Refine Your Search

Topic

Affiliation

Search Results

Technical Paper

Use of Dissimilar Hardware Architecture to Mitigate Design Errors in a Flight Control System Application

2009-10-06
2009-36-0160
This paper aims at discussing the use of dissimilar hardware architecture to mitigate DESIGN ERRORS in a flight control system application, as one of the possible design techniques that, combined with the usage of development processes, will satisfy the safety objectives for airborne systems. To accomplish its purpose, the paper starts by understanding the origins of DESIGN ERRORS in micro-coded devices and the concerns of airworthiness certification authorities (or simply certification authorities from now on). After that, an overview of the aeronautical industry efforts in terms of development processes and certification requirements to mitigate DESIGN ERRORS will be presented. At this point, the dissimilar architecture is proposed as an effective mean to mitigate the problem of DESIGN ERRORS. Finally, a Flight Control System application using dissimilar architecture is proposed as a case study.
Technical Paper

A Proposal for Improving the Results of the Reliability Analysis and FMEA/FMECA of the CBERS Satellite Program

2010-10-06
2010-36-0324
Complex systems such as satellites, aircrafts, automobiles and air traffic controls are becoming increasingly complex and highly integrated as prescribed by the SAE ARP 4754 Standard. They integrate many technologies and they work in very demanding environments sometimes with little or no maintenance due to the severe conditions of operation. To survive such harsh operating conditions, they require very high levels of reliability, to be reached by a diversity of approaches, processes, components, etc. By their turn, the processes of analysis and decision making shall be improved progressively, as experience accumulates and suggests modifications and adaptations. According to this philosophy, in this work, we discuss a proposal for improving the results of the Reliability Analysis and FMEA/FMECA of the CBERS Satellite Program, conducted at the National Institute for Space Research-INPE, since 1987.
Technical Paper

Study on a Fault-Tolerant System Applied to an Aerospace Control System

2010-10-06
2010-36-0330
On several engineering applications high Reliability is one of the most wanted features. The aspects of Reliability play a key role in design projects of aircraft, spacecraft, automotive, medical, bank systems, and so, avoiding loss of life, property, or costly recalls. The highly reliable systems are designed to work continuously, even upon external threats and internal Failures. Very convenient is the fact that the term 'Failure' may have its meaning tailored to the context of interesting, as its general definition refers to it as "any deviation from the specified behavior of a system". The above-mentioned 'deviation' may refer to: performance degradation, operational misbehavior, deviation of environmental qualification levels, Safety hazards, etc. Nevertheless, Reliability is not the only requirement for a modern system. Other features as Availability, Integrity, Security and Safety are always part of the same technical specification, in a same level of importance.
Technical Paper

Analysis, Design and Simulation of the Reconfigurable Control Architecture for the Contingency mode of the Multimission Platform

2010-10-06
2010-36-0333
This work presents the analysis, design and simulation of the reconfigurable control architecture for the contingency mode of the MultiMission Platform (MMP). The MMP is a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation and other Sub-Modes, according to ground command or information coming from the control system, mainly alarms. The implementation followed the specifications when they were found, otherwise it was designed. They cover operations from detumbling after launcher separation and solar acquisition, to achieving payload nominal attitude and orbital corrections maneuvers. The manager block of the control system was implemented as a finite state machine. The tests are based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission, be it during modes or transitions between modes and submodes.
Technical Paper

The Application of a Requirements Traceability Automation Tool to the Documentation of a Satellite Project

2010-10-06
2010-36-0345
This paper presents the preliminary results of an "a posteriori" exercise of application of a Requirements Traceability Automation Tool (RT tool) to a set of documents. The documents have been prepared according to established Space System Engineering methodologies and with attention to text quality, but without attention to requirements traceability because the processes and methodologies used during their preparation predates the emergence of the processes and methodologies developed by Requirements Engineering (RE). This study is intended to determine some of the benefits of using a RT tool when compared with the previously used processes and methodologies. The set of documents under scrutiny have been prepared in the frame of the development of the CBERS-3 satellite (China-Brazil Earth Resources Satellite) and is composed of system, subsystem and equipment specification and covering documents related to the Electrical Power Subsystem (EPS) of the satellite.
Technical Paper

