Fault Management Architectures and the Challenges of Providing Software Assurance

Similar documents
Developing NASA s Fault Management Guidebook for Deep Space Robotic Missions

Dan Dvorak and Lorraine Fesq Jet Propulsion Laboratory, California Institute of Technology. Jonathan Wilmot NASA Goddard Space Flight Center

ESA Human Spaceflight Capability Development and Future Perspectives International Lunar Conference September Toronto, Canada

Testimony to the President s Commission on Implementation of the United States Space Exploration Policy

A FRAMEWORK FOR PERFORMING V&V WITHIN REUSE-BASED SOFTWARE ENGINEERING

Planetary Protection at NASA: Overview and Status

A RENEWED SPIRIT OF DISCOVERY

Autonomous and Autonomic Systems: With Applications to NASA Intelligent Spacecraft Operations and Exploration Systems

Space Challenges Preparing the next generation of explorers. The Program

A Call for Boldness. President Kennedy September 1962

Planetary Protection at NASA: Overview and Status

NASA Mission Directorates

NASA s Exploration Plans and The Lunar Architecture

Result of ESF Study Background and Draft Conclusions

The Global Exploration Roadmap International Space Exploration Coordination Group (ISECG)

The Preliminary Risk Analysis Approach: Merging Space and Aeronautics Methods

SPACE STUDIES BOARD MEETING NASA Science Overview. Thomas H. Zurbuchen Associate Administrator Science Mission Directorate,

A RENEWED SPIRIT OF DISCOVERY

Constellation Systems Division

Christopher J. Scolese NASA Associate Administrator

Controlling Changes Lessons Learned from Waste Management Facilities 8

The Future of the US Space Program and Educating the Next Generation Workforce. IEEE Rock River Valley Section

NASA s Down- To-Earth Principles Deliver Positive Strategic Outcomes

Mission Applications for Space A&R - G.Visentin 1. Automation and Robotics Section (TEC-MMA)

The NASA-ESA. Comparative Architecture Assessment

NASA Ground and Launch Systems Processing Technology Area Roadmap

MSL Lessons Learned Study. Presentation to NAC Planetary Protection Subcommittee April 29, 2013 Mark Saunders, Study Lead

Exploration Systems Research & Technology

Human Spaceflight: The Ultimate Team Activity

ARTES Competitiveness & Growth Full Proposal. Requirements for the Content of the Technical Proposal

Evolution of Software-Only-Simulation at NASA IV&V

ESA Strategic Framework for Human Exploration

Automation & Robotics (A&R) for Space Applications in the German Space Program

estec PROSPECT Project Objectives & Requirements Document

Miguel A. Aguirre. Introduction to Space. Systems. Design and Synthesis. ) Springer

Dream Chaser Frequently Asked Questions

ARTES Competitiveness & Growth Full Proposal. Requirements for the Content of the Technical Proposal. Part 3B Product Development Plan

Exploration Systems Mission Directorate: New Opportunities in the President s FY2011 Budget

ABSTRACT. Keywords: ESSP, Earth Venture, program management, NASA Science Mission Directorate, Class-D mission, Instrument-first 1.

ASSEMBLY 37TH SESSION

Spacecraft Autonomy. Seung H. Chung. Massachusetts Institute of Technology Satellite Engineering Fall 2003

NASA s X2000 Program - an Institutional Approach to Enabling Smaller Spacecraft

Design and Operation of Micro-Gravity Dynamics and Controls Laboratories

BEYOND LOW-EARTH ORBIT

Appendix-1. Project Design Matrix (PDM)

HEOMD Update NRC Aeronautics and Space Engineering Board Oct. 16, 2014

NEO Science and Human Space Activity. Mark V. Sykes Director, Planetary Science Institute Chair, NASA Small Bodies Assessment Group

