Leveraging COTS to lower the cost, risk of DO-254 / DO-178 safety-certifiable avionics hardware
September 17, 2014 | BY: Gregory SikkensDownload PDF
In today's cost-constrained, competitive environment, aircraft system designers are increasingly pushing down new requirements to integrators, encouraging them to invest in hardware development. Today, the FAA demands that electronics suppliers for commercial aviation, and increasingly for military aircraft, certify their system solutions to strict safety certification standards. New approaches for the design and verification of commercial off-the-shelf (COTS) modules can reduce the cost of safety-certifiable aircraft electronics.
For airborne applications, such as those aboard rotor-wing platforms or intended for unmanned aerial vehicle (UAV) ground stations, system designers are increasingly confronted with requirements for DO-178 (for software) and DO-254 (for hardware), the FAA's key safety certification standards. The DO-254 / DO-178 certification process requires the costly and time-consuming creation of detailed sets of "data artifacts" to prove that the proper design and production processes have been followed.
Typically, electronics designed to meet the safety-certification requirements have been custom designs. In many cases, however, COTS modules can significantly reduce a system developer's schedule, budget, and program risk. COTS benefits can also include significant technology upgrades and mitigation of obsolescence challenges. There is demand for rugged COTS modules that specifically target the needs of commercial and military aviation platforms. These safety-certifiable COTS modules will come complete with data artifact packages required for DO-254-level certifiability, including plans, requirements, design, integration, test, verification, and validation of the specific modules.
By providing select standard modules with comprehensive packages of design-certification process artifacts and certification evidence, COTS hardware vendors can ensure that their products are safety-certifiable and can be successfully used in a system that must achieve DO-254/DO-178 certification. This approach can help system designers to begin their application development sooner and much more cost-effectively.
About safety-certification standards
Pre-existing data artifact packages help reduce costs and development time by eliminating the complex and demanding documentation process that a user must otherwise undertake in order to provide proof of design assurance during the module's design life cycle. On the software side, the DO-178B standard establishes guidelines for avionics software and defines software life-cycle management, criticality-level details, and software-component testing to ensure a high level of software reliability. In many applications, the data artifacts to support DO-178B/C will be available from the hardware vendor, while others may be supplied by a third-party software vendor.
For the module itself, an important determinant for the system designer will be which DO-254 Design Assurance Level (DAL) the hardware will need to meet. DO-254 defines five different DAL levels - A, B, C, D, and E - each related to the severity of effects resulting from potential failure. It's estimated that over half of all avionics systems fit into the DO-254 DAL C/D/E categories. In the event of failure, hardware that meets DAL "E," the lowest level, will have no effect on the aircraft's operational capability or pilot workload. DAL "D" is for hardware that would cause only a minor failure condition for the aircraft. In the middle, failure of hardware intended for DAL "C" usage would result in a major failure condition for the aircraft, and typically involve serious injuries. As the levels go higher, and the potential consequences of system failure increase, the amount and complexity of the data artifacts required for certification also increases. A DAL "B" hardware failure is defined as one that could cause a hazardous/severe-major failure condition for the aircraft, and could involve some loss of life. The highest and most intensive level of the DO-254 standard, DAL "A,"is for hardware whose failure would result in a catastrophic failure condition for the aircraft and would likely result in total loss of life for all aboard.
As an example of the new approach for designing and verifying COTS modules, Curtiss-Wright has recently launched an initiative to design standard COTS subsystem modules with safety certification in mind - such as single-board computers and graphics modules - for use in military and commercial aerospace applications. Starting with the new VPX3-150 3U VPX SBC and VPX3-718 3U VPX graphic cards, Curtiss-Wright's approach resulted in DO-254 DAL C and DO-178C DAL C certifiable products with design artifact packages developed from the ground up, rather than reverse-engineered afterward.
This article was published by Military Embedded Systems on Sept 17, 2014