SlideShare une entreprise Scribd logo

An Alternative Approach to DO-178B

AdaCore
AdaCore

Duncan Brown Rolls-Royce Engineering Fellow – Safety Critical Software

Technologie
1  sur  21
Télécharger pour lire hors ligne
Trusted to deliver excellence © 2016 Rolls-Royce plc and/or its subsidiaries The information in this document is the property of Rolls-Royce plc and/or its subsidiaries and may not be copied or communicated to a third party, or used for any purpose other than that for which it is supplied without the express written consent of Rolls-Royce plc and/or its subsidiaries. This information is given in good faith based upon the latest information available to Rolls-Royce plc and/or its subsidiaries, no warranty or representation is given concerning such information, which must not be taken as establishing any contractual or other commitment binding upon Rolls-Royce plc and/or its subsidiaries. An Alternative Approach to DO-178B Duncan Brown Rolls-Royce Engineering Fellow – Safety Critical Software
What is DO-178? 2 • Guidance (or guidelines) for software in airborne systems • A standard?? • A set of objectives and activities to achieve them • A collection of best practices from the late 1970’s for safety critical software • A somewhat arbitrary relaxation of these practices by Design Assurance Level • A tried and trusted acceptable means of compliance for airborne software which has saved thousands of lives!
Why DO-178C? • Best practice has moved on from 1980 and often now includes:- - Model Based Development - Formal Methods - Object Oriented Design - Extensive support tooling (Static analysis, auto-code generation, simulation etc.) • Because of the success of DO-178B the terms of reference included minimal change to the core • So the concept of “Supplements” was developed with an idea that future supplements could be created without change to the core document 3
DO-178C – Rationale, Change and TearsTiers • A sub-group was created on DO-178C to try to recall the rationale behind the objectives but this never materialised • A proposal for a goal based or safety case approach to the DO-178 objectives • A proposal by the Formal Methods group to remove the testing “means” from the core document and to have a supplement for the traditional approach • A proposal (IP217) to abstract DO-178 into a process that iterated around multiple tiers of requirements/design until code emerged Note that this concept re-appeared in 2014 in a paper by Mike Dewalt called “Technology Independent Assurance Method or TIAM” 4
Perceived Problems (As presented by the FAA to GAMA in 2015) • Product based certification leads to multiple products being separately scrutinised • Prescriptive domain specific detailed objectives in standards such as DO-178C, DO-254 and ARP4754 preclude or make difficult alternative approaches • Separation of System, Software and Complex Hardware disciplines within the authorities and the applicants causes wasted effort • No need for four DAL levels, A is very close to B and C to D 5
What is GAMA? • The General Aviation Manufacturers Association • Founded in 1970 to “foster and advance the general welfare, safety, interests and activities of general aviation” • Worldwide committee based organisation with head quarters in Washington and Brussels • Scope includes general aviation aircraft (Part 23) and more recently rotorcraft (Part 29) 6
Why GAMA? 7
An example review of DO-178C from a “GA” perspective • Activities should not be there, standard should be objectives only • Process standards rather than product standards would be better • Have one set of objectives for all levels of requirements and design • Remove Parameter Data Item objectives • Remove structural coverage objectives • Remove data and control coupling objectives • Eliminate the requirement for traceability data • Remove configuration index documents • Have QA audit against company standards 8
What is Streamlining? • Harmonization – The FAA and EASA should employ harmonized approaches to certification • Move to process based audits where a company can be shown to have a good, mature process and that it is being re-used on a number of projects • Create some domain independent goals that all certifications must satisfy to allow alternative approaches with appropriate justification • Audit for systems, software and complex hardware in parallel • Look at revising the number of DALs to two 9
The FAA Initiative – Streamlining Workshop(s) • October 2015 FAA (Software CSTA Mike Dewalt) sent out work shop invites to a number of people with a structured distribution (Countries, industry sectors etc.) • First workshop (and the only one planned originally) was in December 2015 • The plan given by Mike Dewalt at the first meeting was to conclude on the number of DAL levels and a set of less than 10 “meta-objectives” by the close of the meeting and to take these to an open FAA conference in April 2016 • The idea was to issue an Advisory Circular in the autumn of 2016! 10
Mike Dewalt’s Vision 11
More FAA workshops…. • At the end of the December meeting it was decided that:- - No real advantage in reducing the number of DALs - We needed more time on meta-objectives • Another meeting was arranged for April 2016 • At the end of the April meeting:- - A plan for an FAA conference in September 2016 had been firmed up - It was decided that we needed another meeting on meta- objectives (and they probably weren’t really meta-objectives) • Another meeting was arranged for July 2016 12
Final FAA workshop • In July 2016 we held the last workshop which:- - Concluded with a set of three “Overarching Properties” - Prepared material to disseminate the information at the September conference • The “open” FAA conference was held in September 2016 with ~225 attendees (Workshop members, cert authorities and technical representatives from industry such as DERs) • The meeting conclusions were not clear, however general consensus that - The three OPs are logically correct - They are probably too abstract to be useful without additional information/training etc. - They do not help much in solving “variation” across FAA and EASA (in fact they may make it worse) 13
