Conference Information Packet

1 2 w e l c o m e

3 4 m e e t i n g facilities

Wednesday morning plenary is in Evergreen Ballrooms A, B, and C

Wednesday Afternoon Breakout Sessions n Track 1: Evergreen Ballroom A (Research and Technology) n Track 2: Evergreen Ballroom B (Airborne Electronic Hardware) n Track 3: Evergreen Ballroom C (Selected Topics)

Thursday Breakout Sessions n Track 1: Evergreen Ballroom A (DO-178 Revision Status) n Track 2: Evergreen Ballroom B (Airborne Electronic Hardware, and Policy, Guidance and Aids) n Track 3: Evergreen Ballroom C (Selected Topics) 5 5 22 Uni

on Ave. 21

Denver Marriott Downtown

Techech Center Denver 19 U

D l (12 miles) y

T s

C Blvd. t

a 18 e

c r

1 S s 17

e t

. S t .

2 23 16 24 10 11 15 14 13 25 Belleview A ve. 9 26 12

S 27 7 8 9 .

Quebec 28 BELLEVIEW PROMENADE 3

Park Meadows S t

. Mall 4 29 (4 miles) 5 6

a r e a restaurants (within o n e m i l e o f h o t e l )

On Syracuse Street In Ulster Terrace

1 • Garcia’s 17 • Panera Bread 2 • Wendy’s 18 • Qdoba 19 • Darcy’s Off Belleview Avenue 20 • Peppino’s Pizzaria

3 • Starbuck’s

1/2 mile walk Northwest of Ulster Terrace 4 • Cool River 1/2 mile walk 1/2 5 • Purple Martini 21 • McCormick and Schmicks 6 • Bara Sushi 22 • Ink - Coffee 7 • Original Pancake House 8 • Chipotle West of I-25 9 • Il Fornaio 10 • Santoro’s Brick Oven 23 • Taco Bell 11 • Blue Ocean Asian Grill 24 • Pizza Hut 12 • Yia Yia’s Euro Cafe 25 • McDonald’s 13 • Deli-Tech 26 • Country Kitchen 14 • Baja Fresh 27 • Blue Creek Bar & Grill 15 • Great Northern Tavern 28 • Pappadeaux 16 • Season’s Cafe 29 • Wingin It

6 description o f a r e a restaurants

Garcia’s Mexican Restaurant – Traditional Mexican cuisine featuring fresh, salsas, guacamole, tortillas, beans, rice and meat dishes prepared daily. Happy hour specials M-F 4-7pm. Mon-Thu 11am-9:30pm, Sat/Sun 11am-10pm, Sun 11am-9pm

Paradise Bakery - Bakery featuring brownies, croissants, quiches, breads, soups, salads and sandwiches. 6am-5pm Mon-Fri

Wendy’s – Fast food, burger fare. Open 10am-10pm; Drive thru open until 12am. Sun-Thu, Sat/Sun until 2am

Starbuck’s – Coffee house serving various pastries. Mon-Sat 5am-8pm, Sun 5am-5pm

Cool River Café - A fine dining restaurant with salads, burgers, steaks and seafood with a southwestern twist along with an elegant and elaborate bar. Mon-Thu 11am-10pm, 12 am bar; Fri/Sat 11am-11pm, 2am bar, Sun 5pm-10pm

Purple Martini – A Martini lounge serving over 70 variations of the Martini on its menu and delivering excellent hospitality, food and service to its customer. Purple Martini offers patrons incredible martinis, high-energy music and a friendly atmosphere. Mon-Thu 4pm-close, Fri 3pm-close, Sat/Sun 7pm-close

Bara Sushi – Asian Cuisine with full sushi bar, featuring lunch bento box’s and dinner specials daily. Daily lunch 11am-2pm, dinner 5pm-10pm

Original Pancake House – Specializing in breakfast pancakes, waffles, omelette’s, and crepes. 6am-2pm Daily

Chipotle – Mexican Grill serving gourmet burritos, tacos and salads. 10:45am-10pm Daily

Il Fornaio - Authentic Italian Restaurant and Bakery serving, a selection of antipasti, soups, salads, wood-fired pizza, house made pastas, grilled and rotisserie roasted meats and a wide variety of desserts. Sun-Thu 11am-10pm, Fri/Sat 11am-11pm

Santoro’s Brick Oven - Italian, pizza & sandwiches Mon-Fri 11 a.m.-9 p.m. Sat-Sun 5-9 p.m.

Blue Ocean Asian Grill – Thai and Asian specialties 10am-9:30pm Mon-Thu, 10am-10pm Fri, 11:30am-10pm Sat, 11:30am- 9:30pm Sun

(continued on next page) 7 7 description o f a r e a restaurants

Yia Yia’s Euro Café – Soup, salads, wood-oven pizzas, bistro style cuisine with European flare. Mon-Thu 11am-10pm; Fri/Sat 11am-11pm; Sun 10am-9pm

Morton’s Steakhouse – Fine dining steak and seafood. Mon-Sat 5:30pm-11pm, Sun 5pm-10pm

Deli-Tech – New York style deli; breakfast, lunch and dinner. 7am-8pm Daily

Bakers Street Pub & Grill – English Pub featuring a laidback atmosphere, lunch, dinner and late night menus, live music and a seemingly never-ending flow of imported ales. 11am-2am Daily

Baja Fresh – Flavorful and fresh Mexican food, for lunch and dinner, dine-in or take-out, served in a sparkling clean and upbeat environment. 10:30am-9pm Daily

Great Northern Tavern – Comfort food, fresh seafood, fine steaks and featuring a wide variety for all. Mon-Thu 11am-10pm, Bar 11pm; Fri/Sat 11am-10pm, Bar 12am; Sun 11am-9pm, Bar 10pm

Panera Bread – Fresh bread, pastries, soup salad and sandwiches; counter service. Mon-Thu 6am-8pm, Fri 6am-7:30pm, Sat 6:30am-4pm, Sun 7am-4pm

Qdoba – Fast Mexican Grill 10:30am– 9pm Daily

Darcy’s – Irish pub featuring burgers, pastas, steak and a wide variety of appetizers. Mon-Sat 11am-2am, Sun 12pm-9pm

McCormick and Schmicks – Fine dining seafood restaurant. Mon-Thu 11am-10pm, Fri/Sat 11am-11pm, Sun 11am-9pm

Pappadeaux – Fun and festive seafood restaurant. Mon-Thu 11am-10pm, Fri 10am-11pm, Sat 11am-11pm

Jing Restaurant – Upscale, modern Chinese restaurant known for light, Asian inspired cuisine. Sun-Thu 11am-10pm, Fri/Sat 12pm-11pm

8 8 m o r n i n g p l e n a r y s e s s i o n Wednesday, August 20

08:00-08:05 Welcome. Melissa Sandow, FAA Denver Aircraft Certification Office

08:05-08:15 FAA Management Remarks. Susan Cabler and Carol Martineau, FAA

08:15-08:20 Agenda Overview and Logistics. Barbara Lingberg, FAA

08:20-08:45 FAA Software and Airborne Electronic Hardware Program Management Plan. Barbara Lingberg, FAA

08:45-09:00 ”Aviation Safety” The European Union System. Jean-Luc Delamaide, European Aviation Safety Agency (EASA)

09:00-09:15 SAE S-18, Aircraft & Systems Development and Safety Assessment Committee Products and Status. Eric Peterson, Honeywell

09:15-09:30 RTCA SC-216, Aeronautical Systems Security. Daniel Johnson, Honeywell

09:30-10:00 Break

10:00-10:30 FAA Order 8110.105, Simple and Complex Electronic Hardware Approval Guidance. Barbara Lingberg, FAA

10:30-10:45 RTCA SC-205, Changes for DO-178C and Other Documents. Leslie Alford, Boeing

10:45-11:25 Advances in Software Technology Since 1992. John C. Knight, University of Virginia

11:25-11:30 General Session Closing Remarks. Barbara Lingberg, FAA

11:30-13:00 Lunch on your own 9 9 b r e a k o u t s e s s i o n s Wednesday, August 20

10 b r e a k o u t s e s s i o n s Thursday, August 21

11 General Session General 08:00 Welcome. Melissa Sandow, FAA, Denver Aircraft Certification Office

Bio: Melissa Sandow is the senior engineer in the Denver Aircraft Certification Office of the FAA’s Aircraft Certification Service. She is currently leading the type certification programs for the AAI A700 and Spectrum S-40 Freedom aircraft, which are in the Very Light Jet market niche. During her 11 year career with the FAA, she also led the programs that certified the Liberty XL-2 and Adam A500. She holds a BS in Aerospace Engineering from Colorado State University, an MBA from Embry Riddle Aero- nautical University, and is certified as a Project Management Professional (PMP).

