This document discusses software development for safety critical systems. It covers:
- Special considerations for safety critical systems where malfunctions can cause injury, including design, verification, validation, certification to standards.
- The increasing complexity of avionics software over time with aircraft like the A380 and B787 having hundreds of millions of lines of code.
- Key aeronautical certification bodies and standards like the FAA, EASA, ICAO, DO-178B/C, and ARP-4754.
- Methodologies used in aeronautical system certification like fault tree analysis, common cause analysis, and design assurance levels (DAL).
- How certification aspects apply to both software and hardware and
Validation and Verification using Rational DOORS for AerospaceHellasserve
This Presentation shows the implementation of Verification and Validation in aerospace using IBM Rational DOORS to provide compliance in requirements like DO-178C, ARP4754 etc.
Validation and Verification using Rational DOORS for AerospaceHellasserve
This Presentation shows the implementation of Verification and Validation in aerospace using IBM Rational DOORS to provide compliance in requirements like DO-178C, ARP4754 etc.
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
Verification of IVI Over-The-Air using UML/OCL @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Towards 0-bug software in the automotive industryAshley Zupkus
What are the software safety and security standards that software developers in the automotive industry need to meet? How can safe, secure code be developed in accordance with the industry norms like ISO 26262, ISO 21434, and SOTIF? Experts specialized in the automotive industry will answer all your questions in this webinar dedicated to automotive software safety and security.
1. Latest safety and security standards for automotive software (ISO 26262, ISO 21434, and SOTIF) and how they impact software developers' work - Amin Amini, CertX
2. How to implement coding best practices to ensure the highest levels of safety & security in software in autonomous vehicles - Arnaud Telinge, EasyMile
3. How can code analysis tools be leveraged to help reach ISO 26262 and ISO 21434 demands more efficiently - Fabrice Derepas, TrustInSoft
Who needs a CE mark and how do I get one? It is EU law that every product that enters the European Union meet the CE Directives and applicable Standards. This mark can only be applied to your product when you have fully complied with all relevant Directives and Standards for the type of system you are marketing and and a Declaration of Conformity has been developed.
Way To Use Autel Maxiscan JP701 Scanner | VtoolShopAmy joe
JP701 supports all 9 tst modes of the latest J-1979 OBD2 test specs and used for Reads Engine, Transmission, ABS & Airbag Systems for major Japanese vehicles.
Introduction to Functional Safety and SIL CertificationISA Boston Section
This overview session will acquaint attendees with the key concepts in the IEC 61508 standard for functional safety of electrical/electronic and programmable electronic systems. An introduction is provided to safety integrity levels (SIL), the safety lifecycle and the requirements needed to achieve a functional safety certificate. Information will be provided on documentation requirements and an introduction to the basic objectives of product design for functional safety.
Isolation is an integral part of many modern applications from medical to instrumentation to industrial. Most applications require the designer to integrate isolation in the design while improving performance, saving board space, increasing reliability levels, reducing power consumption, and, of course, cutting cost. This session provides an understanding of various isolator technologies, and offers suggestions on how to address such stringent design objectives.
Unified Systems Engineering feasibilityEric Verhulst
Is unified systems and safety engineering feasible?
This presentation introduces a new approach for developing composable systems with different SIL levels will be presented. It introduces the new notion of ARRL (Assured Reliability and Resilience Level).
Next-Generation Completeness and Consistency Management in the Digital Threa...Ákos Horváth
In the new era of digitalization, there is an ever-growing need for design and production processes capable of increasing systems quality, reducing risks and the chance of errors, while, at the same me, reducing overall production costs. Nowadays, more and more systems design scenarios comprise a high number of domains.
However, the underlying tool landscape is still dominated by closed ecosystems, resulting in the design data remaining in separated silos. In order to effectively deal with novel, massively diverse yet interconnected engineering scenarios, while also considering industrial sustainability and the well-being of the future digital society, we have to propose new ways to look at the digital thread, supporting every phase of a digital engineering lifecycle, while turning the siloed multi-domain engineering data into a holistic, accessible and globally analyzable digital thread.
