NASA/CR–2020-220586 Run Time Assurance as an Alternate Concept to Contemporary Development Assurance Processes Eric M. Peterson Electron International II Inc., Phoenix, Arizona Michael DeVore and Jared Cooper Barron Associates, Inc., Charlottesville, Virginia Greg Carr Architecture Technology Corporation, Campbell, California April 2020 NASA STI Program . in Profile Since its founding, NASA has been dedicated to the • CONFERENCE PUBLICATION. advancement of aeronautics and space science. The Collected papers from scientific and technical NASA scientific and technical information (STI) conferences, symposia, seminars, or other program plays a key part in helping NASA maintain meetings sponsored or this important role. co-sponsored by NASA. The NASA STI program operates under the auspices • SPECIAL PUBLICATION. Scientific, of the Agency Chief Information Officer. It collects, technical, or historical information from NASA organizes, provides for archiving, and disseminates programs, projects, and missions, often NASA’s STI. The NASA STI program provides access concerned with subjects having substantial to the NTRS Registered and its public interface, the public interest. NASA Technical Reports Server, thus providing one of the largest collections of aeronautical and space • TECHNICAL TRANSLATION. science STI in the world. Results are published in both English-language translations of foreign non-NASA channels and by NASA in the NASA STI scientific and technical material pertinent to Report Series, which includes the following report NASA’s mission. types: Specialized services also include organizing • TECHNICAL PUBLICATION. Reports of and publishing research results, distributing completed research or a major significant phase of specialized research announcements and feeds, research that present the results of NASA providing information desk and personal search Programs and include extensive data or theoretical support, and enabling data exchange services. analysis. Includes compilations of significant scientific and technical data and information For more information about the NASA STI program, deemed to be of continuing reference value. see the following: NASA counter-part of peer-reviewed formal professional papers but has less stringent • Access the NASA STI program home page at limitations on manuscript length and extent of http://www.sti.nasa.gov graphic presentations. • E-mail your question to [email protected] • TECHNICAL MEMORANDUM. Scientific and technical findings that are • Phone the NASA STI Information Desk at preliminary or of specialized interest, 757-864-9658 e.g., quick release reports, working papers, and bibliographies that contain minimal • Write to: annotation. Does not contain extensive analysis. NASA STI Information Desk Mail Stop 148 • CONTRACTOR REPORT. Scientific and NASA Langley Research Center technical findings by NASA-sponsored Hampton, VA 23681-2199 contractors and grantees. NASA/CR–2020-220586 Run Time Assurance as an Alternate Concept to Contemporary Development Assurance Processes Eric M. Peterson Electron International II Inc., Phoenix, Arizona Michael DeVore and Jared Cooper Barron Associates, Inc., Charlottesville, Virginia Greg Carr Architecture Technology Corporation, Campbell, California National Aeronautics and Space Administration Langley Research Center Prepared for Langley Research Center Hampton, Virginia 23681-2199 under Contract NNL16AA12B/0LARC18F0193 April 2020 Acknowledgments This research work was awarded by NASA under Basic and Applied Aerospace Research and Technology (BAART) Contract No. NNL16AA12B, Task Order No. 80LARC18F0193. The research was jointly funded by NASA and the FAA. The NASA technical monitor for this task is Mr. Wilfredo Torres- Pomales. The FAA technical monitors are Barbara Lingberg and Srini Mandalapu. The authors would like to acknowledge Jacek Kawecki and the Uber Elevate team for providing a distributed electric propulsion vehicle concept with distributed control architecture for an Urban Air Mobility concept of operations which was analyzed in the context of evaluating alternate assurance practices. The use of trademarks or names of manufacturers in this report is for accurate reporting and does not constitute an official endorsement, either expressed or implied, of such products or manufacturers by the National Aeronautics and Space Administration. Available from: NASA STI Program / Mail Stop 148 NASA Langley Research Center Hampton, VA 23681-2199 Fax: 757-864-6500 Table of Contents Executive Summary .................................................................................................................... 1 1. Research Focus Summary .................................................................................................... 2 1.1. Identification of Current Assurance Practices and Alternate Approaches ............................. 2 1.2. Definition of a Notional Airborne System ....................................................................... 4 1.3. Case Study Application of Alternate and Contemporary Assurance Practices ...................... 4 2. Research Summary and Recommendations .......................................................................... 5 2.1. Alternate Assurance Concept Equivalence Evaluation ...................................................... 5 2.2. Recommendations ........................................................................................................ 7 3. Alternate Assurance Concept Identification .......................................................................... 8 3.1. Run Time Assurance (RTA) Concept ............................................................................10 3.1.1. Establish RTA Operational Philosophy and Goals ....................................................11 3.1.2. System Function Allocation ..................................................................................14 3.1.3. Define Fail Safe Boundaries ..................................................................................16 3.2. Tailoring the Alternate Assurance Concept .....................................................................19 3.3. Alternate Assurance Concept and Consensus Standards ...................................................19 Appendix A: Alternate Assurance Concept Application Case Study .............................................20 A1.0 Case Study Framework ......................................................................................................21 A2.0 Notional Aircraft and Systems Concept Description ............................................................21 A2.1 – Identify Airplane Level Functions ...................................................................................25 A2.2 – Identify airplane level functional requirements ..................................................................26 A2.2.1 – Identify eCRM-001 Certification Strategy – Baseline Process .......................................26 A2.3 Identify Airplane Certification Strategy – Alternate Assurance Concept ..................................36 A2.3.1 Identify RTA Goals and Airplane Level Requirements ...................................................36 A2.4 Identify Airplane Level Safety Objectives (AFHA) ..............................................................37 A2.5 Allocate Airplane Level Functions to Systems .....................................................................48 A2.6 Develop Aircraft Functional Level Architecture ...................................................................51 A2.6.1 eCRM-001 Integrated Flight Propulsion Control System Description ...............................51 A2.6.2 eCRM-001 Electrical Power System.............................................................................54 A2.6.3 FPCS Architecture Safety Validation............................................................................55 A2.7 – Development Process Objectives and Assumptions ............................................................57 A3.0 System Development and Planning .....................................................................................59 A3.1 Develop FPCS Level Functions .........................................................................................60 A3.2 Develop System Level Architecture Requirements ...............................................................63 i A3.2.1 Develop Example Manual VTOL Control Function Requirements ...................................65 A3.2.2 Develop Example Automatic VTOL Control Function Requirements ...............................66 A3.2.3 Develop RTA Monitor Function Requirements ..............................................................75 A3.3 Identify System Level Safety Objectives (SFHA) .................................................................75 A3.4 Develop System Architecture ............................................................................................87 A.3.4.1 Develop Baseline Architecture ....................................................................................87 A3.4.2 Develop RTA Architecture Criteria ..............................................................................87 A3.5 Derive System Requirements .............................................................................................92 A3.5.1 Derive RTA System Requirements ...............................................................................92 A3.6 FPCS PSSA – Baseline Process ......................................................................................