NOTES Wednesday, August 20 August Wednesday, 12 Wednesday, August 20 08:05 FAA Management Remarks. Susan Cabler and Carol Martineau, FAA

Bios:

susan Cabler is the Assistant Manager of the FAA Aircraft Engineering Division, AIR-100. Since assuming this position in January 2003, she has been and is responsible for supporting the Division Manager, Mr. David Hempe, in the development, standardized application and implementation of cross- FAR part regulations and policy regarding engineering certification processes. AIR-100 is also the Aircraft Certification Service’s lead office for the introduction, standards development, and certification of new aviation and National Airspace System CNS (Comm-Nav-Surveillance) technologies. Examples of these new technologies include electronic flight bags, satellite-based navigation programs, TCAS, ADS-B and datalink, all of which are important facets of the AVS vision to move toward the Joint Planning and Development Office (JPDO) NextGen and a performance-based NAS that accommodates aviation needs of the future. AIR-100 is also the “home” for the newly-minted Unmanned Aircraft Program Office, which has been tasked by the Associate Administrator of Aviation Safety to develop the standards, regulations, and policy to safely integrate Unmanned Aircraft Systems into the NAS.

Previous assignments in the FAA Aircraft Certification Service include 5 years as Special Technical Assistant to two different Service Directors and 4 years as a member of the Nav Team in the Avionic Systems Branch, AIR-130. Prior to joining the FAA, Mrs. Cabler had a 14-year career in the United States Air Force. For most of those 14 years, she served as an instructor pilot in the Lockheed C 141B, flying strategic and tactical airlift missions to more than 55 countries and during the first Persian Gulf War. During her assignment to the airlift schoolhouse in Altus, Oklahoma, she also trained students in 11 formal courses in the simulator and aircraft, ranging from basic co-pilot and aircraft commander training to special operations and aerial refueling.

Susan has over 27 years of aviation experience between the Air Force. She holds a commercial pilot certificate with an instrument rating and has over 6000 hours of flight time. She graduated from Purdue University with a bachelor degree in Aeronautical & Astronautical Engineering, where she majored in Fluid Dynamics and Astro-Physics.

CAROL MARTINEAU is the manager of the Technical Programs and Continued Airworthiness Branch (AIR-120) in Washington DC. Carol returned to the FAA in 1996 after leaving the agency in 1980 to work in the aerospace industry as a consultant and company DER. While in the private sector she was an active member of the Aerospace Industry Association (AIA) Propulsion Committee and head of Sundstrand Power Systems’ certification department. Carol was the FAA Aircraft Engineering Division focal point for designee/delegation activities until October 2001, when she was detailed to focus on security initiatives. In January 2003 she became the Assistant Manager of the Avionics Systems Branch (AIR-130) and in February 2007 she assumed the management of the Technical Programs and Airworthiness Branch. Carol has a Bachelor of Science in Systems Engineer.

NOTES General Session

13 08:15 Agenda Overview and Logistics. Barbara Lingberg, FAA

08:20 FAA Software and Airborne Electronic Hardware Program Management Plan. Barbara Lingberg, FAA

General Session General Abstract: This presentation provides an overview of the Aircraft Certification Software and Electronic Hardware Program Management Plan for fiscal years FY09 – FY13. The presentation also includes an overview of the Software and Digital Systems (SDS) Research, Engineering, and Development (RE&D) Program.

Bio: Barbara Lingberg is the Computer Software Program Manager for the FAA’s Aircraft Certification Service. She is the technical lead of the Aircraft Certification Software and Airborne Electronic Hardware Team, sponsor of the FAA’s Software and Digital Systems Research Program, chair of the Certification Authorities Software Team (CAST), and Designated Federal Official to RTCA SC-205, Software Considerations in Aeronautical Systems, that is revising DO-178B, Software Considerations in Airborne Systems and Equipment Certification. Ms. Lingberg holds a BS in Mathematics and MS in Software Systems Engineering from George Mason University, Fairfax, VA.

NOTES Wednesday, August 20 August Wednesday, 14 Wednesday, August 20 08:45 “Aviation Safety” The European Union System. Jean-Luc Delamaide, European Aviation Safety Agency (EASA)

Abstract: This presentation provides an updated overview of the responsibilities of EASA, including the competencies, the structure, the tasks and the resources.

Bio: Jean-Luc Delamaide is Head of Section “Software and Complex Electronic Hardware” of the EASA (European Aviation Safety Agency). He joined the EASA in 2005 after 7 years as airborne software specialist (both military and civil) within the French NAA (DGA-DGAC) where he coordinated the A380 SW and CEH aspects of certification. Within the EASA, his today’s goal is to deal with all aspects related to SW and CEH including certification, research, rulemaking and standardization.

NOTES General Session

15 09:00 SAE S-18, Aircraft & Systems Development and Safety Assessment Committee Products and Status. Eric Peterson, Honeywell

Abstract: This presentation provides an overview of the Society of Automotive Engineers General Session General (SAE) S-18, committee charter and membership highlighting committee work products (Aero- space Recommended Practices, ARPs) and their revision status.

Bio: Eric Peterson is presently an Engineer Fellow with the active role of Flight Control System Safety Lead on the Fly-By-Wire (FBW) Flight Control Electronic System product being developed for the Boeing 787 at the Flight Control Center of Excellence in Honeywell Aerospace Electronic Systems Division. He holds a Bachelor of Science Degree in Electrical Engineering from Montana State University (1977). Mr. Peterson has over 30 years experience in management, system design and analysis, and development of hardware and software for commercial and military flight critical avionic and fly-by- wire system applications. Some previous programs include the Embraer ERJ170/190 FBW system, Fairchild Dornier 728 FBW system, Boeing 777 AIMS, NASA X-29 FBW system, US Navy A-12 FBW system, MD-12 FBW system and the NASA Propulsion Controlled Aircraft (PCA) demonstrator.

Mr. Peterson is an active member of the SAE S-18, Aircraft Safety Committee and is presently serving as committee vice-chairman. He provided key contributions to the industry documents, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment, ARP 4761 and ARP 5150, Safety Assessment Methods and Tools to Support Safety Management of Transport Airplanes in Commercial Service. Mr. Peterson is a member of the AeroTech General Committee 2009 and a member of the Advances in Aviation Safety (AIAS) Conference General Committee. He has served as an AIAS Conference Panel Organizer, Panelist and author.

Mr. Peterson is a member of the Society of Automotive Engineers (SAE). He is a licensed private pilot.

NOTES Wednesday, August 20 August Wednesday, 16 Wednesday, August 20 09:15 RTCA SC-216, Aeronautical Systems Security. Daniel Johnson, Honeywell

Abstract: RTCA Special Committee SC-216 on Aeronautical Systems Security addresses data security issues in the development and certification of complex aircraft. In this talk we present an overview of SC-216, its objectives and status, and its sister committee for EUROCAE, WG72.

Bio: Daniel Johnson has over 20 years of experience in systems engineering, design and development of reliable advanced planning, scheduling, and maintenance software for industrial and avionics systems. He is currently responsible for network security design and certification oversight for the Crew Information System and Maintenance System for the Boeing 787. Daniel is Co-Chair of the RTCA Special Committee SC-216 on Aeronautical Systems Security and also represents Honeywell in the EUROCAE Working Group 72 (Aeronautical System Security) where he is the lead editor for WG-72-Module 1 on Airworthiness Security.

NOTES General Session

17 10:00 FAA Order 8110.105, Simple and Complex Electronic Hardware Approval Guidance. Barbara Lingberg, FAA

Abstract: This presentation provides an overview of Order 8110.105 which explains how FAA certification staff can use and apply RTCA, Inc. document RTCA/DO-254, Design Assurance

General Session General Guidance for Airborne Electronic Hardware, when working on certification projects. The Order provides guidance for approving both simple and complex custom micro-coded components when an applicant seeks FAA approval using DO-254 as the means of compliance.