This talk serves two main purposes: first, to overview the state-of-the-art digital thread tool landscape along the aspects of domain and vendor/tool coverage, scalability, as well as decisive functional capabilities, such as the support of transformations or interdomain link/trace handling. We review offerings such as Intercax Syndeia, Smartfacts, eQube, ModelCenter and the IncQuery Suite, and demonstrate some practical aspects through a complex multi-domain engineering scenario.
Natural Language Understanding of Systems Engineering ArtifactsÁkos Horváth
This paper examines in close relation two fields of growing importance: model-based systems engineering (MBSE) and natural language processing (NLP). System models provide a structured description of engineering data, whose inherent semantics often remains hard to explore. Natural language understanding, (i.e., the machine analysis of texts produced by humans) an important field of NLP, focuses on semantic text comprehension but cannot directly account for structured information sources.
More Related Content
Similar to Software Development for Safety Critical Systems
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
Verification of IVI Over-The-Air using UML/OCL @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Towards 0-bug software in the automotive industryAshley Zupkus
What are the software safety and security standards that software developers in the automotive industry need to meet? How can safe, secure code be developed in accordance with the industry norms like ISO 26262, ISO 21434, and SOTIF? Experts specialized in the automotive industry will answer all your questions in this webinar dedicated to automotive software safety and security.
1. Latest safety and security standards for automotive software (ISO 26262, ISO 21434, and SOTIF) and how they impact software developers' work - Amin Amini, CertX
2. How to implement coding best practices to ensure the highest levels of safety & security in software in autonomous vehicles - Arnaud Telinge, EasyMile
3. How can code analysis tools be leveraged to help reach ISO 26262 and ISO 21434 demands more efficiently - Fabrice Derepas, TrustInSoft
Who needs a CE mark and how do I get one? It is EU law that every product that enters the European Union meet the CE Directives and applicable Standards. This mark can only be applied to your product when you have fully complied with all relevant Directives and Standards for the type of system you are marketing and and a Declaration of Conformity has been developed.
Way To Use Autel Maxiscan JP701 Scanner | VtoolShopAmy joe
JP701 supports all 9 tst modes of the latest J-1979 OBD2 test specs and used for Reads Engine, Transmission, ABS & Airbag Systems for major Japanese vehicles.
Introduction to Functional Safety and SIL CertificationISA Boston Section
This overview session will acquaint attendees with the key concepts in the IEC 61508 standard for functional safety of electrical/electronic and programmable electronic systems. An introduction is provided to safety integrity levels (SIL), the safety lifecycle and the requirements needed to achieve a functional safety certificate. Information will be provided on documentation requirements and an introduction to the basic objectives of product design for functional safety.
Isolation is an integral part of many modern applications from medical to instrumentation to industrial. Most applications require the designer to integrate isolation in the design while improving performance, saving board space, increasing reliability levels, reducing power consumption, and, of course, cutting cost. This session provides an understanding of various isolator technologies, and offers suggestions on how to address such stringent design objectives.
Unified Systems Engineering feasibilityEric Verhulst
Is unified systems and safety engineering feasible?
This presentation introduces a new approach for developing composable systems with different SIL levels will be presented. It introduces the new notion of ARRL (Assured Reliability and Resilience Level).
Next-Generation Completeness and Consistency Management in the Digital Threa...Ákos Horváth
In the new era of digitalization, there is an ever-growing need for design and production processes capable of increasing systems quality, reducing risks and the chance of errors, while, at the same me, reducing overall production costs. Nowadays, more and more systems design scenarios comprise a high number of domains.
However, the underlying tool landscape is still dominated by closed ecosystems, resulting in the design data remaining in separated silos. In order to effectively deal with novel, massively diverse yet interconnected engineering scenarios, while also considering industrial sustainability and the well-being of the future digital society, we have to propose new ways to look at the digital thread, supporting every phase of a digital engineering lifecycle, while turning the siloed multi-domain engineering data into a holistic, accessible and globally analyzable digital thread.
