Improving Hazard Analysis and Certification of Integrated Modular Avionics

Integrated modular avionics systems present new opportunities and benefits for developing advanced aircraft avionics, as well as a series of challenges related to hazard analysis and certification. This paper addresses some of those challenges and proposes a new procedure for improving hazard analysis of integrated modular avionics systems. A significant objective of integrated modular avionics architectures is the ability to develop individual software applications independently and then integrate those applications onto one platform. It has been very difficult for both designers and certifiers to understand and predict how the system will behave when the applications are integrated into one system. Traditional fault-based hazard analysis techniques are limited with respect to this problem. Therefore, this paper uses a different technique, called Systems-theoretic Process Analysis, to identify hazardous behavior that emerges when individual applications are integrated. Systems-theoretic process analysis is a systems-theoretic hazard analysis technique that accounts for hazardous behavior due to component interaction, including cases when the components have not failed or faulted. Systems-theoretic process analysis is extended in this paper to account for behavior that emerges when software applications share data, which is a requirement in aircraft systems. The paper illustrates the new approach with an example that includes real-world avionics functions

Functional control structure model for the complex systems and its application in system safety analysis

The safety problem for the complex system is regarded as a control problem other than probability one, where the overall functional control structure model of the complex system could be configured in terms of the relationships among their functional labels. The hazards are due to the unsafe control actions (UCA), or the malfunctional control action (MCA). Meanwhile, UCA and MCA are due to the error feedback information (EFI), the error environment variables (EEV), the error state variables (ESE), the error command inputs (ECI), the error working modes (EWM), and the error process models (EPM), etc. Every function or component would be described as 10 labels, which are the input command (IC), the feedback to the upper level (FU), the control action (CA), the feedback from the lower levels (FL), the external input command (EC), the process model (PM), other related state variable (SV), the precondition (PC), the resource and the executing condition (RE) of the system, and the environment variable (EV). The aircraft wheel brake system’s control structure model is given to show its effectiveness