Bio: Barbara Lingberg is the Computer Software Program Manager for the FAA’s Aircraft Certifi- cation Service. She is the technical lead of the Aircraft Certification Software and Airborne Electronic Hardware Team, sponsor of the FAA’s Software and Digital Systems Research Program, chair of the Certification Authorities Software Team (CAST), and Designated Federal Official to RTCA SC-205 that is revising DO-178B. Ms. Lingberg holds a BS in Mathematics and MS in Software Systems Engineering from George Mason University, Fairfax, VA.

NOTES Wednesday, August 20 August Wednesday, 18 Wednesday, August 20 10:30 RTCA SC-205, Changes for DO-178C and Other Documents. Leslie Alford, Boeing

Abstract: RTCA SC-205/EUROCAE WG-71 has been meeting for 3 years updating DO-178B, DO-278, Guidelines for Communication, Navigation, Surveillance, and Air Traffic Management (CNS/ATM) Systems Software Integrity Assurance, and DO-248B, Final Report for Clarification of DO-178B “Software Considerations in Airborne Systems and Equipment Certification”, with regard to current technologies and changes to promote clarity and understanding where issues have been raised over time. This presentation focuses on the committee’s current status and progress.

Bio: Leslie Alford is a Technical Fellow at the Boeing Company, in the Rotorcraft Division of Boe- ing Integrated Defense Systems. She has been working in the field of software engineering since 1978, software certification since 1984, and avionics system engineering since 1997. She was a Software Designated Engineering Representative for the FAA from 1988 to 2003 and is now specializing in military certifications. She has been involved with technical program management and software engineering analysis at Boeing and at suppliers on most airplane systems, particularly those that are flight critical. Leslie has been an active participant on RTCA subcommittees including SC-167, SC-190, and SC205 for the development and update of DO-178B and is now the USA Secretary for SC-205/ WG-71. Military programs she’s supported include JSF, C17, V-22, Apache, and Chinook programs in Boe- ing. Leslie obtained her Masters in Software Engineering in 1983, and her undergraduate degree, a BA in English Education, cum laude, in 1972, both from Seattle University.

NOTES General Session

19 10:45 Advances in Software Technology Since 1992. John C. Knight, University of Virginia

Abstract: Many significant developments in software engineering have occurred since 1992 when DO-178B was published. The overall effect has been to produce a revolution in the

General Session General way that we build software. During the same timeframe, rising integration levels in hardware combined with advances in computer architecture and digital communication have provided platforms that present new opportunities for software developers.

In this presentation, Dr. Knight will summarize some of the key developments in software technology and review the challenges presented by these developments and the new architecture and hardware capabilities. Dr. Knight will also present some ideas on how these developments can be accommodated in the certification framework.

Bio: John Knight is a professor of computer science at the University of Virginia. He holds a B.Sc. (Hons) in Mathematics from the Imperial College of Science and Technology (London) and a Ph.D. in Computer Science from the University of Newcastle upon Tyne. Prior to joining the University of Virginia in 1981, he was with NASA’s Langley Research Center.

Dr. Knight’s research interests are in software dependability. He is currently working on projects in safety-critical embedded systems and the survivability of critical networked applications. Specific research topics include the use of natural language in specification, formal verification, assurance arguments, and network security.

From 2001 to 2005 Dr. Knight served as Editor in Chief of the IEEE Transactions on Software Engineer- ing, and he is a member of the editorial board of the Empirical Software Engineering Journal. He was the General Chair of the 2000 International Symposium on the Foundations of Software Engineering, and he was the General Chair of the 2007 International Conference on Software Engineering.

NOTES Wednesday, August 20 August Wednesday, 20 Wednesday, August 20 13:00 Microprocessor Selection and Evaluation for Critical Real-Time Systems Panel. Bob Green, BAE Systems Charles Kilgore, FAA Bob Manners, Apptis, Inc. Joseph Marotta, Honeywell Emmanuel “Manny” Papadopoulos, FAA Eric Peterson, Honeywell Brian Petre, GE Aviation

Abstract: Can development and regulatory requirements be combined to establish new approaches, methods and tools to smooth the transition of current and future COTS microprocessors and systems-on-a-chip (SoCs) into certified aerospace vehicles? Participating members from the Aerospace Industry and the FAA are partnering to research how non-deterministic, increasingly difficult-to-test COTS microprocessors and SoCs can achieve design assurance in critical airborne systems.

The presentation presents results from the Microprocessor Selection and Evaluation Project including:

* Most importantly “why do we need to change” to establish industry-wide solutions for the effective and safe use of COTs microprocessors and SoCs in critical airborne systems? * Airborne Electronic Hardware (AEH) compliance issues. * Emerging current and future microprocessor and SoC technologies. * Design assurance for non-deterministic COTS microprocessors/SoCs. * Methods to evaluate system behavior to accomplish AEH design assurance (e.g., safety nets). * Recommendations for future regulatory policy and guidance for emerging technologies * Development of an FAA Handbook to support selection and evaluation of Microprocessors and SoCs for critical airborne systems. * An initiative for the development of standards in these areas.

bios:

Track 1: Research & Technology Bob Green: Bob is a software engineer and FAA Designated Engineering Representative (DER) at BAE Systems in Johnson City, NY. 20 years experience working on safety critical systems, both military and commercial. Member of RTCA SC-205.

Charles Kilgore: Chuck is an electronics engineer with the Federal Aviation Administration since 1989. Currently, the Project Manager and Contracting Officer’s Technical Representative of the Software and Digital Systems (Research) Program within the Flight Safety Branch.

Bob Manners: Bob is the Principal Systems Engineer, with Apptis Inc. of New Jersey under contract to the FAA, and is the Chairman of the AFE43 Microprocessor Selection and Evaluation Project. For the past twenty years, Mr. Manners has been providing integrated Program Management, and Systems Engineering services to organizations that are responsible for planning the technical future of the FAA. 21 Joseph A. Marotta: Joe is an electrical engineer with 24 years experience developing hardware and systems for aviation, military and space applications and currently a Chief Engineer for Honeywell.

Emmanuel “Manny” Papadopoulos: Manny is an FAA technical research lead for AVSI Projects. For the past seventeen years Mr. Papadopoulos has worked on the development, testing, implementation of a variety complex systems. He has led the System Engineering activities for various projects supporting IBM Inc. and the FAA. He has also provided Program Management and Contract development skills to both the private industry and Government.

Eric T. Peterson: Eric is an electrical engineer with 20 years experience developing software, hardware, and systems for aviation applications and currently a DER and Certification Manager for

Track 1: Research & Technology 1: Research Track Honeywell.

Brian Petre: Brian has 26+ years of hands-on aerospace experience in multiple areas of aircraft design, engineering, advanced development, and certification. Brian has been working with DO-254 subject matter for 7 + years and has been involved in addressing various COTS devices under domestic and international regulatory requirements.

NOTES Wednesday, August 20 August Wednesday, 22 Wednesday, August 20 13:00 FAA Order 8110.105, Simple and Complex Electronic Hardware Approval Guidance. Gregg Bartley, FAA

Abstract: This presentation will describe, in detail, the contents of newly released FAA Order 8110.105, Simple and Complex Electronic Hardware Approval Guidance, and the rationale and source of some of the information contained in the order. This presentation is an expansion of the overview provided during the opening session of this conference. Ample opportunities will be given for questions and detailed discussion of the contents of the order.

Bio: Gregg Bartley is from the FAA Transport Standards Airplane and Flight Crew Interface Branch in Seattle. He has been with the FAA for seven years. Prior to that, he was with industry for nineteen years. He specializes in autopilot systems, fly-by-wire flight controls, airborne software, complex electronic hardware, and other avionics systems. He has a Bachelor’s degree in Electrical Engineering from Mississippi State University and a Master’s degree in Applied Physics from the University of Washington.

NOTES Track 2: Airborne Electronic Hardware

23 13:00 Assignment of Design Assurance Levels (DALs). Steve Beland, Boeing.