The European Initiative - RESSAC • The FAA initiative was international however it was decided that a separate European approach would be sensible • IRT St. Exupery in Toulouse launched a research project in early 2016 involving representatives from industries in Europe • The original proposal was a two year project to come up with - A set of “meta-objectives” (or Overarching Properties) - Criteria for how the evidence against these could be judged - A worked case study against these OPs 14
RESSAC and AeroSpace and Defence Industries Association of Europe (ASD) 15
Overarching Properties (aka Meta Objectives) 16 Desired System Behaviour Defined Intended Function Implementation Requirements Capture Development IntentNecessity Correctness
Progress • The FAA workshops have:- - Made a decision to continue with four DALs - Refined three Overarching Properties in a standardised form 17 Overarching Property Statement: Correctness: The implementation is correct with respect to its defined intended functions, under foreseeable operating conditions. Definitions: words / phrases in the Overarching Property description a. Implementation: Item or collection of items contributing to system realization, for which acceptance or approval is being sought; item (from ARP 4754A) is a hardware or software element having bounded and well-defined interfaces. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Foreseeable operating conditions: External and internal conditions in which the system is used, encompassing all known normal and abnormal conditions. Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. The implementation of the functions exists. c. The record of the foreseeable operating conditions exists. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. When tiers of decomposition are used, the means of showing correctness among the tiers and to the defined intended functions must be defined and conducted as defined. c. The implementation must be correct when functioning as part of the integrated system or in environment(s) representative of the integrated system. d. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. e. All artifacts required to establish the Overarching Property are under configuration management and change control. f. All design and manufacturing data to support consistent replication of the type design and instructions for continued airworthiness must be established. Assumptions: which need only be stated, not justified (if any) None. Overarching Property Statement: Intent: The defined intended functions are correct and complete with respect to the desired system behavior. Definitions: words / phrases in the Overarching Property description a. Desired system behavior: System needs and constraints expressed by the stakeholders. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Failure Condition(s): A condition having an effect on the aircraft and/or its occupants, either direct or consequential, which is caused or contributed to by one or more failures or errors, considering flight phase and relevant adverse operational or environmental conditions or external events. (From ARP 4754A) Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. Failure conditions are defined for the aircraft systems. c. Design Assurance Levels (DALs) are assigned using the failure condition classifications. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. The defined intended functions must address the failure conditions. c. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. d. All artifacts required to establish the Overarching Property are under configuration management and change control. Assumptions: which need only be stated, not justified (if any) a. Stakeholders have the system knowledge to express the desired system behavior. b. Performing system safety assessments is not covered by these Overarching Properties. Overarching Property Statement: Necessity: All of the implementation is either required by the defined intended functions or is without unacceptable safety impact. Definitions: words / phrases in the Overarching Property description a. Unacceptable Safety Impact: An impact which compromises the system safety assessment. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Implementation: Item or collection of items contributing to system realization, for which acceptance or approval is being sought; item (from ARP 4754A) is a hardware or software element having bounded and well-defined interfaces. Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. The implementation or a representation of the implementation exists. c. The system safety assessment exists. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. The system safety assessment must address all of the implementation. c. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. d. All artifacts required to establish the Overarching Property are under configuration management and change control. Assumptions: which need only be stated, not justified (if any) a. For a TSOA appliance there may not be a complete system safety assessment for the final installation at the appliance level.
Next Steps • RESSAC will continue as a research project until mid 2018 and publish the deliverables at that point • FAA has decided to continue the workshops both virtually (as a telecom with collaboration on a web site) and as face to face workshops possibly US and Europe • The FAA has also re-defined the team working this to allow all members of RESSAC to be involved as well as a wider invite to GAMA / AIA / ASD and others • The aim for the FAA still seems to ultimately be an Advisory Circular • It is not yet clear what ASD and EASA might do with the RESSAC outputs 18
Summary • It is generally accepted that there is still work to do in harmonizing the certification authorities both internally and globally • It is felt that existing guidance for compliance to regulations in some circumstances can incur disproportionate effort AND could inhibit or even preclude innovative approaches in systems, software and complex electronics which could improve safety • There is broad agreement about three “Overarching Properties” to be met to comply with regulation BUT It is still a challenge to understand how these can be applied harmoniously! Key to this are clear criteria to judge the approaches and the evidence. 19
Timeline 20 1992 2000 2005 2010 2015 2020
Questions 21

