Designing a Flight Assistance System for Regional Air Mobility
When emerging segments such as Regional Air Mobility (RAM) are investigated, some challenging aspects arise. For the RAM vision, the increased usage of light transport vehicles in the overall airspace is targeted. As a representation of corresponding vehicles, a simulated flight of a Cessna is shown on Figure 1. With the simulation, the context of increased traffic and related dangerous scenarios is highlighted. To prevent such occurrences in future airspace, improved flight assistance is necessary. Hence, DLR’s use case in the XANDAR project is the design of a Flight Assistance System (FAS) for the RAM context. Within this context, the ability to handle encounters with other vehicles and terrain is essential. Consequently, assistance in terms of terrain and traffic avoidance were selected as the main features to include in the FAS.
According to the model-based frontend of the XANDAR toolchain, the architecture design was executed [1]. Initially, a high-level architecture of the FAS was created that is displayed in Figure 2. The main components within the FAS are the Data Acquisition System, the Avionic Computer, and the Pilot Assistance HMI. Through the Data Acquisition System, all important information is collected, prepared, and forwarded to the Avionic Computer. Based on this information, the Avionic Computer computes all required advisories which are then displayed on the Pilot Assistance HMI. Through this process, the Pilot would be warned in advance and the scenario in Figure 1 could be prevented.
The high-level architecture does not only serve as a starting point for the lower-level design but additionally provides an entry point for a first safety- and security consideration. For these considerations, it is important to investigate the context of the system which is therefore also depicted in Figure 1. Essentially, a tight coupling of system design and non-functional analysis is vital for the X-by-Construction approach targeted by the XANDAR toolchain [1]. The results of these analyses are directly incorporated in the subsequent system design activities and help to establish a certifiable system. In XANDAR related publications, the topics of how to approach safety [2,3], security [4], and timing [5] is elaborated further. When using the XANDAR toolchain, the analysis findings can be addressed by choosing related design patterns [1]. This approach will be demonstrated with an internal view into the Avionic Computer in Figure 3. The applications within the Avionic Computer run in a partitioned environment using the fentISS hypervisor XtratuM. Hence, the architecture can be divided into the hardware, partition, and software layer. On the Avionic Computer, the incoming Sensor Data is preprocessed and then provided to the main functionality. Using this information, the collision avoidance is provided by the openCAS software while the terrain avoidance is calculated with the openTAWS software. Resulting terrain and traffic advisories are postprocessed and forwarded to the Pilot Assistance HMI, which is not displayed in Figure 3. With the XANDAR toolchain, the application of design patterns is targeted that help to achieve non-functional properties such as safety and security. To illustrate the pattern application, some examples are displayed in Figure 3. Exemplary, the interfaces could be encrypted to enhance the security, the Operational Design Domain (ODD) could be monitored to ensure a safe working environment, and a data logging pattern could be applied to satisfy regulatory requirements that demand traceability of the functionality. Overall, this example shows how the XANDAR approach helps to facilitate an X-by-Construction system design that incorporates systematic analyses and addresses identified issues with corresponding mitigations.
Sources:
[1] L. Masing et al., “XANDAR: Exploiting the X-by-Construction Paradigm in Model-based Development of Safety-critical Systems,” 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE), Antwerp, Belgium, 2022, pp. 1-5, doi: 10.23919/DATE54114.2022.9774534.
[2] A. Ahlbrecht, W. Zaeske and U. Durak, “Model-Based STPA: Towards Agile Safety-Guided Design with Formalization,” 2022 IEEE International Symposium on Systems Engineering (ISSE), Vienna, Austria, 2022, pp. 1-8, doi: 10.1109/ISSE54508.2022.10005396.
[3] A. Ahlbrecht and U. Durak, “Model-Based STPA: Enabling Safety Analysis Coverage Assessment with Formalization,” 2022 IEEE/AIAA 41st Digital Avionics Systems Conference (DASC), Portsmouth, VA, USA, 2022, pp. 1-10, doi: 10.1109/DASC55683.2022.9925883.
[4] F. Siddiqui et al., “XANDAR: A holistic Cybersecurity Engineering Process for Safety-critical and Cyber-physical Systems,” 2022 IEEE 95th Vehicular Technology Conference: (VTC2022-Spring), Helsinki, Finland, 2022, pp. 1-5, doi: 10.1109/VTC2022-Spring54318.2022.9860859.
[5] T. Dörr et al., “A Behavior Specification and Simulation Methodology for Embedded Real-Time Software,” 2022 IEEE/ACM 26th International Symposium on Distributed Simulation and Real Time Applications (DS-RT), Alès, France, 2022, pp. 151-159, doi: 10.1109/DS-RT55542.2022.9932069.