Abstract: The three guidance sources for assigning DALs differ slightly, with ARP 4754, DO-178B, and DO-254 each leading to subtle yet noteworthy differences for various architectures. As part of the revision to ARP 4754 now in work, SAE S-18 committee and EUROCAE WG-63 (Airplane Safety Assessment) are addressing these differences to create one source to use for assigning system Development Assurance Levels (DvALs) and item Design Assur- Track 3: Selected Topics Track ance Levels (DsALs). The subcommittee has recently produced draft guidance mature enough to be in the committee’s current working draft document and the members of that team are working to be sure the rest of the document and the DAL guidance work well together. This presentation covers the work of this specific area of the guidance and also discusses some recent informal comments (and maybe misconceptions) that are emerging about this draft guidance.

Bio: Steve Beland received his BS degree in Electrical Engineering from Michigan Technological University in 1986 and MS degree in Systems Engineering at University of Missouri – Rolla (now Missouri University of Science and Technology) in 2006. He’s an Associate Technical Fellow and Authorized Representative for Flight Controls Systems at Boeing Commercial Airplanes where he’s worked for 22 years. His background spans the flight control systems of many Boeing commercial airplane models and he is currently working on the integration and safety of the 787 Dreamliner. He has made significant contributions to the RTCA/DO-254, and is now contributing in SAE committee S-18 updating ARP 4754 and ARP 4761 as the leader of the subcommittee updating the DAL guidance. Steve has published papers on system integration, safety and design & development assurance issues.

NOTES Wednesday, August 20 August Wednesday, 24 Wednesday, August 20 15:00 Airborne Electronic Hardware (AEH) Tool Qualification. Dr. Andrew Kornecki and Dr. Brian Butka, Embry Riddle Aeronautical University; and Dr. Janusz Zalewski, Florida Gulf Coast University

Abstract: Embry Riddle Aeronautical University/Florida Gulf Coast University research project: “A Study on Tool Qualification for Complex Electronic Hardware (CEH)” is investigating the tool market and the programmable logic tool qualification issues. The objective is to ex- plore safety issues in the assessment and qualification of tools used in developing CEH for the aircraft. The work includes literature study, industry surveys, and development of case studies identifying the impact of the tool use on safety of the programmable logic devices in airborne systems developed under DO-254 guidance. The talk discusses the need for tool qualification, points out the potential problems with the tools and the proposed solutions.

Bios:

Dr. Andrew J. Kornecki: Andrew is a Professor with the Computer and Software Engineering De- partment of Embry Riddle Aeronautical University. He received his MSEE and PhD degrees in 1970 and 1975 respectively. Since then he was holding university positions teaching in undergraduate and graduate programs on three continents. He has been engaged in teaching and research in the area of real- time safety critical software, served as a visiting researcher in the Federal Aviation Administration, has been a member of RTCA SC-190 and SC-205 committees dedicated to aviation software certification, and contributed to real-time safety critical software training for the FAA Certification Services.

Dr. Brian Butka: Brian is an Associate Professor with the Electrical and System Engineering De- partment of Embry Riddle Aeronautical University. Dr. Butka received his MSEE and Ph.D. degrees from Georgia Tech in 1981 and 1989 respectively. He has over 15 year of experience with mixed signal semiconductor design, test, verification and validation. He has recently worked on airborne communication bandwidth limits for the Next Generation Air Transportation system (NGATS).

Dr. Janusz Zalewski: Janusz is a Professor of Computer Science in the School of Engineering at Florida Gulf Coast University. Prior to his academic career, he worked for various nuclear research insti- tutions, including the Data Acquisition Group of Superconducting Super Collider and Computer Safety and Reliability Center at Lawrence Livermore National Laboratory. He also worked on projects and consulted for a number of private companies, including Lockheed Martin, Harris, and Boeing. He served as a chairman of the International Federation for Information Processing Working Group 5.4 on Industrial Software Quality, and of an International Federation of Automatic Control Technical Committee on Safety of Com-

puter Control Systems. Track 1: Research & Technology

NOTES

25 15:00 FAA Airborne Electronic Hardware (AEH) Review Job Aid. Tammy Reeve, Patmos Engineering Services, Inc., and Varun Khanna, FAA

Abstract: This is a presentation of the new AEH Job Aid. Varun and Tammy will present an outline of the Job Aid. Target audience should be engineers and DERs who intend to make a showing of compliance for such devices.

Bios:

Tammy Reeve: Tammy is the President of Patmos Engineering Services, Inc. and is an independent FAA DER. Her software management related activities and experience include, software project management, FAA coordination for Parts Manufacturer Approval (PMA) and Technical Standard Order Track 2: Airborne Electronic Hardware 2: Airborne Electronic Track (TSO) related aspects of certification as well as consulting in the area of software and programmable logic device (PLD)/ASIC (application-specific integrated circuit) standards and policies. Tammy has been working in the aviation field for over 20 years. Prior to becoming a DER Tammy worked as an embedded software design engineer for GE Aerospace and Avtech Corporation. She has worked on aviation equipment ranging from engine controls for the C17 to audio control systems for the Boeing 777. Tammy has a BSEE (Tau Beta Pi) from California State University Fullerton (with emphasis in digital hardware design) and a Masters in Software Engineering from Seattle University. Recent areas of DER work include participation in the SC-205 working group, development of the FAA course for DO-254/Airborne Electronic Hardware and DO-254/DO-178B compliance for PLDs and ASICs.

Varun Khanna: Varun has been with the FAA for twelve years. All of it at the Seattle ACO as the Software and Complex Hardware Device specialist. Prior to that he worked for Boeing for about thirteen years. Five of which were as a DER.

He has worked all current and some past production commercial airplanes from the Northwest including the 737, 747, 757, 767, 777, and the current 787 development program. Functional areas that he has worked have been avionics, displays and crew alerting, IMA systems on the 777 and 787, flight controls (FBW), radio and inertial navigation, fuel and tank inerting systems, cabin systems, environmental controls, security and warning systems.

His interests include spending quality time with family. Raising his son, rebuilding and flying (currently an Ercoupe), homebuilt airplanes, radio control electric airplanes, golf, fishing and as you can tell good food.

NOTES Wednesday, August 20 August Wednesday, 26 Wednesday, August 20 15:00 Airborne Network Cyber Security Issues for E-enabled Aircraft Certification and Operations. Kevin Harnett and Vince Rakauskas, Volpe National Transportation Systems Center, and Ray DeCerchio, FAA

Abstract: Plans for extensive modifications to the next generation of Aircraft Data Net- works (ADNs) and an expansion of external network connections to provide enhanced communications from the ground to the aircraft are currently in progress. These changes introduce new cyber security vulnerabilities to aircraft that formerly have not been an issue of concern. If not properly mitigated, these vulnerabilities can expose mission critical aircraft control systems to malicious attack and infection by viruses, and result in unsafe flight conditions. There are currently a number of initiatives being conducted by FAA and aviation industry represen- tatives to provide the necessary assurances that cyber security vulnerabilities do not cause unsafe flight conditions. This presentation provides an overview of many of these key activities and describes some of the more significant topics and challenges that currently exist.

BioS:

Kevin Harnett: Kevin is a Program Manager for the United States Department of Transportation at the Volpe National Transportation Systems Center located in Cambridge, Massachusetts. Over the past 10 years, Kevin has been responsible for providing technical leadership in planning, implementing and managing high priority programs involving Information System Security (ISS) and risk management for the Department of Transportation (DOT), FAA, NASA, Department of Homeland Security, Transportation Security Administration, Coast Guard, and other agencies, with special emphasis on security risk management, security policy, security training, certification/accreditation, security awareness, security testing/evaluation, incident response capability and remediation. Mr. Harnett has over twenty-five years of combined project management, technical consulting, and implementation skills.

Vince Rakauskas: Vince is a Cyber Security consultant and has been providing contract services to the United States Department of Transportation at the Volpe National Transportation Systems Center for the past 7 years. Vince has been responsible for providing a key role in planning and implementing high priority programs involving Information System Security (ISS) and risk management for the Department of Transportation (DOT), FAA, NASA, Department of Homeland Security, Transportation Security Admin- istration, Coast Guard, and other agencies, with special emphasis on security risk management, security policy, security training and awareness, and certification & accreditation. Mr. Rakauskas has over twenty-five years of experience including computer programming and project management. Prior to his work at the Volpe Center, he provided cyber security consultation services to US Air Force and was the Director of Information Security at a major financial services company.

