Accelerating Safety and Security Certification with FACE™ COTS

Solutions

Chip Downing, Senior Director of Aerospace and Defense, Wind River

David French, Director of Business Development, GE Intelligent Platforms

Dr. Edwin de Jong, Director of Product Management and Strategy, RTI

Bernard Dion, CTO, Esterel Technologies

FACE™ is a Trademark of The Open Group

Quick Introductionto FACE™

Chip Downing, Wind RiverFACE Outreach Working Group Chair

NAVAIR Public Release 2012-1233

Distribution Statement A "Approved for public release

distribution is unlimited”

3 http://www.opengroup.org/face

FACE - Purpose

• Delivers an open architecture that enables rapid deployment and re-use of software across platforms Includes both a technical specification and a business

model

• Enables more capability sooner, on more platforms Expands software supplier choices and enables

interoperability Creates a platform for integrating both future and

legacy systems

• Provides an industry library of conformant software and supporting safety / security evidence to accelerate usage

4 http://www.opengroup.org/face

Applications written to Baseline Profile would run on ALL platforms (Extremely Portable but may not leverage fuller capabilities of some

platforms!)

Overlap of Capabilities

Fighter

Bomber

Helicopter

Cargo

UAS

• Nav• Comm• SA• …

5 http://www.opengroup.org/face Distribution Statement A: Approved for Public Release

The FACE Consortium was formed in 2010 by The Open Group

Sponsors:

• Lockheed Martin• Naval Air Systems Command (NAVAIR)

• US Army PEO Aviation• Rockwell Collins

Associates: • AdaCore• Aitech Defense

Systems• Barco Federal Systems• Brockwell

Technologies• CALCULEX• Chesapeake

Technology Int’l.• CMC Electronics• CoreAVI• CTSi• Curtiss-Wright Controls

Defense Solutions• DDC-I• DornerWorks• Draper Laboratory• Esterel Technologies• FMS Secure Solutions• GE Intelligent

Platforms• Johns Hopkins Applied

Physics Lab

• L-3 Communications

• LDRA Technology• LynuxWorks• Objective Interface Systems

• Physical Optics Corp.• Presagis• QinetiQ North America• Real-Time Innovations• Richland Technologies• Stauder Technologies• Support Systems

Associates• Symetrics Industries• Thomas Production

Company• Tresys Technology• TTTech North America• Tucson Embedded

Systems• Verocel• ViaSat• Zodiac Data Systems

FACE Consortium Members

Principals: • ATK• BAE Systems• Bell Helicopter• Boeing• Elbit Systems of America

• GE Aviation Systems

• General Dynamics

• Green Hills Software

• Harris Corporation

• Honeywell Aerospace

• Northrop Grumman

• Raytheon• Sierra Nevada Corp.

• Sikorsky Aircraft• Textron Systems• US Army AMRDEC• UTC Aerospace Systems

• Wind River

6 http://www.opengroup.org/face

Smart Phone Analogy

FACE introduces smartphone application and portability concepts to DoD avionics while adding

variability (and competition) to all segments of the FACE Architecture

Commercial Military

TM

7 http://www.opengroup.org/face

FACE Architectural Segments

• FACE Portable Components Segment

• Portable Applications• Portable Common

Services

• Transport Services Segment

• Platform Specific Services Segment

• Platform Device Services• Platform Common

Services• Graphics Services

• I/O Services Segment• Drivers

• Operating System Segment

FACE™ COTS Solution Segments

9 http://www.opengroup.org/face

FACE – Program Adoption• Although only formed in June, 2010 FACE already has

significant program support:

• Navy Next Generation Jammer Technology Development• Navy C-130T• Army Airborne Radio Control Display Unit (CDU) Replacement• Navy H-1 HMD• Navy ADDS• Navy Full Motion Video• Navy RNP/RNAV Portable Software Component• Army Joint Multi-Role Technology Generator Phase 2• Navy AACUS• Army Air-to-Air Targeting of Turreted Systems• Navy FACE Software Reference Architecture• Navy AMCD/MSC 2nd OSP Upgrade

See current program tracking at: http://www.opengroup.org/FACE/procurements

10 http://www.opengroup.org/face

• FACE is supported by both industry and government

• FACE solves the military platform reuse challenge

• FACE delivers more capability at lower cost

FACE Summary

FACE™ COTS Solution Segments

GE Intelligent PlatformsMilitary and Aerospace Embedded

Computing

June 2011

FACE™ and COTS MOSA HardwareOperating System Segment

Transport Services Segment

Platform Specific Services Segment

I/O Services Segment

FACE Portable Components

Device Drivers

FACE Portable Components

FACE Portable Components

…FACE™

Architecture

COTS Modular

Open Systems

Architecture

FACE™ Board & System Support (preliminary)