U.S. Space Exploration in the Next 20 NASA Space Sciences Policy

Space Systems Engineering

SNPP ATMS Alternate Scan Profile For Risk Mitigation To Extend On-Orbit Life

Technology Roadmapping. Lesson 3

NASA s Human Space Exploration Capability Driven Framework

Benefiting government, industry and the public through innovative science and technology

Earth Science and Applications from Space National Imperatives for the Next Decade and Beyond

NASA Mars Exploration Program Update to the Planetary Science Subcommittee

AN ENABLING FOUNDATION FOR NASA S EARTH AND SPACE SCIENCE MISSIONS

Invitation for involvement: NASA Frontier Development Lab (FDL) 2018

Workshop on Intelligent System and Applications (ISA 17)

Implementing the International Safety Framework for Space Nuclear Power Sources at ESA Options and Open Questions

Method for CubeSat Thermal-Vacuum testing specification

System Architecture Module Exploration Systems Engineering, version 1.0

Understand that technology has different levels of maturity and that lower maturity levels come with higher risks.

Perspectives on human and robotic spaceflight. Steve Squyres Chairman, NASA Advisory Council Cornell University

Space Challenges Preparing the next generation of explorers. The Program

An Iterative Subsystem-Generated Approach to Populating a Satellite Constellation Tradespace

Israel Railways No Fault Liability Renewal The Implementation of New Technological Safety Devices at Level Crossings. Amos Gellert, Nataly Kats

Models, Simulations, and Digital Engineering in Systems Engineering Restructure (Defense Acquisition University CLE011)

Space Launch System Design: A Statistical Engineering Case Study

Introduction to ILWS. George Withbroe. Office of Space Science Sun Earth Connection Division NASA Headquarters

Credits. National Aeronautics and Space Administration. United Space Alliance, LLC. John Frassanito and Associates Strategic Visualization

GSFC CONFIGURATION MANAGEMENT MANUAL

Violent Intent Modeling System

The Application of SE Methodologies to the design and development of a Space Telescope

Space Technology FY 2013

NASA Space Exploration 1 st Year Report

Office of Chief Technologist - Space Technology Program Dr. Prasun Desai Office of the Chief Technologist May 1, 2012

The Future of Space Exploration in the USA. Jakob Silberberg

Planetary Data System (PDS) At the DPS Astrophysics Assets Workshop

Software-Intensive Systems Producibility

Exploration Partnership Strategy. Marguerite Broadwell Exploration Systems Mission Directorate

Cover. DLR-ESA Workshop on ARTES-11. SGEO: Implementation of of Artes-11. Dr. Andreas Winkler

Human Spaceflight Programmes and Possible Greek Participation

The Global Exploration Roadmap


The Global Exploration Roadmap

Focus Session on Commercial Crew

Design for Affordability in Complex Systems and Programs Using Tradespace-based Affordability Analysis

PACE Science Definition Team Kickoff Meeting. Paula Bontempi, Betsy Edwards, Eric Ianson, Hal Maring, Woody

Technology Capabilities and Gaps Roadmap

Dave Podlesney Program Director Lockheed Martin Space Systems Company

ENGAGE MSU STUDENTS IN RESEARCH OF MODEL-BASED SYSTEMS ENGINEERING WITH APPLICATION TO NASA SOUNDING ROCKET MISSION

Autonomy Test & Evaluation Verification & Validation (ATEVV) Challenge Area

The Authorization and Licensing of Small Satellite Missions

PREFERRED RELIABILITY PRACTICES. Practice:

Observations and Recommendations by JPL

Asteroid Redirect Mission (ARM) Update to the Small Bodies Assessment Group

The Aerospace Corporation s Concept Design Center

Science Enabled by the Return to the Moon (and the Ares 5 proposal)

NASA s Space Launch System: Powering the Journey to Mars. FISO Telecon Aug 3, 2016

Space Exploration. Summary. Contents. Rob Waring. Level 3-1. Before Reading Think Ahead During Reading Comprehension... 5

Transcription:

