System Safety Risk Management: An Autonomous UAV Example from a Course on Safety By Design and Flight Certification Dr. Daniel P. Schrage Professor and Director, CASA and CERT School of Aerospace Engineering Georgia Institute of Technology Atlanta, GA 30332-0150
64
Embed
System Safety Risk Management: An Autonomous UAV Example from a Course on Safety By Design and Flight Certification Dr. Daniel P. Schrage Professor and.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
System Safety Risk Management: An Autonomous UAV Example from a
Course on Safety By Design and Flight Certification
Dr. Daniel P. SchrageProfessor and Director, CASA and CERT
School of Aerospace EngineeringGeorgia Institute of Technology
Atlanta, GA 30332-0150
Presentation Outline
Overview of Georgia Tech graduate program in Aerospace Systems Design
Brief description of the Safety By Design and Flight Certification Course
Example from Safety Course for an Autonomous Unmanned Aerial Vehicle (UAV) – The GTMAX
Georgia Tech Practice-Oriented M.S. Program
in Aerospace Systems Design
Legend: Core Classes Elective Classes
SummerSemester IISemester I
IPPD Methods/Techniques
Special
Project
DesignSeminars
IntegratedProduct/Process
Development
Disciplinary Courses
PropulsionSystemsDesign
SystemsDesign IAppliedDesign I
SystemsDesign IIAppliedDesign II
IPPD Tools/Infrastructure
ModernDesign
Methods I
Modern Design
Methods II
ProductLife Cycle
Management
Internships
Mathematics (2 Required) Other Electives
Safety ByDesign
Safety By Design and Flight Certification Course
First taught in 1998 as a project oriented course to orient students on the role of safety by design and flight certification in the design iteration process
Course builds on the Integrated Product/Process Development (IPPD) through Robust Design Simulation (RDS) environment created in the Georgia Tech Aerospace Systems Design Laboratory (ASDL)
Course taught in the summer semester to allow students to analyze the designs they developed during the fall and spring semesters (Fixed Wing,V/STOL Rotorcraft, Space, and Missiles)
Course has been continuously improved each year to address more of the issues in moving to a risk based managed process
Course has sought to incorporate user friendly tools for System Reliability Prediction, FTA, FMEA and Markov Analysis
Emphasis on the course taught this summer was on the interaction of Hardware, Software, and Liveware (Human) reliabilities & partnerships with industry and government
Course Projects for Summer 2002
Quiet Supersonic Aircraft – in conjunction with Gulfstream Aerospace Corporation
The ICBM Peacekeeper as a Commercial Launch Vehicle – in conjunction with the FAA Space Systems Development Division
A VTOL Personal Air Vehicle (PAV) – in conjunction with the NASA PAV Evaluation program
*An Autonomous UAV: GTMAX – in conjunction with the DARPA Software Enabled Control (SEC) program and the GT Entry in the International Aerial Robotics Competition (IARC)
* Example to be illustrated
Development of a Certification Plan(ARP 4754:Cert Considerations For Highly-Integ or Complex Aircraft
Systems)
Each Plan should include: A functional and operational description of the system and the aircraft
on which the system will be installed A statement of the relationship of this certification plan to any other
relevant system certification plans A summary of the functional hazard assessment (aircraft hazards, failure
conditions, and classification) A summary of the preliminary system safety assessment (system safety
objectives & preliminary system development assurance levels) A description of any novel or unique design features that are planned
to be used in meeting the safety objectives A description of the new technologies or new technology applications to
be implemented The system certification basis including any special conditions The proposed methods of showing compliance with the certification
basis A list of the data to be submitted and the data to be retained under
configuration control, along with a description or sample of data formats The approximate sequence and schedule for certification events
SEC Technology Developers (Active State Modelers, On Line Control Customization,Coordinated Multi-Modal Control, High Confidence Software Control Systems):
-Georgia Tech - UC Berkeley - Rockwell Collins- Cornell - MIT - Northrop Grumman Corp- Cal Tech - Draper Labs - Honeywell Labs- U of Min - Vanderbilt- OGI - Stanford
University Led Experiments (Rotary Wing): Georgia Tech Industry Led Experiments (Fixed Wing): Boeing Phantom
Works
The Georgia Tech GTMAX : A Truly Modular Open System Testbed
The Georgia Tech GTMAX consists of The Yamaha RMAX Remotely Piloted Helicopter: a
rugged, proven air vehicle which is becoming the vehicle testbed choice for VTOL UAV autonomous vehicle research
The Georgia Tech Modular Avionics Package: built for reconfigurability, growth and easy upgrade
The Boeing - Georgia Tech OCP: a Real Time CORBA based open system software architecture
As a system the GTMAX provides an excellent resource for the UAV community for developing and evaluating UAV technologies, both hardware and software, as well as Home Security Experiments
Engine Gasoline 2-Cylinder Water Cooled Power output : 21Hp
Performance Fuel : 6L (1.6 gal) Endurance : 60 min
GT Research UAV: GTMAX
Georgia TechOnboardAvionics
RCReceiver
Data Link I
RC Transmitter
Data Link IGround
Computer(s)And
NetworkEthernet
GPS Reference
On-board Avionics
Ground Control Station
Safety Pilot