Application of Methods to Smooth the Transition Between Control Submodes in the Nominal Mode of the Multimission Platform

2012-10-02
2012-36-0378
The Multimission Platform (MMP) is a generic service module currently in Project at INPE. In the 2001 version, its control system can be switched between nine main Operation Modes and other submodes, according to information from satellite sensors and ground commands. The Nominal Mode stabilizes the MMP in three axes and takes it to a nominal attitude, using three reaction wheels. Each wheel has coarse and fine acquisition submodes. The use of multiple modes of control for specific situations frequently is simpler than projecting a single controller for all cases. However, besides being harder to warrant its general stability, the mere switching between these submodes generates bumps, which can reduce the performance and even damage the actuator or plant. In this work, we present an application of diverse methods to smooth the transition between control submodes of the Nominal Mode of the MMP.
Technical Paper

A Scheduler with a Dynamic Priority and its Influence on a Control System

2012-10-02
2012-36-0367
In critical real-time computer systems, whether aircraft, automotive and industrial products it is very common the use of a fixed priority scheduler. The fixed priority scheduler has shown a good performance in control applications even in different applications where it was adopted. But nowadays, to go forward with the technology, be it in hardware and software, schedulers with dynamic priority can be a better alternative in certain situations. The present work aims to show that a variable priority scheduler can improve the performance of a control system obtained with a fixed priority scheduler, even when it was bad conditioned. This study is based on a four motor position control system. For this, the study will make use of a specialized simulation tool. In the future, we intend to extend this study to schedulers that use random and sporadic tasks.
Technical Paper

A Discussion on the Causes and Effects of Thermal Avalanche in Artificial Satellite Battery Charging and Discharging Systems

2012-10-02
2012-36-0558
The supply of electrical power is one of the most important functions required by the diverse payloads of satellites. A fault in the corresponding subsystem might lead to mission or even vehicle loss. Among the causes of such faults, we highlight the phenomenon of thermal avalanche in batteries. It can be explained as an energetic unbalance where the rate of heat generated in the interior of the system exceeds its capacity to dissipate it. This occurred to the OAO1 of NASA just after its launch on April 8, 1966; and with the CBERS2 of CAST and INPE already in orbit in 2007 and 2009. This work presents a discussion on the causes and effects of thermal avalanches in artificial satellite battery charging and discharging systems.
Technical Paper

A Discussion on the Standard SAE-ARP-4754A and a Proposal for Using it in Product Certification and Qualification of Staff

2012-10-02
2012-36-0572
Systems such as satellites, aircrafts, automobiles and air traffic controls are becoming increasingly complex and/or highly integrated, as prescribed by the standard SAE-ARP 4754A Standard. They integrate many technologies and they work in very demanding environments, sometimes with little or no maintenance, due to the severe conditions of operation. To survive such harsh operating conditions, they require very high levels of dependability, to be reached by a diversity of approaches, processes, components, etc. Some are suggested by the SAE-ARP-4754A as one of the highest level standards to be met. So, it is important to know it and its consequences for product and staff deeply. The aim of this paper is to present: a discussion on the standard SAE-ARP-4754A and a proposal for using it in product certification and qualification of staff.
Technical Paper

Refinements of the GPS Kalman Estimates for the Position and Velocity of a Vehicle during High Acceleration Transients Using IMU Measurements

2012-10-02
2012-36-0513
Currently, the use of Global Navigation Satellite Systems-GNSS has been widely disseminated for the most different applications, from the aeronautical navigation to the car traffic system, being the Global Positioning System-GPS the most used system for such objectives. New applications of such systems have presented more demanding requirements in terms of precision for the position and velocity provided by these systems. Some solutions, as the precision augmentation systems based on satellite or ground improve the precision of the position and velocity estimates. However, the sampling rate of these systems is not substantially improved. Therefore, it constitutes a major limitation of such systems for the position and velocity estimates during high acceleration transients. On other hand, Inertial Navigation Systems- INSs present superior performance under these circumstances.
Technical Paper

