FC2 Session 5-8 AFC

Aircraft Systems Integration
Andrs Feito Andres.Feito@military.airbus.com
Contents
Origin and Background of Aircraft Systems Integration Inter-System Communication Flight Deck Aeronautical Requirements for Aircraft Systems:
Environmental requirements EMI/EMC Safety Assessment Requirements for Embedded Software
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Origin and Background of Aircraft Systems Integration Inter-System Communication
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Flight and Systems

On December 17th , 1903, Wilbur and Orville Wright performed a feat never before accomplished; taking off, flying and landing in a manned, powered, heavier-than-air craft.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Flight and Systems

At the beginning flight was controlled and managed by mechanical systems totally, introducing progressively pneumatic and hydraulic systems to reduce the requirement of force from pilot.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Systems evolution
The 1930s saw the introduction of the first electronics aids to assure good operational reliability such
a blind flying radio ranging non-directional beacons ground-based surveillance radar and the single-axis autopilot
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Avionics
AVIONICS is a word coined in the late 1930s to provide a generic name for the increasingly diverse functions being provided by AVIation electrONICS.
Nowadays any system in the aircraft is dependant on electronics for its operation
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Systems evolution
The 1940s saw developments in
VHF Communications, Estimulated Airborne intercept radar, Identification Friend or Foe (IFF), Gyro compass, attitude and heading reference systems, First electronic warfare systems, Military long-range precision radio navigation aids, and the two-axis autopilot.
by World War II
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Systems evolution
The 1950s saw the introduction of
Tactical air navigation ( TACAN ), Airbone intercept radar with tracking capability and Doppler radar, Medium pulse repetition frequency ( PRF ) airbone intercept radar, The early digital mission computers Inertial navigation systems.
The 1960s saw the introduction of

Integrated electronic warfare systems, Fully automated weapon release, Terrain-following radar, Head-up display,
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Systems evolution
Many of the aircraft systems and subsystems up to the early 1970s, were still largely analogue in their implementation with synchro and potentiometer outputs/inputs requiring point to point wiring to interconect them.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
10
Systems evolution
By the late 1970s and early 1980s, it became possible to implement more systems and sub-systems digitally, and so eliminate the analogue computing elements and the analogue input/output elements and devices.
The integrated circuit permitted extremaly sophisticated electronics to be stuffed into the smallest of containers ( chips ).
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
11
Systems evolution
Digital electronics provide
for greater reliability, faster response, smaller components, lighter equipment, and lower operating costs than can be provided by analog systems.
That is why that modern civilian and military aircraft contain countless digital systems,
EF2000 has more than 34 digital computers.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
12
Systems evolution
The microcomputer, having reached a level of maturity, was and is controlling many tasks required for flights. The workload of the flight crew is being reduced, thus lessening fatigue and increasing performance.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
13
Systems maintenance
Digital systems increase the mean time between failures ( MTBF ) and reduce the subsequent repair time for failed equipment. The built-in test equipment ( BITE ) found in most digital systems provides rapid fault isolation and contributes also to safety aspects. The majority of the digital aircraft systems contain several line replacement units ( LRUs ). Defective LRUs may be quickly identified by the BITE system and exchanged during ground maintenace. So it reduces aircraft maintenace downtime. Normal mode (continuous) and Interactive BITE.
FC2 Session: 2
A.Feito,B.Delicado, Airbus Military 2011 14
Systems maintenance
FWS, CDS, HUD, Panels
CMS (Central Maintenance System)
Normal Mode
cockpit/cabin effect Peripheral s Unit internal Failure adaptation Raw failure data System reconfiguration
Interactive Mode (On Ground)
Transmission to CMS Analysis (Fault isolation) Failure message Memorisation
Monitoring
Confirmatio n
Power ON Self Test stimuli Internal fault detection and Interfaces monitoring Manual tests
BITE
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
15
Systems evolution
More and more electronic systems were being installed in civilian and military aircraft.
The early airline crew of three was reduced to two in civilian aircraft, the flight engineer being replaced by electronic systems. The glass cockpit permitted graphic displays of flight data and parameters that is more intuitive and easy to understand.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
16
Systems evolution
Nowadays most systems depends on electronic digital computers or LRUs for its effective operation, but there are also equally essential elements in the system ( sensors, electro-mechanical elements and devices, etc. )
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
17
HW-SW Design
Those avionic systems ( HW/SW ) which manage flight critical information ( Safety Critical classification ) require further certification requirements than others.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
18
Systems architecture
Digital electronics was essential to develop the implementation of the complex circuitry required by multiplexed data bus system terminal for avionic sub-system interconnection.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
19
Saving fuel
20% Materials 20% Aerodynamics 20% Systems 40% Engines
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
More Electrical Aircraft
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
22
More Electrical Aircraft
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Inter-System Communication
Inter-System Communication
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Systems to control Flight Parameters

Digital data buses provide the necessary digital communications among the aircraft electronics systems comprising the overall airbone system. The overall computational devices and avionics suite, through the use of these interconnected digital data buses, operates similarly to ground-based networks. A primary difference is the amount of certification required to ensure that the very high level of integrity and safety required for aviation is maintained.
Buses widely used are MIL-STD 1553B, ARINC 429, etc.
FC2 Session: 2
Systems to control Flight Parameters

The avionics use digital data buses with standardized physical and electrical interfaces to send their internal data to other avionics The data ( in buses ) may comprise
sensor information, the results of internal calculations, system commands, information from internal storage, relayed data, or any information that may be generated by a computational device.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
25
Digital buses overview

Avionics communication busses progress
Data Throughput
Wireless ???
A664
Optic fiber/Switch Multi-senders / Multireceivers
> 100 Mb/s