Ray DeCerchio: Raymond is the FAA lead POC for Aircraft Systems Security national policy and the Designated Federal Official for RTCA SC-216 Aeronautical Systems Security. Raymond also provides Track 3: Selected Topics aircraft systems security support for various aircraft certification programs and other RTCA special committees. Raymond has over 10 years experience in cyber security programs and has been the security manager for various offices in the FAA ATO. Mr. DeCerchio has over 25 years of program management and systems development experience on various aircraft avionics and IT applications development programs. Raymond is also a program manager and business sponsor of process automation and improvement for the FAA Aircraft Engineering Division

27 16:00 As Semiconductor Devices Shrink so do Their Reliability and Lifetimes. Lloyd Condra and Bill Scofield, Boeing; and Gary Horan, FAA

Abstract: Aerospace and Military system designers depend increasingly on commercial- off-the-shelf (COTS) semiconductor devices to achieve the performance goals of their systems; even as the military and aerospace electronics industry has become an insignificant portion of the advanced semiconductor market. COTS manufacturers have shifted their focus from long life, high reliable products to consumer-oriented products emphasizing high speed, low cost, short time-to-market, and continuous improvement. To achieve these new goals feature sizes are driven well below 100 nanometers. The consequences for aerospace users are many, including limited availability due to short product life cycles, reduced capability to oper- Track 1: Research & Technology 1: Research Track ate in rugged environments, lower reliability, and perhaps most importantly, early wearout and reduced service lifetimes (as low as 2-3 years). Recent work done by the Aerospace Vehicle Systems Institute (AVSI), and led by Boeing, has confirmed the reality of the above effects, and has quantified the results through testing. It also confirms the impact on system reliability, and the methods used to predict it. The project has produced a handbook and the initial version of the Failure-rate Based Software (FaRBS) to enable avionics system designers to accom- modate these effects in their system designs. This paper describes that work, and the results obtained.

BioS:

Lloyd W. Condra: Lloyd is a Technical Fellow at Boeing Phantom Works, Seattle, Washington, USA. His experience includes microelectronics manufacturing and research in the telecommunications, computer, medical electronics, and aerospace industries. He chairs International Electrotechnical Commission Technical Committee 107, Process Management for Avionics, the GEIA Avionics Process Management Committee, and the Electronic Component Certification Board, and is vice chairman of IECQ. He leads the AIA-AMC-GEIA Lead-free Electronics in Aerospace Project Working Group (LEAP WG). The LEAP WG represents all aerospace stakeholders, and is developing industry consensus documents to enable it to respond to the global transition to lead-free electronics. Lloyd is the author of over 40 technical papers and three technical books. He is a senior member of IEEE. He has a B.S. from Iowa State, and an M.S. from Lehigh University, both in materials engineering.

Gary Horan: Gary has been with the FAA Engine and Propeller Directorate for the past 8 years. Prior to that Gary was with Pratt & Whitney for 31 years, where he specialized in engine control systems and accessories. He has been working with industry on three of the most significant issues that are just now showing an impact on all avionics: Single Event Effects, Semiconductor Wearout, and the transition to Lead-free solder and finishes. He has a B.S. from Northeastern University in Electrical Engineering. He also has a Executive MBA from Boston University.

NOTES Wednesday, August 20 August Wednesday, 28 Wednesday, August 20 16:00 Airborne Electronic Hardware Lessons Learned Panel. Tammy Reeve, Patmos Engineering Services, Inc. Randall Fulton, SoftwAir Assurance, Inc. Karen Brack, Honeywell Martha Blankenberger, Rolls-Royce

Abstract: The panel has been assembled to facilitate a discussion of lessons learned from the application of RTCA/DO-254, Design Assurance Guidance for Airborne Electronic Hardware, to various aircraft projects. The members consist of a design engineer, company Designated Engineering Representative (DER) and consultant DERs. The panel will have a short presentation to summarize their perspective on lessons learned topics followed by a question and/or discussion with the audience.

Bios:

Tammy Reeve: Tammy is the President of Patmos Engineering Services, Inc. and is an independent FAA DER. Her software management related activities and experience include, software project management, FAA coordination for Parts Manufacturer Approval (PMA) and Technical Standard Order (TSO) related aspects of certification as well as consulting in the area of software and programmable logic device (PLD)/ASIC (application-specific integrated circuit) standards and policies. Tammy has been working in the aviation field for over 20 years. Prior to becoming a DER Tammy worked as an embedded software design engineer for GE Aerospace and Avtech Corporation. She has worked on aviation equipment ranging from engine controls for the C17 to audio control systems for the Boeing 777. Tammy has a BSEE (Tau Beta Pi) from California State University Fullerton (with emphasis in digital hardware design) and a Masters in Software Engineering from Seattle University. Recent areas of DER work include participation in the SC-205 working group, development of the FAA course for DO-254/Airborne Electronic Hardware and DO-254/DO-178B compliance for PLDs and ASICs.

Randall Fulton: Randall is an FAA Consultant DER with 30 years of Electrical Engineering Experi- ence, emphasizing Software and Complex Electronic Hardware. Mr. Fulton earned his DER credentials in software and programmable logic devices (PLD) while working at Boeing in flight controls and flight deck electronics. As a DER, Mr. Fulton has had approval authority for PLDs since 1997 and has worked numerous Part 25 (Commercial Transport) as well as Part 23 (General Aviation) certification programs

with field programmable gate arrays (FPGA), application-specific integrated circuits (ASIC) and software. Track 2: Airborne Electronic Hardware

Karen Brack: Karen is an ASIC Staff Engineer in the ASIC & FPGA Design Center of Excellence for Honeywell Aerospace. Karen has 19 years experience in ASIC and FPGA design in both commercial and military avionics design. She has established FPGA and ASIC design processes based on DO-254 for Honeywell since 2001. She has a BS in Electrical Engineering from Louisiana State University and an MS in Electrical Engineering from University of California Irvine.

Martha Blankenberger: Martha has been a DER at Rolls-Royce Indianapolis for the past 10 years. Her specializations are in engine control systems, software and complex hardware. She has over 20 years of experience in engine control systems in a variety of both technical and managerial roles at Rolls-Royce and prior to that at Allied Signal. The experience includes both commercial engine certifications as well as military applications. She has been involved as a member of both SC-190 and currently SC-205. Martha has a BSEE with honors from University of Arizona and has completed coursework for a MSEE with specialization in control systems.

29 16:00 Electronic Flight Bag & Security. Peter Skaves, FAA

Abstract: This briefing describes the risk management guide for information technology systems and compares this process to the Aircraft Certification system safety development process. Gaps and differences between the information technology process and aircraft certification safety development process will be highlighted. Primary focus of the discussion will be on Electronic Flight Bag software applications and the potential effects on aircraft level safety.

Track 3: Selected Topics Track Bio: Peter Skaves has over thirty years experience in avionic system design and aircraft certification. During his fifteen year career at General Electric, Peter worked with a team of engineers in the design of the Stealth Bomber and C-17 Cargo Airplane fly-by-wire flight control systems. Peter’s current assignment is Special Project Team Lead for the Washington, DC Avionic Systems Branch. Peter has a BSEE degree from the University of Massachusetts.

NOTES Wednesday, August 20 August Wednesday, 30 Thursday, August 21 08:00 Current Direction for Use of Object-Oriented Techniques in Avionics. Jim Chelini, Verocel, Inc.

Abstract: RTCA Special Committer 205 (SC-205) and EUROCAE Working Group 71 (WG- 71) are in the process of updating DO-178B/ED-12B to create DO-178C/ED12C with a supporting collection of technology based supplements. Subgroup 5 under SC-205/WG-71 is tasked with the development of the Object-Oriented Technology Supplement.

This presentation will focus on the current Subgroup-5 activities to produce certification guidance on the use of Object-Oriented Technology (OOT) within avionics software applications. The presentation will address the following topics.

* Relationship between DO-178B/ED-12C and the Supplements * History of OOT issues for certification * Core OOT Concepts addressed by the Supplement * Supplement Overview

Bio: Jim Chelini has over 28 years experience in software development for embedded real-time systems in both commercial and military applications. His work has focused on the definition and implementation of software architectures, software safety, and process improvement. Prior to co-founding Verocel in 1999, Mr. Chelini has held a number of technical and managerial positions with Aonix, Ray- theon, GTE, and Xerox.

