Sunday, October 21st
Session 1 – Systems Engineering
SL1: Spacecraft Avionics Systems Engineering
George Andrew, Booz, Allen, and Hamilton
This tutorial provides a detailed look at basic spacecraft avionics systems level design and engineering requirements required to develop the Avionics System Level Architecture. The session will detail how to derive Avionics System Level requirements from higher Mission Level Requirements and documentation required to conceptualize and develop Avionics Subsystem Architectures.
SA1: UML 2.0 / SysML Based Systems Engineering Using a Model Driven Approach
Hans-Peter Hoffmann, Ph.D., Telelogic
Increasingly, systems engineers are turning to the System Modeling Language (SysML) to specify and structure their systems. SysML’s advantages include providing verifiability and easily sharing information with other engineering disciplines, particularly software. This tutorial teaches a SysML-based process that systems engineers can use to capture requirements and specify architecture. The process uses SysML exclusively for the representation and specification of system characteristics. Essential SysML artifacts include requirements diagrams, use case diagrams, sequence diagrams, activity diagrams, statechart diagrams, and structure diagrams. The process is function-driven and is based heavily on the identification and elaboration of operational contracts: a message-based interface communication concept. The process has been applied successfully at various customer sites.
Sunday, October 21st
Session 2 – Systems, Standards & Security
SL2: The Modular Open Systems Approach (MOSA) in Defense Acquisition
Glen Logan, American Systems Corporation
This tutorial covers the background and mission of the Department of Defense (DoD) Open Systems Joint Task Force and discusses the motivation, policies and concepts behind the transition to a modular open systems approach in weapons system acquisition.
The tutorial provides detailed examples of the many life cycle cost savings, cycle time reductions and enhanced interoperability benefits of open systems through several practical applications--from avionics technology and risk reduction demonstrations, pilot programs and consensus-based standards development, and system-of-systems architecture principles.
The tutorial includes summaries of current Joint Service and individual Service initiatives (e.g., Navy Open Architecture) and concludes with an overview of the new MOSA Program Assessment and Review Tool (PART), which is used by the Office of the Secretary of Defense to assess the implementation of MOSA policy across major defense programs.
SA2: Multiple Independent Levels of Security / Safety (MILS)
Gordon Uchenick, Objective Interface Systems
The Multiple Independent Levels of Security/Safety (MILS) architecture greatly reduces the amount of privileged separation enforcement code while simultaneously making that code more effective. By providing extremely robust Data Isolation and Control of Information Flow, MILS enables system protection to be layered among a kernel, middleware, and applications. Robust protection of the low-level kernel and strong separation among partitions facilitate verification that multiple applications do not interfere with each other. The greatly reduced amount of critical code makes it more practical to mathematically prove that all separation enforcement is Non-bypassable, Evaluatable, Always Invoked, and Tamperproof (NEAT).
Sunday, October 21st
Session 3 – System Software Safety
SL3: System Safety for Software Intensive Systems
Alan Tribble, Rockwell Collins
Software safety analysis differs from hardware safety analysis in that software failure modes cannot be well characterized or enumerated. Software can fail to execute when expected, may execute but not perform its intended function, or may exhibit unexpected behavior. This tutorial will provide an introduction to software system safety with emphasis on the safety critical systems used in the aircraft industry. In particular, the difference between safety and reliability will be emphasized, current software safety techniques (e.g., DO-178B) will be reviewed and an assessment of current research areas will be provided.
SA3: System Software Safety for ATM Systems
Jeffrey Joyce, Critical Systems labs, Inc.
This tutorial provides an introduction to processes and techniques for the identification and management of safety risks associated with the software-intensive functionality of an Air Traffic Management (ATM) system. In keeping with the theme of the 26th DASC, this tutorial will place particular emphasis on software-intensive hazards associated with 4-dimensional trajectory based functionality.
This tutorial is partially based on the presenter’s experience in the safety analysis of a very advanced ATM system for Canadian airspace, as well as a related military system. This tutorial is also based on the presenter’s involvement in the implementation of the EUROCONTROL Safety Regulatory Requirement (ESARR) – in particular, ESARR 6 “Software in ATM Systems” – for the Swiss Air Navigation Service Provider, Skyguide.
