A Time-Triggered Constraint-Based Calculus for Avionic Systems

The Integrated Modular Avionics (IMA) architec- ture and the Time-Triggered Ethernet (TTEthernet) network have emerged as the key components of a typical architecture model for recent civil aircrafts. We propose a real-time constraint-based calculus targeted at the analysis of such concepts of avionic embedded systems. We show our framework at work on the modelisation of both the (IMA) architecture and the TTEthernet network, illustrating their behavior by the well-known Flight Management System (FMS)

Performance analysis of a Master/Slave switched Ethernet for military embedded applications

Current military communication network is a generation old and is no longer effective in meeting the emerging requirements imposed by the next generation military embedded applications. A new communication network based upon Full Duplex Switched Ethernet is proposed in this paper to overcome these limitations. To allow existing military subsystems to be easily supported by a Switched Ethernet network, our proposal consists in keeping their current centralized communication scheme by using an optimized master/slave transmission control on Switched Ethernet thanks to the Flexible Time Triggered (FTT) paradigm. Our main objective is to assess the performance of such a proposal and estimate the quality of service we can expect in terms of latency. Using the Network Calculus formalism, schedulability analysis are determined. These analysis are illustrated in the case of a realistic military embedded application extracted from a real military aircraft network, to highlight the proposal's ability to support the required time constrained communications

Ethernet for Aerospace Applications - Ethernet Heads for the Skies

One of the goals of aerospace applications is to reduce the cost and complexity of avionic systems. Ethernet is a highly scalable, flexible, and popular protocol. The aerospace market is large, with a forecasted production of over 50,000 turbine-powered aircraft valued at $1.7 trillion between 2012 and 2022. Boeing estimates demand for commercial aircraft by 2033 to total over 36,000 with a value of over$5 trillion. In 2014 US airlines served over 750 million passengers and this is growing over 2% yearly. Electronic fly-by-wire is now used for all airliners and high performance aircraft. Although Ethernet has been widely used for four decades, its use in aerospace applications is just beginning to become common. Ethernet is the universal solution in commercial networks because of its high bandwidths, lower cost, openness, reliability, maintainability, flexibility, and interoperability. However, when Ethernet was designed applications with time-critical, safety relevant and deterministic requirements were not given much consideration. Many aerospace applications use a variety of communication architectures that add cost and complexity. Some of them are SpaceWire, MIL-STD-1553, Avionics Full Duplex Switched Ethernet (AFDX), and Time-Triggered Ethernet (TTE). Aerospace network designers desire to decrease the number of networks to reduce cost and effort while improving scalability, flexibility, openness, maintainability, and reliability. AFDX and TTE are being considered more for critical aerospace systems because they provide redundancy, failover protection, guaranteed timing, and frame priority and are based on Ethernet IEEE 802.3. This paper explores the use of AFDX and TTE for aerospace applications

Mixed-Criticality on the AFDX Network: Challenges and Potential Solutions

In this paper, we first assess the most relevant existing solutions enabling mixed-criticality on the AFDX and select the most adequate one. Afterwards, the specification of an extended AFDX, based on the Burst-Limiting Shaper (BLS), is detailed to fulfill the main avionics requirements and challenges. Finally, the preliminary evaluation of such a proposal is conducted through simulations. Results show its ability to guarantee the highest criticality traffic constraints, while limiting its impact on the current AFDX traffic