Mr. Chelini is currently the co-chair of the Object-Oriented Technology Subgroup under RTCA SC-205 Software Considerations in Aeronautical Systems. He has also been an active member of the following RTCA Special Committees: * SC-200 – Integrated Modular Avionics (DO-297) * SC-190 - Application Guidelines for RTCA DO-178B/ED-12B (Software), where he was the co- chair for the Development Subgroup. * SC-182 – Requirements Specification for the Avionics Computing Resource (DO-255). Track 1: RTCA / SC-205 DO-178 Revision Status

NOTES

31 08:00 Mitigating the Dangers of Multi-clock Designs. David Landoll, Mentor Graphics

Abstract: As field programmable gate array (FPGA) capacity grows, more systems are being integrated into a single chip. This reduces power, area, wiring, weight, and has many other advantages. However, as these application-specific integrated circuit ASIC/FGPA designs handle more and more functions, multi-clock designs are becoming commonplace. In addition, new interface standards (such as ARINC 664 AFDX and ARINC 818) require special clocking techniques.

When not handled correctly, these multi-clock designs can exhibit a variety of dangerous “clock domain crossing” errors that can corrupt control and data signals, resulting in data loss or unit lock-up. Techniques exist that can mitigate the effects of these “clock domain crossing” errors, if

Track 2: Airborne Electronic Hardware 2: Airborne Electronic Track properly implemented and verified.

This session provides an overview of metastability, “clock domain crossings”, how errors occur, and how their effects can be mitigated to assure design safety.

Bio: David Landoll is a member of the Engineered Solutions Group at Mentor. He performs hardware verification methodology audits for Mentor customers where he identifies inefficiencies, then recom- mends and helps implement improvements. In this position, David’s focus is on companies adopting DO- 254, and how advanced verification techniques can make CEH safer while lowering verification costs. With 20 years of industry experience, David has been recognized for his expertise in digital hardware design, formal verification, assertion based verification, synthesis, and test, and has written a variety of industry papers. He has a BSEE from the University of Arizona, and a MBA from Santa Clara University.

NOTES Thursday, August 21 August Thursday, 32 Thursday, August 21 08:00 Integrated Modular Avionics (IMA) Approval Concerns. Gregg Bartley, FAA

Abstract: This presentation will describe some of the emerging issues the FAA is encounter- ing during the development, verification and approval of complex IMA systems. These issues include the lack of complete and coherent FAA policy and guidance as it applies to large-scale IMA systems, emerging business models that emphasize piecemeal design of the IMA, very complex and unexpected interactions between partitions during failure conditions, and some perceived misunderstandings about robust partitioning.

Bios: Gregg Bartley is from the FAA Transport Standards Airplane and Flight Crew Interface Branch in Seattle. He has been with the FAA for seven years. Prior to that, he was with industry for nineteen years. He specializes in autopilot systems, fly-by-wire flight controls, airborne software, complex electronic hardware, and other avionics systems. He has a Bachelor’s degree in Electrical Engineering from Mississippi State University and a Master’s degree in Applied Physics from the University of Washington.

NOTES Track 3: Selected Topics

33 09:00 Tool Qualification. Leanna Rierson, Digital Safety Consulting

Abstract: This presentation provides an overview of RTCA SC-205 and EUROCAE WG-71’s work on tool qualification. The committee’s draft Tool Qualification Supplement contents and objectives will be discussed.

Bio: Leanna Rierson is a consultant Designated Engineering Representative (DER) with authority in software and complex electronic hardware. She has 20 years of experience in the software and aviation industry. Leanna spent 9 years as a software and avionics specialist at the FAA; five of those years were in the position of Chief Scientific and Technical Advisor for Aircraft Computer Software. Leanna has also held engineering positions at NCR and Cessna Aircraft Company. Leanna has led numerous national and international software teams. She has been a member of the following RTCA committees: SC-180 (complex electronic hardware), SC-190 (software), SC-200 (integrated modular avionics), and SC-205 (software). Leanna has a master’s degree in software engineering from Rochester Institute of Technology and a bachelor’s degree in electrical engineering from Wichita State University.

Track 1: RTCA / SC-205 DO-178 Revision Status Revision / SC-205 DO-178 1: RTCA Track NOTES Thursday, August 21 August Thursday, 34 Thursday, August 21 09:00 Elemental Analysis, Applied to Mixed Signal Discrete Circuitry. David Duncan, Purple Seal, Inc.

Abstract: When distilled down DO-254 (Design Assurance) has three primary objectives: a) Control of the “Configuration” (Requirements, Documentation, Physical Hardware, Validation, etc) b) Requirements Based Design (Design Traceability) c) Requirements Based Verification (Verification Traceability)

When these three objectives are applied with a level of independence, the reduction in or elimi- nation of common mode errors is the result.

As part of DO-254’s guidance, Level A & B programs are to implement Advanced Verification according to Appendix B. Of the suggested methodologies, Elemental Analysis is most often implemented by conducting a coverage analysis of a PLD/FPGA/ASIC design at the VHDL (design coding language) level of abstraction. What this is really accomplishing is an evaluation the “quality” of the implementation of the primary objectives as stated above: i.e., Does independent requirements based verification actually cover requirements based design? For PLD/FPGA/ASIC this analysis is semi automated by built in tool suites that are used during verification by simulation.

The challenge is to apply this concept (Code Coverage) to mixed signal discrete circuits, where there are no tools to automate the process, and the verification is performed on the physical circuits, not on an abstraction.

Bio: David Duncan is a consulting engineer with a background in Commercial and Military Avionics, Nuclear Power, Bio-Medical and Industrial hardware and software.

NOTES Track 2: Airborne Electronic Hardware

35 09:00 AC 20.IMA and RTCA/DO-297, “Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations”. Gregg Bartley, FAA

Abstract: This presentation will describe the FAA’s efforts and issues involved in invoking RTCA/DO-297, Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations, via AC 20.IMA, as an acceptable means of compliance for developing and approving complex IMA systems. Time permitting; there will be an open discussion after the Track 3: Selected Topics Track presentation about these issues, where industry feedback is being solicited.

NOTES Thursday, August 21 August Thursday, 36 Thursday, August 21 10:30 Model-Based Development and Verification. Mark Lillis, Hamilton Sundstrand

Abstract: The presentation covers a review of the issues relative to Model Based Develop- ment & Verification (MBD&V) of software. Background issues concerning models are explained, including the interface with APR 4754, as well as an update on the progress made in the preparation of a MBD&V Supplement for DO-178C.

Bio: Mark Lillis is the Electronics Manager for Hamilton Sundstrand’s Air Management Systems group in Windsor Locks, Connecticut. Mark has been involved with DO-178B since its original development with RTCA SC-167. He has continued to participate in standards development activities including APR 4754, ARP 4761, and DO-248. Mark is presently co-chair of the Model Based Development Sub-group of RTCA Special Committee SC-205. Mark’s background includes engine controls, propeller systems, APU’s, oxygen generation systems, anti-ice, bleed air and bleed leak systems, cabin pressurization, and environmental control systems.

NOTES Track 1: RTCA / SC-205 DO-178 Revision Status

37 10:30 COTS and DO-254. Brian Petre, GE Aviation

Abstract: What do we really know about commercial-off-the-shelf COTS devices/IP? Their effects? Their stability? COTS devices and COTS IP pose an increasing challenge to use in an industry where less and less influence exists with suppliers. Complex COTS suppliers cater to the high volume customers where aerospace safety is less of a concern coupled with an increase in the use of COTS devices and Intellectual Property programs. The presentation, developed from publicly available information and personal experiences, discusses complex COTS devices and COTS IP use in the aircraft industry.

Bio: brian petre has 26+ years of hands-on aerospace experience in multiple areas of aircraft design, engineering, advanced development, and certification. Brian has been working with DO-254 subject matter for 7 + years and has been involved in addressing various COTS devices under domestic and

Track 2: Airborne Electronic Hardware 2: Airborne Electronic Track international regulatory requirements.