Sunday, October 21st
Session 4 – Navigation and Timekeeping
SA4: Introduction to GPS--Its Applications and Timekeeping Aspects
Maarten Uijt de Haag, Ohio University
The Global Positioning System (GPS) has evolved from its military roots to a system that is being used in a wide variety of applications in today’s society. This course briefly describes the basic operation of GPS, its error sources and modes of operation and the state of art in GPS technology. The issues involved in incorporating GPS in various navigation-related applications will be highlighted and various technologies will be illustrated using case studies. The short course will furthermore address the growing use of GPS for time transfer and synchronization applications such as large-scale data networks, fleet management applications or air traffic management applications.
Monday, October 22nd
Session 1 – Communications and Air Traffic Management
Ann Heinke, Overlook Consulting, Inc.
This tutorial introduces communications concepts and vocabulary for Air Traffic Services communications. It describes the OSI model (upon which ATN and FANS were based). It describes the Aeronautical Data Communications applications (CPDLC, ADS-C and AFN) as well as the protocol stacks (ACARS and ATN). It also includes a brief description of the various data links being used by the FANS applications.
ML1: Communications Technologies for Air/Ground Data Links
Ann Heinke, Overlook Consulting, Inc.
This tutorial examines the technologies available for air/ground data links, including satellite, VHF, UHF, Mode-S, wireless Broadband, and cellular without regard to vendor. Questions are addressed as to how the aviation industry has linked applications with data links. The future data links using TCP/IP are shown, together with the impact of the change on aviation communications systems. Communications for AOC, APC, AAC and ATS are addressed.
MA1: NEXGEN, SESAR, and Trajectory-based Operations
Jack Fearnsides and Margaret Jenny, MJF Strategies, LLC
This tutorial will provide an in-depth analysis of the initiatives now underway in the U.S. and Europe to transform the Air Traffic Management (ATM) Systems to accommodate predicted demand. We will begin by detailing the goals of the U.S. Next Generation ATM (NextGen) and the Single European Sky ATM Research (SESAR) initiatives, proceeding to a description of the roadmap of operational improvements planned in each program and analyzing the risks and benefits associated with these improvements. Finally, we will focus on the concept of trajectory-based operations and examine its implications both for the ground-based ATM infrastructure and for new avionics technologies as well as dramatic changes in the roles of pilots and controllers.
Monday, October 22nd
Session 2 – Avionics Design
Cary Spitzer, AvioniCon
This tutorial presents a systems level overview of the fundamentals of design, construction, assessment, and validation of digital avionics systems. Topics include: 1) avionics organizations, 2) defining the avionics requirements, 3) data buses, 4) displays, 5) hardware and software assessment and validation, and 6) electromagnetic interference.
Emphasis will be given to selected topics that are frequently misunderstood or not fully appreciated, such as data buses, and the precise meaning of commonly misused terms.
ML2: Introduction to Digital Avionics Fiber Optics Technology
Mark Beranek, Naval Air Systems Command
The aerospace industry has made great strides in recent years deploying fiber optics and photonics technology on commercial and military platforms. This trend will continue to grow as avionics fiber optic system architectures, networking schemes, and components evolve and mature. Digital avionics fiber optics technology enables high speed data and video communication onboard military and commercial aircraft. If used smartly, fiber optics technology can effectively future-proof avionics architectures. This tutorial will provide an introduction to fiber optics technology with emphasis on military/aerospace fiber optic and photonic components and systems. In particular, the tutorial will teach the basics physics of light and the application of fiber optics in avionics networks. Technical characteristics of fiber optic cables, connectors, transmitters and receivers will be described. Life cycle cost elements that drive system requirements and qualification testing will also be taught. A bibliographic listing of relevant references and standards organizations will be given. The course concludes with a briefing on future research and development directions for avionics.
MA2: Modern Avionics Architectures
Cary Spitzer, AvioniCon
Architectures from seven civil and military aircraft including the B-757/767, A330/340, MD-11, B-777, F‑16 C/D, C-17, and the F-22 are examined. These architectures have been carefully chosen to cover a spectrum of 1) aircraft types, 2) federated and integrated designs, 3) line replaceable unit vis-à-vis modular packaging, and 4) non-essential to flight critical applications. The hardware and functions of each architecture are discussed.
