Browse Topic: Safety critical systems

Items (283)

Simulation Based Validation of Battery Structural Integrity for Mechanical Abuse as per AIS 156

2024-26-024201/16/2024

Battery is one of the safety critical systems in EV. As the number of EVs increases, battery safety becomes an important task to avoid any mishap during its use, as even small accidents may slow down the adaptation of EVs. Automotive environment being one of the harshest operating environments, it is important to ensure both mechanical and electrical safety of the battery pack. Li-Ion batteries are most popular among traction batteries, due to their high energy density, long life, and fast charging capabilities. But mechanical damage, overtemperature, short-circuit, etc. may lead to battery thermal runaway, causing a major accident. Mechanical abuse of battery can be one of the reasons that may lead to the damages mentioned above, eventually causing thermal runaway in batteries. That’s why all major battery safety standards have requirements for vibration and mechanical shock tests. In this paper, we will be developing a methodology to evaluate the structural integrity of a battery

Dandge, Sunil, Mahamuni, Ameya, Sevda, Gaurav, H, Rajesh, Kumar, Ravindra, Mahajan, Rahul

AI deep learning-based bird detection for UAM and aircraft

2022-26-122805/26/2022

Abstract - Safety of flight during takeoff, flight and landing is one of the important considerations for airborne vehicles. Bird strike is defined as a collision between a bird and aircraft during takeoff, flight and landing of airborne vehicles. When bird strike happens, it can result in damage to aircraft structure and loss of thrust which impacts safety of flight. The nature of aircraft damage can differ depending on the size of the aircraft. For smaller aircrafts, it can result in penetration into flight deck windscreens or damage to control surfaces. In case of larger aircraft, it can result in hazardous effects because of engine ingestion. Many deep learning algorithms have evolved for object detection and classification in the recent years. You Only Look Once [YOLO] and single shot detector [SSD] are top two state of art object detection algorithms that are extensively used in real world applications. The Xilinx® Deep Learning Processor Unit (DPU) is a programmable engine

Approaches for AI/ML Based Airborne Systems Compliance

2022-26-122405/26/2022

Abstract—Technologies such as Artificial Intelligence (AI) encompassing Machine Learning (ML), Deep Learning (DL) techniques have proved to be a game changer in multiple domains including aerospace. The avionics systems are becoming more complex, as software content continues to grow, pushing the cost of certification higher. The non-transparent nature of AI/ML systems further adds to this complexity which, throws new challenges in certification of safety critical systems. It is difficult to verify AI/ML design and to explain or interpret the behavior during the operation. This paper attempts to discuss simpler approach of showing compliance to AI/ML systems with the existing ARP4761, ARP4754A, DO178B/C, DO-254, and EASA/FAA guidelines. Further, this paper provides possible references and aids to evaluate the AI/ML based systems in aerospace. Keywords—Artificial Intelligence (AI), Machine learning (ML), Deep learning (DL), EASA, FAA, Compliance, Safety Critical System.

Paramasivam, Prameela, Kumar, Shashi, Shrivastava, Rupali, Sudalaimani, Nagarajan

A Framework for Teaching Safety Critical Control and Artificially Intelligent Systems to Undergrads

2022-26-122305/26/2022

There is a need to teach systems to the undergrad and graduate levels in colleges. Efforts are being made by industry, academia, and professional societies to join hands to bridge the gap. The students require examples to get their “hands dirty” on an actual system. Many of the aerospace examples are not available in the open domain as they are considered proprietary. The world is going toward Artificial Intelligence. Though AI has been used in aerospace industry for optimization for quite some time, certification of AI systems in the safety critical control domain are still not very popular. Experiments on such system are required to clearly understand the testing and safety aspects of deploying such systems. This paper looks at an environmental control system which has enough complexity to merit an industry level attention but is again simple enough to be understood by the students. This is a physics model. Simulation runs from this physics model is used to train a Neural Network

Jeppu, Yogananda, Raman, Ramakrishnan

Certification Aspects of Explainable Artificial Intelligence in Aerospace

2022-26-123405/26/2022

Aviation industry foresees future of air transportation will significantly benefit from autonomous technologies. However, autonomous technologies are not easily monitored and manageable by traditional means. Emerging technologies such as Artificial Intelligence (AI) could be a major enabler on this front, but the regulators perceive AI based systems as opaque models and have challenges in terms of explainability and trustworthiness forcing the regulators and industry to develop new certification standards and guidelines for AI systems with special emphasis on the trustworthiness and explainability. This paper attempts to discuss possible guidance on certification aspects of explainable AI/ML systems in aerospace industry. This paper also provides insights on different techniques of AI Explainability (XAI) and its importance in safety critical systems certification. Keywords: Artificial Intelligence, Explainable AI (XAI), Safety critical systems, Trustworthiness, Certification