NOTES Thursday, August 21 August Thursday, 38 Thursday, August 21 10:30 Formal Methods in Practice. Rob Weaver, NATS

Abstract: iFACTS is one of the most challenging projects NATS (the United Kingdom’s primary Air Navigation Service Provider) is currently undertaking. iFACTS provides the air traffic controller with an advanced set of support tools in order to reduce workload and so increase the amount of traffic they can comfortably handle. These tools, based on Trajectory Prediction and Medium Term Conflict Detection, provide decision making support and facilitate the early detection of conflicts.

The development of the new iFACTS software has incorporated elements of formal methods. In this presentation, the benefits and challenges of using formal elements within the development process are discussed. The software engineering, regulatory and evidential contexts are explained and their impact on the use of formal methods discussed. In particular the role formal methods can play in the development of a lower assurance system is discussed and lessons learnt from the experiences presented.

Bio: Rob Weaver works as Safety Manager on the Electronic Flight Data Project for NATS, the UK’s primary Air Navigation Service Provider. Previously he worked at NATS as the Head of the Software Assurance Group, where he was responsible for liaison with Regulator to agree acceptable means of compliance for software assurance; definition of good/best Practice for software assurance and advising projects on software assurance. Previously he taught and researched at the University of York in safety cases and software assurance. He holds a PhD in software safety assurance. He has been involved in the SC-205/WG-71 working group since commencement and was a member for WG-64.

NOTES Track 3: Selected Topics

39 13:00 Document Integration. Marty Gasiorowski, Honeywell

Abstract: RTCA Special Committee SC-205 is generating DO-178C, DO-278A, and several supplements that define how to apply DO-178C and DO-278A to new technologies like Model Based Development, Formal Methods and Object Oriented Technology. In addition, DO-248C will be generated. Sub-Group 1 is tasked with defining the document architecture that will integrate and link these documents together. Further, SG1 will implement changes into DO-178C and DO-278A that will improve clarity, consistency and usability of these documents.

This presentation will provide the status of SG1’s progress on the activities listed above, iden- tify changes currently defined to improve the traceability between the annex tables and the text, provide information on how the documents will be managed and provide a summary of changes already made to improve consistency and clarity.

Bio: Marty Gasiorowski is Director of Electronics Product Assurance and Certification for Honey- well Aerospace. He manages a 125 person organization across 13 Honeywell sites consisting of DERs, Certification Engineers, Product Development Quality Engineers, and RNP SAAAR Consultants. He is an

Track 1: RTCA / SC-205 DO-178 Revision Status Revision / SC-205 DO-178 1: RTCA Track FAA Systems, Software and Safety Analysis DER, and was a member of the committees that generated DO-178B and ARP-4754. He recently was named co-chair of SC-205 Sub-Group 1, Document Integration.

CNS/ATM and Special Considerations. Don Heck, Boeing

Abstract: SC-205/WG-71 is an industry committee jointly sponsored by RTCA and EURO- CAE for software considerations in the certification of airborne systems and equipment and for software guidelines in the approval of systems and equipment for communication, navigation, surveillance and air traffic (CNS/ATM). These considerations and guidelines are contained in industry documents known as DO-178B/ED-12B and DO-278/ED-109. Clarifications to and errata for DO-178B/ED-12B are contained in document DO-248B/ED-94B. SG7 is a subgroup of the aforementioned industry committee that is responsible for the core processes in these documents including the system aspects of software development. This presentation will cover the current activities and “hot” topics within SG7.

Bio: Don Heck is an Associate Technical Fellow at Boeing. He has key expertise in airborne software and systems especially airborne software certification, large scale software development and verification processes, assurance level assignments and flight deck display systems. He has been a Software DER for 15 years, is an Authorized Representative (AR) of the Boeing Commercial Airplanes Delegated Compliance Organization (BDCO) and is Software AR Advisor to 47 BDCO Software ARs, 20 Soft- ware ARs-In-Training, and 47 supplier Software DERs. Don serves as the RTCA co-chair of Subgroup 7 “Communications, Navigation, Surveillance & Air Traffic Management (CNS/ATM) and Special Consid- erations” for joint committee RTCA SC-205/EUROCAE WG-71. He has also been working with SAE S-18/EUROCAE WG-63 on revisions to ARP 4754/ED-79.

NOTES Thursday, August 21 August Thursday, 40 Thursday, August 21 13:00 FAA Order 8110.105, Simple and Complex Electronic Hardware Approval Guidance. Gregg Bartley, FAA

NOTES Track 2: Policy, Guidance, and Aids

41 13:00 Supplier Management/Outsourcing Panel. Uma Ferrell, Ferrell and Associates Consulting, Inc. Fay Trowbridge, Honeywell Jeff Knickerbocker, Sunrise Certification & Consulting, Inc. Brenda Ocker, FAA Leanna Rierson, Digital Safety Consulting Track 3: Selected Topics Track Abstract: Every year we see an increase in distributed development and verification of software. We also read more and more articles on successes as well as failures. Although there is a lot of buzz about this subject in the industry, it has not been a subject in DO-178B, or CAST or FAA Notices or Orders - the issue paper (oversight of suppliers) on 787 projects has been a good start.

The objective of this panel is to

1. Discuss observations of the industry and the regulators in order to gain insight 2. Think of ways to streamline the process of supplier management and provide a recipe for success 3. Provide suggestions to assure software - no difference in quality whether or not a supplier chain is involved

We realize that these are ambitious goals rather than objectives for a panel of limited time – but we are hoping to open the dialogue and get a start on accomplishing the above objectives. Panel members will discuss their experiences and ideas first, and the audience is highly encouraged to contribute towards measures that can assure software when a supplier chain is involved. Suggestions from these discussions will be forwarded to CAST and SC-205 as appropriate.

Bios:

Uma Ferrell: Uma has been responsible for software safety and mission critical systems via technical positions at Reliable Software Technologies (RST), MITRE, General Sciences Corporation (GSC), and Computer Sciences Corporation (CSC). Uma is a co-founder of Ferrell and Associates Consulting. Uma is a consulting DER for systems and equipment (part 23 and part 25 aircraft). Uma holds a Master’s degree in Electrical Engineering from Johns Hopkins University, a Master’s degree in Solid-State Phys- ics and Bachelor’s degrees in Physics, Chemistry and Mathematics from Bangalore University in India. When not busy with certification issues, Uma pursues her hobbies of Indian classical music, gardening, reading, and cooking.

fay trowbridge: Fay is a Software DER with over 20 years of experience in software development for embedded real-time systems in both commercial and military applications for airplanes and helicop- ters. In recent years, she helped develop the Honeywell Aerospace Supplier Assessment and Oversight Process and has been the Honeywell Redmond globalization focal for certification and a member of the Supplier Assessment Team. Fay currently holds the position of TSO Manager for Honeywell Redmond and is serving in the role of Lead TSO Manager for Honeywell Aerospace. She also participates as a member of the RTCA SC-205 (software) committee. Fay has a Bachelor of Science in Computer

Thursday, August 21 August Thursday, Science from Washington State University. 42 Thursday, August 21 Jeff Knickerbocker: Jeff is a consulting DER with over twenty years of experience as a systems/ software engineer. He has led technical teams in designing, developing and verifying real-time embedded software and CEH devices. In addition to industry affiliations he also provides consulting and training services to the FAA and other non-US regulatory agencies. Jeff has an undergraduate degree in Physics and a masters degree in Software Engineering. brenda ocker: Brenda is the Software Technical Specialist for the Chicago Aircraft Certification Of- fice. She has been with the FAA since 1995 and has been in her current position since 2000. She is an active member of the international Certification Authorities Software Team (CAST), the FAA Aircraft Certification Software and Airborne Electronic Hardware team, and the FAA Software and Digital Systems Technical Community Representative Group. She has a BS in Aeronautical Engineering from the University of Illinois.

Leanna Rierson: Leanna is a consultant DER with authority in software and complex electronic hardware. She has 20 years of experience in the software and aviation industry. Leanna spent 9 years as a software and avionics specialist at the FAA; five of those years were in the position of Chief Scientific and Technical Advisor for Aircraft Computer Software. Leanna has also held engineering positions at NCR and Cessna Aircraft Company. Leanna has led numerous national and international software teams. She has been a member of the following RTCA committees: SC-180 (complex electronic hardware), SC-190 (software), SC-200 (integrated modular avionics), and SC-205 (software). Leanna has a master’s degree in software engineering from Rochester Institute of Technology and a bachelor’s degree in electrical engineering from Wichita State University.

