The document discusses safety-critical applications in aerospace. It outlines 5 key things to know: 1) Which standards must be considered, such as DO-254 for electronics and DO-178 for software. 2) How to distinguish between Design Assurance Levels (DAL) from A to E based on failure rates. 3) How to achieve functional safety through redundancy, error detection/correction, and diverse/reliable system architectures. 4) How the Avionics Full-Duplex Switched Ethernet (AFDX) network provides reliable data transport in avionics. 5) How commercial off-the-shelf (COTS) components can help reduce costs through modular configurations and flexible/reusable IP cores.

1. Textmasterformat bearbeiten
▪ Second Level
▪ Third Level
▪ Fourth Level
Fifth Level
November 10, 2017
5 Things to Know about Safety-Critical
Applications in Aerospace

2. 2
Safety-Critical Applications in Aerospace
A number of innovations and changes deliver new capabilities to aircraft
operations. Modern aircraft are equipped with a multitude of electronic
components. There is also a multitude of standards that must be fulfilled when
designing an avionics hardware solution.
Some questions may come to your mind, before designing a safety-critical
aerospace system.
1: Which standards do I need to consider?
2: How to distinguish between the Design Assurance Levels (DAL)?
3: How to achieve functional safety?
4: Which role is AFDX playing in avionics?
5: How can COTS components help to reduce development time and cost?

3. Which Standards do I need to Consider?
In avionics there are several applicable “DO” standards.
Developing a complex electronic component needs to conform to DO-254. This
standard initially focused on design concerning FPGA and ASIC developments, but
is increasingly applied also to the PCB design itself.
Software used in avionics systems must comply to the DO-178 with current
revision C and its related DO covering tool qualification, software modeling, object
oriented software and formal methods.
Another important DO is the DO-160 revision G. It defines depending on the
location of your component in the aircraft, which environmental test must be
applied.

4. How to Distinguish Between the
Design Assurance Levels (DAL)?
To cope with the effect of a component fault, so called design assurance levels are
defined. These DALs are defined with the letter A to E, with DAL-A defining the
strictest requirements and DAL-E the weakest.
In relation to the DAL also a failure rate, abbreviated FIT, must be achieved by a
component. FITs are divided into systematic faults (caused by human error) and
random hardware faults.
DAL Failure Rate (FIT) Impact
A F ≤ 10-9/h (= 1 FIT)
Catastrophic: Multiple fatalities, usually with the loss of the
airplane
B 10-9/h < F ≤ 10-7/h
Hazardous: Serious or fatal injury to a passenger other than the
flight crew
C 10-7/h < F ≤ 10-5/h
Major: Physical distress to passengers or cabin crew, possibly
including injuries
D 10-5/h < F Minor: Some physical discomfort to passengers or cabin crew
E - No Effect

5. How to Achieve Functional Safety?
One of the key design elements of a safety-critical system is redundancy. This can
be realized by duplicating the complete system and/or single components.
Cosmic radiation is one example for a hazard impacting the architecture, like
Single Event Upsets (SEU) in FPGA and memory components. In order to
automatically detect and correct single bit errors Triple Modular Redundancy
(TMR) can be employed.
A safe system architecture, both in hardware and in software, can have different
structures of redundant sub-units, enhanced by diversity, and considering the
relation between safety, availability and cost. Other considerations to achieve
functional safety include supervisors, determinism and event logging.

6. Which Role is AFDX Playing in Avionics?
As computing needs have increased, AFDX was established to provide a
commercially proven hardware technology that applies a protocol to enable
reliable transport, delivery and timing of data packets between sub systems.
Based on IEEE 802.3 standard Ethernet technology the communication backbone
includes virtual link communication, deterministic timing, guaranteed bandwidth
and physical redundancy. It is standardized as ARINC 664, Part 7.
AFDX Switch
Sub System
Sender
AFDX
End System
Sub System
Recipent
AFDX
End System
Sub System
Recipent
AFDX
End System
Sub System
Recipent
AFDX
End System
An AFDX network consists
of switches and end
systems, which are capable
of handling all AFDX-related
protocol operations.
Depending on the network
hierarchy, one or more
switches are located on the
data path between two end
systems.

7. How can COTS components help to reduce
development time and cost?
It is one thing to make a system safe, but another to make it safe and cost-
effective. For modern airborne systems it is important to provide the ability for
upgrades and modifications with minimized cost during long product life-cycles.
COTS components based on open standards in hardware and software provide
modular system configuration, being able to integrate components from
different suppliers. By using FPGA designs and or a flexible IP core library
complex and customizable architectures are possible.
➢ Get a complete product and competencies
overview on our website
➢ Download our detailed brochure
Have a look at MEN‘s flexible, safe and
partly also pre-certified products for
the aerospace market:

8. www.men.de/industrial/aerospace/
www.menmicro.com/industrial/aerospace/
www.men-france.fr/industrial/aerospace/