Thursday, October 1, 2009
Product Focus: Software
Software developers are increasingly tasked with safely and securely integrating multiple avionics software applications
The fusing of data that gives flight crews better insight into aircraft operations is directly related to the ability of software providers to integrate data from multiple aircraft systems like sensor control, communications and displays. It is a capability that is becoming prevalent in both military and commercial avionics software.
Combined with high-level security, such fusion is expected to bring office-type applications like Excel to the flight deck — something FAA would never consider in the past but which may now be possible on electronic flight bags.
"I don’t see one area of application software being dominant; what I do see, at least on the software engineering side, is the integration of applications with each other as opposed to them being separate components," said David Kleidermacher, chief technology officer for Green Hills Software, based in Santa Barbara, Calif. "Such integration gives the analyst or pilot a better, more intelligent view of what’s going on with the airplane."
Over the past five years or so, integration of software systems has been driven by next-generation aircraft — the Boeing 787 and Airbus A350 on the commercial side and the F-35 Lightning II on the military side — and the desire to give pilots better, more and faster information.
"If you look at the F-22 as the current generation, whatever you’re seeing on that aircraft will be more so on F-35 and 787, and consist of a fused, common, integrated platform," Kleidermacher said.
The movement to integrated software is being driven by two challenges facing software designers today — complexity of systems due to elements like network connectivity and a reduction in hardware and discrete components due to more powerful processors with greater memory.
Together, both of those challenges drive the need for more secure software systems because the integration of software systems combined with fewer discrete components means security breaches can have a devastating effect on all systems instead of only one or two.
"Safety and security is front and center in the minds of software designers in order to ensure that the failure of one component is not propagated to others," said Kleidermacher. "With avionics, where safety and security is tantamount, that level of trust has to be higher."
Green Hills points to the certification of its Integrity-178B operating system in 2008 to Common Criteria Evaluation Assurance Level (EAL) 6+, the highest security level ever achieved for an operating system, as a hallmark for OS security throughout aviation. The EAL 6+ designation came from the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA), and provides for "high robustness" in protecting classified data on aircraft like the F-35 Lightning II.
Under the certification, Integrity is proven to protect against "hostile, well-funded attacks," the company said. The RTOS already is certified to DO-178B Level A for safety-critical avionics, and is applied in the Joint Strike Fighter and F-22 Raptor among other platforms.
"What you’re seeing in next-generation avionics is that the systems are connected to battle commanders over the GIG (Global Information Grid)," Kleidermacher said. "Avionics on an airplane is like a microcosm of the GIG, with information being shared across the GIG through mobile devices, PCs and servers. The key is developing a solution to consolidate those information flows."
Green Hills has worked with the Army’s U.S. Central Command (CENTCOM), for example, to use the Integrity operating system to manage information security in instances where three or four PCs are consolidated into one "beefier" PC. Part of the project with CENTCOM is not only to look at collapsing the number of PCs, but also to figure out how to collapse the network.
"Taking four or five networks and running them on a single wire is hard to do," Kleidermacher said, adding the key is encryption and obfuscation that prevents outsiders from being able to read the data flows on that single wire. "Anything that can combine the network on one wire and also keep them segregated on that single wire is a big win."
The need for security will become exponentially greater in the near future when those collapsed hardware systems and networks are also running commercial off-the-shelf software like Microsoft or Linux next to system critical software, or when in-flight entertainment systems or Wi-Fi, for example, have physical connections to an aircraft’s avionics system.
Kleidermacher is among those who believe the industry is on a fast track to secure virtualization that will make it possible to do things like run Linux on top of Green Hills’ Integrity OS.
"Imagine the Internet going into your plane, and that network being connected to safety critical systems," he said.
"Virtualization is very exciting. We’ve got the security certification, but to take maximum advantage of that we need to be able to run more software like Microsoft and Linux."
One of the largest suppliers of aerospace and avionics-related software systems, Wind River, of Alameda, Calif., was acquired by Intel Corp., in June for $844 million and is now part of the chipmaker’s Software Services Group. Wind River will continue to be an independent company with its own board of directors and own separate identity, though Intel owns all of the company’s stock.
Firewalls will be erected to prevent Intel from accessing sensitive corporate data and to protect intellectual property of other semiconductor manufacturers that do business with Wind River, including IBM, Qualcomm and Freescale Semiconductor.
