SE for Commercial A/C Scott Jackson

1
A/C System Requirement Design
Engineering Implementing Airworthiness
Requirements
Dr Patrice MICOUIN MICOUIN Consulting LSIS, Arts
et Métiers ParisTech,
2
Purpose

• To provide a development framework as consistent
  and complete as possible
• Contributing to the definition of an A/C Model
  Based System Engineering
• Dealing with certification requirements
• Integrating tightly development and safety
  assessment activities
• Consistent with the ARP 4754 standard.

3
Requirement Design Engineering Statements
Requirement Design Engineering deals with
three kinds of statements

• Epistemic statements

• Deontic statements

• Design choice statements

4
Epistemic statements

• Record knowledge items
• Under the control of the nature, social
  agreement, ..
• Designers use epistemic statements as lever in
  the design process

• Examples

• AC29.1309 EXTREMELY IMPROBABLE A probability
  on the order of 10-9 or less is assigned to this
  classification.

AC29.1309 Catastrophic Failure conditions
Failure conditions which would prevent a safe
landing.

• AC25.11A Table 5

Failure Condition Hazard Classification Qualitative Probability
Loss of all barometric altitude displays, including standby display Catastrophic Extremely Improbable
Display of misleading barometric altitude information on one primary display combined with a standby failure (loss of altitude or incorrect altitude) Catastrophic Extremely Improbable
5
Deontic statements

• Constitute obligations or prohibitions
• Under the control of authorities, acquirer, ..
• Designers have to comply with deontic statements

• Examples

2. When condition ? equipment .MTTR ? 30 mn

1. The equipment shall be easy to repair

Text Based Requirement
Interpretative Material
Property Based Requirement
6
Design choice statements

• Constitute choices among various possibilities
• Under the control of designer
• Designers have to select design options relying
  on relevant epistemic statements and complying
  with deontic statements

• Examples

• The flow path named   Provide an A/C vertical
  Position Indication will be designed as a
  sequence including the following processes
•  To acquire the static pressure 
•  To sense the static pressure 
•  To converte the static pressure 
•  To compute the Vertical Position 
•  To compare computed Vertical Positions 
•  To display the Vertical Position 

• The flow path will be allocated to the
  following physical processors
• Static probe
• Transducer
• Air Data Computer
• Flight Display

• The process  To compare computed Vertical
  Positions  will be allocated to the Flight
  Display processors

7
Property Based Requirement
Patrice Micouin, Toward a property based
requirements theory System requirements
structured as a semilattice INCOSE Journal of
Systems Engineering, Volume 11,  Issue 3  (August
2008)

• Requirement determination is a process that
  interprets Text Based Requirements (expectations)
  in one or more Property Based Requirements (PBR)

• A PBR is a constraint on a property of an object
  kind that shall be held when a condition is
  met.

• Formal expression
• PBR When Condition gt val (Object.Property) ?
  D

• Two relationships among PBRs related to an
  object kind
• PBR-1 is more stringent than PBR-2 PBR-1 ?
  PBR-2
• Conjunction of PBRs PBR-1 ? PBR-2 is a PBR