Sudalaimani, Nagarajan, Paramasivam, Prameela, Kumar, Shashi, Shrivastava, Rupali

Requirements to code review bot for safety critical software

2022-26-123705/26/2022

Development of any safety critical software applications such as in the aerospace industry needs to comply to specific standards (DO178) to meet airworthiness requirements. This standard is normally applicable to all airborne systems and equipment. As such, the software development needs to perform certain verification activities to comply to the standard objectives. One of the verification activities is the source code inspection of review to check the implementation meets the specification captured in the form of requirements and other aspects such as coding style guidelines and documentation example, indentation used in code, sufficient comments or notes in the code files etc. Generally, this activity is carried out manually supplemented by tools which are deployed to check errors and standards in the code by means of static analysis and practices such as test-driven development (TDD), wherein, the testing and analysis is done prior to the reviews. However, software quality still

Hossain, Shadab, Taggarsi, Bhavana Mohan, Kameshwari Prasad Dev, M

Comparison of sensing modes for stray-field-immune magnetic angle sensors

2022-01-075703/29/2022

Magnetic angle sensors play a major role in engine control, steering, and numerous other automotive applications like pedal, wipers and gear shift position sensing. With vehicle electrification, these sensors are increasingly exposed to parasitic magnetic stray fields. When shielding is not an option, a differential scheme is an alternative, where the sensor responds to magnetic field gradients. Two such schemes were previously introduced to reject stray fields to some degree. For these two modes, there are engineering trade-offs between the key performance parameters (noise, thermal drift, angular range). Often, these trade-offs are misunderstood by sensor users. This paper investigates these trade-offs by comparing the two stray-field-immune magnetic sensing modes. We use a single programmable integrated sensor supporting both modes for a direct comparison. The integrated sensor is designed for safety critical automotive applications. Two independent dies are integrated in the same

Lefebvre, Christopher, Mazzilli, Francesco, Laville, Arnaud, Bidaux, Yves, Close, Gael

Durability Validation for Variable Vehicle Usage

2022-01-029503/29/2022

Durability engineering for vehicles is about relating real operational loading to the actual strength of the product and its components. In the first part of this presentation, we show how to calculate failure probabilities and safety factors based on the load and strength distributions. We discuss the uncertainty within the estimations, which is considerably large in case of extremely small failure probabilities as required for safety critical components. In the second part, we focus on modelling and simulating the loads based on real vehicle usage, such that the resulting statistics allows to understand and quantify the usage variability. The idea is, to simulate thousands of vehicle life spans of, say, 300.000 km or 15.000 h of operation each. The input data for such simulations typically consists of a combination of geographic data (like road network, topography, road conditions, traffic data, and points of interest) and properly segmented rich data from measurement campaigns. The

Dressler, Klaus

AV/ADAS Safety Critical Testing Scenario Generation from Vehicle Crash Data

2022-01-010403/29/2022

This research leverages publicly available crash data to construct safety critical scenarios focusing primarily on level 3 autonomous driving systems (ADS) safety assessment under highway driving conditions. NHTSA’s Crashworthiness Data System (CDS) has a rich dataset of a representative crashes of varying fatalities randomly sampled from across the country. Each of these datasets includes the storyline, road geometry information, detailed description of actors involved in the crash, weather information, scene diagrams, crash images and a myriad of other crash specific details. The methodology adopted aims to generate critical scenarios from real-world driving to complement the existent regulatory tests for validation of L3 ADS. For this work, a four-step approach was adopted to extract safety critical scenarios from crash data. Firstly, development of a methodology to filter crash cases relevant to the scope and download pdf files, and numerical crash data from the CDS website. Then