Wind River doesn’t expect a significant flow of additional capital to come from Intel, but the company does expect to see "important changes" in the way both companies do business, according to Rob Hoffman, Wind River vice president and general manager for aerospace and defense (A&D).
"Because we now have a software OS and a device company, as well as a microprocessor company, we expect to help Intel understand the requirements of A&D with respect to processors, especially multi-core processors, and security and safety," said Hoffman, who emphasized that he is not a company spokesman on the subject of the Intel acquisition.
"One of the biggest issues in microprocessors is the very strong trend to multi-core (where there are more than one processor on a chip). Multi-core is a challenge in A&D because security and software are critical."
Freescale, based in Austin, Texas, has become one of the world leaders in developing multi-core semiconductors. The company has developed chips with as many as eight cores, enabling the consolidation of multiple applications running on separate processors onto a single multi-core processor. The advantage for avionics is multi-core chips can significantly reduce the size, weight and power (SWaP) requirements, along with associated cooling needs, of cockpit systems.
"We see a strong trend toward multi-core in aerospace and defense," said Chip Downing, Wind River director of business development for A&D. "There is a desire to have more applications and functionality without increasing SWaP."
The advent of multi-core functionality has done as much as anything to raise awareness for enhanced security in aerospace, as well as in many other industries ranging from automobile manufacturing (because today’s cars are all processor controlled) to energy production/distribution to finance. Such industries have the same need for safety and security in software systems as does aerospace.
Like Green Hills, Wind River is developing its own "high robust" software that meets NSA requirements for safety and security in highly classified systems.
"The process we’re all talking about is Multiple Independent Levels of Security (MILS), which is a basis for multi-level systems that can do secret, top secret and unclassified on the same system," said Hoffman. "While there’s been a long tradition of time and space partitioning of operating systems, this particular flavor of time and space partitioning — the high robustness and MILS — is relatively new."
Wind River is facilitating multi-core systems through its Hypervisor product, which leverages multiple operating systems in a single device. Hypervisor is of particular value in the area of technology refresh, which can become increasingly burdensome and expensive with four, eight or even as many as 24 cores in a next-generation multi-core system.
"There’s not a lot of change from one generation of the PowerPC chip to the next," said Hoffman. "But if you’re going from a 4-core to a 24-core processor the technology refresh challenge is greater.
"With Hypervisor, you can go from a 4-core to an 8-core avionics upgrade with minimal testing. It permits independent, asynchronous, incremental refresh of applications in a single system."
Multi-core architectures are very compelling to system engineers because of the very clear SWaP benefits. They are less so for government regulators like FAA and the European Aviation Safety Agency (EASA), which are concerned that bugs in one core could infect all the other applications on a multi-core chip.
"The trend to multi-core won’t stop," Hoffman said. "Figuring out how to do safe and secure systems using multi-core is important because certification authorities like FAA and EASA are not comfortable certifying high-level systems that are based on multi-core processors.
"That’s where our focus is, and it is one of the things that the acquisition by Intel can help."
Avionics Magazine’s Product Focus is a monthly feature that examines some of the latest trends in different market segments of the avionics industry. It does not represent a comprehensive survey of all companies and products in these markets.
AIM GmbH www.aim-online.com
Aircraft Management Technologies www.flightman.com
Astronautics Corporation of America www.astronautics.com
Avionyx, Inc. www.avionyx.com
Cobham Technical Services www.cobham.com/technicalservices
DAC International www.dacint.com
Data Device Corp. www.ddc-web.com
EMS Formation www.formation.com
ENSCO, Inc. www.ensco.com
Esterline Avista www.avistainc.com
Excalibur Systems, Inc. www.mil-1553.com
Freescale Semiconductor www.freescale.com
Gables Engineering www.gableseng.com
Gallium Visual Systems Inc. www.gallium.com
GE Fanuc Intelligent Platforms, Inc. www.gefanucembedded.com
General Dynamics Canada www.gdcanada.com
Green Hills Software www.ghs.com
Horizon Business Concepts www.hbcinc.com
IMS Flight Deck www.imsconsultants.com
InfoTrust Group www.infotrustgroup.com
Kongsberg Defence & Aerospace www.kongsberg.com
Lufthansa Systems www.lhsystems.com
Mercury Computer Systems www.mc.com
Objective Interface Systems, Inc. www.ois.com
Presagis Inc. www.presagis.com
Quantum3D, Inc. www.quantum3d.com
Real-Time Innovations www.rti.com
RMS Technology, Inc. www.rmstek.com
Sagem Avionics www.sagemavionics.com
Softwright LLC www.softwright.com
SYSGO AG www.sysgo.com
TechSAT GmbH www.techsat.com
Teledyne Controls www.teledyne-controls.com
Ultramain Systems Inc. www.ultramain.com
Vector Software www.vectorcast.com
Wind River www.windriver.com
Following are some recent developments announced by developers of aerospace and avionics software.
