Certification Technology for Complex Systems … · Provide insight into our future strategic goals in ... DARPA, Universities, NSF, NASA, ... Certification Technology for Complex

1DISTRIBUTION STATEMENT A. Approved for public release; distribution unlimited. Case #: 88ABW-2011-3380)

Integrity Service Excellence

Certification Technology for

Complex Systems

Overview

14 Jun 11

Jacob Hinchman


Purpose

Provide insight into our future strategic goals in

order to solicit participation in the research of flight

critical verification and validation techniques and

applications.

– Bridging the gap between V&V theory and practical

application.


Solu

tio

ns

• User Certification Challenges

– Unaware of Advanced V&V

technologies

– Unsure how to apply various

techniques

• Basic Research Developing

Large Research Base

– No applicable Challenge

Problems

– Techniques extremely difficult to

apply to current “Challenges”

• RB Bridging the Gap between

Basic Research and the Users

Needs

Tech

Certification Challenges

Survey of RB, ASC, Industry

Selection of V&V Vectors

EmergingCertification Technologies

MonitoringDARPA, Universities,

NSF, NASA, NSA, other AFRL activities

RB Research &National Plan

AFRL RB V&VGaps Analysis


Certification Pillars

• Is the system built to the right

requirements?

• Does software do the correct thing?

• Is the information correct that is

feeding the flight controls/software?

• Will the design lend itself to

certification?

Requirements Validation

Software and Hardware

Composable Architectures

CLAWS, Models, and

Software Verification Tools and

Techniques

InformationAnd System

IntegrityManagement

S/W V&V

Architecture Certification

Data Integrity


Software V&V Area

• Goal:

– Reduce the effort required to verify and

validate safety critical flight software

Thrust

Pillar Software V&V

Enhanced Analysis

FY10 - FY15

Real time Assurance

FY12 – FY14

Requirements validation

FY13 – FY17


Data Integrity Area

• Goal:

– Develop a set of tools and techniques for

verifying/correlating single source data allowing for

safety assurance where traditional redundancy

does not work

Thrust

Pillar Data Integrity

Single Source Data

FY12 – FY18

Virtual Channels

FY15 – FY20


Software and Hardware

Composable Architecture Area

• Goal:

– Reduce certification efforts through

purposefully designing the architecture for

certification while maintaining functionality

and reducing SWAP

Thrust

Pillar Architecture Certification

Safe Interaction& Separation

FY10 – FY12

Formalized Composition

FY12 – FY17

System of Systems Certification

FY14 – FY20


Certification Technology

for Complex Systems

Certification

Software V&V

EnhancedAnalysis

Model Checkers

Theorem Provers

Run time Assurance

Wrappers

Requirements Validation

Composable Architectures

Safe Interaction& Separation

Distributed Data Flow Partitioning

Formalized Composition

System of Systems Certification

IntegritySingle Source

DataIntegrity

Phase I SBIR

Ve

ctors / Tasks


Tech Area Roadmap

Pillars FY11 – FY13 FY14 – FY16 FY16 – FY19

Software V&V

ArchitectureCertification

Data Integrity

Formal Method Toolkit Development

Req. Validation and Decomposition

Data FlowRTI Phase II SBIR

Formal Composition

SoS/Modular Certification“Plug ‘n Play”

Integrity SBIR IIntegrity SBIR

II

AAR RelNav Integrity

Single Source Data Integrity Program

ISHM Integrity / Reasoner

R-T Assurance Tech Base

Automated Req. Validation and FM V&V

R-T Assurance Common Applicability

Automated Verification

Modular Design w/ Principles Based on

Certification

Non-Safety Critical Sensors

Feeding Flt CLAWS


Enhanced Analysis

Model Checkers

• Automated Testing of Models developed in Matlab/Simulink

– Determines all reachable states

– Identifies when model properties are violated

• Provides a counter-example with conditions under which the properties fail

• Using Rockwell Collins “Gryphon” translator tool

– Gryphon translates a model developed in Matlab Simulink & Stateflow

into a model analyzable by the NuSMV model checker

– Develop several test cases

• ACAT, AAR, etc.

Gryphon


Model Checking Vector

Model Checkers

DoAll Properties

Hold?


Run-Time Assurance

Decision Maker

• Run-Time Assurance Wrappers

– Encapsulate advanced software functionality with a simple, deterministic monitor and safe backup system to ensure the safety of the vehicle

– contain the V&V costs on systems that leverage adaptive, learning control algorithms

• Decision logic is difficult– When to switch and still be safe?

– What is the switching criteria?

– Bounding the advanced controller

– Switching stability

• Impact– Redundancy vs Advanced capabilities tradeoff

– Increases overall capability but eases verification

through simplified controllers and decision logic

• Previous work is based on projected trajectory– ACAT/ACAS, AAR, CerTA FCS

– Barron Associates• Also focused on reactive, non-trajectory based

theory

How do you develop a complete set of decision logic for predictive, non-trajectory basedRun-Time Assurance Wrappers?


Technology

Milestones 11 12 13 14

Technology Investment Schedule (FY) As of Mar 11

• Assists with Requirements Validation and Traceability

• Starts bridging the gap between requirements generation and advanced software V&V

• Provides AFRL an understanding of the difficulty of the problem

• Reqs. Decomposition Survey

• Problem Set Development

• Manual Decomposition

• Investigate ways of translating requirements into model properties for use in model checkers

• This program will provide technical base for future programs in automated requirements decomposition

Automated Modeling of Requirements

Certa AMOR

• Formal method verification of software

• Automated Model-based verification

• Generalized Formal Requirements Specification Syntax

Description Benefits to the WarFighter

Certa AMOR

Requirements Translator

Requirements


Summary

• National Plan

– Establish multi-agency visions and vectors

– Multi-agency roadmap and S&T plan to meet future Air Worthiness V&V

Certification challenges

– Leveraging Government, Academia, and Industry to solve Aviation V&V challenges

• RB Current Focus

– Enhanced Analysis Software V&V (Formal Methods, Model Checking, Theorem

Proving, etc.)

– Run-Time Assurance

• RB Future Focus

– Automated Model of Requirements (CerTa AMOR)

– Data Integrity

– Architectures CertificationWe need your Help!

Identifying needs and sharing solutions


JACOB HINCHMAN

Office: (937) 255-8427

[email protected]

DAVID HOMAN, CHIEF - Control Automation Section

Office: (937) 255-4026

[email protected]

RUSS URZI

Office: (937) 255-8294

[email protected]

BRIAN HULBERT

Office: (937) 255-4605

[email protected]

JON HOFFMAN

Office: (937) 255-2541

[email protected]

MATT CLARK

Office: (937) 255-8439

[email protected]

Control Systems Development and Applications Branch

Air Force Research Laboratory AFRL/RBCCZ2130 Eighth St.

Wright Patterson AFB, OH 45433-7542

FAX: (937) 656-7505

V&V TEAM

mailto:[email protected]







Questions?

Documents

Certification Technology for Complex Systems … · Provide insight into our future strategic goals in ... DARPA, Universities, NSF, NASA, ... Certification Technology for Complex