Kibalama, Dennis, Tulpule, Punit, Chen, Bo-Shian

Memory Partitioning in AUTOSAR Compliant Functional Safety Projects

2021-26-001409/22/2021

In automotive systems that include one or more electrical and/or electronic (E/E) systems, it’s imperative that utmost care is given to the functional behavior at all times so as to reduce the probability of their malfunctioning. As there is a probability that the deviation can result in harm, adherence to ISO-26262 is mandatory. One such important safety requirement is Freedom From Interference(FFI). FFI for memory (mainly volatile memory- RAM) is under focus here. The intention is to prevent corruption/unintended modification of safety critical data (ASIL- A,B,C or D) by QM components. In automotive domain, the increasing complexity of modern vehicles and especially their E/E systems has made strides towards AUTOSAR projects, making them prevalent. This paper presents a method to partition RAM memory in such AUTOSAR projects, by activating the Memory Protection Unit(MPU) using the AUTOSAR configuration tool. The partitioned software can thus help achieve FFI, adhering to Functional

G, Venkatesh, Uppara, Vamsi Krishna

Software Robustness Verification Framework (SRVF): Validating the Critical Software Module

2021-26-048109/22/2021

With the advancement of inbuilt electronics and intelligent controls, automotive and other industries are looking at efficient usage of ECUs with intelligent electronic modules and more of critical functions implemented by software. Robustness of the software involved is always critical to the ECUs health, so software engineers are tasked to ensure the same by following right development and validation life cycle. Enabling the multiple decision by single software module makes verification & validation challenging, complex and time consuming. To insure the robustness of these software module, the predictable verification & validation process, which is followed by most of the industries, deals with specific standard if it is safety critical application to aid test coverage with respect to dynamic responses & function associated. Hence iterative verification & validation approach against the gaps/fixes identified during unit level, model-in-loop, hardware-in-loop & system integration test

Pandey, Vikas, Kadekodi, Pravin, Bhatarkar, Gajanan Shrawan, Manohar, Ruchita

Automation frame work for conformance testing of dual wire High Speed Controller Area Network for physical layer requirements

2021-26-048409/22/2021

In OSI model of communication, lowest layer close to communication lines is physical layer. For Automotive OEMs Physical layer conformance tests are mandatory. As the number of safety critical features in cars are growing, ensuring signal fidelity is a major concern for reliable and real time operation. CAN /CAN FD/ LIN/ MOST/ Flexray / Ethernet are a few in-vehicle communication protocols in the vehicle network. It is very important for a communicating ECU to comply with protocol standards. Typical requirements per OEM's specifications under CAN physical Layer include tests for termination resistance, bus voltage levels, bit rate, recessive and dominant input thresholds, signal rise/fall time, slew rate, ground offset, sample point of a bit, CAN initialization time, fault tolerant behavior, etc. During the product development life cycle of the ECU, physical layer conformance tests play an important role in verifying signal characteristics. These tests require accurate simulation and

Gupta, Gourishankar

Guide for Installation of Electrical Wire and Cable on Aircraft Landing Gear

AIR4004A (Current)08/09/2021

Recent field experience has indicated significant problems with some types of wire and cables as routed on aircraft landing gear. This SAE Aerospace Information Report (AIR) is intended to identify environmental concerns the designer should consider, materials that appear to be most suitable for use in these areas, routing, clamping, and other protection techniques that are appropriate in these applications. In recent years aircraft certification regulatory agencies introduced new regulations regarding Electrical Wiring Interconnection Systems (EWIS) to further enhance safety of the associated systems and aircraft overall.

A-5B Gears, Struts and Couplings Committee

AS6021 Aerospace Fiber Optic Cable Assembly Drawing Specification

AS6021A (Current)

12/29/2020

This SAE Aerospace Standard (AS) defines the items that shall be considered when creating a fiber optic cable assembly specification and source control drawing intended for installation on aerospace platforms.

AS-3 Fiber Optics and Applied Photonics Committee

AS6021 Aerospace Fiber Optic Cable Assembly Drawing Specification

AS6021A-TEST-REC (Historical)12/29/2020

This SAE Aerospace Standard (AS) defines the items that shall be considered when creating a fiber optic cable assembly specification and source control drawing intended for installation on aerospace platforms.

AS-3 Fiber Optics and Applied Photonics Committee

Protecting Patients and Their Data from Cyberattacks Aimed at Their Connected Health Devices

08/01/2020

The security of connected health technology is often assumed to exist when it does not, or considered to be prohibitively expensive or complex, or, worst of all, relegated to an afterthought. This is dangerous thinking, especially as the industry increasingly moves to a smartphone-based command-and-control model for these safety-critical applications.