AdaCore in June announced that Lockheed Martin will use its GNAT Pro software development environment to develop the Flight Management System Interface Manager and Radio Control software on the C-130J Super Hercules.
The selected product is GNAT Pro High-Integrity Edition for a PowerPC running VxWorks 653 from Wind River. GNAT Pro is being used for the Block 7.0 software upgrade of the C-130J, which includes a new flight management system developed cooperatively between GE Aviation and Lockheed Martin.
In addition, AdaCore in June said Thales had selected the GNAT Pro system, including several safety-qualified tools, to develop systems for the Airbus A350 XWB. Thales will use the system to build the aircraft’s air data inertial reference unit. AdaCore said GNAT Pro is available on all active versions of Wind River’s VxWorks real-time operating system (RTOS).
Aircraft Management Technologies (AMT), of Dublin, Ireland, released an emission monitoring application as an optional extension on its Flightman electronic flight bag software. The application is an extension of the system’s Fuel Performance Analysis module.
The Carbon Emission Monitoring application will collect, record and analyze all relevant levels of carbon emissions and usage data, resulting in near-real-time management of carbon emission reporting.
Lufthansa Systems announced a number of contracts in recent months. In August, the company signed a five-year contract with Italian cargo carrier Cargoitalia to provide its Lido RouteManual navigation charts, Flight Management System (FMS) data and Lido Topas and Lido Landing Performance systems for performance data analysis.
Also in August, Lufthansa Systems announced a five-year contract to provide Albanian airline Belle Air with Lido FMS and its comprehensive navigation data for cockpit systems.
In April, ORBexpress, a communications middleware made by Objective Interface Systems, of Herndon, Va., became the first such software to be evaluated under the Common Criteria security certification standard. ORBexpress is undergoing the certification for the F-35 Lightning II Communications, Navigation and Identification system, which is being developed by Northrop Grumman. The company said it expected to complete the evaluation process by the end of 2009.
In April, SYSGO AG, based in Mainz, Germany, announced a partnership with Vector Software, of East Greenwich, R.I., to allow DO-178B certifiable PikeOS developers to use software testing and code coverage from Vector Software as part of the certification process of their applications.
"When we discuss the challenges of certification with our customers, they always stress the need for an integrated development environment and comprehensive toolset," said Jacques Brygier, SYSGO vice president of marketing. "Because PikeOS is primarily used for the development of safety-critical applications, the testing phase is also mandatory for our customers. This partnership with Vector Software is a natural fit as the two companies not only target the same type of customers and applications, but also share the same priorities in terms of engineering expertise, product quality and customer support."
Mercury Computer Systems, based in Chelmsford, Mass., in July was awarded a $2.7 million production order from General Atomics Aeronautical Systems to provide RACE++ Series rugged computing modules for the Predator unmanned aircraft system (UAS) Lynx Block 20 synthetic aperture radar (SAR) technology upgrade. Mercury provides its scalable RACE Series and RACE++ Series computing modules and software for multiple generations of General Atomics’ Lynx SAR product line.
In June, Quantum3D, of San Jose, Calif., issued a new version of "IData," its Human Machine Interface (HMI) toolkit. IData version 3.0.4 adds a DO-178B certified widget library, ARINC 661 capabilities, 3-D user interface capabilities and digital mapping features. It is applicable for unmanned vehicles, helicopters, in-flight entertainment and synthetic vision, the company said.
Additionally, Quantum3D in April said it achieved ISO 9001:2008 certification. The company said the certification is an important driver of quality for its efforts in the next generation of military programs, including the use of its ExpeditionDI man-wearable training systems for immersive ground soldier training.