^

Industries

Industries

Aerospace & Defence

In both the civil and military sectors, the role played by embedded aerospace and defence software is ever more significant. Aircraft control, civil and defence avionics, navigation, and communications systems all depend heavily on embedded software to ensure optimal functionality and performance, and they rely equally on those systems to be safe and secure.  

For almost half a century, LDRA has been supporting the aerospace and defence industry through substantial contributions to the standards that establish best practices, and by helping companies adhere to them. Our tools simplify compliance challenges by automating industry best practices, and our consultancy services underpin the efforts of both newcomers to the sector, and those looking to streamline their activities. 

AEROSPACE & DEFENCE | DO-178C | DO-278 | DO-254 | DEF STAN 00-55 | FACE™

What are FAA and EASA

The Federal Aviation Administration (FAA) is an agency of the United States Department of Transportation (DOT) responsible for regulating and overseeing civil aviation within the United States. The FAA’s primary mission is to ensure the safety and efficiency of the U.S. aviation system, including commercial and private aviation. 

The European Union Aviation Safety Agency (EASA) is an agency of the European Union (EU). It is responsible for aviation safety and regulation within the EU member states. EASA was established in 2002 and is headquartered in Cologne, Germany. Its primary mission is to promote and maintain high levels of safety in civil aviation throughout Europe. 

What other international agencies are equivalent to FAA and EASA?

Several international agencies and organizations have responsibilities like those of the FAA in the United States, and EASA in the European Union. These agencies oversee civil aviation, set standards, and regulate aviation safety in their respective regions or at a global level. Some of the key international counterparts include: 

Although slightly different in nature to these regional bodies, the activities of the International Civil Aviation Organization (ICAO) are relevant to them. ICAO is a specialized agency of the United Nations responsible for setting global standards and regulations for civil aviation. It develops standards and recommended practices (SARPs) covering areas like airworthiness, air navigation, safety oversight, and aviation security. Member states adopt these standards into their national regulations. 

What are RTCA and EUROCAE?

RTCA (formerly Radio Technical Commission for Aeronautics) is a private & public partnership vehicle for developing consensus on civil aviation modernization. RTCA works closely with the Federal Aviation Administration (FAA) and industry experts from the US and around the world to develop recommendations on technical performance standards. 

RTCA Special Committees draw upon the knowledge and experience of prominent aviation experts to craft recommendations. RTCA and the Federal Aviation Administration (FAA) collaborate to develop thorough standards, which are then validated and endorsed by the industry. These standards serve as compliant methods in accordance with FAA regulations. 

EUROCAE (originally The European Organisation for Civil Aviation Equipment) is generally comparable to RTCA. Likewise, its relationship with EASA is broadly equivalent to the relationship between the FAA and RTCA. 

RTCA and EUROCAE have a collaborative relationship, frequently working together on joint committees and actively seeking to harmonize standards. This close cooperation allows the global aviation sector to benefit from the expertise and contributions of both organizations. 

Which RTCA and EUROCAE certification documents relate to airborne embedded software?

The diagram below illustrates the relationship between the primary documents that describe the required design, validation, and certification artefacts relating to airborne embedded software, and bidirectional traceability to show the fulfilment of requirements designed to achieve those ends. 

It is deliberately simplistic in the name of clarity, and clearly involves more than just software for aerospace and defence. For example, DO-254 compliance, integrated modular electronics, and multicore processors have implications for airborne electronic hardware, rather than being dedicated to aerospace software standards or aerospace coding!  

Although the diagram shows RTCA document nomenclature, it is similarly applicable to EUROCAE equivalent documents. 

The close relationship between RTCA and EUROCAE means that there is a direct correlation between their relevant documents. This list shows both naming conventions.  

  • ARP4754A/ED-135: The overarching document that addresses the certification of the aircraft in its entirety.  
  • ARP4761/ED-84A: A supporting document to ARP4754A, containing guidelines and relevant methods. 
  • DO-178C/ED-12C is the primary document referenced by certification authorities to approve all commercial software-based civil aviation systems. The overhead implied by compliance with the design assurance guidance for airborne software as specified by DO-178C varies according to the software level of criticality – or “Design Assurance Level (DAL)”. The most demanding level, DAL A,
    • includes a requirement to provide source to object code traceability  
    • When it superseded DO-178B/ED-12B, DO-178C was supplemented by documents supporting the use of increasingly popular development approaches – namely: 
    • DO-331/ED-218: A supplement to DO-178C dealing with model-based development. 
    • DO-332/ED-217: A supplement to DO-178C dealing with object-oriented technology.  
    • DO-333/ED-216: A supplement to DO-178C dealing with formal methods. 
    • DO-330/ED-215 deals with software tool qualification. It differs from the other three documents in the DO-33x series in that it is a standalone document and not merely a supplement.  
    • DO-326A/ED-202A deals with aircraft security, with implications for both software and hardware. It is the sole Acceptable Means of Compliance (AMC) for cybersecurity airworthiness certification, and the core document of the Aerospace Security Framework.  
    • DO-356A/ED-203A is supplemental to DO-326A and details security objectives and airworthiness risk assessment processes. 
    • CAST-32A & A(M)C 20-193 deal with the unique certification challenges associated with the use of multicore processors, especially with reference to the allocation of resource associated with execution timing.  
    • AC 20-148 addresses the certification of software intended for reuse across multiple systems. 