Development Software Handles High-Integrity Space Applications

TBMG-3721107/01/2020

AdaCore New York, NY

20AUTP06_1206/01/2020

The sensor arrays that currently reside on the roofs of development mules will be hidden from view on future production vehicles. But how to conceal them without affecting their safety-critical performance? This design and engineering challenge, along with the growing trend toward larger, multifunction interior and exterior displays, is driving new polycarbonate solutions at Covestro, which was spun off from Bayer Materials Science in 2015. For insights into this new family of materials, editor Lindsay Brooke spoke with Paul Platte, a mechanical engineer by training who now is part of Covestro's marketing team.

Virtual Switches and Indicators in Automotive Displays

2020-01-136204/14/2020

This paper presents recent advances in automotive microprocessor, operating system, and supporting software technology that supports regulatory and/or functional safety graphics within vehicle cockpit displays. These graphics include “virtual switches” that replace physical switches in the vehicle, as well as “virtual indicators” that replace physical indicator lights. We discuss the functional safety design process and impacts to software and hardware architecture as well as the software design methods to implement End-To-End [E2E] network protection between different ECUs and software processes. We also describe hardware monitoring requirements within the display panel, backlighting, and touch screen and examine an example system design to illustrate the concepts.

A Safety and Security Testbed for Assured Autonomy in Vehicles

2020-01-129104/14/2020

Connectivity and autonomy in vehicles promise improved efficiency, safety and comfort. The increasing use of embedded systems and the cyber element bring with them many challenges regarding cyberattacks which can seriously compromise driver and passenger safety. Beyond penetration testing, assessment of the security vulnerabilities of a component must be done through the design phase of its life cycle. This paper describes the development of a benchtop testbed which allows for the assurance of safety and security of components with all capabilities from Model-in-loop to Software-in-loop to Hardware-in-loop testing. Environment simulation is obtained using the AV simulator, CARLA which provides realistic scenarios and sensor information such as Radar, Lidar etc. MATLAB runs the vehicle, powertrain and control models of the vehicle allowing for the implementation and testing of customized models and algorithms. Real-time simulation and connectivity with external components are obtained

Appel, Matthew, Oruganti, Pradeep Sharma, Ahmed, Qadeer, Wilkerson, Jaxon, Sekar, Rubanraj

An Approach to Verification of Interference Concerns for Multicore Systems (CAST-32A)

2020-01-001603/10/2020

The avionics industry is moving towards the use of multicore systems to meet the demands of modern avionics applications. In multicore systems, interference can affect execution timing behavior, including worst case execution time (WCET), as identified in the FAA CAST-32A position paper. Examining and verifying the effects of interference is critical in the production of safety-critical avionics software for multicore architectures. Multicore processor hardware along with aerospace RTOS providers increasingly offers robust partitioning technologies to help developers mitigate the effects of interference. These technologies enable the partitioning of cores for different applications at different criticalities and make it possible to run multiple applications on one specific core. When incorporated into system-design considerations, these partitioning mechanisms can be used to reduce the effects of interference on software performance. In this paper we describe a novel approach to

VanderLeest, Steven H., Evripidou, Christos

Replacement of a 50cc Two-stroke Engine with an Electric Powertrain

2019-32-062301/24/2020

As global regulations look to create a dramatic reduction in CO2 emission and other forms of pollution, companies with products that rely on engine technology must be ready to take on the electrification challenge. Applications that remain using two-stroke engine technology continue to exist due to their very high power density requirements. However, their history of higher pollution compared to four-stroke engines makes them a target to be regulated out of existence. Such high power two-stroke applications include high performance off-road motorcycles. In this type of product, electrification can solve not only pollution challenges but market challenges, such as ridership and public perception. By addressing the core problems presented by the two-stroke engine and turning challenges into opportunity, a strong attraction is created to convert a two-stroke engine motorcycle to an electric vehicle. With Automotive electric vehicle technology paving the way, the basis for cost effective

Flight Computer

TBMG-3511409/01/2019

Abaco Systems Huntsville, AL 866-652-2226

19AVEP09_0209/01/2019

No trust in AI systems without data protection When people surround themselves with microphones and cameras, others will be listening and watching. This reality shouldn't come as a surprise, but remarkably it does. The advent of automated driving will dramatically expand this activity. In fact, it is already creating controversy. At its core is the challenge of training so-called artificial intelligence systems. As human children, we learn in large part through the guidance we get from parents, teachers and other caregivers. AI systems are no different. They ingest data and “learn” from it. But just as children must be shown the difference between red and green, a circle and a square, or A and Z, machine learning systems need data that has been labeled.

Spotting Objects Amid Clutter

TBMG-3516409/01/2019

A new MIT-developed technique enables robots to quickly identify objects hidden in a three-dimensional cloud of data, reminiscent of how some people can make sense of a densely patterned “Magic Eye” image if they observe it in just the right way.

