1. 1 BAE SYSTEMS Military Air Solutions (MAS)
Military Avionics Technology Exhibition (MATE)
2. 2 Presentation An Integrators View
Approach
Integrated Modular Systems
Modular Certification – Qualifying change
3. 3 Integrator View Need for Rapid Response to New Operational Requirements
Counter trend of increasing cost and timescales for upgrades
Obsolescence Alleviation
Minimise the impact of inevitable hardware/software change
Greater Interoperability and Reuse
Across platforms and facilities
Facilitate Embodiment of New Technologies
Effective use of the Supplier base – DIS
Take the long view
4. 4 Approach Decouple Capability from Capacity
Working near full system capacity (network/processing) limits flexibility & responsiveness
Hardware independence (applications portability) enables rapid deployment of applications on new hardware
Hardware capacity refresh programme to sustain system capacity for upgrades
Modular Systems Hardware and Software
Limit cost/time impact of change and obsolescence
Ability to re-distribute functionality to utilise and consolidate spare capacity
Reduce the test, qualification and certification burden
Re-use tests
Modular and Incremental Certification
Improve the System Design and Development Process
Receptive Product
Automate the design process
Define once, use many times
Generate code automatically
5. 5 Approach for Software and Systems - Integrated Modular Systems Three-Layer Stack Software Architecture
Real-Time Operating System protects application software from changes in underlying hardware
provides distributed system management functions
High Speed Data Communications
removes bottleneck to system processing & data sharing
allows physical partitioning to be set aside �(partitioning still exists but is defined by system designer)
Common hardware design
re-use of common reference designs to reduce hardware diversity
maximise avionic functionality in software
backward compatibility
Modularity
provides well-defined interfaces and behaviour
not limited to hardware
essential for modular certification
6. 6 Modular and Incremental Certification
7. 7 IAWG Modular Incremental Certification Study Certification is expensive
Safety aspects are primary concern
Performance and qualification aspects must be compatible
When Obsolescence causes update/refresh
IAWG Study proposed solution via modular certification
Initial Certification costs are not addressed and can be expected to remain broadly similar to current costs.
Re certification following change will be targeted. Revised cost metrics based on size of change.
IAWG Study covers from system requirements to release to flight test.
Scope is Qualification & Certification Primarily focused on safety certification
Must not forget performance aspects.
In fact the techniques we use to reduce safety analysis rework should also be applicable to the performance aspects.
Absolute minimum is that it shouldn’t make the performance aspects more difficult.
Just to make sure we are all agreed that we aren’t addressing the initial certification aspects.
There may be some scope via improved processes / automation etc to reduce the costs of initial certification but these are out of scope for this study.
On the process side we will need to consider how to incorporate the IAWG strategy into the wider safety certification process.
There isn’t likely to be any reduction in the flight test programme from proposed improvements, therefore these aspects will not be considered (I.e. cost modelling based on current flight test etc. will be assumed).Primarily focused on safety certification
Must not forget performance aspects.
In fact the techniques we use to reduce safety analysis rework should also be applicable to the performance aspects.
Absolute minimum is that it shouldn’t make the performance aspects more difficult.
Just to make sure we are all agreed that we aren’t addressing the initial certification aspects.
There may be some scope via improved processes / automation etc to reduce the costs of initial certification but these are out of scope for this study.
On the process side we will need to consider how to incorporate the IAWG strategy into the wider safety certification process.
There isn’t likely to be any reduction in the flight test programme from proposed improvements, therefore these aspects will not be considered (I.e. cost modelling based on current flight test etc. will be assumed).
8. 8 Some Terminology Modular Certification
Construction of a system safety case from module safety cases
Incremental Certification
Re certification of a system based on a previously certified system and the delta of change. Some people use the term Incremental Certification to cover both MC & IC.
For example, Tim Kelly’s work at UoY on the notational constructs within GSN to enable a piecewise (hence incremental) development of a system safety case.
Modular certification is probably the best way to address the incremental certification problem. But just by being modular does not necessarily mean that IC will be achieved.
Useful to keep the two concepts separate. Some people use the term Incremental Certification to cover both MC & IC.
For example, Tim Kelly’s work at UoY on the notational constructs within GSN to enable a piecewise (hence incremental) development of a system safety case.
Modular certification is probably the best way to address the incremental certification problem. But just by being modular does not necessarily mean that IC will be achieved.
Useful to keep the two concepts separate.
9. 9 Certification Certification proposal aims to look at how we can optimise the Re-Certification of a system following change.
Must be compatible with legacy systems
Must not reduce the level of assurance
Strategy
Re arrange the certification data so that:
Scope of certification re-work can be easily determined.
Modular Certification re-structures evidence.
Incremental Certification explicitly introduces a change argument.
No change from current methods
10. 10 Scope of Certification
11. 11 Questions