Fault Management Architectures and the Challenges of Providing Software Assurance Presented to the 31 st Space Symposium Date: 4/14/2015 Presenter: Rhonda Fitz (MPL) Primary Author: Shirley Savarino (TASC) Co-Authors: Lorraine Fesq (JPL/Caltech), Gerek Whitman (TASC)

Table of Contents Introduction to NASA IV&V IV&V Philosophy and Methodology Challenges with FM and the FM Handbook FM Architectures SARP Initiative FM Assurance Statements Conclusions 2

NASA IV&V Facility NPR 7150.2, NASA Software Engineering Requirements The program manager shall ensure that software IV&V is performed on the following categories of projects: Category 1 Category 2 that have Class A or Class B payload risk classification Projects specifically selected by NASA Chief of Safety and Mission Assurance IV&V = Independent Verification and Validation [of Software] Independence: Technical Independence Managerial Independence Financial Independence NPR 7120.5E defines Categories; NPR 8705.4 defines classification of payload risk 3

IV&V Methodology Criticality analysis assesses likelihood and impact of failed behaviors Plotted on a risk matrix Establish priorities and focus for analysis Generally, FM is high criticality The goal of each IV&V project is to assure mission success by assuring that the critical software (mission-critical and/or safety-critical): Does what it is supposed to do Does not do what it is not supposed to do Performs appropriately under adverse conditions L I K E L I H O O D 5 4 3 2 1 7 16 20 23 25 6 13 18 22 24 4 10 15 19 21 2 8 11 14 17 1 3 5 9 12 1 2 3 4 5 C O N S E Q U E N C E IV&V assures mission success by validating and verifying critical software. 4

Assurance Strategy 5

Challenges with Fault Management Increasing FM complexity goes beyond traditional fault protection with the goal of not only averting catastrophe, but also maintaining capability FM systems, many times architected as reactive components embedded within the overall software system, must be validated against higher-level system capability requirements Off-nominal conditions are challenging to identify comprehensively, understand completely, and ascertain the optimal response to mitigate risk Continuous improvement for software assurance practices is attained by leveraging the IV&V FM Community of Interest to identify FM architecture commonalities/strategies across NASA missions 6

FM Handbook Goal Ameliorate schedule/cost/predictability challenges of testing/operating FM systems Improve reliability and safety of NASA s flight and ground systems Coalesce the FM field Scope Outline scoped to address needs of Agency crewed and robotic missions Robotic emphasis in Version 1, due to SMD co-funding Suggested use as companion to SE Handbook Draft 1 Released July 2011 1113 comments (NTSPO record) Current Status: Draft 2 released 4/9/12. Lesson Learned: Diverse FM views across NASA. Comments cannot be dispositioned by one person or one Center requires discussions/consensus among people in the discipline, across the Agency Plans: Renewed effort to develop chapter for each mission type, to be incorporated into NASA FM Handbook Take 2: Developing a Deep Space FM Robotic Guidebook 7

FM Architectures SARP Initiative 8

Survey Methodology IV&V Analyst Subject Matter Experts were surveyed from each of eight chosen projects with a variety of mission types, developers, and relative complexity Name Mars Science Laboratory (MSL) International Space Station (ISS) James Webb Space Telescope (JWST) Multi-Purpose Crew Vehicle Exploration Flight Test 1 (MPCV EFT-1) Joint Polar Satellite System (JPSS) Magnetospheric Multiscale (MMS) Geostationary Operational Environmental Satellite R-Series (GOES-R) Solar Probe Plus (SPP) Mission Type Deep Space Robotic Human Spaceflight Deep Space Robotic Human Spaceflight Earth Orbiter Earth Orbiter Earth Orbiter Deep Space Robotic 9