ARINC 629ext
AFDX
Switch Multi-senders / Multi-receivers HUB Multi-senders / Multi-receivers
10 Mb/s
MIL 1553B
Linear 1 BC Multi-sender / Multi-receivers
ARINC 629
Linear Multi-senders / Multi-receivers
CAN Bus
Linear Multi-sender / Multi-receivers
1 Mb/s
ARINC 429
100 Kb/s
Linear Mono-sender / Multi-receivers
1970
1980
FC2
1999
Session: 2
2005
A.Feito,B.Delicado,
2009
Airbus Military
Year
2011
Digital buses overview

A429 configuration (linear bus)
ARINC 429 Transmitter
100 Kb/s Voltage Mode Up to 20 receivers
ARINC 429 Receiver
ARINC 429 Receiver
ARINC 429 Receiver
A629 / MILBUS -1553 configuration (linear bus)

2 Mb/s Current Mode Up to 120 terminals
ARINC 629 Terminal
ARINC 629 Terminal
ARINC 629 Terminal
AFDX configuration (Star bus)

AFDX E/S AFDX E/S AFDX E/S
Up to 24 ports transmitters/receiver s
100 Mb/s Voltage Mode
SWITCH
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
A429 Overview
Each bus has only one transmitter and up to 20 receivers; however, one terminal may have many transmitters or receivers on different buses. A receiver is not allowed to ever respond on the same bus where a transmission has occurred The transmitter sends out the 32-bit word, LSB first, over the wire pair in a tri-state clocking, Return to Zero (RZ) methodology. The actual transmission rate may be at the low or high speed of operation: 12.5 kHz (12.5 to 14.5 kHz) and 100 kHz (1%).
FC2 Session: 2
A.Feito,B.Delicado, Airbus Military 2011
A429. Topologies
The choice of wiring topology is usually related to the distance and proximity of the sinks to the source. There are two topologies: Star, and Bus drop. Safety vs. weight.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
A429. Some details. Data

A typical ARINC 429 word provides 19 bits for data. Since the SDI is optional, 21 bits are available for use. Some manufacturers custom data word configurations use only the Label and the Parity, providing 23 bits available for their data All BCD data are encoded using bit numbers 14 of the sevenbit-per-character code as defined in ISO Alphabet No. 5. BNR data parameters are defined by first determining the parameters maximum value, then the resolution required. The LSB of the data word is then assigned a value equal to the resolution increment.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
A429.Some details. SDI

Is optional and considered to add an extension onto the ARINC words Label The SDI has two functions: 1. To identify which source of a multisystem installation is transmitting the data contained. 2. To direct which sinks (destination) on a multilistener bus (known as a multisystem installation) should recognize the data contained within the ARINC word
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
A429. Sign Status Matrix

The Sign/Status Matrix (SSM) is used for two purposes: 1. To provide a sign or direction indicator (+, , north, south, east, west, etc.) for data contained within the ARINC 429 word 2. To provide source equipment status information as related to the data word for the sinks: 1. Report hardware equipment condition (fault/normal) 2. Operational Mode (functional test) 3. Validity of data word contents (verified/no computed data) Each Label has its own unique implementation of the SSM Sign function.
FC2 Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
MILBus 1553B Overview
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
MILBus 1553B Overview

The standard defines four hardware elements: 1. The transmission media. 2. Remote terminals. 3. Bus controllers. 4. Bus monitors.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
MILBus 1553B. Bus controller

Is responsible for directing the flow of data on the data bus. Is the only one allowed to issue commands onto the data bus.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
MILBus 1553B. Word Types

Three distinct word types are defined by the standard:
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
AFDX
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Flight Deck
Flight Deck
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Pilot/Crew Interfaces with Systems

Crew interfaces play an important role in : 1. assuring that the crew can interact with this avionics.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
39

Crew interfaces play an important role in : 2. the aircraft can be flown effectively and safely since they provide the crew situational awareness of the aircraft and information of the environment in which the aircraft flies.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
40
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
41
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
42
EFIS
FC2 Session: 2
System display
FC2 Session: 2
E/W display
FC2 Session: 2
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
46
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
47
Flight Deck Requirements

Control and Information requirements.
Basic System. Aircraft system (Flight Control system, Power plant and Landing Gear system)
o control the aircraft around its center of gravity o control the aircraft speed o establish and keep the aircraft trajectory on a given path o control the aircraft configuration: slats, flaps, speed brakes, landing gear o control the thrust delivered by the engines o steer the aircraft on ground.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
48

Control and Information requirements (cont)
Basic System. Navigation system
o to know the position of the airplane with the appropriate accuracy o to fly the airplane along the expected route o to fly the airplane along the appropriate vertical trajectory o to get the proper assessment of the lateral and vertical aircraft position versus the external world ... (situational awareness versus airfields, terrain, obstacles, traffic or weather).
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
49

Control and Information requirements
Basic System. Communication system
o to communicate with the ATC, approach control, tower, other aircraft ... o to get weather, in flight information o to communicate with the airline operation centers or other relevant correspondent o to inter-communicate within the flight deck o to communicate between the flight deck and the cabin o to communicate with ground mechanics, where and as necessary.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
50

Basic System. Utility Control system
o to control and monitor the various aircraft systems (bleed air, electrical, fuel, engines,) o to apply procedures in both normal and abnormal situations o to modify the flight plan as decided (rerouting, diversion,change of flight level,).
Basic System. D&C system

o to achieve the above tasks, flight crew need appropriate control means o in order to properly monitor the airplane, the flight deck provides the appropriate information
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
51

Additional System. Military Communications and Navigation system
o to communicate with the Military Tactical control, other military airplane ... o to communicate with the Command and Control Centers o to fly the airplane along the expected route using military navigation aids
Additional System. Mission system

o to maintain aware of the changes of the scenario, mission plan and threat using Data Links networks o to re-plan the mission as required by Command and Control Centers using Mission Planning System
FC2 Session: 2

