Formal Scenario Definition Language for Aviation: Aircraft Landing Case Study

Although the importance of scenarios in modeling and simulation has long been well known, there still exists a lack of common understanding and standardized practices in simulation scenario development. This paper proposes a Domain-Specific Language (DLS) to provide a standard scenario specification that will lead to a common mechanism for verifying and executing aviation scenarios, effective sharing of scenarios among various simulation environments, improve the consistency among different simulators and simulations, and even enable the reuse of scenario specifications. Following DSL design practices, the proposed Aviation Scenario Definition Language (ASDL) will provide a well-structured definition language to formally specify complete aircraft landing scenarios. In order to capture the necessary constructs for a simulation scenario, Simulation Interoperability Standards Organization (SISO) Base Object Model (BOM) is adopted as the baseline metamodel. This baseline is extended using the fundamentals of aircraft landing that cover all the domain-related concepts and terminology as constructs. By taking a formal approach in defining aviation scenarios, ASDL aims at providing consistency and completeness checking, and model-to-text transformations capabilities for various targets in the aviation scenario definition domain. The results of this work will be used to develop a graphical modeling environment and automatic means to transform scenario models into executable scenario scripts. The work presented here is the first stepping stone in formal scenario definition in aviation domain

Model-Based STPA: Enabling Safety Analysis Coverage Assessment with Formalization

Urban Air Mobility introduces safety-related challenges for future avionics systems. The associated need for increased autonomy demands novel functions based on highperformance algorithms. To provide such functionality in future air vehicles of all sizes, the trend is towards centralized and powerful computing platforms. That turns avionics into a complex, integrated, and software-intensive aircraft system. Simultaneously, this increases the need for adapted safety analyses. The System-Theoretic Process Analysis is a promising approach to analyze the safety of software-intensive systems. It enables consideration of interaction and specification issues additional to component failures. However, even when using state-of-the-art analyses such as STPA, claiming the sufficiency of the safety analysis efforts is a challenging tasks for systems with everincreasing complexity. To address this issue, this paper extends the coverage analysis concepts known from the software development to safety analyses. This is achieved with the utilization of failure graphs, i.e., formalized analysis summaries that can be automatically created during the safety analysis. Failure graphs have two advantages: they provide the possibility for visual analysis state indication and can be used to calculate various statistical metrics. Thereby, they allow to improve the knowledge about the depth, breadth, and state of the safety analysis. Both visual and statistical consideration complement each other to enhance the safety analysis coverage assessment for future avionic systems. To show all capabilities, the analysis of a flight assistance system serves as demonstrator

SES and Ecore for Ontology-based Scenario Modeling in Aviation Scenario Definition Language (ASDL)

The Aviation Scenario Definition Language (ASDL) is a domain-specific language proposal which aims to provide a standard aviation scenario specification mechanism and enable the reuse of scenario generation methods among different simulators. This paper presents a model-based scenario development approach that exploits Eclipse Modeling Framework (EMF) core (Ecore) and System Entity Structure (SES) for metamodeling and modeling these elements. The construction of the ASDL metamodel using both platforms is described to illustrate the processes. As a result of comparing two approaches, it is concluded that they follow a similar structure in the hierarchical definition of modeled elements despite there being different toolsets available in each method. Thereby, each metamodel can be easily converted into the other type using transformations. As an application use case, the use of the proposed ontology-based scenario development in the aviation domain is discussed, where a training tool is being developed that utilizes SES/Ecore approach to build a scenario-driven training tool for air traffic controllers

Flight Simulator Model Integration for Supporting Pilot-in-the-Loop Testing in Model-Based Rotorcraft Design

Model-Based Design (MBD) enables iterative design practices and boosts the agility of the air vehicle development programs. Flight simulators are extensively employed in these programs for evaluating the handling qualities of the designed platforms. In order to keep up with the agility provided by the MBD, integration of the air vehicle models in fairly complex flight simulators needs to be addressed. The AVES Software Development Kit (SDK), which is the simulation software suite of DLR Air Vehicle Simulator (AVES), enables tackling the model integration starting from the modeler’s desktop. Additionally, 2Simulate, which is the enabling real-time simulation infrastructure of AVES SDK, provides automated model integration workflow for MATLAB/Simulink models using Simulink Coder code generation facilities. This paper presents the successful employment of AVES SDK and the 2Simulate model integration workflow for addressing integration challenges for Pilot-in-the-Loop Testing in AVES

Towards Enabling Level 3A AI in Avionic Platforms

The role of AI evolves from human assistance over human/machine collaboration towards fully autonomous systems. As the push towards more autonomy subsequently removes the reliance on a human overseeing the system, means of self supervision must be provided to enable safe operations. This work explores dynamic reconfiguration to provide resilience to unforeseen environmental conditions that exceed the systems capabilities, but also against normal faults. We focus on providing the means for this in an ARINC 653 compliant environment, since we target avionics platforms. Scheduling and communication are two major aspects of dynamic reconfiguration. Hence, we discuss multiple respective implementation approaches. The third pillar of reconfiguration, the process of deciding when to reconfigure is also investigated. Combining these yields the building blocks for a self-supervising system