Architecture Survey Questions Category Structure 7 questions Concept 10 questions Implementation 13 questions Other Questions 5 questions Description Obtain a high level view of each architecture, and provide insight into size, complexity, and scale. Address the structure and organization of the FM architecture. Characteristics such as centralization or distribution, tiers of operation, interdependency, modifiability, and implementation within the overall flight software are addressed. Addresses the design process and major design ideas and themes of the FM architecture. Considerations such as fault analysis, automation, mission phases, fault definition, redundancy, and fail-safe/fail-operational modes are addressed. Establish a broad view of how the FM system is intended to accomplish its objectives, and why it is designed and structured in the way it is. Technical implementation detail about how the FM architecture was built and how it works. Number of monitors and responses, false positives and persistence, fault isolation, simultaneous responses, and subsystem inter-communication are examples of the low-level characteristics covered by this section. Capabilities that some architectures have but others do not are important to uncover in order to help categorize and label the architectures as well as reveal potential strengths and limitations of various FM architectures. This was the catch-all section for things the other questions may not have entirely covered This section contained questions involving heritage and mission parameters in order to provide some additional context to frame the rest of the responses. 10

IV&V Survey Questions Survey: IV&V Analysis Questions What were the key drivers to IV&V on this project? What were the critical errors that IV&V was focused on assuring against? What other assurance strategies were involved in IV&Ving this project? What kinds of artifacts did you get from the developer to use in the analysis, and how did the types of artifacts you received affect your analysis? Were there types of artifacts you did not receive or the developer did not generate that would have made analysis easier/faster/more complete? What kinds of technical reference(s) did you generate during your analysis? If the FM system was inherited or standardized, how did this influence your analysis? What language was used to write the FSW? How did this choice in language make analysis easier/more difficult? What was the highest benefit analysis? In retrospect, were there things you or the IV&V team would or should have done differently? 11

Sample FM Assurance Statements Typical Assurance Objectives or Conclusions Concept Phase "The Hazards Report documents all known software-based hazard causes, contributors, and controls." Requirements Phase "The system fault management requirements are of high quality and are consistent with acquirer needs as they relate to the system s software." Design Phase "There are no monitor-response collisions there are no concurrent responses that could cause harm or detrimental behaviors to the vehicle between any lower or higher level responses." Implementation Phase "The fault management behaviors needed for the system during flight operations are correctly and completely being represented in the algorithms and fully satisfied in the implementation." Integration & Test Phase "The set of tests was comprehensive with regard to the Fault Management Design Document algorithms." Operations & Maintenance Phase "The added tests strengthened the developer s testing of the Power Management software and provided additional assurance that the software will perform as expected." Source Mission Type Deep Space Robotic Deep Space Robotic Deep Space Robotic Earth Orbiter Human Spaceflight Human Spaceflight 3Qs Mapping Q3 Q1 Q2 Q1 Q1 Q1 12

Conclusions Completed an in-depth survey of several FM architectures that serve to structure the safety- and mission-critical software The NASA IV&V Program has found that FM systems are often ranked high in the risk-based assessment of criticality The Assurance Strategies that focus IV&V analysis provide value by identifying and mitigating risks across a variety of mission types, including Earth orbiters, human spaceflight, and deep space robotic missions Results of these efforts will feed into the updated NASA FM Handbook providing dissemination across NASA, other agencies and the space community Potential future efforts will be to extend our efforts to survey additional spaceflight projects; investigate projects within other domains such as launch vehicles, ground systems, or manned and unmanned aeronautics systems; as well as collaborate with OSMA and FM experts across the NASA agency 13

References & Contacts References: NASA IV&V Website Fault Management Handbook (NASA-HDBK-1002) Draft 2 Fault Management NASA Engineering Network IV&V Technical Framework (IVV 09-1) Version O Contact Information: Rhonda Fitz rhonda.s.fitz@ivv.nasa.gov Shirley Savarino shirley.savarino@tasc.com Lorraine Fesq lorraine.m.fesq@jpl.nasa.gov Gerek Whitman gerek.whitman@tasc.com 14

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback