Certification
Mac Mollison
Who mandates certification?
FAA (Federal Aviation Administration)» Standards DO178B, DO297
DoD (Department of Defense)» Mandates a security validation program
incorporating many standards NSA (National Security Agency)
» Certifies crypto software and devices
DO 178-B
Sets lots of “software engineering” rules» E.g., documenting the design/development
process» We won’t discuss this further here
Gives criticality levels for software» The only part that has interesting
implications for us, to my knowledge» See next slide
DO 178-B Criticality Levels
A: Catastrophic B: Hazardous C: Major D: Minor E: No Effect
Implications of DO 178-B
1. Increasing WCET pessimism with increasing criticality level
» Our group has written papers on how to deal with this “intelligently”
2. Need to use Level-A RTOS that forces independence between software of different levels
» Defined by ARINC 653 API standard
ARINC 653
Defines API for time-space partitioning» See next slide
Multiple RTOSs are ARINC 653 compliant
» Wind River VxWorks 653» Etc.
Time-Space Partitioning
Partitions are basically “containers” that are statically scheduled.
DO 297
Standard for integrated modular avionics (IMA)
Satisfied by using an ARINC 653 OS Isn’t talked about much and we won’t
discuss it further now
Security
Must use “secure” RTOS, hardware, etc. when working with classified information» Classified = confidential, secret, top secret/SAR
Typically, when multiple security levels co-exist in one system, time-space partitioning is used» E.g. VxWorks MILS: Like VxWorks 653, but fewer
LOC More details in security segment of course
Top Related