¿Por qué certificar la seguridad COTS?

Click here to load reader

Embed Size (px)

Transcript of ¿Por qué certificar la seguridad COTS?

  • 1 | June 22, 2015 | 2015 Curtiss-Wright

    What is Safety Certifiable COTS?

    Gregory Sikkens, Senior Product Manager

  • 2 | June 22, 2015 | 2015 Curtiss-Wright

    Housekeeping

    Where DO-254 is used during this presentation, it refers to

    RTCA DO-254 / EUROCAE ED-80

    Where DO-178 is used during this presentation, it refers to

    RTCA DO-178B / EUROCAE ED-12B

  • 3 | June 22, 2015 | 2015 Curtiss-Wright

    What is Safety Certification?

    Stringent compliance standards recognized by certification authorities like the FAA for

    design in airborne electronic systems

    Originally created for the commercial aviation industry, were gradually adopted by the

    military and defense industry

    DO-254 defines the requirements for hardware

    DO-178 defines the requirements for software

    Safety certification is based on a series of Design Assurance Levels (DALs) A through E,

    DAL A being the most stringent, and DAL E being the least stringent.

  • 4 | June 22, 2015 | 2015 Curtiss-Wright

    Why is Safety Certification Growing in Importance?

    FAA plugged the hole on simple vs. complex COTS, now difficult to claim simple

    Practice of reverse engineering is getting harder and harder for the certification authorities to accept

    Spreading from civil/commercial air to other similar industries including defense

    Growth in UAVs and associated ground stations Application area: Ground based Air Traffic Control Systems

    Increasing numbers of military aircraft that fly over civil population centers

    Growing use of military avionics subsystems in commercial aircraft

  • 5 | June 22, 2015 | 2015 Curtiss-Wright

    How do we provide your safety certifiable solutions at a

    reasonable cost?

  • 6 | June 22, 2015 | 2015 Curtiss-Wright

    COTS

    Open hardware architectures can mitigate obsolescence

    Reduction in procurement times

    Lower development cost

    Lower logistics costs

    Leverage higher collective volume Cost effective Increases assurance

    Modified COTS (MCOTS) remains cost effective and lower risk compared to custom development

    COTS modules deliver applications with far greater capabilities that also comply with the

    growing demand for safety certification

    The key benefits of COTS include:

  • 7 | June 22, 2015 | 2015 Curtiss-Wright

    Traditional Approach vs. COTS Whats the Difference?

    Application-specific development

    High cost

    All DO-254/DO-178 Artifact costs allocated to single application

    Designed in artifacts

    Or already developed non-certifiable COTS

    May add risk

    Analyses and reverse engineer artifacts in support of the purchasers certification effort

    Example CCA-147 (SBC)

    DO-254 DAL C/DO-178B DAL A

    General-purpose COTS development

    Lowers cost and risk

    Artifact costs reflect standard

    product sales quantities

    Designed in artifacts

    Example VPX3-150 (SBC)

    DO-254 DAL C/DO-178C DAL C

    TRADITIONAL APPROACH COTS APPROACH

  • 8 | June 22, 2015 | 2015 Curtiss-Wright

    How does DO-254 Safety Certifiable COTS work?

  • 9 | June 22, 2015 | 2015 Curtiss-Wright

    General Purpose COTS DO-254 Development

    We start with a rigorous rugged development process

    Curtiss-Wright has continuously refined over 30+ years of work in the mil/aero market Every product is designed to be rugged from the start, not designed and then ruggedized We fully meet or exceed requirements of AS9100 quality system We execute requirements tracking and verification traceability using DOORS We do detailed reviews very few issues found during hardware bring up and verification

    You benefit from our proven rugged performance

    Environmental qualification testing of design ESS testing of production units (manufactured in-house)

    You also benefit from our high reliability

    Reliability Risk Assessment We document risks to reliability, manufacturing, etc., and categorize with

    mitigation plans and actions. Reliability Demonstration Testing (RDT) - Where identified risks can not be mitigated through design or

    analysis, testing is used.

  • 10 | June 22, 2015 | 2015 Curtiss-Wright

    General Purpose COTS DO-254 Development Contd

    DO-254 requires a two-fold approach to achieve design assurance (certainty that the

    design operates as intended)

    Thorough verification at all junctures of the process to catch errors in the design

    Include structured and audited design process with thorough planning, reviews, and

    double-checking of each step within the flow

    Curtiss-Wrights standard development process is extended to include audited design

    process to have a full DO-254 development process option.

