of formal software assurance methods, the application of on-line software monitoring tools for adaptive controller health assessment, and the development of a certification case for adaptive system safety of flight

Robust multivariable predictive control: how can it be applied to industrial test stands ?

To cope with recent technological evolutions of air conditioning systems for aircraft, the French Aeronautical Test Center built a new test stand for certification at ground level. The constraints specified by the industrial users of the process seemed antagonistic for many reasons. First, the controller had to be implemented on an industrial automaton, not adaptable to modern algorithms. Then the specified dynamic performances were very demanding, especially taking into account the wide operating ranges of the process. Finally, the proposed controller had to be easy for nonspecialist users to handle. Thus, the control design and implementation steps had to be conducted considering both theoretical and technical aspects. This finally led to the development of a new multivariable predictive controller, called alpha-MPC, whose main characteristic is the introduction of an extra tuning parameter alpha that has enhanced the overall control robustness. In particular, the H1-norm of the sensitivity functions can be significantly reduced by tuning this single new parameter. It turns out to be a simple but efficient way to improve the robustness of the initial algorithm. The other classical tuning parameters are still physically meaningful, as is usual with predictive techniques. The initial results are very promising and this controller has already been adopted by the industrial users as the basis of the control part for future developments of the test stand

Making GDPR Usable: A Model to Support Usability Evaluations of Privacy

We introduce a new model for evaluating privacy that builds on the criteria proposed by the EuroPriSe certification scheme by adding usability criteria. Our model is visually represented through a cube, called Usable Privacy Cube (or UP Cube), where each of its three axes of variability captures, respectively: rights of the data subjects, privacy principles, and usable privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination of only rights and principles, forming the two axes at the basis of our UP Cube. In this way we also want to bring out two perspectives on privacy: that of the data subjects and, respectively, that of the controllers/processors. We define usable privacy criteria based on usability goals that we have extracted from the whole text of the General Data Protection Regulation. The criteria are designed to produce measurements of the level of usability with which the goals are reached. Precisely, we measure effectiveness, efficiency, and satisfaction, considering both the objective and the perceived usability outcomes, producing measures of accuracy and completeness, of resource utilization (e.g., time, effort, financial), and measures resulting from satisfaction scales. In the long run, the UP Cube is meant to be the model behind a new certification methodology capable of evaluating the usability of privacy, to the benefit of common users. For industries, considering also the usability of privacy would allow for greater business differentiation, beyond GDPR compliance.Comment: 41 pages, 2 figures, 1 table, and appendixe

How explicit are the barriers to failure in safety arguments?

Safety cases embody arguments that demonstrate how safety properties of a system are upheld. Such cases implicitly document the barriers that must exist between hazards and vulnerable components of a system. For safety certification, it is the analysis of these barriers that provide confidence in the safety of the system. The explicit representation of hazard barriers can provide additional insight for the design and evaluation of system safety. They can be identified in a hazard analysis to allow analysts to reflect on particular design choices. Barrier existence in a live system can be mapped to abstract barrier representations to provide both verification of barrier existence and a basis for quantitative measures between the predicted barrier behaviour and performance of the actual barrier. This paper explores the first stage of this process, the binding between explicit mitigation arguments in hazard analysis and the barrier concept. Examples from the domains of computer-assisted detection in mammography and free route airspace feasibility are examined and the implications for system certification are considered

On the tailoring of CAST-32A certification guidance to real COTS multicore architectures

The use of Commercial Off-The-Shelf (COTS) multicores in real-time industry is on the rise due to multicores' potential performance increase and energy reduction. Yet, the unpredictable impact on timing of contention in shared hardware resources challenges certification. Furthermore, most safety certification standards target single-core architectures and do not provide explicit guidance for multicore processors. Recently, however, CAST-32A has been presented providing guidance for software planning, development and verification in multicores. In this paper, from a theoretical level, we provide a detailed review of CAST-32A objectives and the difficulty of reaching them under current COTS multicore design trends; at experimental level, we assess the difficulties of the application of CAST-32A to a real multicore processor, the NXP P4080.This work has been partially supported by the Spanish Ministry of Economy and Competitiveness (MINECO) under grant TIN2015-65316-P and the HiPEAC Network of Excellence. Jaume Abella has been partially supported by the MINECO under Ramon y Cajal grant RYC-2013-14717.Peer ReviewedPostprint (author's final draft

A summary of rotorcraft handling qualities research at NASA Ames Research Center

The objectives of the rotorcraft handling qualities research program at Ames Research Center are twofold: (1) to develop basic handling qualities design criteria to permit cost effective design decisions to be made for helicopters, and (2) to obtain basic handling qualities data for certification of new rotorcraft configurations. The research on the helicopter handling qualities criteria has focused primarily on military nap-of-the-earth (NOE) terrain flying missions, which are flown in day visual meteorological conditions (VMC) and instrument meteorological conditions (IMC), or at night. The Army has recently placed a great deal of emphasis on terrain flying tactics in order to survive and effectively complete the missions in modern and future combat environments. Unfortunately, the existing Military Specification MIL-H 8501A which is a 1961 update of a 1951 document, does not address the handling qualities requirements for terrain flying. The research effort is therefore aimed at filling the void and is being conducted jointly with the Army Aeromechanics Laboratory at Ames. The research on rotorcraft airworthiness standards with respect to flying qualities requirements was conducted to collaboration with the Federal Aviation Administration (FAA)

The European Citizens' Initiative - Guidelines and Recommendations for Practical Implementation

The present guidelines and recommendations on the implementation of Regulation (EU) No 211/2011 on the citizens' initiative (hereafter: 'the Regulation') are intended as a concise reference document for the Member States' (MS) competent authorities (and have been prepared partly at their request) but will, on many points, also prove helpful for organisers. They cover various stages of the citizens' initiative procedure, in particular those related to the certification of online collection systems and the verification of statements of support. To a large extent, these guidelines and recommendations re-state, clarify or update advice that the Commission has previously provided, either in non-papers, in written correspondence, or at meetings of the ECI Expert Group. They may need to be revised over time based on the experiences of the competent MS authorities and the Commission with these procedures

Design Challenges for GDPR RegTech

The Accountability Principle of the GDPR requires that an organisation can demonstrate compliance with the regulations. A survey of GDPR compliance software solutions shows significant gaps in their ability to demonstrate compliance. In contrast, RegTech has recently brought great success to financial compliance, resulting in reduced risk, cost saving and enhanced financial regulatory compliance. It is shown that many GDPR solutions lack interoperability features such as standard APIs, meta-data or reports and they are not supported by published methodologies or evidence to support their validity or even utility. A proof of concept prototype was explored using a regulator based self-assessment checklist to establish if RegTech best practice could improve the demonstration of GDPR compliance. The application of a RegTech approach provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver. This paper demonstrates a RegTech approach to GDPR compliance can facilitate an organisation meeting its accountability obligations