Additional System. Air to Air Refuelling system
o to control and monitor Refuelling system o to control Booms and Pods operation (Tanker) o To control boom receptacle (Receiver)
Additional System. Electronic warfare systems

o to know the position of the missile threats o to fly the airplane follow the commands cues o to control the countermeasures dispensing o to control and monitor anti-jamming
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
53

Additional System ( Cont)
o Sensor system to control and monitor passive and active sensors to know the position of the targets and some kinds of threats o Targeting system to assists the flight crew in detecting, identifying, classifying the targets to designate the targets o Weapon system to control and monitor weapon configuration to prepare weapon for release to control in flight weapons
FC2 Session: 2

Forward Fuselage requirements
The external boundaries of the Flight Deck in terms of windshield and fuselage are often influenced more strongly by aerodynamic, performance, structural and equipment installation (radar) considerations than by Flight Deck principles. Nevertheless, a compromise have to be found taking into account the Internal FD Geometry (DEP, NSRP, External Vision, Windshield)
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
55
Crew Task Analysis / System Function Allocation

Flight Crew Operational Concept:
Main Flight Crew Functions Assignment
o Responsible R- the crewmember responsible for over-seeing that the task is performed o Execute E- the crewmember responsible for executing the task o Verify V- the crewmember that verifies that the task has been completed
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
56
Flight Crew Operational Concept (cont):

MAIN CREW FUNCTIONS Mission Planning before flight On-aircraft Mission Management and Replanning Capt MCD R R R R R R R R R R R R E E V V V E E E V/E PF V V E V V V E E V V V PNF ARO
Crew Task Analysis / System Function Allocation

MCO E E
Flying the aircraft (AAR speed, altitude etc)

Military navigation aids and Radio management ATC (civil/military) Communications Military tactical communications, HQ Follow-up ARA & Timing Communications with receivers for RV/formation Calculation of the critical parameters for RV Communication with receivers for AAR Boom or pods operation AAR devices management
Mission Fuel management

Military Tactical Situational Awareness
R
R
E
V
V
E 57
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
HE in Test and Evaluation

Methodology and metric: HMI evaluations. MCH scale
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
58
HE in Test and Evaluation

Methodology and metric: Workload. Bedford Scale
DECISION TREE WORKLOAD DESCRIPTION Workload Insignificant. RATING WL 1 Workload Low. Enough spare capacity for all desirable additional tasks.
YES
WL 2
WL 3
Insufficient spare capacity for easy attention WL4 to additional tasks.

NO
Was workload satisfactory without reduction?
Reduced spare capacity. Additional tasks cannot be given the desired amount of Attention.
WL 5
Little spare capacity. Level of effort allows WL 6 little attention to additional tasks.
YES
Was workload satisfactory tolerable for the task?

YES
NO
Very little spare capacity, but maintenance WL7 of effort in the primary task not in Question. Very high workload with almost no spare Capacity. Difficultly in maintaining level of WL 8 Effort. Extremely high workload. No spare capacity serious doubt as to ability to maintain level WL 9 of effort. Task abandoned: pilot unable to apply sufficient effort. WL 10
Was it possible to complete the task?
NO
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
59
Aeronautical requirements for aircraft systems Aeronautical Requirements for Environmental requirements EMI/EMC Aircraft Systems Safety assessment
Requirements for Embedded Software
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Requirement-setting for Systems

For all aircraft, safety of flight in all possible flight regimes is the prime requirement. Second only to safety, the mission of the aircraft is the principal driver of requirements in terms of aircraft performances.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
61
Requirement-setting for Systems

Finally, certification is a major factor in system design. As the complexity and criticality of avionics increases so does the need for extensive certification activities.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
62
Aircraft Certification and Qualification

Certification Legal recognition, through issuance of a certificate by aviation authority, that a product, service, organization, or person complies with that authoritys requirements. Airworthiness Airworthiness is achieved, when the fulfilment of certification requirements has been demonstrated for a flying system.
Instituto Nacional de Tcnica Aerospacial
EASA European Aviation Safety Agency
Behind Aircraft/ Aircraft System certification is the achievement of airworthiness to guarantee a safe flight.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
63

Digital avionics ( HW ) can integrate functions in ways analog avionics could never achieve, with the development of highly complex SW and its integration with the underlying HW.
The advent of digital electronic technology has enabled unprecedented expansion of aircraft system functionality and evolution of aircraft function automation. Including Level A systems that affect the safe operation of the aircraft; however, such capability does not come free.
FC2 Session: 2

Qualification The demonstration to the customer that his system requirement are met by the final product ( system ).
Stakeholder Requirements
Certification Authorities Requirements Certification
Customer Requirements
Qualification
Verification & Validation
Qualification and Certification are parallel complementary processes with a different final aim, being possible reuse some evidences for both ( overlapping ).
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
65
Airborne Systems Constraints