Recommandé

Was Pitot Tubes Certification Testing
Was Pitot Tubes Certification TestingWas Pitot Tubes Certification Testing
Was Pitot Tubes Certification TestingATS4i
 
Aircraft maintenance programme
Aircraft maintenance programmeAircraft maintenance programme
Aircraft maintenance programmeS P Singh
 
Traffic alert and Collision Avoidance System
Traffic alert and Collision Avoidance System Traffic alert and Collision Avoidance System
Traffic alert and Collision Avoidance System greeshma6225
 
TCAS
TCASTCAS
TCASquimrubau
 
Airworthiness: Failure to follow procedures
Airworthiness: Failure to follow proceduresAirworthiness: Failure to follow procedures
Airworthiness: Failure to follow proceduresFAA Safety Team Central Florida
 
Topic 6 Digital Technique Data buses
Topic 6 Digital Technique Data busesTopic 6 Digital Technique Data buses
Topic 6 Digital Technique Data busesBai Haqi
 
Avionics Systems Instruments
Avionics Systems InstrumentsAvionics Systems Instruments
Avionics Systems InstrumentsMichael Bseliss
 
Traffic Alert and collision avoidance system (TCAS)
Traffic Alert and collision avoidance system (TCAS)Traffic Alert and collision avoidance system (TCAS)
Traffic Alert and collision avoidance system (TCAS)ARVIND KUMAR SINGH
 

Recommandé

Was Pitot Tubes Certification Testing
Was Pitot Tubes Certification TestingWas Pitot Tubes Certification Testing
Was Pitot Tubes Certification TestingATS4i
 
Aircraft maintenance programme
Aircraft maintenance programmeAircraft maintenance programme
Aircraft maintenance programmeS P Singh
 
Traffic alert and Collision Avoidance System
Traffic alert and Collision Avoidance System Traffic alert and Collision Avoidance System
Traffic alert and Collision Avoidance System greeshma6225
 
TCAS
TCASTCAS
TCASquimrubau
 
Airworthiness: Failure to follow procedures
Airworthiness: Failure to follow proceduresAirworthiness: Failure to follow procedures
Airworthiness: Failure to follow proceduresFAA Safety Team Central Florida
 
Topic 6 Digital Technique Data buses
Topic 6 Digital Technique Data busesTopic 6 Digital Technique Data buses
Topic 6 Digital Technique Data busesBai Haqi
 
Avionics Systems Instruments
Avionics Systems InstrumentsAvionics Systems Instruments
Avionics Systems InstrumentsMichael Bseliss
 
Traffic Alert and collision avoidance system (TCAS)
Traffic Alert and collision avoidance system (TCAS)Traffic Alert and collision avoidance system (TCAS)
Traffic Alert and collision avoidance system (TCAS)ARVIND KUMAR SINGH
 
SHEL Model
SHEL ModelSHEL Model
SHEL Modelguest4f592b
 
Aircraft basics
Aircraft basicsAircraft basics
Aircraft basicsRohit Ranjan
 
Aircraft Maintenance Documentation
Aircraft Maintenance DocumentationAircraft Maintenance Documentation
Aircraft Maintenance DocumentationFAA Safety Team Central Florida
 
Air Traffic Control Center
Air Traffic Control CenterAir Traffic Control Center
Air Traffic Control CenterEmmanuel Fuchs
 
Tcas
TcasTcas
Tcasmuratcakici74
 
PBN RNAV
PBN RNAVPBN RNAV
PBN RNAVMarcos Fernandez
 
Aircraft ctrl systems
Aircraft ctrl systemsAircraft ctrl systems
Aircraft ctrl systemsKUMARESAN ARUNAGIRI
 