Accelerated Secure Boot for Real-Time Embedded Safety Systems

11-02-01-000307/08/2019

Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, we propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering. We propose two efficient schemes of the dual-phase approach along with calibratable

Nasser, Ahmad M.K., Gumise, Wonder, Ma, Di

Headset Controls: Empowering Disabled People with a Software Tool Suite

TBMG-3481407/01/2019

NOW Technologies is a close-knit, dedicated team of professionals working to help people with disabilities to live an independent life. Based in Budapest, Hungary, and founded in 2014, NOW Technologies works closely with injured and disabled users and with medical and rehabilitation professionals. Their requirements and feedback are pivotal to ensure that their products are not only safe but are also sufficiently intuitive to require the least amount of training possible.

Novel Techniques Trick Object Detection Systems

TBMG-3441205/01/2019

New adversarial techniques developed by engineers at Southwest Research Institute can make objects “invisible” to image detection systems that use deep-learning algorithms. These techniques can also trick systems into thinking they see another object or can change the location of objects. According to the researchers, deep-learning neural networks are highly effective at many tasks, but they were adopted so quickly that the security implications of the algorithms weren't fully considered.

A Stochastic Physical Simulation Framework to Quantify the Effect of Rainfall on Automotive Lidar

2019-01-013404/02/2019

The performance of environment perceiving sensors such as e.g. lidar, radar, camera and ultrasonic sensors is safety critical for automated driving vehicles. Therefore, one has to assess the sensors’ performance to assure the automated driving system’s safety. The performance of these sensors is however to some degree sensitive towards adverse weather conditions. A challenge is to quantify the effect of adverse weather conditions on the sensor’s performance early in the development of an automated driving system. This challenge is addressed in this work for lidar sensors. The lidar equation was previously employed in this context to derive estimates of a lidar’s maximum range in different weather conditions. In this work, we present a stochastic simulation framework based on a probabilistic extension of the lidar equation, to quantify the effect of adverse rainfall conditions on a lidar’s raw detection performance. To this end, we combine basic probabilistic models for key rainfall

Berk, Mario, Dura, Michael, Vargas Rivero, Jose, Schubert, Olaf, Kroll, Hans-Martin, Buschardt, Boris, Straub, Daniel

Model-Based Software Development: Functional Safety Compliance via Built-In Tool Intelligence

2019-01-104104/02/2019

Today’s automobiles are among the most sophisticated machines on the planet. Much of the functionality of modern automobiles emanates from embedded software features that control electronic, mechanical or pneumatic devices. Over the past few decades the number of software features and the associated code has grown exponentially and the respective embedded software systems have reached a level of complexity which is increasingly difficult to manage. As a consequence, recalls due to software defects have become a major concern and today constitute about 50% of the overall warranty cost [1]. Since the operation of automobiles has severe public safety implications, the development of embedded automotive software has become subject to stringent functional safety standards (ISO 26262) and compliance with these standards has become a major hurdle in the development of automotive software. This paper outlines a tool-based solution that satisfies an important subset of functional safety

Turin, Raymond C.

Intelligent Vehicle Monitoring for Safety and Security

2019-01-012904/02/2019

The challenges posed by connected and autonomous vehicles fall beyond the scope of current version of ISO 26262. According to the current functional safety standard, controllability, largely affected by human intervention, is a large contributor to the definition of the Automotive Safety Integrity Level (ASIL). Since the driver involvement in CAVs will decrease in future, this gives no clear definition for future functional safety design. On the other hand, CAVs bring additional capabilities such as advance sensors, telematics-based connectivity etc. which can be used to devise efficient approaches to address functional safety (FuSa) challenges. The caveat to these additional capabilities is issues like cybersecurity, complexity, etc. This paper is an exploration into FuSa and CAVs and will present a systematic approach to understand challenges and propose potential framework, Intelligent Vehicle Monitoring for Safety and Security (IVMSS) to handle faults/malfunctions in CAVs, and

Appel, Matthew Andrew, Ahmed, Qadeer

Simulation Based Hybrid Electric Vehicle Components Sizing and Fuel Economy Prediction by Using Design of Experiments and Stochastic Process Model