The architectures of the A-380 and the B-787 are briefly discussed.
Monday, October 22nd
Session 3 – Net-centric Environment
MM3: Life Cycle Systems Engineering– Part I
Ellis Hitt, Strategic Systems Solutions, Inc.
This first of two tutorials focuses on the systems engineering tasks, processes, and tools used in the life cycle of a system. Each of the phases of a system’s life cycle will be described starting with pre-concept definition and ending with system disposal. The DoD 5000 Acquisition/Life Cycle Model, phases, and processes for each phase will be discussed. Evolutionary acquisition using spiral development is increasing with multiple design/test/modify phases in each of the development spirals. The development of acquisition documents and data packages will be presented. Preparation of the Systems Engineering Plan will be discussed. The analysis and mapping of a statement of work to investment costs and life cycle costs estimates will be demonstrated.
ML3: Systems Engineering for Net-Centric Avionics – Part II
Ellis Hitt, Strategic Systems Solutions, Inc.
This second tutorial focuses on applying systems engineering to net-centric avionics and net-centric operations. Net-centric operations are critical to achieving interoperability of systems. Net-centric supports non-linear relationships and increased tempo of operations. Industry and government must determine the most affordable method of migrating from current systems to a system of systems architecture that enables the net-centric data/information flow needed to achieve the required capabilities. Systems engineering processes are essential to cost effectively select an avionics architecture (hardware and software) that minimizes the need for complete rewiring of an existing aircraft to complete rewrite of the various operational flight programs and systems management software. This tutorial teaches the attendees how to determine the required net-centric capabilities for avionics, assess the capabilities and determine the total ownership cost of the currently installed avionics, identify the capability deficiencies, define alternatives for achieving the required capabilities, the process of analysis of these alternatives to ascertain whether an alternative satisfies the required capability, and the process of determining the total life cycle system cost of each alternative, and yearly funding required to develop, acquire, install, operate, and maintain the alternative.
MA3: The Software Defined Radio (SDR) for Net-Centric Operations
Alan Tribble, Rockwell Collins
This presentation provides an overview of the Software Defined Radio (SDR), a disruptive technology, and its role in Network Centric Operations (NCO). The various elements of an SDR platform and waveform are examined, as are related open standards such as the Software Communications Architecture (SCA). Next, NCO is examined in the context of the U.S. Joint Vision 2010 and 2020 and its emphasis on increased situational awareness. It will be seen that significant improvements in communications bandwidth will be required to achieve full networking of U.S. forces. The presentation concludes with a brief overview of the role of an SDR system, the Joint Tactical Radio System (JTRS), in delivering this increase in bandwidth as part of the Global Information Grid (GIG).
Monday, October 22nd
Session 4 – Design
Assurance
MM4: Introduction to Aviation Electronics Design Assurance
Tom Ferrell and Uma Ferrell, Ferrell & Associates Consulting
Safety-critical system development for modern digital aviation systems, both ground and airborne, depends on the application of rigorous development processes and a comprehensive regiment of design assurance. This tutorial is designed to provide an overview of the concepts of system and software safety, show how these concepts are addressed within the aviation regulatory environment, and provide an introduction to the major industry documents that discuss safety and design assurance. These documents include the SAE Aerospace Recommended Practices (ARPs) 4754 and 4761, as well as the various RTCA design and data assurance documents that include: DO-160D, DO-178B, DO-200A, DO-254, DO-264, and DO-278. This tutorial will discuss how design assurance is being impacted by major trends shaping modern aviation system development including the increased use of Commercial-Off-The-Shelf (COTS) components and the move to more highly integrated systems. This tutorial is intended as a broad survey on the topics of safety and design assurance. Individuals involved in this area may want to combine this session with one or both of the detailed sessions on Software Design Assurance (DO-178B and DO-278) and Complex Electronic Hardware Design Assurance (DO-254).
There are significant efforts underway to update the various design assurance standards and guidelines covered by this class. This includes work on the ARPs, the recent updates to DO-160, and the new effort on DO-178B. This class will contain updates on all of these efforts.