8
Example 1 Specific Certification Requirement
1303.b
CS 29.1303 Flight and navigation instruments The
following are required flight and navigational
instruments .. (b) A sensitive altimeter
What is a sensitive altimeter ?
Interpretative material
AC29.1303 refers TSO C10b that refers AS 392C
(canceled) and replaced by AS 8002A (Air Data
Computers) or AS 8009B (other altimeters)
-- PBR from CS29.1303(b) When Avionics.Power_on
?val (Avionics.AC-Vertical-Position.Status)
Operative ? When AC.Altitude ?0ft,5000ft ??val
(Avionics. AC-Vertical-Position.Accuracy)
25ft ? When AC.Altitude ?5000ft,8000ft ??val
(Avionics. AC-Vertical-Position.Accuracy)
30ft ? When AC.Altitude ?8000ft,11000ft ??val
(Avionics.AC-Vertical-Position.Accuracy)
35ft ? When AC.Altitude ?11000ft,..ft ??..
9
Example 2 General Certification Requirement
1309.(b).(2).(i)
CS 29.1309 Equipment, systems, and
installations (b) The rotorcraft systems and
associated components, considered separately and
in relation to other systems, must be designed so
that (2) For Category A rotorcraft (i) The
occurrence of any failure condition which would
prevent the continued safe flight and landing of
the rotorcraft is extremely improbable and
Interpretative material
What about vertical position indication?
ED79/ARP4754
AC25.11A Table 5
Failure Condition Classification System Development Level
Catastrophic A
Failure Condition Hazard Classification Qualitative Probability
Loss of all barometric altitude displays, including standby display Catastrophic Extremely Improbable
Display of misleading barometric altitude information on one primary display combined with a standby failure (loss of altitude or incorrect altitude) Catastrophic Extremely Improbable
-- PBR from CS29.1309(b)(2)(i) When In_Flight gt
Prob(Avionics.AC-Vertical-Position-Indication.Stat
usLoss) 10-9/fh ? When In_Flight gt
Prob(Avionics.AC-Vertical-Position-Indication.Stat
usMisleading) 10-9/fh ? Avionics.DALA
10
Requirement DesignProcess Framework
EIA 632 Process Framework
The meaning of  derived requirement  (DR) is
not the one generally used by the aeronautical
community. However, it is consistent
interpretation of the ARP 4754 definition of DRs.
J. Scott develops this approach of DRs.
Extended Framework
ARP 4754 4.4.3 While there is no specific
recommended process for systems development,
a generic development model is described in
Appendix A to assist in establishing common
terminology and understanding. The specific
development process selected should be described
in sufficient detail to achieve mutual
understanding of the key elements and their
relationships.
Specified Requirements are validated iff System
Technical Requirements ? Specified Requirements
11
Requirement 1303.b logical implementation
Avionics shall provide a A/C vertical Position
Indication
Requirement
12
Avionics shall provide the A/C vertical Position
Indication
Requirement
13
Requirement 1309.b logical implementation
-- PBR from CS29.1309(b)(2)(i) When In_Flight gt
Prob(Avionics.AC-Vertical-Position-Indication.Stat
usLoss) 10-9/fh ? When In_Flight gt
Prob(Avionics.AC-Vertical-Position-Indication.Stat
usMisleading) 10-9/fh ? Avionics.DALA
14
DAL Requirement Derivation

• Requirement derivation is a substitution that
  replaces a level-n requirement by the conjunction
  of level-n1 requirements under the assumption
  that design choices will be actually implemented.
• Example

Req-S Val (Avionics.DAL) A
Atmosphere
When ARP4754. Design pattern 5 gt Val
(Avionics.DAL) A Val (Primary.DAL) A ? Val
(Backup.DAL) ? C
15
Logical Solution Representation
16
Physical Solution Representation
17
Safety Assessment Representation
18
Conclusion

• The PBR theory and the Requirement Design
  process framework described hereabove are
  suitable to address an A/C Model Based System
  Engineering
• Dealing with all categories of requirements
  including certification requirements and safety
  requirements,
• Integrating tightly development and safety
  assessment activities
• Consistent with the ARP 4754 standard.

19

• The latest version of this presentation will be
  available here
• http//www.micouin.com/archives.html
• More information
• about Property Based Requirement Theory
• Patrice Micouin, Toward a property based
  requirements theory System requirements
  structured as a semilattice INCOSE Journal of
  Systems Engineering, Volume 11,  Issue 3  (August
  2008)
• Derived requirements
• JACKSON Scott, Systems engineering for commercial
  aircraft, Ashgate Publisher, 1997
• McDERMID, John NICHOLSON, Mark, Extending PSSA
  for Complex Systems, ISSC Ottawa, August 2003
• Model Based Engineering
• SAE-AS5506A, Architecture Analysis Design
  Language (AADL) , 2009-01
• OMG Systems Modeling Language, (OMG SysML)
  Version 1.2, June 2010
• EIA 632
• James Martin, Processes for Engineering a System,
  in The Avionics Handbook edited by C. Spitzer,
  CRC Press, 2007
• ANSI/EIA 632 Processes for Engineering a System,
  GEIA, Arlington, VA, 2003.