A Discussion on the Process of Eliciting and Validating Requirements to Handle Single Event Upsets in Avionic Systems

2012-10-02
2012-36-0519
Avionics Systems are increasingly used to perform safety-critical functions at high altitudes. But their increasing capacity and concentration of memory and logics leads to more frequent occurrences of single event upsets, especially in high altitudes. In this work we discuss the process of eliciting and validating requirements to handle single events upsets in avionic systems. To do that we initially summarize and update the concepts of radiation environment of the atmosphere, radiation induced errors, single event upsets, etc. presented in a previous paper. Then, we discuss some of their effects on avionic systems and ways of mitigation, reported in the literature. Finally, we discuss provisions to demand the adoption of such mitigation measures, and their sufficiency by transforming them into requirements, according to recommendations of compliance described in standards as SAE ARP 4754A and RTCA DO-254.
Technical Paper

The Phases of Systems Engineering at INPE

2012-10-02
2012-36-0482
Since its introduction at INPE, in the late 1960s, Systems Engineering has passed through phases of greater and lesser importance. Three different phases are clearly recognized. The first two phases are closely associated with efforts to develop space systems. The third and present phase is associated to the recent growth in the importance of Systems Engineering to the development of the contemporary large and complex systems. This paper is a summary review of the history of Systems Engineering at INPE from its inception to the present.
Technical Paper

A Discussion on Methods Used in the Verification and Validation of Control Systems Architectures of Cyber-Physical Systems Based on Models and Systems Metrics

2012-10-02
2012-36-0458
The architecture is a concept very broad and important that is directly connected to the realization of a system. It defines what the system is capable of doing, how it accomplishes its mission and how the system is. Currently, the development of system architectures is considered a domain of knowledge where science meets art. In some specific areas, the methods on the development of system architectures are already well formalized. However, when analyzing the evaluation of system architectures such as those for multi-domain control systems, it is clear that there is still much room for rationalization. In these cases, the search for new methods for the evaluation of system architectures is currently in the state of art. In this work we discuss methods used in the verification and validation of control systems architectures of cyber-physical systems based on models and systems metrics.
Technical Paper

An Investigation on Techniques for Accurate Phase or Time Synchronization in Reconfigurable Control Systems

2012-10-02
2012-36-0398
Current systems such as: satellites, aircrafts, automobiles, turbines, power controls and traffic controls are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754 Standard. Such systems and their control systems use many modes of operation and many forms of redundancy to achieve high levels of performance and high levels of reliability under changing environments and phases of their lifecycle. The environment disturbances, environment variability, plant non-linear dynamics, plant wear, plant faults, or the non-symmetric plant operation may cause de-synchronization in phase or time among: 1) simultaneous units in the same normal mode of operation; 2) successive units in successive normal modes of operation; 3) main and spare units from normal to faulty modes of operation. So, techniques to reduce those causes or their effects are becoming important aspects to consider in the design of such systems.
Technical Paper

A Worst Case Formula for a Communication and Computation Delay in NCS.

2010-10-06
2010-36-0358
A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well-fitted architecture adopted by this trend is the common bus network architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics that must be considered at the design time of a control system. This work, still in development, focuses on a worst case formula for a communication (TDMA) plus computation (RMS) on a NCS. This formula, in a first instance, agrees with the simulated cases under the hypotheses and conditions when the NCS is composed by 1 actuator - 1 sensor and when is composed by 2 actuators - 2 sensors. In the future, we intend to generalize this formula and extend this study to NCS that uses other communication protocols or others computer schedulers.
Technical Paper

Refinements of the Kalman Estimates for the Position and Velocity of a Vehicle Obtained with GPS Using Inertial Navigation System's Measurements: A Comparative Analysis