ML4: Software Design Assurance: DO-178B & DO-278
Uma Ferrell, Ferrell & Associates Consulting
RTCA DO-178B (Software Considerations in Airborne Systems and Equipment Certification) is the industry standard for governing the development, verification, and the certification aspects related to software for civil avionics. In the last two years, two additional RTCA documents – DO-248B and DO-278 have both clarified and extended DO-178B’s reach to ground and space-based systems. In addition, DO-178B has been applied in the automotive industry for safety-critical development and is one of the standards recognized by the Food and Drug Administration for use in life-critical medical devices. This tutorial is intended to provide a detailed overview of DO-178B, what it is, what it is not, how to apply it, and pitfalls to avoid in its application. In addition to explaining the guidelines, the tutorial will discuss the practical application of RTCA DO-178B. The tutorial will conclude with a summary of relevant FAA guidance associated with the application of software design assurance and current research activities on related topics. Even if you have some familiarity with DO-178B, this session will help reinforce and deepen your understanding of its content and intent.
Note: At least one and possibly two RTCA SC-205/EUROCAE WG-71 meetings will have been held before this year’s DASC. This committee is working on updates to DO-178B, DO-248B, and possibly (likely) DO-278. We will be providing current status of this effort in this tutorial.
MA4: Complex Electronics Hardware Design Assurance: DO-254
Tom Ferrell, Ferrell & Associates Consulting
RTCA DO-254/ED-80 (Design Assurance Guidance for Airborne Electronic Hardware) was released in April 2000 and is designed to fill the gap for developmental assurance for complex electronic hardware including programmable logic devices (PLDs) and application specific integrated circuits (ASICs). Since its release, the document has generated considerable interest in the topic of hardware design assurance and more than a little bit of controversy. This tutorial is intended to provide a detailed overview of DO-254, what it is, what it is not, and how to apply it. In addition to explaining the guidelines, the tutorial illustrates the parallels between DO-254 and DO-178B, the predominant standard for design assurance of software, and includes a discussion of the tradeoffs between implementing in hardware versus software. The tutorial will conclude with a summary of current activities in industry shaping the evolution of developmental assurance for complex hardware including an overview of related regulatory efforts.
Note: DO-254 has been controversial since the document’s publication. The FAA has been struggling to produce a concise, consistent policy that governs its use. This tutorial will include an update on where this activity stands and, if released, the implications of the FAA’s advisory circular on DO-254.
Monday, October 22nd
Session 5 – System Software Safety
ML5: Requirements Engineering for Software-Intensive Safety-Related Systems
Jeffrey Joyce, Critical Systems Labs, Inc.
This tutorial provides an introduction to concepts, methodologies and techniques for the specification of requirements for software-intensive systems. In particular, this tutorial will cover the standard topics of requirements engineering including elicitation, validation, organization, traceability and management. The material will also cover different styles of representing requirements including the use of natural language, semi-formal methods and formal methods.
Many of the examples that appear in the material for this tutorial are based on the functionality of Air Traffic Management (ATM) systems. The tutorial also places particular emphasis on the specification of safety-related requirements in the context of both ground-based and airborne systems.
MA5: An Introduction to Formal Methods and Their Practical Application
Jeffrey Joyce,
Critical Systems Labs, Inc. and Dr. Nancy Day, University of Waterloo
A variety of techniques and tools based on symbolic logic and other elements of discrete mathematics are gradually transitioning from R&D into mainstream industry practice. One such example is the use of formal methods to verify aspects of the Airbus A380 including properties such as Worst Case Execution Time (WCET). The next version of DO-178/ED-12 being developed by RTCA/EUROCAE SC-205/WG-71 is expected to include a new annex with specific guidance on the use of formal methods to satisfy certification objectives.
In response to these developments, this tutorial provides an introduction to formal methods for digital avionics professionals with the goal of providing tutorial participants with sufficient knowledge to make informed decisions about the feasibility and potential benefits of using formal methods alongside conventional methods such as testing. The tutorial will also discuss potential synergies between formal methods and model-based development.
No prior experience with formal methods is necessary for participants.