Airborne System ( equipment ) is very different in many ways from ground based system carrying out similar functions.
Reasons are :
o o o o The importance of acheiving minimum weight. The adverse operating environment particularly in terms of operating temperature range, acceleration, shock, vibration, humidity range and electro-magnetic interference. The importance of very high reliability and safety. Space constraints particularly in military aircraft requiring an emphasis on miniaturisation and high packaging densities.
To meet requirements can result in the system (equipment) costing up to ten times as much as equivalent ground based electronic system ( equipment).
FC2 Session: 2
Minimum weight
An increase in the weight of the equipment and elements of a system, requires the aircraft structure to be increased in strength, and therefore made heavier, in order to withstand the increased loads during manoeuvres. This increase in aircraft weight means that more lift is required from the wings and the accompaning drag is thus increased. An increase in engine thrust is therefore required to counter the increase in drag and the fuel comsuption is thus increased.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
67
Environmental Requirements
The environment is which system ( equipment ) has to operate can be very severe and adverse one in military aircraft; the civil aircraft environment is generally much more benign but is still an exacting one. The operating temparature range for military cockpit is usually specified from 40C to +70C.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
68
69
DO-160 chapters
Section 1.0 Purpose and Applicability Section 2.0 Definitions of Terms - General Section 3.0 Conditions of Tests Section 4.0 Temperature and Altitude Section 5.0 Temperature Variation Section 6.0 Humidity Section 7.0 Operational Shocks and Crash Safety Section 8.0 Vibration Section 9.0 Explosion Proofness Section 10.0 Waterproofness Section 11.0 Fluids Susceptibility Section 12.0 Sand and Dust Section 13.0 Fungus Resistance Section 14.0 Salt Spray Section 15.0 Magnetic Effect Section 16.0 Power Input Section 17.0 Voltage Spike Section 18.0 Audio Frequency Conducted Susceptibility - Power Inputs Section 19.0 Induced Signal Susceptibility Section 20.0 Radio Frequency Susceptibility (Radiated and Conducted) Section 21.0 Emission of Radio Frequency Energy Section 22.0 Lightning Induced Transient Susceptibility Section 23.0 Lightning Direct Effects Section 24.0 Icing Section 25.0 Electrostatic Discharge Section 26.0 Fire, Flammability
FC2 Session: 2
Vibration is usually quite severe.Typical levels of Power Spectral Energy are 0,7 g2 per Hz at very low frequencies in airborne installantions. The system ( equipment ) must operate under maximum acceleration or g to which the aircraftis sujected during manoeuvres. This can be 9 g in a modern fighter aircraft and the specification for the equipment would call up at least 20 g.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
70
The electromagnetic compatibility ( EMC ) requirements are also very demanding. The system ( equipment ) must not exceed the specified emission levels for a very wide range of radio frequencies and must not be susceptible to external sources of very high levels of RF energy over a very wide frequency band. The system ( equipment) must be able to withstand lightning strikes and very high electromagnetic pulses ( EMP ) which can be encountered during such strikes.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
71
72
EMI basics
Lightning effects
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Design of electronic equipment to meet EMC requirements is in fact a very exacting discipline and requires very careful attention to detail design.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
73
74
EMI basics
Conducted: Power lines Signal lines
EMI
Radiated: Electric field Magnetic field Plane waves
Ways to mitigate EMI interference: Supress the emission at the source Obstruct the coupling path Hardening the receiver to emissions
FC2 Session: 2
Up to 150 KHz: Conducted interference dominates 150 KHz to 30 MHz: Interference propagates through a combined mechanism of conducted and near field radiated coupling 30 MHz to 18 GHz: EMI propagation by radiation
75
EMI basics
Capacitive coupling:
Increasing the distance between conductors Using an electric shield between conductors Decreasing the value of dV/dt
Inductive coupling:
Decrease source and victim loop areas Put conductors oriented at 90angle Increase the distance between conductors Shield, filter or add ferrites to sensible cables Decrease value of dI/dt
FC2 Session: 2
76
EMI basics
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
EMI basics
Wiring Design Rules ( Grouping ):
Route G : Generation - The power supply feeders and generator excitation shall be routed in G route Route P : Power distribution - The power supplies of system with current greater than 15 A shall be routed in P route. Route M : Miscellaneous signals - The signals routed in M route are non sensitive. Route S : Sensitive signals - The signals routed in S route are sensitive to interference. Route R : Audio signals - The R route is dedicated to analogic audio line. ADF signals between transmitter / receiver and antenna can be routed in R route. Route U/T : Coaxial cables - All the coaxial cables shall be routed in U/T routes. Route Q: Fuel System Routes
Remarks: - As a general rule buses cables shall be routed in route M, nevertheless when fully justified for segregation purpose some buses cables may be routed in route S.- Monitoring cables related to Flight By Wire (except roll which is routed in S) and auto flight system shall join this category for segregation purpose (not related to electromagnetic compatibility). Remarks: - Control cables related to Flight By Wire and Auto Flight System shall join S category for segregation purpose (not related to electromagnetic compatibility) Remarks: - Dedicated routes for Armament and for TEMPEST
FC2 Session: 2
Route examples
Route G: generation drives the power from engine generators to power centers.
Route M: Is a miscellaneous route for non sensible and low power loads
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
78
79
Principle diagrams
Within a PD system designers shall define: Wire gauge, taking into account voltage drops and aircraft zone The routs to comply with segregation requirements The protections in the harnesses: shielding, twisted wires
Installation team will derive the Wiring Diagrams for electrical installation
FC2 Session: 2
Reliability
It is clearly not possible to repair equipment in flight so that equipment failure can mean aborting the mission or a significant loss of performance or effectiveness in carrying out a mission. The cost of equipment failures in airline operation can be very high ( interrupted schedules ), loss of income during aircraft on the ground situations, etc. In military operations, aircraft availability is lowered and operational capability lost. In MMEL(Master Minimum Equipment List) is defined GO/NO GO/GO IF equipment.
FC2 Session: 2
Reliability
Every possible care is taken in the design of Avionics to achieve maximum reliability. The quality assurance ( QA ) aspects are very stringent during the manufacturing processes and also very frequently call for what is referred to as reliability shake-down testing , or RST, before equipment is accepted for delivery.
RST is intended to duplicate the most severe environmental conditions to which the equipment could be subjected, in order to eliminate the early failure phase of the equipment life cycle ( what is generally referred to as the infant mortality phase ).
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
81
Standards and Guidances

The most general design cycle proceeds from concept through a design phase to a prototype test and integration phase (development ), ending finally in release to production. Requirements are defined at different levels:
Equipment System or Sub-sytem Overall System ( platform )
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
82

To define Engineering Requirements for Design, Analysis, Validation and Verification ( qualification & certification ), are used standards and guidances.
Standards, Guidances, Know-how,
Technical judgment,
Lessons-learnt, ....
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
83

