Rapid Prototyping Software for Avionics Systems

Model-oriented Approaches for Complex Systems Certification. Sprache: Englisch.
eBook epub

Dieses eBook können Sie auf allen Geräten lesen, die epub- und DRM-fähig sind, z.B. auf den tolino oder Sony Readern - nicht auf dem Kindle.

The design, implementation and validation of avionics and aeronautical systems have become extremely complex tasks due to the increase of functionalities that are deployed in current avionics systems and the need to be able certify them before puttin … weiterlesen
Dieser Artikel ist auch verfügbar als:
eBook epub

78,99 *

inkl. MwSt.
Sofort lieferbar (Download)
Machen Sie jemandem eine Freude und
verschenken Sie einen Download!
Ganz einfach Downloads verschenken - so funktioniert's:
  1. 1 Geben Sie die Adresse der Person ein, die Sie beschenken
    möchten. Mit einer lieben Grußbotschaft verleihen Sie Ihrem
    Geschenk eine persönliche Note.
  2. 2 Bezahlen Sie das Geschenk bequem per Kreditkarte,
    Überweisung oder Lastschrift.
  3. 3 Der/die Geschenkempfänger/in bekommt von uns Ihre Nachricht
    und eine Anleitung zum Downloaden Ihres Geschenks!
Rapid Prototyping Software for Avionics Systems als eBook epub


Titel: Rapid Prototyping Software for Avionics Systems
Autor/en: Nicolas Larrieu, Antoine Varet

EAN: 9781119050636
Format:  EPUB
Model-oriented Approaches for Complex Systems Certification.
Sprache: Englisch.
John Wiley & Sons

13. Oktober 2014 - epub eBook - 128 Seiten


The design, implementation and validation of avionics and aeronautical systems have become extremely complex tasks due to the increase of functionalities that are deployed in current avionics systems and the need to be able certify them before putting them into production. This book proposes a methodology to enable the rapid prototyping of such a system by considering from the start the certification aspects of the solution produced. This method takes advantage of the model-based design approaches as well as the use of formal methods for the validation of these systems. Furthermore, the use of automatic software code generation tools using models makes it possible to reduce the development phase as well as the final solution testing. This book presents, firstly, an overview of the model-based design approaches such as those used in the field of aeronautical software engineering. Secondly, an original methodology that is perfectly adapted to the field of aeronautical embedded systems is introduced. Finally, the authors illustrate the use of this method using a case study for the design, implementation and testing of a new generation aeronautical router.


Nicolas Larrieu is Full Professor at the research group ResCo at the TELECOM laboratory of ENAC (French Civil Aviation University). His research topics deal with designing new communication architectures and original security architectures for emerging networks such as IP-based aeronautical communication networks or UAV communication networks. He is currently involved in several activities for the SESAR European program where he can extend and validate his research results.

Antoine Varet gained his doctorate at the research group ResCo at the TELECOM laboratory of ENAC (French Civil Aviation University). His current research topics concern the improvement and automation of network security protocols and the protection of the privacy of data through innovating network protocols.



Methodology for Rapid Prototyping Avionic Software

This second chapter will first present the specificities and the restrictions of the avionic domain in terms of both its functionalities (security, safety and system virtualization) and standardization (the need for a complete certification of the final system). Taking these specificities into account, a methodology of rapid development has been produced and will be presented in section 2.3. This methodology will be first described in the abstract and a list of its advantages will be given. Second, examples of tools enabling the implementation of its different stages will be provided. Specifically, the organization of the target architecture for the avionic software to be produced, modeling and transforming models into software source code will be described. Nevertheless, this instantiation example of our methodology is not unique and to conclude other examples of tool chains that can be used to meet the specific needs of each software product will be given.

2.1. The specificities of the avionic domain

The improved performance of aeronautical systems currently enables us to envisage the use of new technologies in the context of onboard aeronautical systems as well as avionic networks which to this day have remained closed to ensure their security and safety being opened up to public networks such as the Internet. With these new technologies come new security needs. Meanwhile safety must be maintained.

We therefore decided to work on a Secure Next Generation (SNG) router. This router enables the critical streams (such as communication between the pilots and controllers) to be multiplexed (as illustrated in Figure I.1 in the introduction) with uncritical streams (streaming for passengers) in one channel of communication and guarantees the security and safety of communications.