  • 11 | June 22, 2015 | 2015 Curtiss-Wright

    Where Do We Fit Into the Safety Certification Process?

    Curtiss-Wright

  • 12 | June 22, 2015 | 2015 Curtiss-Wright

    Design Assurance Levels (DAL)

    EASA CM No.: EASA CM - SWCEH - 001 Issue No.: 01 For equipment and CBAs of DALs/IDALs A, B, C or D, the ED-80/DO-254 objectives of

    Appendix A that are defined for level D should be applied.

    CBA Circuit Board Assembly

    FAA Advisory Circular AC No: 20-152 This AC recognizes the guidance in RTCA/DO-254 applies specifically to complex custom

    micro-coded components with hardware design assurance levels of A, B, and C, such as ASICs, PLDs, and FPGAs.

    NOTE: We recognize that the hardware life cycle data for commercial-off-the-shelf (COTS) microprocessors may not be available to satisfy the objectives of RTCA/DO-254. Therefore, we dont intend that you apply RTCA/DO-254 to COTS microprocessors. There are alternative methods or processes to ensure that COTS microprocessors perform their intended functions and meet airworthiness requirements. Coordinate your plans for alternative methods or processes with us early in the certification project.

  • 13 | June 22, 2015 | Proprietary | 2015 Curtiss-Wright

    Differences in Safety Certification: EASA vs. FAA

    DAL A, B, or C (FAA) DAL D (EASA)

  • 14 | June 22, 2015 | 2015 Curtiss-Wright

    What Is Curtiss-Wrights Doing?

    Develop DO-254 standard COTS products that are accepted worldwide

    Board level development to DO-254 DAL D

    Complex custom micro-coded components to DO-254 DAL A

    Possibly DAL C w/ independence as intermediate step

    Establish a product breadth SBC, graphics and I/O

  • 15 | June 22, 2015 | 2015 Curtiss-Wright

    DO-254 Artifacts for DAL C

    Plan for hardware aspects of

    certification

    Hardware Verification Plan

    Top-level drawing

    Hardware Accomplishment Summary

    Hardware Design Plan

    Hardware Validation Plan

    Hardware Configuration Management Plan

    Hardware Requirements

    Hardware Design Data

    Assembly Drawings/Installation Control Drawings

    Hardware Traceability Data

    Hardware Review and Analysis Results

    Hardware Test Procedures

    Hardware Test Results

    ARTIFACT KIT SUPPORTING DOCUMENTS (IF REQUESTED BY AUTHORITIES)

  • 16 | June 22, 2015 | 2015 Curtiss-Wright

    Development Data Kit

    To assist with the Preliminary System Safety Assessment (PSSA)

    Contents:

    Single Event Effects (SEE)

    Failure Modes and Effects Analysis (FMEA)

    Reliability Analysis (MTBF)

    Part Stress Method (using Part Stress Analysis)

  • 17 | June 22, 2015 | 2015 Curtiss-Wright

    We can do much more for you than just a DO-254

    development process!

  • 18 | June 22, 2015 | 2015 Curtiss-Wright

    ARP4754: System Development Process

    Safety monitoring requirements

    Functional requirements

  • 19 | June 22, 2015 | 2015 Curtiss-Wright

    Safety Monitoring Requirements

    Safety Assessment is mandatory for a certifiable equipment How do we determine this in the absence of a Preliminary System Safety Assessment (PSSA)?

    Include a process procedure COTS Safety Assessment

    Result - Safety requirements based on assessment of: Component complexity (and a means of mitigation) Environmental monitoring Functional monitoring Failure probability mitigation Experience on what is typically required at the system level

    Examples of safety functions included on Curtiss-Wright safety certifiable products: Temperature sensors Independent voltage monitors Clock monitors Video Integrity monitor Watchdog Monitor CoreNet Bandwidth monitor

  • 20 | June 22, 2015 | 2015 Curtiss-Wright

    Let Our Experienced Team Help You!

    Staff trained on DO-254 development

    Completed DO-254 DAL C Modified COTS (MCOTS)

    development projects

    MCOTS re-use existing IP to develop a new product

    Work with strong DER representation

    Tammy Reeve, Patmos Engineering

    Chairs US DO-254 Users Group

    Very active in progressing DO-254 and associated

    guidance documents

  • 21 | June 22, 2015 | 2015 Curtiss-Wright

    Strengthened by Services

    Franchise Only Supply (FOS)

    Protects against counterfeit material

    Longevity Of Supply (LOS)

    Extends life of product

    Longevity Of Repair (LOR)

    Extends period of repair support