Typical types of requirements [ SAE ARP 4754]:
o o o o o o o o o o o o o o Safety Requirements Functional Requirements Customer Requirements Operational Requirements Performance Requirements Physical and Installation Requirements Reliability, Maintainability, Testability Requirements Security Requirements Interface Requirements Safety Requirements Certification Requirements Qualification Requirements Software Development Tool Requirements Test Requirements
Mandatory to complete adequately the V+V plan and therefore the product certification.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
84

US and European organisations are working on harmonisation of standards. Most important regulatory organisations or standards developers :
Society of Automotive Engineers
The European Organization for Civil Aviation Equipment
The Radio Technical Commission for Aeronautics
The Institute of Electrical and Electronics Engineers
FAA
European Aviation Safety Agency North Atlantic Treaty Organization ( NATO ) (EASA)
United States Department of Defense ( US DoD)
Aeronautical Radio Incorporated International Civil Aviation Organization (ICAO),
International Civil Aviation Organization (ICAO), Airbus Military 2011 85
FC2
Session: 2
A.Feito,B.Delicado,

Typical standards and guidances used by airframe manufacturers to define the overall requirements from design to certification for airborne systems ( equipment ).
SAE ARP4761 Safety Assessment Guidelines ( criticality analysis, fault tree analysis techniques, Failure mode and effects analysis ) SAE ARP4754 Certification Considerations for Highly Integrated or Complex Aircraft Systems ISO 15288 Management for the Systems Engineering Process SAE ARP4761 Safety Assessment Guidelines ( criticality analysis, fault tree analysis techniques, Failure mode and effects analysis ) RTCA DO-160 Environmental Conditions and Test Procedures for Airborne Equipment MIL-STD-810 Environmental Engineering Considerations and Laboratory Tests RTCA DO-178B Software Considerations in Airborne Systems and Equipment Certification MIL-STD-498 Software Development and Documentation RTCA DO-254 Design Assurance Guidance for Airborne Electronic Hardware MIL-STD-464 ELECTROMAGNETIC ENVIRONMENTAL EFFECTS REQUIREMENTS FOR SYSTEMS MIL-STD-461 Electromagnetic Emission and Susceptibility Requirements for the Control of Electromagnetic Interference. ED-107/ SAE ARP5388 Guide to Certification of Aircraft in a High Intensity Radiated Field (HIRF) Environment ED-84 / SAE ARP5414 Aircraft Lightning Environment and Related Test Waveforms Standard ED-113 / SAE ARP5577 Aircraft Lightning Direct Effects Certification EASA CS-25 Certification Specification for Large Aeroplane ( also FAA FAR-25 ) MIL-STD-1553B Aircraft internal time division command/response multiplex data bus ARINC-429 - Standard for the predominant avionics data bus used on most higher-end commercial and transport aircraft
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
86
87
ARP 4754 overview

ARP 4754 is the civil certification mean of compliance to cover highly-integrated or complex systems
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
88
ARP 4754 overview

DAL assigned through Safety Assessment can be reduced by means of redundant architectures
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
89
Requirements evolution
Certification requirements for aircraft, systems and equipment is always evolving increasing flight safety. An example is the OBIGGS (On Board Inert Gas Generation System) that fills fuel tank with nitrogen to reduce flammability.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment 7.Safety Assessment
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
ARP4761 overview
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment FHA
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
MIL-STD-882:
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
MIL-STD-882:
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
MIL-STD-882:
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Fault-tolerant architectures
IO
Extension Retraction RCS
Hoist
PDL
FCL
Moding Machine
Basic TMR concept Partitioning N-version
Consolidation
IO
Active-monitor
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Consistency checks use a priori knowledge about information to verify continuously the correctness of that information managed within a system. Examples:
Signal check (robustness checks)

o Range o Rate of change
Run-away detector for program pointer. The binary code instructions are located in an specific directions of the memory, any attempt to go out of this boundary could be detected and restored. Predicted performance Data diversity: input consolidation of multiple measures for the same signals
FC2 Session: 2
Memory checks:
Available memory checks Write and read the memory in specific locations to check the proper behaviour of the memory. Complementary to information redundancy techniques.
Processor checks:
ALU tests, compare the output of certain predefined operations with verified results in ROM Execution time checks, monitoring the amount of time dedicated to an specific task is under the expected range
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
-Active Failure: A failure which can not remain in an aircraft more than one flight. It is detected before the following flight and repaired if necessary
-Risk Times:
Mean Flight Time: T0 is defined for each program Risk Time: The period of time within the flight during which an item must failed in order to cause the feared event (Failure Condition under study) Eg: Failure to extend or downlock LG the complete flight = T0 Repercussion Phase: the period of time in which the feared event has a determined repercussion. Eg: Failure to extend or downlock LG Landing
FC2 Session: 2
Safety Assessment
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
PCAT assignment: Analysis of all the possible FC in which the equipment might be involved, and considering lightning and HIRF as a common cause of failure. The strategy consists in finding a Safe Path through the DD or FTA. The aim of this analysis is to find and secure what must NOT fail during a Lightning or HIRF event, to ensure no adverse effect at function level. All the boxes involved in the chosen path have to be protected at least at the same level than the FC it refers to. As an example a Catastrophic FC must be protected by securing, in its DD or FTA, a path where all Base Events used are protected with an EMH PCAT A.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
HIRF and LIE protection
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Safety Assessment
Intrinsic Hazard Analysis For each item of equipment, hazards coming from inside the equipment have also to be considered: the associated level of intensity and the failures, human errors or operational conditions which could lead to release the concerned hazard outside its normal location in the equipment. It is done with the help of a "generic potential hazard check list". Each equipment is compared with a check list in order to identify a possible intrinsic risk: If it can be contained definition of requirement for equipment specification If it can not be contained integration in a new failure condition or identification of a new particular risk
FC2 Session: 2
PRA Particular risk assessment