Notam
NotamNotam
NotamAytek08
 
Conceptual Design of a Light Sport Aircraft
Conceptual Design of a Light Sport AircraftConceptual Design of a Light Sport Aircraft
Conceptual Design of a Light Sport AircraftDustan Gregory
 
Instrument landing system (ils)
Instrument landing system (ils)Instrument landing system (ils)
Instrument landing system (ils)Divya Chopra
 
Black box
Black boxBlack box
Black boxSajan Sahu
 
Airport Collaborative Decision Making: Systems Approach
Airport Collaborative Decision Making: Systems ApproachAirport Collaborative Decision Making: Systems Approach
Airport Collaborative Decision Making: Systems ApproachEnrique Melendez, C.M., PMP
 
1 -transponders
1 -transponders1 -transponders
1 -transpondersrapeouz
 
Traffic alert and collision avoidance system
Traffic alert and collision avoidance system Traffic alert and collision avoidance system
Traffic alert and collision avoidance system Юра Камкін
 
Airworthiness Requirements (ADs, SBs, Maintenance)
Airworthiness Requirements (ADs, SBs, Maintenance)Airworthiness Requirements (ADs, SBs, Maintenance)
Airworthiness Requirements (ADs, SBs, Maintenance)Phillip Clonch
 
Technical Publication
Technical PublicationTechnical Publication
Technical Publicationsuhail dhada
 
Airship
AirshipAirship
AirshipSyed Hadi Ul Hassan
 
Aircraft Instruments
Aircraft InstrumentsAircraft Instruments
Aircraft InstrumentslombkTBK
 
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdfmram r
 
Black box1
Black box1Black box1
Black box1Chandra Mohan AD
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureAdaCore
 

Contenu connexe

Tendances

Air Traffic Control Center
Air Traffic Control CenterAir Traffic Control Center
Air Traffic Control CenterEmmanuel Fuchs
 
Conceptual Design of a Light Sport Aircraft
Conceptual Design of a Light Sport AircraftConceptual Design of a Light Sport Aircraft
Conceptual Design of a Light Sport AircraftDustan Gregory
 
Instrument landing system (ils)
Instrument landing system (ils)Instrument landing system (ils)
Instrument landing system (ils)Divya Chopra
 
Airport Collaborative Decision Making: Systems Approach
Airport Collaborative Decision Making: Systems ApproachAirport Collaborative Decision Making: Systems Approach
Airport Collaborative Decision Making: Systems ApproachEnrique Melendez, C.M., PMP
 
1 -transponders
1 -transponders1 -transponders
1 -transpondersrapeouz
 
Traffic alert and collision avoidance system
Traffic alert and collision avoidance system Traffic alert and collision avoidance system
Traffic alert and collision avoidance system Юра Камкін
 
Airworthiness Requirements (ADs, SBs, Maintenance)
Airworthiness Requirements (ADs, SBs, Maintenance)Airworthiness Requirements (ADs, SBs, Maintenance)
Airworthiness Requirements (ADs, SBs, Maintenance)Phillip Clonch
 
Technical Publication
Technical PublicationTechnical Publication
Technical Publicationsuhail dhada
 
Aircraft Instruments
Aircraft InstrumentsAircraft Instruments
Aircraft InstrumentslombkTBK
 
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdfmram r
 

Tendances (20)

SHEL Model
SHEL ModelSHEL Model
SHEL Model
 
Aircraft basics
Aircraft basicsAircraft basics
Aircraft basics
 
Aircraft Maintenance Documentation
Aircraft Maintenance DocumentationAircraft Maintenance Documentation
Aircraft Maintenance Documentation
 
Air Traffic Control Center
Air Traffic Control CenterAir Traffic Control Center
Air Traffic Control Center
 
Tcas
TcasTcas
Tcas
 
PBN RNAV
PBN RNAVPBN RNAV
PBN RNAV
 
Aircraft ctrl systems
Aircraft ctrl systemsAircraft ctrl systems
Aircraft ctrl systems
 
Notam
NotamNotam
Notam
 
Conceptual Design of a Light Sport Aircraft
Conceptual Design of a Light Sport AircraftConceptual Design of a Light Sport Aircraft
Conceptual Design of a Light Sport Aircraft
 
Instrument landing system (ils)
Instrument landing system (ils)Instrument landing system (ils)
Instrument landing system (ils)
 