2019-01-035704/02/2019

The aim of this study is to evaluate the Fuel Economy (FE) over the driving cycle for a 48 Volt P2 technology vehicle with different component ratings (battery and electric machine) in the hybrid powertrain, using simulation and Design of Experiments (DoE) tools. The P2 architecture was selected for this study based on an initial assessment of a wide number of possibilities, using the Ricardo “Architecture Independent Modelling (AIM)” toolset. This allows rapid evaluation of different powertrain options independently of a defined hybrid control strategy. For the vehicle with P2 architecture, a DoE test matrix of battery capacity and electric machine power rating was created. The test matrix was then imported into the simulation environment to perform the driving cycle FE simulations. Then, a 48 V P2 Hybrid Electric Vehicle (HEV) FE emulator model was created and interrogated using model visualisation and optimisation methods. For the HEV without an on-board charger (i.e. no Plug-in

Bao, Ran, Baxter, James, Revereault, Pascal

Self-Stabilizing, Distributed, Symmetric, Fault-Tolerant Synchronization

TBMG-3392303/01/2019

Distributed systems have become an integral part of safety-critical computing applications, necessitating system designs that incorporate complex fault-tolerant resource management functions to provide globally coordinated operations with ultra-reliability. As a result, robust clock synchronization has become a required fundamental component of fault-tolerant, safety-critical distributed systems. Since physical oscillators are inherently imperfect, local clocks of nodes of a distributed system, driven by these oscillators, do not keep perfect time and can drift with respect to real time and one another. Thus, the local clocks of the nodes must periodically be re-synchronized. As a result, a fault-tolerant system needs a clock synchronization algorithm that tolerates imprecise local clocks and faulty behavior by some processes.

SAE J1939 Functional Safety Communications Protocol

J1939-76_201811 (Historical)11/26/2018

This document provides the technical requirements for implementing the SAE J1939 Functional Safety Communication Protocol in a manner determined suitable for meeting industry applicable functional safety standards.

Truck Bus Control and Communications Network Committee

MIL-STD-1773 Users Handbook

AIR4508A-TEST-REC (Historical)05/20/2018

AS-3 Fiber Optics and Applied Photonics Committee

MIL-STD-1773 Users Handbook

AIR4508A (Current)

05/20/2018

AS-3 Fiber Optics and Applied Photonics Committee

“Pedestrian in the Loop”: An Approach Using Augmented Reality

2018-01-105304/03/2018

A large number of testing procedures have been developed to ensure vehicle safety in common and extreme driving situations. However, these conventional testing procedures are insufficient for testing autonomous vehicles. They have to handle unexpected scenarios with the same or less risk a human driver would take. Currently, safety related systems are not adequately tested, e.g. in collision avoidance scenarios with pedestrians. Examples are the change of pedestrian behaviour caused by interaction, environmental influences and personal aspects, which cannot be tested in real environments. It is proposed to use augmented reality techniques. This method can be seen as a new (Augmented) Pedestrian in the Loop testing procedure.

Hartmann, Michael, Viehweger, Marco, Stolz, Michael, Watzenig, Daniel, Spitzer, Michael, Desmet, Wim

Calculating Probability Metric for Random Hardware Failures (PMHF) in the New Version of ISO 26262 Functional Safety - Methodology and Case Studies

2018-01-079304/03/2018

The Automotive Functional Safety standard ISO 26262 introduced a PMHF (Probabilistic Metric for random Hardware Failures) in Part 5 and Part 10 by calculating the system failure rates and assessing the ASIL (Automotive Safety and Integrity Level) for functional safety. The new version of the standard expands the PMHF concept by further promoting a new metric “average probability of failure per hour over the operational lifetime of the item”, which has not been commonly used by the reliability engineering community. In order to clarify how PMHF is calculated within the content of ISO 26262, this paper will discuss how to calculate both the failure rate and the average probability of failure per hour in terms of definitions, sources of the data, applications, and advantages and disadvantages. It will also present examples of calculating PMHF including the average probability of failure per hour for a non-exponentially distributed failure population as well as an example of a system with

Kleyner, Andre, Knoell, Robert

Electromagnetic Compatibility and Interference - Design Methodology, Challenges and Guidelines for Avionics Product and Systems

2017-01-211809/19/2017

Avionics industry is moving towards more electric & lightweight aircrafts. Electromagnetic effects becomes significantly challenging as materials starts moving towards composite type. Traditional methods for controlling EMC will not be sufficient. This shift increases the complexity of in-flight hardware elements for EMI/EMC control. This paper discusses the need for EMI/EMC Control and brings out the analysis & applicability of various EMI/EMC standards in aerospace, commercial and industrial electronic products, provides comparative study with respect to levels. The study include various sections of DO-160 and applicable guidelines for controlling EMI/EMC with respect to LRU (Line Replaceable Unit) & wire/cable harnesses. Also presents guidelines with respect to shielding of components, selection of components, grounding schemes, filter topologies and layout considerations. It provides comparative study made for different filters, good layout examples, generic simulation examples and

