Certifiable Software for the ATN

1
Certifiable Software for the ATN

• Making ATN a realitynow
• Presented by Forrest ColliverACI General Manager

2
The Nature of Portable Communications Software

• What is portable software ?
• Software quality and the ATN
• How is portable ATN software developed ?
• Methodologies
• Quality Standards
• How is portable software used ? By whom ?
• ACIs Portable Certifiable ATN Software

3
What is portable software?Types of Software

• Ready-to-run binary end-user software
• Examples personal computer software, game
  software, etc.
• For consumption by individual or organizational
  end-users
• Plug and play operation
• Portable binary library or source code software
• Examples linkable object modules (databases,
  interfaces, etc.) or source code (protocols,
  drivers, or other code requiring adaptation to
  platforms operating systems)
• For consumption by manufacturers or sophisticated
  end-users having in-house information technology
  support
• Usable after integration in customization for
  target platform
• Although used in different contexts, both may be
  called commercial off-the-shelf (COTS) software

4
What is portable software?Why use Portable
Software?

• Manufacturers perspective
• Non-recurring cost reduction no need for
  redevelopment of commercially available code no
  opportunity cost where internal resources could
  be better applied to other projects
• Lifecycle cost reduction portable modules
  warranted and maintained by software vendor
• Risk reduction
• Pre-tested software modules are ready to
  integrate
• Portable software can be supplied with
  certification artifacts
• Facilitates earlier delivery of manufacturers
  products to market
• End-users perspective
• Reduced end-user pricing more competitive
  products
• Improved confidence Intel-inside effect
• Factors above contribute to what should
  essentially be a make/buy decision by
  manufacturer

5
Software Quality the ATNThe architecture can
offer

• ATN architecture was created for support of both
  safety-critical ATS and AOC applications
• Controller/pilot communications (ATS), e.g.
  clearances
• Controller/controller communications (ATS), e.g.
  handoff
• Airline dispatch/pilot communications (AOC), e.g.
  re-routing
• How?
• Integrity Assurance via protocol design
• what is received is what was sent
• Enhanced Availability via routing architecture
• information transferred end-to-end in a timely
  manner
• Remember key role of the ATN is to manage
  mission-critical communication resources
  message traffic

6
Software Quality the ATNbut software must
deliver

• Accordingly, mission-critical application of ATN
  protocols demands software design quality
  assurance consistent with Essential systems
• Rationale undetected integrity/availability
  failures may contribute to operational errors
  and/or lead to unacceptable dispatch/controller/pi
  lot work-load
• RTCA DO-178B provides software development
  guidelines for Level C, to meet Essential
  systems requirements
• ACIs approach to problem
• To ensure ATN software mission-readinessall ACI
  RRI/ASE software conforms to DO178B Level C
  guidelines

7
How is ACIs software developed ?Production
Methodology

• DO-178B Level C
• Constitutes the norm for essential avionics
  systems
• ACI offers full development documentation
  compliance
• includes configuration management quality
  assurance aspects
• Maximizes certification credit by optimizing
  certification effort during portation process,
  using supplied certification artifacts
• MIL-STD-498
• FAA and other US government users specify
  MIL-STD-498 development methodology lifecycle
  compliance for mission-critical software
  systems
• Applied on both code development documentation
  aspects
• Complementary to DO 178B Level C

8
How is ACIs software developed ?Lifecycle
Functional View
9
How is ACIs software developed ?Traceability of
Requirements
10
How is ACIs software developed
?Testing/Verification (1/2)

• Software verification testing consists of two key
  components
• Requirements-based testing (RBT)
• Software tested against each requirement to
  ensure that it does what it is supposed to do and
  doesnt perform any unintended functionality
• Structural coverage analysis (SCA)
• Identifies code structures (at the instruction
  level for DO 178B Level C) that are not exercised
  by the RBT
• Ensures that every software instruction is
  required i.e. has been invoked at least once

11
How is ACIs software developed
?Testing/Verification (2/2)

• Requirements at lowest level (SDD) completely
  cover higher level requirements
• Requirements inspection process assures coverage
• Computer Software Unit (CSU) tests ensure SDD
  requirement conformance
• Inspection process assures that tests fully cover
  requirements
• Test cases identify WHAT is to be tested
• Test procedures identify HOW the test will be
  performed
• CSU tests cover both normal operations and
  evaluation of robustness under limit conditions
• Check validity of external data prior to CSU
  importation
• Checks for validity of CSU arithmetic operations

12
Certifiable ATN Software Portable Building Blocks

• Four RRI Component Builds
• Airborne Boundary Intermediate System (ABIS)
• Ground Boundary Intermediate System (GBIS)
• Airborne End System (AES)
• Ground End System (GES)
• Four Application Service Element (ASE) Modules
• Context Management (CM)
• Automatic Dependent Surveillance (ADS)
• Controller/Pilot Data Link Communication (CPDLC)
• Flight Information Service (FIS)

