Standard Practice for Methods to Safely Bound Behavior of Aircraft Systems Containing Complex Functions Using Run-Time Assurance

Importancia y uso:

4.1 This practice provides an architectural framework for developing an RTA system, which provides run-time assurance as an alternative to design-time assurance to fulfill safety requirements for an unassured or complex function. The standard provides best practices and guidelines to assist in the RTA system’s development. Further, it describes the architectural components and requirements for designing the RTA system. Compliance to this practice is achieved by deriving RTA System requirements from the standard and capturing them in the Larger System Specification. The system design requirements can then be validated and verified using acceptable engineering practices. It is anticipated that this practice will provide a means to accept complex automation/autonomy aircraft functions that have been difficult to certify using traditional methods.

4.2 The following three-step process is used to derive verifiable design requirements using this architecture standard:

4.2.1 Create RTA System requirements using the guidance provided by this architecture standard.

4.2.2 Capture RTA System requirements in the Larger System Specification.

4.2.3 Perform verification and validation on the RTA System requirements in the Larger System Specification.

4.3 The RTA architecture can be applied to all sizes, levels, and classes of UAS. Using run-time assurance can provide systems with the following benefits:

4.3.1 The ability to mitigate hazards related to nondeterministic or unexpected behavior from unassured functions that employ advanced software methods or algorithmic complexity that cannot be certified using traditional certification practices.

4.3.2 The ability to use functions for which it may not be possible to obtain artifacts of conventional DO-178 or DO-254 assurance processes.

4.3.3 The ability to use COTS hardware or software, or both, for the unassured function.

4.3.3.1 For example, automotive components, thereby leveraging mature software with extensive service history that was developed for other safety-critical industries, but cannot be shown to comply with aviation development assurance practices.

4.3.3.2 For example, industry components where source code or other associated engineering artifacts are unavailable.

4.3.4 A reduction in cost and schedule burdens by allowing rapid design iterations of the unassured or complex function during and after initial certification. This update of the standard allows unassured or complex function upgrades after initial certification to minimize subsequent modifications to the certification or approval.

Subcomité:

F38.01

Referida por:

F3196-18, F3341_F3341M-24

Volúmen:

15.09

Número ICS:

49.020 (Aircraft and space vehicles in general)

Palabras clave:

adaptive; airworthiness; artificial intelligence; assurance; automated; autonomous software; autonomy; certification; complex; control systems; deep neural networks; fuzzy logic; machine learning; online verification; reinforcement learning; run-time assurance; safety; safety monitor; security; software; unmanned aircraft system; validation; verification;