Which RTCA and EUROCAE certification documents relate to ground-based embedded software?

DO-278A/ED-190D is the most pertinent document. It serves a similar purpose for ground-based systems to that served by DO-178C’s software consideration in airborne systems and was developed in parallel to it. As a result, around 75% of it is similar. 

Which defence-related certification documents relate to embedded software development?

There are many nation-specific defence-related certification standards in use across the world. Examples include: 

  • MILHDBK516C United States: “Airworthiness Certification Criteria” 
  • MIL-STD-883E United States: “Test Method Microcircuits” 
  • DEF STAN 00-55 United Kingdom: “Requirements for Safety of Programmable Elements (PE) in Defence Systems” 
  • DEF STAN 00-56 United Kingdom: “Safety Management Requirements for Defence Systems”  

More generally, there are several moves towards international harmonisation of defence standards. For instance , the European Defence Agency is working towards the harmonisation of applied defence standards in the EU, while several NATO STANAG standards will likely impact software considerations – for example, STANAG 4406, STANAG 4586, and STANAG 5525 are concerned with messaging, Unmanned Vehicle Systems (UAVs), and digital imagery, respectively.  

In many cases, defence software must comply with both civil and defence standards such as DO178C/ED-12C and DO278A/ED-190D in aerospace, and ISO 26262 for ground vehicles.  

In many cases these are similar to, and overlap with, their defence counterparts They may also be adapted to some extent to account for the different requirements of military applications. For example, the military version of DO178C references Mission Success Probability (MSP), harsh operational environments, and “military compliance” rather than “certification”. 

LDRA & Future Airborne Capability Environment ® (FACE®)

The FACE Consortium was initially a US government and industry partnership working to define an open avionics environment for all military airborne platform types. In 2022, the consortium moved to open membership to the countries of Canada, Australia, New Zealand, and the United Kingdom, and the current list of consortium members can be found on the Open Group FACE website. 

The Consortium published the first set of documents defining the FACE Approach in 2010 and have refined it on an ongoing basis ever since. The Approach integrates technical and business practices that establish a standard common operating environment to support portable capabilities not only across airborne systems, but also increasingly in other sectors too.  

The approach includes a software development standard and business strategy with the aim of:  

  • increasing the affordability of capabilities  
  • improving time-to-field, delivering new capabilities to the war fighter faster  
  • enhancing portability from one operating environment to another through the application of modular architecture and data models 

Under US legislation – Title 10 U.S.C. 2446a.(b), Sec 805 – all major defence acquisition programs (MDAP) are to be designed and developed using a Modular Open Systems Approach (MOSA). For defence systems software, conformance with the FACE Technical Standard satisfies this requirement.  

How can LDRA help with the development of A&D applications?

LDRA’s tools help to alleviate the overhead associated with defence and aerospace test standards, and with the traceability of requirements to the design and verification of code. 

Requirements traceability.  TBmanager supports bidirectional traceability of requirements, development, and verification process and related artefacts throughout the A&D application software development life cycle, facilitating impact analysis and the provision of evidential compliance artefacts.  

Traceability to standards. TBmanager also provides for bidirectional traceability to A&D related functional safety and cybersecurity standard objectives. 

Coding standards compliance. Applicable to in-house, industry standard, or hybrid rule sets, TBvision’sstatic analysis simplifies the enforcement of the coding standards applicable to embedded systems for A&D. 

Low-level (unit), system, and integration testing. The TBvision and TBrun components of the LDRA tool suite combine to support host, simulator, and target-based testing in accordance with A&D standards. 

Structural Coverage Analysis. The LDRA tool suite supports the rigorous coverage analysis requirements demanded by A&D related functional safety and cybersecurity standards. 

MC/DC. The structural coverage analysis capabilities of the LDRA tool suite includes Modified Condition/Decision Coverage (MC/DC) analysis.   

Source code to object code traceability. The TBobjectBox module provides an automated mechanism to achieve complete Object Code Verification (OCV) by relating code coverage at the source code level to that achieved at the object code level. 

Tool Qualification. The LDRA Tool Qualification Support Packs (TQSPs) provide support for the qualification of its tool suite for both structural coverage analysis (SCA) and programming rules checking (PRC).  

FACE conformance. The LDRA FACE related product and services portfolio includes solutions to simplify the development of FACE Conformant UoCs and the achievement of FACE Conformance. LDRA Consultancy Services are an approved FACE Verification Authority.   

Additional information

A&D – free PDF downloads

A&D – further information

FREE 30 Day
TRIAL

Email Us

Email: info@ldra.com

Call Us

EMEA: +44 (0)151 649 9300

USA: +1 (855) 855 5372

INDIA: +91 80 4080 8707

Connect with LDRA