Yamaha Attitude Control System
(YACS)
Data Link II Data Link II
GPS
Actuators
GEO
RG
IA T
EC
HY
AM
AH
A
3x RS-232 Serial
Boeing-GT OCP
Onboard Avionics Hardware Architecture
WirelessSerial
WirelessEthernet
D-GPS
IMU
RadarAltimeter
SonarAltimeter
Magneto-meter
Servo-Interface
EthernetHub
PowerDist
Ext Power
Serial DataEthernetPower
Computer#1
Computer#2
Video Camera,Radar and PossiblyLidar to be installedthis summer
GTMAX Avionics HW Integration
GTMAX hardware is packaged into exchangeable modules:
Flight Computer Module GPS Module Data Link Module IMU/Radar Module Unused Module (Growth) Sonar/Magnetometer
Assemblies Power Distribution System
Each module has self-contained power regulation and EMI shielding
Shock-mounted main module rack
GTMAX Hardware Integration
Power System On-board generator
outputs 12V DC, 10 A Power source hot-
swappable between on-board and external
Each module is powered via individual circuit breakers
Interfacing and Wiring Interface Types: RS-232
Serial, Ethernet, 12V DC All interfaces on module
back-sides Aviation-quality wiring
harness
Limitations of State-of-the-ArtComplex Control Systems:• Tightly coupled• Difficult to adapt or evolve• Complex, inflexible data interchange• Computationally limited• Closed, proprietary systems
Desired Capabilities:• Adaptibility and dynamic reconfigurability• Plug-and-play extensibility, component interchangeability• Real-time quality of service• Interoperability, distributed communication• Openness
Open Control Platform Motivation
Boeing-GIT Baseline Open Control Platform (OCP) Software Implementation on the GTMAX
GPS
IMU
Magnetometer
sonar
receiver commands
Vehicle Health
RMAX Attitude sensors
Navigation ModuleComponent
ControllerComponent
Sensors SerialInterface
Vehicle SerialInterface
Controls API Input Port
Controls API Output Port
RMAX Actuator demultiplexer
Actuator SerialInterface
ControlData_out
ControlData_in
NavControl_out
NavControl_in
NavData_out
NavData_in
timeout_in
100 HzTimer
50 Hz
50 Hz 50 Hz
100 Hz
I/OComponent
DataLink InterfaceEthernet “Serial” Port
Serial port
Ethernet “Serial” Port
Serial port1 Hz & 10 Hz
1 Hz & 10 Hz
Input datalink portsread @ 100 Hz
m0 written at 10 Hzm1 written at 1 Hz
Mission Intelligence Flow for GT Research
Mission Planning
Mode Selection
Mode Switching
Flight Control System
UAVUAV
Sensors
Sensor Fusion
Obstacle/Target Detection
Obstacle/Target Identification
Obstacle/Target Tracking
Situation Awareness
Diagnostics
Fault Tolerant Control
Continue Mission
Continue MissionEmergency ?
Yes
No
15 min
GTMax : Aerial Robotics Mission & SEC Scenario
Get Information from the Inside
Identify Structure
No Need to Return after the Mission
T/O (manually) 3KmFly Autonomously
GTMax Certification Certification Basis Analysis (Functional, FHA, PSSA) Human Errors Strategy for achieving compliance Sequence of certification events
FAA Certification
Design Production Operation
Type Design Approval
Type Certificate
Quality AssuranceApproval
Type DesignConformity
Production Certificate
Airworthiness
Certificate
Continued Airworthine
ss
Defect found in operation
Certification Basis
Suggested Regulations
Rotorcraft- FAR 27
No Certification Basis for UAVs
Safety Assessment- SAE APR4761
System Design/Analysis- AC 25.1309-1A
Certification basis?
Presently no certification basis for unmanned aircraft.
Unmanned vs. manned aircraft: Increased reliance on electronic flight control
systems in unmanned aircraft Safety = threat to persons and property outside
aircraft Flight over populated areas vs. isolated areas Ground Control System
Suggested Regulations
Flight crewmember(s) on the ground Safety equipment for occupants not required
Impact protection for occupants Safety belts Oxygen Warning lights
Flight Control System Certification Ground Control System Certification Categories of unmanned aircraft
Certification basis
Amended FARs FAR Part 1: Definitions and Abbreviations FAR Part 21: Certification Procedures for Products and
Parts FAR Part 27: Airworthiness Standards: Normal Category
Rotorcraft FAR Part 33: Airworthiness Standards: Aircraft Engines FAR Part XX: Airworthiness Standards: Electronic Flight
Control Systems for Unmanned Aircraft FAR Part XX: Airworthiness Standards: Ground Control
Today: No Certification basis for unmanned aircraft
The “5-year plan”:1. Demonstrate product2. FAA cooperation3. Initial NPRM4. Amendments to FARs 5. Start formal Certification process
Structure is not so expensive
GTMax is already flying
Certification PlanActivity
Application to FAA O
Develop. Certification Basis
GCP Develop.
Cert. Schedule Develop.
Initial Type board meeting O
Test Plan Submital
GCP Review and Approval
Interm. Type board meeting O
Drawing Release
Prototype 1 Fab/Assemble
Prototype 1 1st FLT
Envelope expansion
Load level survey
Systems/Weather/Lightning
Prototype 2 Fab/Assemble
Prototype 2 1st FLT
Envelope expansion
Performance & HQ
Mod into GTV
GTV Ground Tests
Rotor & XMSN Bench Test
Static tests
Final Type Board Meeting O
Certification O
Year 1
Tests for Autonomous flight & Control system
Conclusions
Summary Further study
What was accomplished Suggested Certification basis Functional Analysis, FHA, PSSAQuantified System ReliabilityConsidered Human FactorsDeveloped fault tolerant flight
controlProposed strategy for compliance
Further Study
Current work to include UAVs in FARs
Obtain more accurate failure ratesAnalysis for aircraft level reliabilityComplete safety assessment
process on all aircraft systemsDevelop systems through