Aircraft Communication Systems - Topologies, Protocols, and Vulnerabilities

Aviation systems are facing fierce competition driven by private investments promoting the development of new avionics suites (AS). With these new AS comes the need for a faster and larger bandwidth requirement for next generation communication systems. The legacy military (MIL) standard 1553 communication system (e.g., 1Mbps) can no longer keep up with the surge in bandwidth demand requirements. The new communication systems need to be designed with a system architecture background that can enable simplistic integration with Information Technology (IT) controlled groundnetworks, military, and commercial payloads. To facilitate a seamless integration with communication architecture, the current system is highly dependent on the Ethernet based IEEE 802.3 standard. Using a standard protocol cuts down on cost and shortens time for accessibility. However, it introduces several other new problems that developers are actively working through. These problems include a loss of redundancy, lower reliability, and cyber-security vulnerabilities. The cyber-security vulnerabilities that are introduced by IEEE 802.3 Ethernet are one of the larger concerns to military defense programs, and other aviation companies. Impacts of these new communication protocols are quantified and presented as cost, redundancy, topology, and vulnerability. This review paper introduces four communication protocols that can replace heritage systems. These protocols are presented and compared against each other in redundancy, reliability, topology and security vulnerabilities in their application on aircraft, space launch vehicles and satellites

Network Latency and Packet Delay Variation in Cyber-physical Systems

The problem addressed in this paper is the limitation imposed by network elements, especially Ethernet elements, on the real-time performance of time-critical systems. Most current network elements are concerned only with data integrity, connection, and throughput with no mechanism for enforcing temporal semantics. Existing safety-critical applications and other applications in industry require varying degrees of control over system-wide temporal semantics. In addition, there are emerging commercial applications that require or will benefit from tighter enforcement of temporal semantics in network elements than is currently possible. This paper examines these applications and requirements and suggests possible approaches to imposing temporal semantics on networks. Model-based design and simulation is used to evaluate the effects of network limitations on time-critical systems

Time Triggered Ethernet System Testing Means and Method

Methods and apparatus are provided for evaluating the performance of a Time Triggered Ethernet (TTE) system employing Time Triggered (TT) communication. A real TTE system under test (SUT) having real input elements communicating using TT messages with output elements via one or more first TTE switches during a first time interval schedule established for the SUT. A simulation system is also provided having input simulators that communicate using TT messages via one or more second TTE switches with the same output elements during a second time interval schedule established for the simulation system. The first and second time interval schedules are off-set slightly so that messages from the input simulators, when present, arrive at the output elements prior to messages from the analogous real inputs, thereby having priority over messages from the real inputs and causing the system to operate based on the simulated inputs when present

Development and Testing of a Vehicle Management System for Autonomous Spacecraft Habitat Operations

As the increased distance between Earth-based mission control and the spacecraft results in increasing communication delays, small crews cannot take on all functions performed by ground today, and so vehicles must be more automated to reduce the crew workload for such missions. In addition, both near-term and future missions will feature significant periods when crew is not present, meaning the vehicles will need to operate themselves autonomously. NASA's Advanced Exploration Systems Program pioneers new approaches for rapidly developing prototype systems, demonstrating key capabilities, and validating operational concepts for future human missions beyond low-Earth orbit. Under this program, NASA has developed and demonstrated multiple technologies to enable the autonomous operation of a dormant space habitat. These technologies included a fault-tolerant avionics architecture, novel spacecraft power system and power system controller, and autonomy software to control the habitat. The demonstration involved simulation of the habitat and multiple spacecraft sub-systems (power storage and distribution, avionics, and air-side life-support) during a multi-day test at NASA's Johnson Space Center. The foundation of the demonstration was quiescent operations' of a habitat during a 55 minute eclipse period. For this demonstration, the spacecraft power distribution system and air-side life support system were simulated at a high level of fidelity; additional systems were managed, but with lower fidelity operational constraints and system behavior. Operational constraints for real and simulated loads were developed by analyzing on-orbit hardware and evaluating future Exploration capable technology. A total of 13 real and simulated loads were used during the test. Eight scenarios including both nominal and off-nominal conditions were performed. Over the course of the test, every application performed its desired functions successfully during the simulated tests. The results will inform both future tests, as well as provide insight to NASA's domestic and international partners, as they construct the next generation of space habitats to be used on beyond-Earth missions

Integrated Formal Analysis of Timed-Triggered Ethernet

We present new results related to the verification of the Timed-Triggered Ethernet (TTE) clock synchronization protocol. This work extends previous verification of TTE based on model checking. We identify a suboptimal design choice in a compression function used in clock synchronization, and propose an improvement. We compare the original design and the improved definition using the SAL model checker