Vadgaonkar, Prashant S, banik, Diptar

Designing Cybersecurity into Connected Medical Devices

TBMG-2731808/01/2017

Cyber threats to health delivery organizations (HDOs) and the medical device industry as a whole have hit a new level of maturity in the last year. A decade ago, the attack scene was dominated by academic papers about theoretical attacks on connected medical devices.1 Then we started seeing data breaches on connected medical devices primarily as a means to access personal healthcare information.2 In the last year, however, at least two major events occurred where attackers directly monetized attacks on medical devices. In August 2016, a short stock seller openly published video and details about cybersecurity attacks on a medical device maker’s implantable cardiac devices. Predictably, the device manufacturer’s stock fell.3 In May 2017, the WannaCry ransomware compromised both hospital systems and medical devices. While there are multiple reasons each attack succeeded, it is clear that attackers are becoming bolder, and medical devices are not immune.

Considerations for Safe Store Operation on Manned and Unmanned Vehicles

AIR6027A (Current)06/27/2017

The information presented in this AIR is intended to provide designers of armed unmanned systems with guidelines that may be applied to ensure safe integration and operation of weapons on unmanned platforms. The guidelines have been developed from experiences gained in the design and operation of weapons on manned aircraft that have been accepted by relevant safety authorities in the USA and Europe and proven effective over many years. Whilst the guidelines have been developed from experience with aircraft operations, the concepts are considered equally applicable to non-aircraft systems, such as those used on the surface or undersea environments. This document does not attempt to define or describe a comprehensive safety program for unmanned systems. System Safety is a system characteristic and a non-functional requirement. It has to be addressed at each level of system design, system integration and during each phase of system operation. System safety is achieved when the system

AS-1B Aircraft Store Integration Committee

Modelling and Simulation Tools for Systems Integration on Aircraft

TBMG-2699206/01/2017

The provision of integrated modeling, simulation and optimization tools to effectively support all stages of aircraft design remains a critical challenge in the aerospace industry. While several breakthroughs have been achieved in this area, costly iterations are still often necessary to successfully design, develop, integrate, validate and verify the components and subsystems of modern aircraft. The high level of system integration that is characteristic of new aircraft designs is dramatically increasing the complexity of both design and verification – in particular for fault condition analysis and the implementation of defect-free software (Figure 1).

Modelling and Simulation Tools for Systems Integration on Aircraft

17AERP06_0306/01/2017

The provision of integrated modeling, simulation and optimization tools to effectively support all stages of aircraft design remains a critical challenge in the aerospace industry. While several breakthroughs have been achieved in this area, costly iterations are still often necessary to successfully design, develop, integrate, validate and verify the components and subsystems of modern aircraft. The high level of system integration that is characteristic of new aircraft designs is dramatically increasing the complexity of both design and verification - in particular for fault condition analysis and the implementation of defect-free software (Figure 1). Simultaneously, the multi-physics interactions between structural, electrical, thermal, and hydraulic components have become more significant as the systems become increasingly interconnected (e.g. the interaction among thermal load due to increased cabin electrical power usage, an electrically-powered environmental control system, and

Cyber Security in the Automotive Domain – An Overview

2017-01-165203/28/2017

Driven by the growing internet and remote connectivity of automobiles, combined with the emerging trend to automated driving, the importance of security for automotive systems is massively increasing. Although cyber security is a common part of daily routines in the traditional IT domain, necessary security mechanisms are not yet widely applied in the vehicles. At first glance, this may not appear to be a problem as there are lots of solutions from other domains, which potentially could be re-used. But substantial differences compared to an automotive environment have to be taken into account, drastically reducing the possibilities for simple reuse. Our contribution is to address automotive electronics engineers who are confronted with security requirements. Therefore, it will firstly provide some basic knowledge about IT security and subsequently present a selection of automotive specific security use cases.

