1 / 10

Certification Challenges for Autonomous Flight Control System

Certification Challenges for Autonomous Flight Control System. Mr. David B. Homan AFRL Air Vehicles Directorate david.homan@wpafb.af.mil (937) 255 - 4026. Cooperative Airspace Operations Background. To be effective assets in the force structure and mission plans, UAS’s must ….

ozzie
Download Presentation

Certification Challenges for Autonomous Flight Control System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Certification Challenges for Autonomous Flight Control System Mr. David B. Homan AFRL Air Vehicles Directorate david.homan@wpafb.af.mil (937) 255 - 4026

  2. Cooperative Airspace Operations Background To be effective assets in the force structure and mission plans, UAS’s must … • Be Safe & Reliable • Be Responsive & Effective • Be Interoperable • Not Adversely Effect Operations Capability VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

  3. Background: Flight Safety and Manned/Unmanned Functional Migration Situational awareness Flight Critical Mission Critical Manned Aircraft Vehicle Mgmt Off-board On-board Mission Mgmt Pilot is Integrator and Contingency Manager; FMS is mostly advisory. Flight Mgmt For UAVs, “Pilot Function” becomes huge design and V&V issue Unmanned Aircraft On-board Off-board Vehicle Mgmt Situational awareness? FMS and VMS provide Integration and Contingency Mgmt; Operator manages at high-level. Mission Mgmt Flight Mgmt VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

  4. Background: V&V Requirements Flight Critical Mission Critical System Focus is Performance/Security Performance Metric: Throughput and Bandwidth [event driven] Assurance Metric: Probability of Mission Success [Simplex or Back-up] Confidence Rqmt: Performance and security are validated. Consequence of Failure: Potential mission failure System Focus is Performance/Assurance Performance Metric: Sampling Rate and Latency [time triggered] Assurance Metric: Probability of Loss of Control and N x Fail Op/Fail Safe [Triplex or Quad] Confidence Rqmt: Performance and Assurance must be validated; [Failure Modes and Effects Testing] Consequence of Failure: Loss of Aircraft, potential loss of life Flight Critical V&V isn’t just a software issue, it’s a system issue!! Failure Modes and Effects Testing Consequence of Failure: Loss of Aircraft, potential loss of life Rule of Thumb: When you mix mission with flight criticality , the testing is held to most stringent requirement. Developmental Timeline: Flight Critical ready by First Flight! Any changes requires Total Re-test! VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

  5. New Capabilities Challenge V&V New Capabilities (and increasing complexity) are presenting new challenges to the V&V problem. • Mixed Criticality Architecture: Non-obtrusive co-existence of mixed criticality • Adaptive/Learning/Multi-Modal Functions: Indeterminate or untraceable functionality • Mixed Initiative/Authority Mgmt: Human/autonomy or autonomy/autonomy interactions • Multi-Entity Systems: Functions that encompass multiple platforms. • Sensor Fusion/Integration: Highly confident sensor-derived information These new systems/capabilities Need to be affordably provable VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

  6. Processors A B X X A C Serial bus backplanes X A B Mixed Criticality Challenge How can we separate the mission and flight critical functionality as to guarantee safety? SOA: Middleware that provides time/space partitioning (ARINC 653). Issue: Both Criticalities use common HW resources (i.e. processors, backplanes, busses etc); how do we determine PLOC and fault tolerance? • Understand failure mechanisms for partitioning • Non-critical function must not take out shared resources…Or the probability of its occurrence is predictable… • Need guarantee on fault tolerance Answer may reside in a SW/HW architecture specifically designed for mixed operation VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

  7. Input Layer 1st Hidden Layer 2nd Hidden Layer Output Layer Delta X Delta Y Delta Z Align Flight Vector Delta X Dot Move Towards Assigned Position Delta Y dot Maintain a Minimum Distance Delta Z Dot Delta A+B+C Delta CATA Adaptive/Learning/Multimodal Challenge How can we trust functionality that we may not be able to fully test? SOA: We must try to test the complete functional envelope (till $$ runs out…)! Issue: Some new Control capabilities are untraceable and/or non-deterministic • Adaptive systems • Huge test space • Perfect Input data • Learning systems • Environmental stimuli • Lost memory • Multi-modal systems • Mode transition stability • Mode synchronization • Recovery mode Answer may reside in bounding the function in run-time to known safe behavior. VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

  8. Mixed Initiative Challenge AF Poster Child: Auto-Aerial Refueling (AAR) How can man and autonomy safely interact? SOA: Human operator always get authority! Issue: Human operator may not have all the information or be able to comprehend situation in real-time: • Situational Awareness versus Response Time • Assessment of UAV mode/state/health • Assessment of surrounding environment • “Consequence of mishap” is a factor • Complete system health is a factor • Workload is a factor Answer may reside in a authority management specification that would allow the correct party to have decision authority. VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

  9. Multi-Entity Challenge How can trust systems with multiple players to safely perform cooperative functions? SOA: Keep humans away and hope for the best… Issue: Entities participating in the coordinated function may not be part of individual V&V testing: • Linked Interface Control Documents? • Entities with different manufacturers? • System Configuration Management? • Mission-specific programming? Answer may reside in a specification for contingency management, based on system degradation VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

  10. High Confidence Sensing Challenge How can we trust visual/radar systems for flight critical functions? SOA: Brute force and analytic redundancy Issue: Mission-style sensors don’t have acceptable real-time methods for FDIR… • Sensors will likely be multi-function! • Redundant HW may not be answer, redundant information? • Built-in-test may not provide good real-time coverage. • Reliable signal processing/sensor fusion software Answer may reside in sensor designs that compensate for sensor degradation and plan for contingencies VACC Technical Paper Nr. VAO-04-288. Cleared for Public Release on 11 Aug 04. AFRL-WS 04-0578

More Related