Textmasterformat bearbeiten

▪ Second Level

▪ Third Level

▪ Fourth Level

Fifth Level

November 10, 2017

5 Things to Know about Safety-Critical Applications in Aerospace

2

Safety-Critical Applications in Aerospace

A number of innovations and changes deliver new capabilities to aircraft operations. Modern aircraft are equipped with a multitude of electronic components. There is also a multitude of standards that must be fulfilled when designing an avionics hardware solution.

Some questions may come to your mind, before designing a safety-critical aerospace system.

1: Which standards do I need to consider?

2: How to distinguish between the Design Assurance Levels (DAL)?

3: How to achieve functional safety?

4: Which role is AFDX playing in avionics?

5: How can COTS components help to reduce development time and cost?

Which Standards do I need to Consider?

In avionics there are several applicable “DO” standards.

Developing a complex electronic component needs to conform to DO-254. This standard initially focused on design concerning FPGA and ASIC developments, but is increasingly applied also to the PCB design itself.

Software used in avionics systems must comply to the DO-178 with current revision C and its related DO covering tool qualification, software modeling, object oriented software and formal methods.

Another important DO is the DO-160 revision G. It defines depending on the location of your component in the aircraft, which environmental test must be applied.

How to Distinguish Between the Design Assurance Levels (DAL)?

To cope with the effect of a component fault, so called design assurance levels are defined. These DALs are defined with the letter A to E, with DAL-A defining the strictest requirements and DAL-E the weakest.

In relation to the DAL also a failure rate, abbreviated FIT, must be achieved by a component. FITs are divided into systematic faults (caused by human error) and random hardware faults.

DAL Failure Rate (FIT) Impact

A F ≤ 10-9/h (= 1 FIT)Catastrophic: Multiple fatalities, usually with the loss of the

airplane

B 10-9/h < F ≤ 10-7/hHazardous: Serious or fatal injury to a passenger other than the

flight crew

C 10-7/h < F ≤ 10-5/hMajor: Physical distress to passengers or cabin crew, possibly

including injuries

D 10-5/h < F Minor: Some physical discomfort to passengers or cabin crew

E - No Effect

How to Achieve Functional Safety?

One of the key design elements of a safety-critical system is redundancy. This can be realized by duplicating the complete system and/or single components.

Cosmic radiation is one example for a hazard impacting the architecture, like Single Event Upsets (SEU) in FPGA and memory components. In order to automatically detect and correct single bit errors Triple Modular Redundancy (TMR) can be employed.

A safe system architecture, both in hardware and in software, can have different structures of redundant sub-units, enhanced by diversity, and considering the relation between safety, availability and cost. Other considerations to achieve functional safety include supervisors, determinism and event logging.

Which Role is AFDX Playing in Avionics?

As computing needs have increased, AFDX was established to provide a commercially proven hardware technology that applies a protocol to enable reliable transport, delivery and timing of data packets between sub systems.

Based on IEEE 802.3 standard Ethernet technology the communication backbone includes virtual link communication, deterministic timing, guaranteed bandwidthand physical redundancy. It is standardized as ARINC 664, Part 7.

AFDX Switch

Sub SystemSender

AFDX

End System

Sub SystemRecipent

AFDX

End System

Sub SystemRecipent

AFDX

End System

Sub SystemRecipent

AFDX

End System

An AFDX network consists of switches and end systems, which are capable of handling all AFDX-related protocol operations. Depending on the network hierarchy, one or more switches are located on the data path between two end systems.

How can COTS components help to reduce development time and cost?It is one thing to make a system safe, but another to make it safe and cost-effective. For modern airborne systems it is important to provide the ability for upgrades and modifications with minimized cost during long product life-cycles. COTS components based on open standards in hardware and software providemodular system configuration, being able to integrate components fromdifferent suppliers. By using FPGA designs and or a flexible IP core library complex and customizable architectures are possible.

➢ Get a complete product and competencies overview on our website

➢ Download our detailed brochure

Have a look at MEN‘s flexible, safe and partly also pre-certified products forthe aerospace market:

www.men.de/industrial/aerospace/

www.menmicro.com/industrial/aerospace/

www.men-france.fr/industrial/aerospace/