Model-based Development of Enhanced Ground Proximity Warning System for Heterogeneous Multi-Core Architectures

The aerospace domain, very much similar to other cyber-physical systems domains such as automotive or automation, is demanding new methodologies and approaches for increasing performance and reducing cost, while maintaining safety levels and programmability. While the heterogeneous multi-core architectures seem promising, apart from certification issues, there is a solid necessity for complex toolchains and programming processes for exploiting their full potential. The ARGO (WCET-Aware PaRallelization of Model-Based Ap-plications for HeteroGeneOus Parallel Systems) project is addressing this challenge by providing an inte-grated toolchain that realizes an innovative holistic approach for programming heterogeneous multi-core sys-tems in a model-based workflow. Model-based design elevates systems modeling and promotes simulation with the executing these models for verification and validation of the design decisions. As a case study, the ARGO toolchain and workflow will be applied to a model-based Enhanced Ground Proximity Warning System (EGPWS) development. EGPWS is a readily available system in current aircraft which provides alerts and warnings for obstacles and terrain along the flight path utilizing high resolution terrain databases, Global Positioning System and other sensors-. After a gentle introduction to the model-based development approach of the ARGO project for the heterogeneous multi-core architectures, the EGPWS and the EGPWS systems modelling will be presented

Automatic Deployment of Embedded Real-time Software Systems to Hypervisor-managed Platforms

The deterministic integration of concurrent func- tions on shared multicore platforms is a challenging yet important task. Especially in safety-critical environments, hypervisors can be used to achieve time and space partitioning, but their sole application is often insufficient to guarantee deterministic timing and data flow behavior. Considering the growing complexity of modern embedded systems, for example in terms of functionality and mixed-criticality requirements, model-based approaches are a promising starting point to tackle this issue. In this work, we bridge the gap between a model-based behavior specification methodology based on the Logical Execution Time (LET) concept and target platforms running a commercially available bare- metal hypervisor. Therefore, this paper describes a runtime environment that implements LET semantics at the level of hypervisor partitions and a tool-supported design methodology that deploys software to this runtime environment. From a be- havior specification provided as a system model with annotated C code, the presented deployment tool generates binary images with guaranteed timing and data-flow behavior for the XtratuM hypervisor. The approach is finally validated by applying it to a Flight Assistance System (FAS) from the avionics domain

Cybersecurity Engineering: Bridging the Security Gaps in Avionics Architectures and DO-326A/ED-202A

Urban Air Mobility is envisioned as an on-demand, highly automated and autonomous air transportation modality. It requires the use of advanced sensing and data communication technologies to gather, process, and share flight-critical data. Where this sharing of mix-critical data brings opportunities, if compromised, presents serious cybersecurity threats and safety risks due to the cyber-physical nature of the airborne vehicles. Therefore the avionics system design approach of adhering to functional safety standards (DO-178C) alone is inadequate to protect the mission-critical avionics functions from cyber-attacks. To approach this challenge, the DO-326A/ED-202A standard provides a baseline to effectively manage cybersecurity risks and to ensure the airworthiness of airborne systems. In this regard, this paper pursues a holistic cybersecurity engineering and bridges the security gap by mapping the DO-326A/ED-202A system security risk assessment activities to the Threat Analysis and Risk Assessment process. It introduces Resilient Avionics Architecture as an experimental use case for Urban Air Mobility by apprehending the DO-326A/ED-202A standard guidelines. It also presents a comprehensive system security risk assessment of the use case and derives appropriate risk mitigation strategies. The presented work facilitates avionics system designers to identify, assess, protect, and manage the cybersecurity risks across the avionics system life cycle

Interactive Parallelization of Embedded Real-Time Applications Starting from Open-Source Scilab & Xcos

International audienceIn this paper, we introduce the workflow of interactive parallelization for optimizing embedded real-time applications for multicore architectures. In our approach, the real-time applications are written in the Scilab high-level mathematical & scientific programming language or with a Scilab Xcos block-diagram ap-proach. By using code generation and code parallelization technol-ogy combined with an interactive GUI, the end user can map appli-cations to the multicore processor iteratively. The approach is eval-uated on two use cases: (1) an image processing application written in Scilab and (2) an avionic system modeled in Xcos. Using the workflow, an end-to-end model-based approach targeting multicore processors is enabled resulting in a significant reduction in devel-opment effort and high application speedup. The workflow de-scribed in this paper is developed and tested within the EU-funded ARGO project focused on WCET-Aware Parallelization of Model-Based Applications for Heterogeneous Parallel Systems