UERF Uncontained engine rotor fail PRB Propeller blade release TEFO Total engine flame out LMES Loss of main electrical source Wheel and Tyre Failure Bird Strike
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
ZSA Zonal Safety Snalisys

Segregation of components: Equipment Wiring routes Vulnerability concepts
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
CMA Common Mode Analysis

A Common Mode Analysis shall be performed on each System that can have potential catastrophic repercussions in case of failure. Identification of Catastrophic Failure Conditions The method may be used for Hazardous failure conditions when necessary. Identification of Independence Principles for these FCs Check all possible Common Mode Failures / Events for these identified Independence Principles (use Check List) Identification of segregation requirements Compliance record Accepted deviations record
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Requirements for embedded software Requirements for Embedded Software
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
SW Requirements
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
Example of Aeronautical SW
Aeronautical SW Example: A330-MRTT RAAF BCCS SW
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
115
Introduction to the Aeronautical SW

DO-178B
Provides guidelines for the production of SW for airborne systems and equipment with a level of confidence in safety that complies with airworthiness requirements. Such guidelines are provided in terms of: - Objectives (to be achieved by the SW Life Cycle Processes). - Activities and design considerations for achieving the objectives. - Evidences that indicate the satisfaction of the objectives. Defines three types of processes as part of the SW Life Cycle: - SW Planning Process: defines and coordinates the activities of the rest of processes. - SW Development Processes: produce the SW product and comprise the SW Requirements Process, the SW Design Process, the SW Coding Process and the Integration Process. - Integral Processes: ensures the correctness, control and confidence of the SW Life Cycle and their outputs and comprise the SW Verification Process, the SW Configuration Management Process, the SW Quality Assurance Process and the Certification Liaison Process.
FC2 Session: 2

DO-178B / SW PLANNING PROCESS
Defines the means of producing SW which will satisfy the system requirements and provide the level of confidence which is consistent with the airworthiness requirements. Process objectives Table A-1, SW Planning Process Objectives. Process activities: SW Plans should be developed. The purpose of the SW plans is to define the means of satisfying the objectives.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
117

Plan for Software Aspects of Certification, PSAC Primary means for communicating the proposed development methods to the certification authority for agreement.
System Overview Certification Considerations SW Life Cycle functions, HW/SW architecture, HW/SW I/Fs, safety features. summary of certification basis, means of compliance, proposed SW levels and justification (PSSA) processes description and objectives satisfaction
Software Overview SW functions, proposed safety and partitioning solutions
SW Life Cycle Data

Schedule Additional Considerations
data to be produced and/or controlled and to be submitted to the certification authority

certification authorities reviews planning specific features that may affect the certification
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
118

Software Development Plan, SDP Defines the SW Life Cycle and the SW Development Environment.
Standards SW Life Cycle SW Development Environment SW Requirements Std., SW Design Std. and SW Code Std. processes description and transition criteria Requirements development and design methods and tools, programming languages, coding tools, compilers, linkers and loaders and HW platforms
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
119

Software Verification Plan, SVP Defines the means to comply with SW Verification Process objectives. The verification procedures may vary by SW Levels.
Organization Independence Methods Environment Partitioning Compiler Reverification Previous SW Dissimilarity Fix organizational responsibilities and interfaces. Methods for ensuring verification independence when required. Reviews, analysis and testing methods. Equipment for testing, tools and guidelines for applying the tools. If partitioning, method to verify the integrity of partitioning. Assumptions about the correctness of compilers and linkers. For SW modification, affected areas identification. Way of compliance if previously developed SW doesnt comply. Description of both SW Verification Processes.
FC2 Session: 2
Transition Criteria For entering this SW Verification Process.

Software Configuration Management Plan, SCMP Defines the means to comply with SW Configuration Mngt. Process objectives. The configuration control procedures may vary by SW Levels.
Environment Activities Procedures, tools, methods, standards, organizational responsibilities and interfaces. Items Identification, baselines establishment and traceability, problem reporting, change control and review, archive and release methods, load control, tools control and CC1 and CC2 controls. Definition of SCM Data: SCM records, SW Configuration Index (SCI) and SW Life Cycle Environment Configuration Index (SECI). Apply SCM process requirements to suppliers.
FC2 Session: 2
Transition Criteria For entering the SCM Process. SCM Data
Supplier Control

Software Quality Assurance Plan, SQAP Defines the means to comply with SW Quality Assurance Process objectives.
Environment Scope, organizational responsibilities and interfaces, standards, procedures, methods and tools.
Authority
Activities
Statement of the SQA authority (also approval for SW products).

Reviews, audits, reporting, inspections, monitoring of processes, problem reporting tracking and corrective action and SW Conformity Review activity. Timing of SQA process activities. Definition of records to be produced. Means of ensuring that suppliers processes and outputs comply with the SQA Plan.
FC2 Session: 2
Transition Criteria For entering this SW Quality Assurance Process. Timing SQA Records Supplier Control

DO-178B / SW DEVELOPMENT PROCESS
Comprise 4 sub-processes: - SW Requirements Process - SW Design Process - SW Coding Process - Integration Process The linear SW development model is not required. Each sub-process is considered as finished when all the objectives have been achieved and the Verification and Configuration Management activities have been performed. Table A-2, Software Development Process general objectives.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
123

DO-178B / SW DEVELOPMENT PROCESS SW Requirements Process
The SW Requirements Analysis Standard (identified in the SDP) is applied and the SW Requirements Document is generated. The objectives of this process are: - Develop the SW High-Level Requirements from System Requirements, including functional, performance, interface and safety-related requirements. - Derived SW High-Level Requirements are identified and should be indicated to the System Safety Assessment (return of experience show us that this is not typically done). Not directly traceable to System Requirements. The Preliminary System Safety Assessment (PSSA) should add the impact on the safety of the implementation of such derived requirements. Table A-3, Verification of Outputs of Software Requirements Process
FC2 Session: 2