This talk serves two main purposes: first, to overview the state-of-the-art digital thread tool landscape along the aspects of domain and vendor/tool coverage, scalability, as well as decisive functional capabilities, such as the support of transformations or interdomain link/trace handling. We review offerings such as Intercax Syndeia, Smartfacts, eQube, ModelCenter and the IncQuery Suite, and demonstrate some practical aspects through a complex multi-domain engineering scenario.
Natural Language Understanding of Systems Engineering ArtifactsÁkos Horváth
This paper examines in close relation two fields of growing importance: model-based systems engineering (MBSE) and natural language processing (NLP). System models provide a structured description of engineering data, whose inherent semantics often remains hard to explore. Natural language understanding, (i.e., the machine analysis of texts produced by humans) an important field of NLP, focuses on semantic text comprehension but cannot directly account for structured information sources.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
In the ever-evolving landscape of technology, enterprise software development is undergoing a significant transformation. Traditional coding methods are being challenged by innovative no-code solutions, which promise to streamline and democratize the software development process.
This shift is particularly impactful for enterprises, which require robust, scalable, and efficient software to manage their operations. In this article, we will explore the various facets of enterprise software development with no-code solutions, examining their benefits, challenges, and the future potential they hold.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
1. Budapest University of Technology and Economics
Department of Measurement and Information Systems
Software Development for
Safety Critical Systems
Ákos Horváth
Dept. of Measurement and Information Systems
Fault Tolerant Systems Research Group
FRENCH-HUNGARIAN WORKSHOP ON OUTER-SPACE
3. Specialities of safety critical systems
Safety-critical systems
o Informal definition: Malfunction may cause injury of people
Special solutions to achieve safe operation
o Design: Requirements, architecture, tools, …
o Verification, validation, and independent assessment
o Certification (by safety authorities)
Basis of certification: Standards
o IEC 61508: Generic standard (for electrical, electronic or
programmable electronic systems)
o DO178B/C: Software in airborne systems and equipment
o EN50129: Railway (control systems)
o EN50128: Railway (software)
o ISO26262: Automotive
o Other sector-specific standards: Medical, process control, etc.
3
4. History of avionics SW complexity
4
0
50
100
150
200
250
300
350
400
MIPS LOC Mbyte/10 Digital links
A-310 (1983)
A-320 (1988)
A-340 (1993)
Exponential
Growth
Both A380 and B 787 have
100’s of millions LOC
Ref: Subra de
Salafa and
Paquier
5. ARP-4754
Aeronautical Certification Bodies and Standards
5
ICAO
EASA
EASA
EASANational
Aviation
Authority
EASA CS-25
ARP-4754
define
supervise
supervise
EASA
EASAStandardization
Body
harmonize with
regulations
adopt
accepted
mean
define
6. ARP-4754
Aeronautical Certification Bodies and Standards
6
ICAO
EASA
EASA
EASANational
Aviation
Authority
EASA CS-25
ARP-4754
define
supervise
supervise
EASA
EASAStandardization
Body
harmonize with
regulations
adopt
accepted
mean
define
International Civil Aviation
Organization (1944)
European
Aviation Safety
Agency (2006)
7. ARP-4754
Aeronautical Certification Bodies and Standards
7
ICAO
EASA
EASA
EASANational
Aviation
Authorities
EASA CS-25
ARP-4754
define
supervise
supervise
EASA
EASAStandardization
Body
sarmonize with
regulations
adopt
accepted
mean
define
EASA CS 25.1309:
The airplane systems and associated
components, considered separately and
in relation to other systems, must be
designed so that-
1. Any catastrophic failure condition
a) is extremely improbable; and
b) does not result from a single failure;
and
2. Any hazardous failure condition is
extremely remote; and
3. Any major failure condition is remote.
9. Aeronautical System Certification
9
Methodologies for safety assessment
processes are guidelines
E.g., fault tree analysis, common cause
analysis
Certififcation aspects of complex aircraft
system cannot be shown by test only.
Design Assurance Level (DAL)
10. Aeronautical System Certification
10
Methodologies for safety assessment
processes are guidelines
E.g., fault tree analysis, common cause
analysis
Certififcation aspects of complex aircraft
system cannot be shown by test only.
