White Paper

Whitepaper: Building Safe and Secure Systems for Autonomous Platforms

Issue link: https://read.uberflip.com/i/1427516

Contents of this Issue


Page 1 of 7

WHITE PAPER Building Safe and Secure Processing Systems for Future Autonomous Platforms mrcy.com 2 mrcy.com 2 Aerospace and defense (A&D) system designers are facing a complex challenge: how to reconcile the often-divergent requirements of system-level safety and security. Operating in commercial as well as hostile military environments, A&D systems require high levels of proven system security engineering (SSE) and intrinsic trust for system-wide processing integrity and demonstrable operational safety in order to achieve airworthiness certification. This whitepaper will discuss "public" flight-safety certification and "private" SSE, outline the challenges and evolving methods of combining these equally critical disciplines, and describe some new design approaches that protect and enable modern processing systems to conduct smarter missions around the globe. SAFETY CERTIFICATION Safety cer tification is an open, regulator y process requiring all system hardware and software design elements, their detailed descriptions and design decisions be shared with third-par ty agencies. SSE, on the other hand, falls into the realm of protected processes and IP, and closely held algorithms. Bridging the gap between third-par ty assurance required for safety cer tification, which is public, and systems security engineering, which is private, is a considerable task. The need for safety-critical systems and certification Failure of a "safety-critical" system can cause death, serious injury, significant property damage or mission degradation. Commercial aircraft are required to demonstrate high levels of determinism through flight-safety certification to mitigate risk of safety-critical system failure. In the past, to deploy platforms faster, the government often issued certification waivers for defense missions, but an increasingly global and interconnected world is making these exceptions more and more rare. As a result, defense platforms are requiring high levels of proven intrinsic safety assurance documented through certification. Future defense and aerospace platforms are becoming smarter and more autonomous. To be trusted and deployable anywhere, they require both assurance of flight-safety certification and proven systems security engineering (SSE). The Army 's Optionally Manned Fighting Vehicle (OMF V) will require safe and secure mission systems built with a Modular Open Systems Standards Approach (MOSA) Design assurance levels. If the anomalous behavior of a software or hardware component contributes to more than one failure condition, the assigned DAL will correspond to the most severe level. Regulatory agencies require rigorous processes and documentation at all design stages that support and demonstrate intrinsic system safety to achieve certification. More comprehensive processes and documentation are required if system failure has severe impacts. Minimizing design anomalies for DAL In the U.S., the Federal Aviation Administration (FAA) has adopted a certification process based on design assurance levels (DALs); other countries have similar safety agencies and similar processes. ARP-4754A describes the DAL approach to develop safe aircraft, which requires a systems safety engineer to perform a functional system decomposition, hazard analysis and assessment of failure impacts on overall system assurance. Development Assurance Level A B C D E Quantitative Safety Requirement (Failures/h) P < 10 -9 P < 10 -7 P < 10 -5 None None Failure Condition Class Catastrophic Hazardous Major Minor No safety effect

Articles in this issue

Links on this page

view archives of White Paper - Whitepaper: Building Safe and Secure Systems for Autonomous Platforms