2.1.1. System virtualization: integrated modular avioni

The first generations of avionic software systems were based on the direct relationships between systems: when a sensor transmitted information to two onboard computers, the data were duplicated across two independent channels of communication, each with its own receiver. The arrival of new technologies provided crews with new services and introduced new interactions.

Figure 2.1 depicts an Integrated Modular Avionics system (IMA, see [GAT 09]), which executes several independent software systems within the same hardware module. Entitled Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations, the RTCA norm DO-297 [DO 05] of 8th November 2005 provides regulation on the design and the implementation of systems for IMA architectures in civil aeronautics. Prepared by the Special Committee 200 (SC-200) group, this norm defines IMA as a shared set of flexible, reusable and interoperable hardware and software resources that, when integrated, form a platform that provides services, designed and verified to a defined set of safety and performance requirements, [shared set designed] to host applications [on the hardware] performing aircraft functions. This norm explains and separates the roles of the different suppliers of IMA modules: application suppliers, suppliers of IMA platforms, system integrators and certification agents.

Figure 2.1. The concept of IMA ARINC 653 APEX interface: application executive

In 1996 ARINC published the ARINC 653, a standard describing a programming and configuration interface that facilitates the independence of avionic applications with regards to hardware. The standard is called the ARINC 653 APEX (Application Executive). In 2003 an update was published that introduced IMA. The most recent publication (ARINC653P1-3, ARINC653P2-2, ARINC653P3, RINC653P4), in 2006, com
pletes the previous version by clarifying certain points.

This concept therefore avoids duplicating physical connections: one bus destined for the hardware transports the multiplexed data for the different software applications. The growing number of avionic systems has, however, continued to require interconnectivity between systems, each of which potentially has different restrictions. AFDX bus: Avionics Full-Duplex switched ethernet

The development of the Airbus A380 increased the need to move toward the scale of communication mechanisms between systems. This resulted in the introduction of the Avionics Full-Duplex switched Ethernet (AFDX, see [LAN 09]). The AFDX is a network protocol at the data link level (layer 2 data link of the Open Systems Interconnection [OSI] model), based on the reliable and redundant Ethernet protocol which enables the generic transmission of data between emitter and receiver systems. AFDX systems are therefore connected by a standardized Ethernet interface. Data are contained in the Internet Protocol (IP) packets, which are transmitted into the Ethernet frames. AFDX switches ensure the direction of the frames within the AFDX network.

However, the size of the topology of an AFDX network is limited by technology. The current closed network of the A380 contains a hundred or so terminal nodes which represent large amounts of work in terms of administration and certification. In addition, specific research is required to optimize the performance of this avionic network. Opening up this network to external data increases the number of potential nodes in the network. At a higher protocol level than that of the AFDX, the IP protocol (level 3 network of the OSI model) offers the opportunity to increase the size of virtual networks by maintaining acceptable-sized physical networks at the lower layers. The IP protocol is linked to routing functionalities: while physica
l routing (the switching of frames) is realized at level 2 by AFDX switches, virtual routing (packet routing) is possible at level 3 using a network component known as the IP router. We have worked to design, realize and validate this type of router.

2.1.2. MILS: divide and conquer, to rule over a secure world

The segregation of the guests (see Figure 2.2 for example), brought about by a virtualization solution, has led to it being used to strengthen the security of sensitive systems.

The Multiple [and] Independent Levels of Security [/Safety] (MILS) architecture concept has come about gradually. Based on John Rushbys [RUS 81] concept of separation kernel, an MILS architecture guarantees a high level of security for the execution of programs in the same infrastructure.

Indeed, a founding principle of the engineering consists of decomposing a complex task into several more simple tasks. In computer science, this concerns decomposing/dividing a piece of software into modules. The evaluation of security is thus simplified because the evaluator does not need to evaluate a complete monolithic system but rather a set of smaller distinct modules and their couples.

Implementing a virtualization solution to realize the support of an MILS architecture is acceptable if it is proven to guarantee the four intrinsic properties of MILS:

the solution is non-bypassable: i.e. a guest cannot communicate without passing through the safety controls imposed by the host system;
the solution is evaluatable: the correct and valid operation of the virtualization system (and therefore the host) can be formally proven;
the solution is always-invoked: communication is controlled not only for the first message but for every message exchanged;
the solution is tamperproof: it prevents any modification that has not been explicitly authorized.

These properties are gua
ranteed by evaluating the security of the solution [OMA 05]. Evaluation is complex for small systems; and it is just as complex for minimalist systems (micro-systems), which are dedicated to system virtualization and their separation, known as separation micro-kernels. These separation kernels ensure that temporal and spatial separation concepts between programs and the control of information stream are implemented.

The kernel ensures that each program and its virtual machine can use the real resources during the time that is assigned to them. A program cannot encroach upon another and steal its execution time. We therefore speak of the temporal separation between the two VMs.

The kernel also guarantees that a real-resource cannot simultaneously be assigned to two virtual machines. Address spaces for the memory and the input/output are shared during the configuration of the separation kernel: this is known as the partitioning of the address space. Then each time a resource is accessed, the kernel verifies that the virtual machine has authorized access and blocks the access attempt where necessary. The kernel therefore ensures the spatial separation between VMs.

Similarly, VMs can have channels dedicated to intercommunication. These channels are managed by the separation kernel (and not directly by the underlying electronics). The kernel then ensures the form of the communications: verification of the maximum length of the messages sent, access authorization, marking received messages, etc.

Figure 2.2. Architecture of a MILS system

As illustrated in Figure 2.2, each virtual machine in a MILS system is executed independently of its homologs. Seen from the host...


Dieses eBook wird im epub-Format geliefert und ist mit einem Adobe DRM-Kopierschutz versehen.

Sie können dieses eBook auf vielen gängigen Endgeräten lesen.

Für welche Geräte?
Sie können das eBook auf allen Lesegeräten, in Apps und in Lesesoftware öffnen, die epub und Adobe DRM unterstützen:

  • tolino Reader
    Öffnen Sie das eBook nach der automatischen Synchronisation auf dem Reader oder übertragen Sie es manuell auf Ihr tolino Gerät mit der kostenlosen Software Adobe Digital Editions.

  • Andere eBook Reader
    Laden Sie das eBook direkt auf dem Reader im Hugendubel.de-Shop herunter oder übertragen Sie es mit der kostenlosen Software Sony READER FOR PC/Mac oder Adobe Digital Editions.

  • Für Tablets und Smartphones: Unsere Gratis tolino Lese-App

  • PC und Mac
    Lesen Sie das eBook direkt nach dem Herunterladen über "Jetzt lesen" im Browser, oder mit der kostenlosen Lesesoftware Adobe Digital Editions.

Schalten Sie das eBook mit Ihrer persönlichen Adobe ID auf bis zu sechs Geräten gleichzeitig frei.

Bitte beachten Sie: Dieses eBook ist nicht auf Kindle-Geräten lesbar.


Ihr erstes eBook?
Hier erhalten Sie alle Informationen rund um die digitalen Bücher für Neueinsteiger.

089 - 70 80 99 47

Mo. - Fr. 8.00 - 20.00 Uhr
Sa. 10.00 - 20.00 Uhr
089 - 30 75 75 75

Mo. - Sa. 9.00 - 20.00 Uhr
Bleiben Sie in Kontakt:
Sicher & bequem bezahlen:
akzeptierte Zahlungsarten: Überweisung, offene Rechnung,
Visa, Master Card, American Express, Paypal
Zustellung durch:
1 Mängelexemplare sind Bücher mit leichten Beschädigungen, die das Lesen aber nicht einschränken. Mängelexemplare sind durch einen Stempel als solche gekennzeichnet. Die frühere Buchpreisbindung ist aufgehoben. Angaben zu Preissenkungen beziehen sich auf den gebundenen Preis eines mangelfreien Exemplars.

2 Diese Artikel unterliegen nicht der Preisbindung, die Preisbindung dieser Artikel wurde aufgehoben oder der Preis wurde vom Verlag gesenkt. Die jeweils zutreffende Alternative wird Ihnen auf der Artikelseite dargestellt. Angaben zu Preissenkungen beziehen sich auf den vorherigen Preis.

4 Der gebundene Preis dieses Artikels wird nach Ablauf des auf der Artikelseite dargestellten Datums vom Verlag angehoben.

5 Der Preisvergleich bezieht sich auf die unverbindliche Preisempfehlung (UVP) des Herstellers.

6 Der gebundene Preis dieses Artikels wurde vom Verlag gesenkt. Angaben zu Preissenkungen beziehen sich auf den vorherigen Preis.

7 Die Preisbindung dieses Artikels wurde aufgehoben. Angaben zu Preissenkungen beziehen sich auf den vorherigen Preis.

* Alle Preise verstehen sich inkl. der gesetzlichen MwSt. Informationen über den Versand und anfallende Versandkosten finden Sie hier.