13
Certifiable ATN Software System Architecture
14
Certifiable ATN Software Statistics

• Each RRI build comprises between 60000 and 90000
  source lines of DO 178B Level C code
• AES/GES 63000/75000
• ABIS/GBIS 87000/87000
• Four ASEs together comprise between 60000 and
  80000 source lines of code
• Airborne ASEs order of 15000 each
• Ground ASEs order of 20000 each
• Approximately 5000 tested requirements overall

15
Certifiable ATN Software Component Architecture
User Processes
Platform
Custom
Local
Manager
NMA
User
HMI
PSE
E
S
P
e
I
Subnet
g

E
User
n
e
Drivers
a
S
r
Applications
h
o
c
x
C
E

t
n
e
ATN
m
OS
n
Applications
o
r
i
v
Router
n
E

Stack
m
e
t
System
s
y
Clock
S
16
Certifiable ATN Software System Interfaces
17
Certifiable ATN Software Product Composition

• Source software modules
• Documentation
• User's Guide
• Porting Guide
• Functional Requirement Specification (FRS)
• External Interface Control Document (EICD)
• Software Quality Assurance Plan (SQAP)
• Validation test scripts sequences
• System level
• CSCI level
• DO 178B Level C Certification artifacts
• Products pre-ported for UNIX/Streams environment

18
Certifiable ATN Software Product Support
Evolution

• RRI ASE products under configuration change
  management process
• Operated by ATNSI ACI as open process ATN
  stakeholder interests and participation
  incorporated
• Designed to allow incorporation of general
  problem reports (PRs) as well as ICAO PDRs, plus
  agreed product improvements, while respecting
  interoperability
• Product Support
• Through end of warranty period (mid 2002)
  RRI/ASE support assured by ACI under CCB process
• Following warranty long-term RRI/ASE support
  committed by ACI Member companies
• To-date maintenance releases made at regular
  intervals, following initial RRI/ASE product
  deliveries in February 2000

19
Certifiable ATN Software Certification Credit

• Controversial subject
• Definitive approach awaits decisions by
  authorities
• What is known
• Structural Coverage Analysis credit likely based
  on FAA analysis
• Requirement Based Test procedures and results
  comprise part of product package can be rerun as
  required by certification authorities
• Validation Test procedures and results comprise
  part of product package can be rerun as required
  by customer for acceptance testing
• Conformance Test Suite (CTS) role view of
  certification authorities not yet definitive
• In any case, ACI software is designed to
  streamline, risk-reduce, cost-reduce the
  certification process

20
Result fit for purpose portable ATN software

• Product quality meets safety requirements, meets
  specifications, and reduces lifecycle costs
• Formalized nature of DO-178B Level C development
  process leads to high overall product quality
• Process facilitates change management lifecycle
  support
• Production of required artifacts demonstrates
  compliance and supports users of software
  products
• Full traceability of functions to design, to
  code, and to test
• Full functional test coverage
• Verifies that all functions have been tested
• Full structural test coverage
• Verifies that all code is executed

21
The significance of all this

• Portable software designed to mission-ready
  quality standards can reduce manufacturer cost
  schedule risks, and can facilitate certification
• ATN software certifiable to DO 178B Level C has
  been in the field since February 2000, and will
  play a major role in the FAA CPDLC communication
  infrastructure, as well as in the products of the
  ACI partner companies
• This portable certifiable software is available
  to 3rd parties under license, to provide the same
  benefits of cost and risk reduction, and to aid
  in bringing the ATN into serviceTODAY

22
Aeronautical Communication International LLCWho
are we? What do we do?

• ACI was formed in 1997 as a joint venture of
  Airsys-ATM, Honeywell International, Thomson-CSF
  Sextant Sofréavia, all suppliers of CNS/ATM
  products services
• ACI was created to execute the ATN Router
  Reference Implementation (RRI) Project, under
  contract to ATNSI
• In addition, ACI has financed a variety of
  ATN-related software developments and service
  activities
• Complementary Application/Management Software
• ATN standardization support (AEEC, IATA ICAO)
• ATNSI CTS Program Support
• EUROCONTROL Petal II CAERAF Program Support
• FAA Ground Router Architecture Evaluation
  Support
• ACI is currently engaged as a subcontractor to
  CSC on the FAA CPDLC Build I Build I/A Programs

23
Aeronautical Communication International LLCFor
more information

• Contact
• Forrest Colliver, General Manager
• forrest.colliver_at_aci-llc.com
• Bob Kerr, Marketing Communications
• bob.kerr_at_aci-llc.com
• Or, visit the ACI web site at
• www.aci-llc.com