2013-10-07
2013-36-0650
Currently, the use of Global Navigation Satellite Systems-GNSS has been widely disseminated for the most different applications, from the aeronautical navigation to the car traffic, being the Global Positioning System-GPS the most used system for such objectives. New applications have presented challenges in terms of the main requirements associated to such systems, namely: precision, reliability, availability, continuity and integrity. It is because proposed solutions, such as satellite or ground-based augmentation systems, depend on signals provided by the GNSS satellite constellation. It constitutes a limitation for using such systems for position and velocity estimations. On other hand, Inertial Navigation Systems-INS, being independent of external signals, have a big potential to be applied on these circumstances; furthermore, they present characteristics that may be considered complementary to the GNSS.
Technical Paper

Reconfiguration of Control Systems as Means for Reaching Fault Tolerance: An Assessing Study on Methods Available

2013-10-07
2013-36-0639
The realization of modern systems subjected to automatic control, such as aircraft, automobiles, satellites, rocket launchers, cargo and military ships, and so forth; increasingly assume, within its very set of requirements, the task of providing better dependability, i.e.: safety, reliability, and availability altogether. Towards this demand, fault-tolerant control greatly meets such growing demand of dependability, by its ability of recognizing the occurrence of potentially hazardous/hazardous faults within the overall (closed-loop) system, and by taking remedial action whenever necessary/mandatory. The process of fault tolerance can be segregated into two fundamental steps: (1) that of fault diagnosis, comprising fault detection-isolation-identification, and, (2) control adjustment/reconfiguration. This paper focuses on the second step, of control adjustment/reconfiguration.
Technical Paper

An Overview of Models, Methods and Tools for Verification, Validation and Accreditation of Real Time Critical Software

2013-10-07
2013-36-0530
Real-time critical systems are those whose failures may cause loss of transactions/data, missions/batches, vehicles/properties, or even people/human life. Accordingly, some regulations prescribe their maximum acceptable probability of failures to range from about 10−4 to 10−10 failures per hour. Examples of such systems are the ones involving nuclear plants, aircrafts, satellites, automobiles, or traffic controls. They are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754A Standard. Those systems include, most of the time, real time critical software that must be specified, designed, implemented, validated, verified and accredited (VVA). To do that, models, specially the V-Model, are frequently adopted, together with methods and tools which perform software VVA to ensure compliance (of correctness, reliability, robustness, etc.) of software to several specific standards such as DO178-B/DO-178C (aviation) or IEC 26262 (automotive) among others.
Technical Paper

An Overview of Clock Synchronization Algorithms and their Uses in Aerospace and Automotive Systems

2013-10-07
2013-36-0541
Current systems such as satellites, aircrafts, automobiles, turbines, power controls and traffic controls are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754a Standard. Such systems operate in a real time distributed environment which frequently requires a common knowledge of time among different devices, levels and granularities. So, temporal correctness is mostly needed, besides logical correctness. It can be achieved by hardware clocks and devices, software clocks and algorithms, or both, to avoid or tolerate, within appropriate margins, the time faults or failures that may occur in aerospace and automotive systems. This paper presents an overview of clock synchronization algorithms and their uses in aerospace and automotive systems. It is based on a review of the literature, discussion and comparison of some clock synchronization algorithms with different policies.
Technical Paper

An Overview of an Assurance Process of Immunity of Embedded Electronic Systems to Single Event Upsets Caused by Ionizing Particles

2013-10-07
2013-36-0535
The aerospace and automotive electronic systems are getting more complex and/or highly integrated, as defined by ARP 4754A, making extensive use of microelectronics and digital memories which, in turn, operates in higher frequencies and lower voltages. In addition, the aircraft are flying in higher altitudes, and polar routes are getting more frequent. These factors raise the probability of occurrence of hazardous effects like the Single Event Upsets in their embedded electronic systems. These must be designed in a way to tolerate and assure the immunity to the Single Event Upsets, based upon criteria such as reliability, availability and criticality. This paper proposes an overview of an assurance process of immunity of embedded electronic systems to Single Event Upsets caused by ionizing particles by means of a review of literature and an analysis of standards as ECSS-E-ST-10-1, NASA Single Event Effects Criticality Analysis and IEC TS 62396-1.
X