Design Assurance Level (DAL)
11. Aeronautical System Certification
11
Provide guidelines for production of
software for airborne systems.
Objectives, activities and evidences
Certififcation aspects of hardware elements
from concept to airworthy equipment
development
13. Future and Related Fields
Automotive industry
o Drive-by-wire
o Automated parking/driving
o No strict authorities for SW
certification
• EU pushing for standards
• Safety related issues
UAV
o In the same civil airspace
o Needs to take into consideration
the environment
o Equipment can fail
13
Space and Satellite
o Uses avionics concepts
o Similar certification processes
by ESA
o How advanced concepts will
appear?
Avionics
o Modern development methods
(DO-178C annexes, 2013)
o MDE, OO languages, formal
methods, tool certification
o Flightpath 2050
o Passengers/year
from 2.5bn to 16bn
o 31000 new aircrafts
Editor's Notes
ICAO - International Civil Aviation Organization (1944 Chicago agreement)
FAA Federal Aviation Administration or EASA European Aviation Safety Agency (2006) –> works as a mointoring and codification organization, conrete implementation by national Aviation Authorities
3 main points
Formal recognition and legal statement
Certification process, documented assurance
Three questions: Does the system meet regulations? Is the system fit for flight? Is the system safe for flight?
Certification requirements derived from legal duties and regulations EASA CS-25 (airplanes) –> ARP 4754 DO-178B
In compliance with certiVcation and safety regulations there are several organizations that develop standards for authorities, which may adopt those as acceptable means of compli-ance with their rules and regulations.
RTCA -> DO standards, SAE –> ARP standards, ARINC
ICAO - International Civil Aviation Organization (1944 Chicago agreement)
FAA Federal Aviation Administration or EASA European Aviation Safety Agency (2006) –> works as a mointoring and codification organization, conrete implementation by national Aviation Authorities
EASA European Aviation Safety Agency (2006) –> works as a mointoring and codification organization, conrete implementation by national Aviation Authorities
3 main points
Formal recognition and legal statement
Certification process, documented assurance
Three questions: Does the system meet regulations? Is the system fit for flight? Is the system safe for flight?
Certification requirements derived from legal duties and regulations EASA CS-25 (airplanes) –> ARP 4754 DO-178B
In compliance with certification and safety regulations there are several organizations that develop standards for authorities, which may adopt those as acceptable means of compliance with their rules and regulations.
RTCA -> DO standards, SAE –> ARP standards, ARINC
ARP-4761 [SAEd] provides general guidance in evaluating the safety aspects of a design. For this
purpose, it describes guidelines and methods of performing the safety assessment for certiVcation
of civil aircraft. This standard is a collection of all safety analysis methods that can be used as
part of the functions, systems and equipment assessment for safety. The intent of this document is
to identify typical activities, methods, and documentation that may be used in the performance of
safety assessments for civil aircraft and their associated systems and equipment
ARP 4754 discusses the certiVcation aspects ofhighly-integrated– refers to systems that per-form or contribute to multiple aircraft-level functions – andcomplex– refers to systems whose safety
cannot be shown solely by test and whose logic is diXcult to comprehend without the aid of analytical
tools
ARP-4761 [SAEd] provides general guidance in evaluating the safety aspects of a design. For this
purpose, it describes guidelines and methods of performing the safety assessment for certification
of civil aircraft. This standard is a collection of all safety analysis methods that can be used as
part of the functions, systems and equipment assessment for safety. The intent of this document is
to identify typical activities, methods, and documentation that may be used in the performance of
safety assessments for civil aircraft and their associated systems and equipment
ARP 4754 discusses the certification aspects of highly-integrated– refers to systems that per-form or contribute to multiple aircraft-level functions – and complex– refers to systems whose safety
cannot be shown solely by test and whose logic is difficult to comprehend without the aid of analytical
tools
66 Objectives for Level A
65 Objectives for Level B only one difference MC/DC code coverage
Flightpath 2050’ 16bn report
31000 new aircraft will be neede in the upcoming 20-25 yeards.
Capacity -> Airbus + Boeing 3000 and booked for 9 years!
Responsability will beon you -> push a button.