NOTES Track 3: Selected Topics

43 15:00 Formal Methods. Kelly Hayhurst, NASA Langley Research Center

Abstract: Section 12.3.1 of RTCA/DO-178B, Software Considerations in Airborne Systems and Equipment Certification, gives a brief description of using formal methods as an alternate method of compliance with objectives. Since the issue of DO-178B in 1992, advances and experience gained in techniques and tools for formal methods have allowed them to be used to meet some of the verification objectives. To date, however, few developers have actually used formal methods for certification credit. The Formal Methods Subgroup of RTCA SC-205/EURO- CAE WG-71 is working to develop guidance for applicants and certification authorities to make the use of formal methods a recognized, if not normal, approach. This presentation will provide an overview and status of the activities of the Formal Methods Subgroup of RTCA SC-205.

Bio: Kelly Hayhurst is a senior research scientist at NASA Langley Research Center in Hampton, Virginia. She holds a B.A. in mathematics from Virginia Tech and a M.A. in mathematics and operations research from the College of William and Mary. Since 1988, she has worked with the FAA on several research projects involving verification and certification issues for aviation software. She is currently serving as a co-chair of the RTCA SC-205/WG-71 Subgroup on Formal Methods, even though she is

Track 1: RTCA / SC-205 DO-178 Revision Status Revision / SC-205 DO-178 1: RTCA Track not very formal.

NOTES Thursday, August 21 August Thursday, 44 Thursday, August 21 15:00 Database Integrity Policy for Aeronautical Data. Brad Miller, FAA

Abstract: This presentation is about updates to the advisory circular (AC) 20-153, which provides guidance material on how to evaluate whether aeronautical data processes comply with the requirements of RTCA/DO-200A. This AC provides guidance for organizations within the aeronautical data chain to follow in order to obtain a Letter of Acceptance (LOA) from the FAA that acknowledges their compliance regarding aeronautical data processing. The FAA intends to further implement RTCA/DO-200A and lift the limitation that the criteria in AC 20-153 address navigation databases only. These criteria will be made available to the users of Airport Map Databases (AMDs), as well as terrain and obstacle databases, to provide an acceptable means for ensuring data integrity for these intended functions.

AC 20-159, Airport Moving Map Display Applications. Brad Miller, FAA

Abstract: This presentation is about the AC 20-159, which provides guidance material to obtain design and production approval under TSO C-165, Electronic Map Display Equipment for Graphical Depiction of Aircraft Position, for the software and database used to provide an airport moving map display (AMMD) intended for use on a Class 2 EFB for ground operations. This AC is to be used in conjunction with the guidance in AC 120-76A if you are applying for TSOA to enable use of an AMMD in an EFB.

Bio: Brad Miller is an Aerospace Engineer with the Avionic Systems Branch (AIR-130) in Washing- ton, D.C. He is on the Special Projects Team and leads policy projects concerning Aeronautical Database Integrity, Vertical Flight, RVSM Altimetry, Electronic Flight Bags, ISO-9000 Quality Management, and others. He is responsible for the publication of numerous documents, including AC 20-153, AC 20-159, AC 120-76A, TSO-C165, and FAA Order 8110.55. He has many years of experience in private industry working for General Electric, as well as in the military as a Navy Pilot. He is a graduate of Vanderbilt University and hails from Nashville, Tennessee.

NOTES Track 2: Policy, Guidance, and Aids

45 15:00 International Perspectives. Jean-Luc Delamaide, EASA, and Mary Cheston and Will Struck, FAA

Abstract: This presentation will address the global challenges of software certification, particularly FAA’s cooperation with Europe.

Bios:

Track 3: Selected Topics Track Jean-Luc DELAMAIDE: Jean-Luc is Head of Section “Software and Complex Electronic Hardware” of the EASA (European Aviation Safety Agency). He joined the EASA in 2005 after 7 years as airborne software specialist (both military and civil) within the French NAA (DGA-DGAC) where he coordinated the A380 SW and CEH aspects of certification. Within the EASA, his today’s goal is to deal with all aspects related to SW and CEH including certification, research, rulemaking and standardization.

Mary Cheston: Mary is the Manager, International Policy Office for the Aircraft Certification Service, Federal Aviation Administration. Her office is responsible for the development, design and direction of FAA’s international airworthiness policies, including bilateral agreements with other countries for the reciprocal acceptance of aeronautical products.

Will Struck: Will is an Aerospace Engineer for the FAA Transport Airplane Directorate Standards Staff in the Airplane and Flight Crew Interface Branch (ANM-111). His responsibilities include policy and guidance for Part 25 airplanes relative to system architectures, avionics (including IMA systems), data- buses, network security, electronic flight bags (EFB), and software, databases, and complex electronic hardware (CEH) assurance across all aircraft systems and equipment using digital technology. Will is currently an active member of the international Certification Authorities Software Team (CAST), international Joint Committee RTCA SC-205/WG-71 to revise DO-178B, RTCA SC-216/WG-72 Aircraft Net- work Security; FAA Software and Digital Systems (SDS) technical research team, FAA National Soft- ware and CEH Team; and many transport category certification project and validation program teams.

NOTES Thursday, August 21 August Thursday, 46 Thursday, August 21 16:00 A Generalized Model for Information/Objectives. George Romanski, Verocel, Inc.

Abstract: Subgroup 2.1 of SC-205 has been working on a general model for all of the objectives that would facilitate the use of newer technology and techniques without losing the original basis for creating the objectives. Issue Paper 217 (IP-217) addresses the notion that in many development methodologies it may be more appropriate to organize requirements, design and source code in a way that reflects the natural information hierarchies for the software rather than a strict high-level/low-level requirement organization. These information hierarchies, or Tiers, have requirements, design information and a description of the subcomponents which are tiers at the next hierarchical level. The verification objectives at each tier are uniform and consistent.

The presentation will describe “a generalized model for objectives” and provide a rationale for its adoption.

Bio: george Romanski has been involved in the software industry for over 36 years. He has developed software tools, techniques and guidance which are used to certify numerous avionics and aerospace programs. Mr. Romanski serves the safety-critical industry as a member of several committees including SC-205 (Development of DO-178C). Mr. Romanski is president of Verocel, a company specializing in the verification of software, and in the development of tools and guidance that helps in this process.

NOTES Track 1: RTCA / SC-205 DO-178 Revision Status

47 16:00 TSO Process and Policy Revisions. Norman Pereira, FAA

Abstract: This presentation will discuss the current Technical Standard Order (TSO) process and also the planned changes to Order 8150.1, Technical Standard Order Procedures, which provides the policy governing the TSO process. The presentation will also cover some new initiatives on the TSO process to evaluate the present TSO process and the possible need to enhance the TSO process to take into account recent technological advancements.

Bio: Norman Pereira joined the FAA in Sept 2002. Norman worked at the New York Aircraft Certi- fication Office for four years as the OMT Lead for a DAS issuing more than 50 STC’s a year. He now works for FAA headquarters in the AIR-120 branch. Prior to his time in the FAA, Norman worked as an Electrical Systems Engineer in industry for 14 years. He was involved in the design and implementation Track 2: Policy, Guidance, and Aids Guidance, 2: Policy, Track of Electrical/Electronic controls for Auxiliary Fuel System for Part 25 aircraft.

NOTES Thursday, August 21 August Thursday, 48 Thursday, August 21 16:00 Reverse Engineering. Jeff Knickerbocker, Sunrise Certification & Consulting, Inc.

Abstract: This presentation will briefly examine existing regulatory material and provide opportunities to discuss how one might structure a reverse engineering process which will fit within the current regulatory material. DO-178B, DO-254, DO-248B, CAST papers, various aircraft certification office perspectives and the current state of industry practice will be examined.

Bio: Jeff Knickerbocker is a consulting DER with over twenty years of experience as a systems/ software engineer. He has led technical teams in designing, developing and verifying real-time embedded software and CEH devices. In addition to industry affiliations he also provides consulting and training services to the FAA and other non-US regulatory agencies. Jeff has an undergraduate degree in Physics and a masters degree in Software Engineering.

NOTES Track 3: Selected Topics

49 50 51 52