DO-178B / SW DEVELOPMENT PROCESS SW Requirements Process
The SW Requirements sub-process can be considered as finished when the objectives have been achieved and the verification, configuration management and quality assurance activities have been performed. Table A-3 establish verification criteria of the output of the SW Requirements Process: the SW Requirements Data or document. The SW Requirements Data should include: - Allocation of system requirements to SW. - Functional and operational requirements. - Performance criteria (accuracy). - Timing and memory size requirements and constraints. - HW and SW interfaces. - Failure detection and safety monitoring requirements. - Partitioning requirements allocated to SW.
FC2 Session: 2

DO-178B / SW DEVELOPMENT PROCESS SW Design Process
The objectives are to establish the SW Architecture and the SW Low-Level Requirements from the SW High-Level Requirements and to define the Derived Low-Level Requirements. Table A-4, Verification of Outputs of Software Design Process, establish verification criteria (review/analysis) of the output of the SW Design Process. The primary output of the process is the Design Description, which includes: - Description of SW high level requirements satisfaction and how SW requirements are allocated to processors and tasks. - Description of the SW Architecture and the Input/Output. - Data and control flow of the design. - Resources limitations and Scheduling procedures. - Design and partitioning methods. - Reuse of previously developed SW Components. - Means to ensure that deactivated code cannot be enabled.
FC2 Session: 2

DO-178B / SW DEVELOPMENT PROCESS SW Coding Process
The objective of the SW Coding Process is the development of the Source Code, that should be traceable, verifiable, consistent and correctly implements the low-level requirements. Source code should implement the low-level requirements, conform the SW Architecture, the SW Code Standards and be traceable to the Design Description. The output of the process consists of the code generated in source language(s) and compiler and linker instructions for generating the object code. Table A-5, Verification of Outputs of Software Coding & Integration Process, establish verification criteria (review/analysis) of the output of the SW Coding Process. The most severe criteria is the verification of the robustness and the execution time.
FC2 Session: 2

DO-178B / SW DEVELOPMENT PROCESS Integration Process
The objective of the Integration Process is the loading of the Executable Object Code into the target HW for HW/SW integration. The Executable Object Code should be generated from the Source Code and, once generated, loaded into the target computer. The output of the process consists of executable object code that is directly usable by the CPU of the target computer and its the SW that is loaded into the HW or the system. Table A-5, Verification of Outputs of Software Coding & Integration Process, establish verification criteria (review/analysis) of the output of the SW Coding Process. The most severe criteria is the verification of the robustness and the execution time.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
128

DO-178B / SW DEVELOPMENT PROCESS Traceability
The traceability description is included into the SW Development Process and its verification is included into the SW Verification Process. The traceability requirement depends on the SW Level. Traceability is required in tables A-3, A-4 and A-5: - For Level A and/or B, traceability from source code to system requirements is required. - For Level C, traceability from SW low level requirements to system requirements is required. - For Level D, traceability from SW high level requirements to system requirements is required.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
129

DO-178B / INTEGRAL PROCESSES SW VERIFICATION PROCESS
RTCA is more precise when defining verification effort, which increases with the SW Criticality Level. Verification is not simply testing. Verification as a combination of reviews, analysis and tests. Reviews and analysis provide an assessment of the accuracy, completeness and verifiability of the SW requirements, SW Architecture and Source Code. Test Cases may provide further assessment of the internal consistency and completeness of requirements, and their execution provides a demonstration of compliance with requirements. Tables from A-3 to A-6 summarize review/analyses requirements for development activities. Table A-7 summaries review/analysis criteria for test cases definition and results, including coverage checking.
FC2 Session: 2

Reviews - Provide quality assessment of correctness. - May consist of an inspection, peer review, proof reading guided by a checklist or similar aid. - To be performed on: Plans, SW High Level and SW Low Level Requirements, SW Architecture and Design, Source Code and Test Cases, Procedures and Results.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
131

Analysis - Provide repeatable evidence of correctness. - Analysis of Stack Usage, Worst-Case Execution Time, Exception Handling, etc. - Requirements-Based Test Coverage Analysis. - Structural Coverage Analysis: To determine which code structure was not exercised by the requirements-based test procedures. Confirm the appropriate degree of structural coverage to the SW Level: Statement coverage for levels A, B and C Decision coverage for levels A and B Modified condition/decision coverage for level A - Detection of dead code, deactivated code and inadequate SW reqs.
FC2 Session: 2

SW Testing Process - Objectives: to demonstrate that SW satisfies its requirements and that errors which could lead to unacceptable failure conditions have been removed - Three types of testing: HW/SW Integration Testing: verification of the SW in the target computer environment. SW Integration Testing: verification of interrelationships between SW components. Low Level Testing: verification of the implementation of SW LLR. - Two categories: Normal range test cases Robustness test cases
FC2 Session: 2

Outputs of the SW Verification Process: - SW Verification Cases and Procedures: detail how the SW Verification Process activities are implemented (scope and depth of the review or analysis methods, test cases, expected results, pass/fail criteria, execution instructions, test environment description and how test results are evaluated). - SW Verification Results: summarizes the verification activities results (reviews, analysis and tests). RTCA doesnt use the formal reviews SRR, PDR, CDR, TRR that typically are used as project management mechanism. RTCA requires the review of the artefacts and the evidences generation before they were used by further processes.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
134

