The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Department of Defense, Washington Headquarters Services, Directorate for Information AFRL/RQQA
SPONSORING/MONITORING AGENCY REPORT NUMBER(S)
AFRL-RQ-WP-TR-2016-0001
DISTRIBUTION/AVAILABILITY STATEMENTApproved for public release; distribution unlimited.
SUPPLEMENTARY NOTESThis is a Small Business Innovation Research (SBIR) Phase III report. Barron Associates, Inc. has waived its SBIR data rights, and the report has been approved for public release (PA Case Number: 88ABW-2016-1452; Clearance Date: 11 March 2016).
ABSTRACTThis report was developed under a SBIR contract. This report describes the technical progress made by Barron Associates, Inc. and its partners in runtime assurance (RTA) systems, which hold the promise of protecting advanced systems that cannot be fully certified at design time due to their inherent complexity. A number of technical hurdles remain in the implementation of RTA systems for highly complex safety-critical systems, and the main objective of this effort was to further address these issues. One main focus of this project was to investigate the necessary structure of RTA frameworks for multi-level interacting feedback systems. As such, a challenge problem was constructed for a fleet of unmanned aircraft systems (UASs) performing a surveillance mission. The demonstration platform consisted of RTA systems for the inner-loop control, outer-loop guidance, ownship flight management, and fleet mission planning elements. The framework design and certification requirements for such a system were explored in this program. For the inner-loop, the concept of employing multiple transition controllers in the reversionary control system was studied. For all feedback levels, the required RTA checks were developed and the critical reversionary switching conditions defined. The interactions between the RTA protected systems and certified collision avoidance systems were also investigated. A safety case argument for design-time certification of the RTA protected systems was constructed using subsystem requirements contracts that were developed from a compositional reasoning approach explored over the course of the project.