Black box
Black boxBlack box
Black box
 
Airport Collaborative Decision Making: Systems Approach
Airport Collaborative Decision Making: Systems ApproachAirport Collaborative Decision Making: Systems Approach
Airport Collaborative Decision Making: Systems Approach
 
1 -transponders
1 -transponders1 -transponders
1 -transponders
 
Traffic alert and collision avoidance system
Traffic alert and collision avoidance system Traffic alert and collision avoidance system
Traffic alert and collision avoidance system
 
Airworthiness Requirements (ADs, SBs, Maintenance)
Airworthiness Requirements (ADs, SBs, Maintenance)Airworthiness Requirements (ADs, SBs, Maintenance)
Airworthiness Requirements (ADs, SBs, Maintenance)
 
Technical Publication
Technical PublicationTechnical Publication
Technical Publication
 
Airship
AirshipAirship
Airship
 
Aircraft Instruments
Aircraft InstrumentsAircraft Instruments
Aircraft Instruments
 
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf
504314483-Fuel-Tank-Safety-Level-I-Presentation.pdf
 
Black box1
Black box1Black box1
Black box1
 

En vedette

HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureAdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsAdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...AdaCore
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...AdaCore
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...AdaCore
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation KernelAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkAdaCore
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsAdaCore
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityAdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsAdaCore
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 

En vedette (20)

HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the future
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related Systems
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core Platforms
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic Assistants
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 

Similaire à An Alternative Approach to DO-178B

Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)AdaCore
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
 
Armstrong
ArmstrongArmstrong
ArmstrongNASAPMC
 
Automation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxAutomation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxNikhileshSathyavarap
 
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga... Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...Carol Dekkers
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Mis system analysis and system design
Mis system analysis and system designMis system analysis and system design
Mis system analysis and system designRahul Hedau
 
C/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceC/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceParasoft
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptxjack952975
 
INTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationsINTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationskylan2
 
Understanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyUnderstanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyAversan Inc.
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
Lange michelle mapld08_add_1
Lange michelle mapld08_add_1Lange michelle mapld08_add_1
Lange michelle mapld08_add_1salimgharnate
 
Richard Crisp -- predictable development for the IoT
Richard Crisp -- predictable development for the IoTRichard Crisp -- predictable development for the IoT
Richard Crisp -- predictable development for the IoTAnatoly Levenchuk
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa sUmesh Kodmur
 
Open-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaOpen-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaAdaCore
 

Similaire à An Alternative Approach to DO-178B (20)

Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple Standards
 
Armstrong
ArmstrongArmstrong
Armstrong
 
Automation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxAutomation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptx
 
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga... Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Mis system analysis and system design
Mis system analysis and system designMis system analysis and system design
Mis system analysis and system design
 
C/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceC/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C Compliance
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
 
2009 10 03 Learning Unit Sdi
2009 10 03 Learning Unit Sdi2009 10 03 Learning Unit Sdi
2009 10 03 Learning Unit Sdi
 
INTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationsINTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specifications
 
Parameters for c# developers.pdf
Parameters for c# developers.pdfParameters for c# developers.pdf
Parameters for c# developers.pdf
 
Understanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyUnderstanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your Company
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
Lange michelle mapld08_add_1
Lange michelle mapld08_add_1Lange michelle mapld08_add_1
Lange michelle mapld08_add_1
 
Richard Crisp -- predictable development for the IoT
Richard Crisp -- predictable development for the IoTRichard Crisp -- predictable development for the IoT
Richard Crisp -- predictable development for the IoT
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa s
 
Open-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaOpen-Do - Initial concepts and idea
Open-Do - Initial concepts and idea
 

Plus de AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 

Plus de AdaCore (18)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 

Dernier

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Dernier (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