DO-178B / INTEGRAL PROCESSES SW CONFIGURATION MANAGEMENT PROCESS
Activities (guidelines for each activity are provided): - configuration identification: label each configuration item - change control: changes recording, evaluation, resolution, approval and review - baseline establishment and traceability: intermediate and SW product baseline should be established - problem reporting and tracking: record non-compliance with SW plans or standards, deficiencies of outputs and anomalous behaviour of SW products. - archiving of SW product: ensure that only authorized SW is used - load control: ensure that the executable object code is loaded into the airborne system with appropriate safeguards (P/N, Media ID,)
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
135

DO-178B / INTEGRAL PROCESSES SW CONFIGURATION MANAGEMENT PROCESS
Data Control Categories: related to the configuration management controls placed on the data. - Control Category 1 - Control Category 2 Tables of Annex A specify the control category for each software life cycle data item, by SW level. This process doesnt stop when the SW product is accepted by the certification authority, but continues throughout the service life of the airborne system or equipment.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
136

DO-178B / INTEGRAL PROCESSES SW QUALITY ASSURANCE PROCESS
Assesses the SW Life Cycle Processes and their outputs to obtain assurance that the objectives are satisfied, that deficiencies are detected, evaluated, tracked and resolved, and that the SW product and SW Life Cycle Data conform to certification requirements. Activities: - audit that SW plans and standards are developed and reviewed - audit that SW Life Cycle processes comply with SW plans and standards - audits of the SW development and integral processes - audit that transition criteria between processes have been satisfied - audit that SW Life Cycle Data are controlled - conduct a SW conformity review prior to delivery of SW products
FC2 Session: 2

DO-178B / INTEGRAL PROCESSES SW QUALITY ASSURANCE PROCESS
SW Conformity Review (for each formal delivery): to obtain assurances, for a SW product submitted as part of a certification application, that the SW Life Cycle processes and data are complete and the Executable Object Code is controlled and can be regenerated.
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
138

DO-178B / INTEGRAL PROCESSES CERTIFICATION LIAISON PROCESS
Establish communication and understanding between the applicant and the certification authority. The applicant should: - submit the PSAC to the certification authority - resolve issues identified by the certification authorities - obtain agreement with the certification authority on the PSAC - submit for each SW product to the certification authority : Software Accomplishment Summary (SAS): shows compliance with the PSAC and other plans, change history, deviations justification, problem reports unresolved at certification time, including statement of functional limitations. Software Configuration Index (SCI): Identifies the SW product, the executable object code, each source code component, documents, instructions for regenerating the executable object code
FC2 Session: 2
References
Aircraft systems Ian Moir and Allan Seabridge,Wiley and Sons, Third edition 2008. Introduction to Avionics, R.P.G. Collinson, Chapman & Hall. The Avionics Handbook, CRC Press LLC, 2001 Airbus A330 Flight Deck and Systems Briefing for Pilots (Book Aircraft Manual),1999 ATA100 (Air Transport Association) MIL-HBDK-881 (US DoD) WORK BREAKDOWN STRUCTURES FOR DEFENSE MATERIEL ITEMS Aircraft systems Ian Moir and Allan Seabridge,Wiley and Sons, Third edition 2008. Introduction to Avionics, R.P.G. Collinson, Chapman & Hall. The Avionics Handbook, CRC Press LLC, 2001 Airbus A330 Flight Deck and Systems Briefing for Pilots (Book Aircraft Manual),1999 EASA Part 21 Subpart J Systems Ingeneering Fundamentals, US Department of Defence, Systems Management College. http://www.eads.com/ http://www.airbus.com/en/ http://www.boeing.com/
FC2
Session: 2
A.Feito,B.Delicado,
Airbus Military
2011
140

FC2 Session 5-8 AFC

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FC2 Session 5-8 AFC

Uploaded by

Copyright:

Available Formats

Aircraft Systems Integration

Andrs Feito Andres.Feito@military.airbus.com

Origin and Background of Aircraft Systems Integration Inter-System Communication

Flight and Systems

Flight and Systems

The 1960s saw the introduction of

Interactive Mode (On Ground)

Transmission to CMS Analysis (Fault isolation) Failure message Memorisation

More Electrical Aircraft

More Electrical Aircraft

Systems to control Flight Parameters

Systems to control Flight Parameters

Digital buses overview

> 100 Mb/s

Linear Mono-sender / Multi-receivers

Digital buses overview

ARINC 429 Receiver

ARINC 429 Receiver

ARINC 429 Receiver

A629 / MILBUS -1553 configuration (linear bus)

ARINC 629 Terminal

ARINC 629 Terminal

ARINC 629 Terminal

AFDX configuration (Star bus)

100 Mb/s Voltage Mode

A429. Some details. Data

A429.Some details. SDI

A429. Sign Status Matrix

MILBus 1553B Overview

MILBus 1553B Overview

MILBus 1553B. Bus controller

MILBus 1553B. Word Types

Pilot/Crew Interfaces with Systems

Pilot/Crew Interfaces with Systems

Pilot/Crew Interfaces with Systems

Pilot/Crew Interfaces with Systems

Pilot/Crew Interfaces with Systems

Pilot/Crew Interfaces with Systems

Pilot/Crew Interfaces with Systems

Pilot/Crew Interfaces with Systems

Pilot/Crew Interfaces with Systems

Flight Deck Requirements

Flight Deck Requirements

Flight Deck Requirements

Flight Deck Requirements

Basic System. D&C system

Flight Deck Requirements

Additional System. Mission system

Flight Deck Requirements

Additional System. Electronic warfare systems

Flight Deck Requirements

Flight Deck Requirements

Crew Task Analysis / System Function Allocation

Flight Crew Operational Concept (cont):

Crew Task Analysis / System Function Allocation

Flying the aircraft (AAR speed, altitude etc)

Mission Fuel management

HE in Test and Evaluation

HE in Test and Evaluation

Insufficient spare capacity for easy attention WL4 to additional tasks.

Was workload satisfactory without reduction?

Was workload satisfactory tolerable for the task?

Was it possible to complete the task?