Schneider, Rolf, Kohn, Andre, Klimke, Martin, Dannebaum, Udo

Over the Air Software Update Realization within Generic Modules with Microcontrollers Using External Serial FLASH

2017-01-161303/28/2017

Connecting mobile communication channels to vehicles’ networks is currently attracting engineers in a wide range. Herein the desire of vehicle manufacturers to remotely execute software updates over the air (SOTA) within electronic control units (ECU) is probably the field of highest attention at the moment. Today software updates are typically done at vehicle service stations and connection the vehicles electronic network via the onboard diagnosis (OBD) interface to a service computer. Herby the duration of the update is invisible to the user, as this happens during standard service appointments. With introduction of SOTA, these updates become very convenient to the customer and can lead to higher customer satisfaction levels. SOTA can be made transparent to the user however the method of implementation can affect the user experience. Currently the range of solutions for data storage to address SOTA ranges from: 1 Central Storage Approach whereby external Non-Volatile Memory (NVM) at

Bulmus, Atilla, Freiwald, Axel, Wunderlich, Chris

Consolidating AUTOSAR with Complex Operating Systems (AUTOSAR on Linux)

2017-01-161703/28/2017

The evolution in automotive qualified electronic components, including the birth of powerful multicore System-on-Chip (SoC) platforms has fundamentally changed the approach to designing automotive electronic systems today. This evolution is not only happening on the hardware side, but also on the software design side where there has been consolidation of multiple domains onto a single SoC. This type of consolidation allows shorter time-to-market with consumer-ready features to address immediate market demands. This paper explores the reasons for this trend and available architectures for achieving consolidation. AUTOSAR on Linux is one of those architectures and has been popular in Advanced Driver Assistance Systems (ADAS) and infotainment applications, allowing complex functions to smoothly integrate into the vehicle network.

Development of a Fork-Join Dynamic Scheduling Middle-Layer for Automotive Powertrain Control Software

2017-01-162003/28/2017

Multicore microcontrollers are rapidly making their way into the automotive industry. We have adopted the Cilk approach (MIT 1994) to develop a pure ANSI C Fork-Join dynamic scheduling runtime middle-layer with a work-stealing scheduler targeted for automotive multicore embedded systems. This middle-layer could be running on top of any AUTOSAR compliant multicore RTOS. We recently have successfully integrated our runtime layer into parts of legacy Ford powertrain software at Ford Motor Company. We have used the 3-core AURIX multicore chip from Infineon and the multicore RTA-OS. For testing purposes, we have forked some parallelizable functions inside two periodic tasks in Ford legacy powertrain software to be dynamically scheduled and executed on the available cores. Our preliminary evaluation showed 1.3–1.4x speedups for these two forked tasks. It also showed that this runtime layer scales well to the available cores and that it abstracts away the details involved in load balancing

Sadeh, Waseem, Rawashdeh, Osamah, Burkard, Dona, Dobbins, Kelvin, Lockwood, Tony, Bulmus, Atilla

Aerospace & Defense Technology: February 2017

17AERP0202/02/2017

Open Standard Middleware Enables New HPEC Solutions Cooling Your Embedded System What Can Your Open Standard Architecture Handle? Evaluating Key Certification Aspects of Multicore Platforms for Safety Critical Avionics Applications Simulating and Analyzing Flow for an Air-to-Air Refueling System The Ins and Outs of Spaceflight Passive Components and Assemblies Development of High Quality 4H-SiC Thick Epitaxy for Reliable High Power Electronics Using Halogenated Precursors Silicon Based Mid-Infrared SiGeSn Heterostructure Emitters and Detectors Reconfigurable Electronics and Non-Volatile Memory Research Energy-Filtered Tunnel Transistor: A New Device Concept Toward Extremely Low Energy Consumption Electronics

Evaluating Key Certification Aspects of Multicore Platforms for Safety Critical Avionics Applications

TBMG-2643802/01/2017

High performance, low power consumption and small footprint requirements imposed by the embedded market on the processor industry is causing a definite move away from single-core processors to multicore processors. Multicore processors have been deemed as the future of Size, Weight, and Power (SWaP) constrained applications like military and avionics. They provide higher performance (MHz/W) at lower power. They also allow consolidation of multiple functions/ applications onto a single platform.

Evaluating Key Certification Aspects of Multicore Platforms for Safety Critical Avionics Applications

17AERP02_0302/01/2017

High performance, low power consumption and small footprint requirements imposed by the embedded market on the processor industry is causing a definite move away from single-core processors to multicore processors. Multicore processors have been deemed as the future of Size, Weight, and Power (SWaP) constrained applications like military and avionics. They provide higher performance (MHz/W) at lower power. They also allow consolidation of multiple functions/applications onto a single platform.

Items per page:

1 – 50 of 283