Partitioning in Avionics Architectures: Requirements, Mechanisms, and Assurance
Abstract
Automated aircraft control has traditionally been divided into distinct functions that are implemented separately (e.g., autopilot, autothrottle, flight management); each function has its own fault-tolerant computer system, and dependencies among different functions are generally limited to the exchange of sensor and control data. A by-product of this federated architecture is that faults are strongly contained within the computer system of the function where they occur and cannot readily propagate to affect the operation of other functions. More modern avionics architectures contemplate supporting multiple functions on a single, shared, fault-tolerant computer system where natural fault containment boundaries are less sharply defined. Partitioning uses appropriate hardware and software mechanisms to restore strong fault containment to such integrated architectures. This report examines the requirements for partitioning, mechanisms for their realization, and issues in providing assurance for partitioning. Because partitioning shares some concerns with computer security, security models are reviewed and compared with the concerns of partitioning.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2000
- Accession Number
- ADA377272
Entities
People
- John Rushby
Organizations
- SRI International