An Alternative Approach to DO-178B

  • 1. Trusted to deliver excellence © 2016 Rolls-Royce plc and/or its subsidiaries The information in this document is the property of Rolls-Royce plc and/or its subsidiaries and may not be copied or communicated to a third party, or used for any purpose other than that for which it is supplied without the express written consent of Rolls-Royce plc and/or its subsidiaries. This information is given in good faith based upon the latest information available to Rolls-Royce plc and/or its subsidiaries, no warranty or representation is given concerning such information, which must not be taken as establishing any contractual or other commitment binding upon Rolls-Royce plc and/or its subsidiaries. An Alternative Approach to DO-178B Duncan Brown Rolls-Royce Engineering Fellow – Safety Critical Software
  • 2. What is DO-178? 2 • Guidance (or guidelines) for software in airborne systems • A standard?? • A set of objectives and activities to achieve them • A collection of best practices from the late 1970’s for safety critical software • A somewhat arbitrary relaxation of these practices by Design Assurance Level • A tried and trusted acceptable means of compliance for airborne software which has saved thousands of lives!
  • 3. Why DO-178C? • Best practice has moved on from 1980 and often now includes:- - Model Based Development - Formal Methods - Object Oriented Design - Extensive support tooling (Static analysis, auto-code generation, simulation etc.) • Because of the success of DO-178B the terms of reference included minimal change to the core • So the concept of “Supplements” was developed with an idea that future supplements could be created without change to the core document 3
  • 4. DO-178C – Rationale, Change and TearsTiers • A sub-group was created on DO-178C to try to recall the rationale behind the objectives but this never materialised • A proposal for a goal based or safety case approach to the DO-178 objectives • A proposal by the Formal Methods group to remove the testing “means” from the core document and to have a supplement for the traditional approach • A proposal (IP217) to abstract DO-178 into a process that iterated around multiple tiers of requirements/design until code emerged Note that this concept re-appeared in 2014 in a paper by Mike Dewalt called “Technology Independent Assurance Method or TIAM” 4
  • 5. Perceived Problems (As presented by the FAA to GAMA in 2015) • Product based certification leads to multiple products being separately scrutinised • Prescriptive domain specific detailed objectives in standards such as DO-178C, DO-254 and ARP4754 preclude or make difficult alternative approaches • Separation of System, Software and Complex Hardware disciplines within the authorities and the applicants causes wasted effort • No need for four DAL levels, A is very close to B and C to D 5
  • 6. What is GAMA? • The General Aviation Manufacturers Association • Founded in 1970 to “foster and advance the general welfare, safety, interests and activities of general aviation” • Worldwide committee based organisation with head quarters in Washington and Brussels • Scope includes general aviation aircraft (Part 23) and more recently rotorcraft (Part 29) 6
  • 8. An example review of DO-178C from a “GA” perspective • Activities should not be there, standard should be objectives only • Process standards rather than product standards would be better • Have one set of objectives for all levels of requirements and design • Remove Parameter Data Item objectives • Remove structural coverage objectives • Remove data and control coupling objectives • Eliminate the requirement for traceability data • Remove configuration index documents • Have QA audit against company standards 8
  • 9. What is Streamlining? • Harmonization – The FAA and EASA should employ harmonized approaches to certification • Move to process based audits where a company can be shown to have a good, mature process and that it is being re-used on a number of projects • Create some domain independent goals that all certifications must satisfy to allow alternative approaches with appropriate justification • Audit for systems, software and complex hardware in parallel • Look at revising the number of DALs to two 9
  • 10. The FAA Initiative – Streamlining Workshop(s) • October 2015 FAA (Software CSTA Mike Dewalt) sent out work shop invites to a number of people with a structured distribution (Countries, industry sectors etc.) • First workshop (and the only one planned originally) was in December 2015 • The plan given by Mike Dewalt at the first meeting was to conclude on the number of DAL levels and a set of less than 10 “meta-objectives” by the close of the meeting and to take these to an open FAA conference in April 2016 • The idea was to issue an Advisory Circular in the autumn of 2016! 10
  • 12. More FAA workshops…. • At the end of the December meeting it was decided that:- - No real advantage in reducing the number of DALs - We needed more time on meta-objectives • Another meeting was arranged for April 2016 • At the end of the April meeting:- - A plan for an FAA conference in September 2016 had been firmed up - It was decided that we needed another meeting on meta- objectives (and they probably weren’t really meta-objectives) • Another meeting was arranged for July 2016 12
  • 13. Final FAA workshop • In July 2016 we held the last workshop which:- - Concluded with a set of three “Overarching Properties” - Prepared material to disseminate the information at the September conference • The “open” FAA conference was held in September 2016 with ~225 attendees (Workshop members, cert authorities and technical representatives from industry such as DERs) • The meeting conclusions were not clear, however general consensus that - The three OPs are logically correct - They are probably too abstract to be useful without additional information/training etc. - They do not help much in solving “variation” across FAA and EASA (in fact they may make it worse) 13
  • 14. The European Initiative - RESSAC • The FAA initiative was international however it was decided that a separate European approach would be sensible • IRT St. Exupery in Toulouse launched a research project in early 2016 involving representatives from industries in Europe • The original proposal was a two year project to come up with - A set of “meta-objectives” (or Overarching Properties) - Criteria for how the evidence against these could be judged - A worked case study against these OPs 14
  • 15. RESSAC and AeroSpace and Defence Industries Association of Europe (ASD) 15
  • 16. Overarching Properties (aka Meta Objectives) 16 Desired System Behaviour Defined Intended Function Implementation Requirements Capture Development IntentNecessity Correctness
  • 17. Progress • The FAA workshops have:- - Made a decision to continue with four DALs - Refined three Overarching Properties in a standardised form 17 Overarching Property Statement: Correctness: The implementation is correct with respect to its defined intended functions, under foreseeable operating conditions. Definitions: words / phrases in the Overarching Property description a. Implementation: Item or collection of items contributing to system realization, for which acceptance or approval is being sought; item (from ARP 4754A) is a hardware or software element having bounded and well-defined interfaces. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Foreseeable operating conditions: External and internal conditions in which the system is used, encompassing all known normal and abnormal conditions. Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. The implementation of the functions exists. c. The record of the foreseeable operating conditions exists. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. When tiers of decomposition are used, the means of showing correctness among the tiers and to the defined intended functions must be defined and conducted as defined. c. The implementation must be correct when functioning as part of the integrated system or in environment(s) representative of the integrated system. d. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. e. All artifacts required to establish the Overarching Property are under configuration management and change control. f. All design and manufacturing data to support consistent replication of the type design and instructions for continued airworthiness must be established. Assumptions: which need only be stated, not justified (if any) None. Overarching Property Statement: Intent: The defined intended functions are correct and complete with respect to the desired system behavior. Definitions: words / phrases in the Overarching Property description a. Desired system behavior: System needs and constraints expressed by the stakeholders. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Failure Condition(s): A condition having an effect on the aircraft and/or its occupants, either direct or consequential, which is caused or contributed to by one or more failures or errors, considering flight phase and relevant adverse operational or environmental conditions or external events. (From ARP 4754A) Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. Failure conditions are defined for the aircraft systems. c. Design Assurance Levels (DALs) are assigned using the failure condition classifications. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. The defined intended functions must address the failure conditions. c. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. d. All artifacts required to establish the Overarching Property are under configuration management and change control. Assumptions: which need only be stated, not justified (if any) a. Stakeholders have the system knowledge to express the desired system behavior. b. Performing system safety assessments is not covered by these Overarching Properties. Overarching Property Statement: Necessity: All of the implementation is either required by the defined intended functions or is without unacceptable safety impact. Definitions: words / phrases in the Overarching Property description a. Unacceptable Safety Impact: An impact which compromises the system safety assessment. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Implementation: Item or collection of items contributing to system realization, for which acceptance or approval is being sought; item (from ARP 4754A) is a hardware or software element having bounded and well-defined interfaces. Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. The implementation or a representation of the implementation exists. c. The system safety assessment exists. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. The system safety assessment must address all of the implementation. c. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. d. All artifacts required to establish the Overarching Property are under configuration management and change control. Assumptions: which need only be stated, not justified (if any) a. For a TSOA appliance there may not be a complete system safety assessment for the final installation at the appliance level.
  • 18. Next Steps • RESSAC will continue as a research project until mid 2018 and publish the deliverables at that point • FAA has decided to continue the workshops both virtually (as a telecom with collaboration on a web site) and as face to face workshops possibly US and Europe • The FAA has also re-defined the team working this to allow all members of RESSAC to be involved as well as a wider invite to GAMA / AIA / ASD and others • The aim for the FAA still seems to ultimately be an Advisory Circular • It is not yet clear what ASD and EASA might do with the RESSAC outputs 18
  • 19. Summary • It is generally accepted that there is still work to do in harmonizing the certification authorities both internally and globally • It is felt that existing guidance for compliance to regulations in some circumstances can incur disproportionate effort AND could inhibit or even preclude innovative approaches in systems, software and complex electronics which could improve safety • There is broad agreement about three “Overarching Properties” to be met to comply with regulation BUT It is still a challenge to understand how these can be applied harmoniously! Key to this are clear criteria to judge the approaches and the evidence. 19
  • 20. Timeline 20 1992 2000 2005 2010 2015 2020