Transport Services Segment

Platform Specific Services Segment

I/O Services Segment

Operating System Segment

OS API for Network

Stack Services

OS API forCommon

Processing Services

GE BSP/ESP

GE FABRIC Suppor

t

1553

429

Serial

other

P2P

SRIO

ESP1

ESP2

1-10GE

other

GE Intelligent Platforms

IB

Drivers HPEC

AXISView

AXISFlow

FACE Architecture

GE AXIS - Advanced Multiprocessor Integrated Software

FACE™ Deployed Test (preliminary)

Platform Specific Services Segment Platform Common Services

ARINC 653 Health Monitoring

Configuration Services

GE Intelligent Platforms BIT

Power-Up / Initialization BIT functions; INTRUSIVE for highest

coverage

GE Intelligent Platforms BCS

Background Condition Screening : NON-INTRUSIVE CBIT / IBIT

functions

Reports

Operating System Segment

Reports

FORCE1™FACE™ Open Reference Computing EnvironmentSBC312 Freescale P4080 processor

GPU

I/O Dual DVI, VGA output 2x USB 3x Gigabit Ethernet 2x RS232 serial comms 28 VDC input power

Software VxWorks 653 Wind River Hypervisor 2.0

– With VxWorks (AMP/SMP) Guest OS, Linux Guest OS VxWorks MILS

FORCE1™ Block DiagramFACE Open Reference Computing Environment

PCIe-PCI-X

PSUFilter

DDR3

DDR3

DDR3

DDR3

DDR3

DDR3

DDR3

DDR3

DDR3

DDR3

PHY

P4080

GPU

2x DVI

2x VGA

2x USB

2x RS232

3x 1000BASE-T

x4 PCIe

FACE™ COTS Solution Segments

Wind River A&D Solutions Portfolio

Networking, Graphics, Security, and Connectivity Middleware

Wind River Virtualization

VxWorksWind River

LinuxAndroid

Optimized Hardware Integration

Simics Workbench

Wind River

Services

PartnerSoftware

Ecosystem

20

Land Military Aviation Space Commercial AviationSea

Wind River VxWorks 653

VxWorks 653

ARINC 653 Application

Optimized Hardware Integration

21

ARINC653

Health Management

POSIXApplication

VxWorksApplication

Wind River Hypervisor Vision

Wind River Hypervisor

FACEMinimum

Safety Profile

Guest OS

Optimized Hardware Integration

22

ARINC653

Guest OS

FACEGeneralPurposeProfile

Guest OS

Linux

Guest OS

VxWorks

Guest OS

Android

Guest OS

Simics System Simulation

Processorand Memory

SoC Devices Complete Boards Complete Systems and Networks

Devices, Racks of Boards,and Backplanes

System Complexity

Cu

sto

me

r E

ffic

ien

cy

an

d P

rod

uc

tiv

ity

Wind River Proven leader in aerospace and defense

Wide range of COTS solutions

Ready to respond to large industry trends and migrations

FACE™ COTS Solution Segments

Peer-To-Peer/Portable Databus

OMG Data Distribution Service (DDS)

Sen

sor

Dat

a

Control App

Com

man

ds

Sta

tus

Sensor

Sen

sor

Dat

a

Actuator

Com

man

ds

Sta

tus

Sensor

Sen

sor

Dat

a

Display App

Sen

sor

Dat

a

Sta

tus

Data-Centric Messaging

Source(Key) Latitude Longitude Altitude

RADAR1 37.4 -122.0 500.0

UAV2 40.7 -74.0 250.0

LPD3 50.2 -0.7 0.0

Distributed Data Model and System State

Hundreds Of DDS Applications

Introducing RTI Connext DDS Micro

• Scalable product linefor constrainedenvironments

• Certifiable component– Targeting DO-178C Level A– ~25K ELOC

• Follows OMG DDS specification• FACE Transport Services Interface

Tran

spor

t Ser

vice

s

Flexible and Highly Portable FACE TSS

Portable FACE App

Portable FACE App

PSS Component

Opti

mize

d in

tra

proc

ess

‑co

mm

unic

ation

Shar

ed m

emor

y (in

ter-

proc

ess,

in

tra-

parti

tion)

ARIN

C Po

rts

(inte

rpa

rtitio

n)‑ So

cket

s(u

nica

st, m

ultic

ast;

inte

rno

de)

‑

Oth

er/C

usto

m(e

.g.,

bus,

DIL

)

RTI Connext DDS Micro

PSS Component

FACE Security Profile(upward compatible with Safety and General-Purpose profiles)

FACE™ COTS Solution Segments

© 2013 ANSYS, Inc. April 8, 202332 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

Esterel Technologies mission

Provide critical system and software developers

with model-based development solutions

that reduce cost, risk and time-to-certification

© 2013 ANSYS, Inc. April 8, 202333 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

What is unique about SCADE ?

•SCADE is developed specifically to be able to address critical system and software applications

•SCADE Suite and Display Code Generators are certified/qualified according to the following international safety standards:

• DO-178B / DO-178C (2013) qualification up to Level A – Aerospace & Defense

• EN 50128 certification up to SIL 3/4 – Rail Transportation • IEC 61508 certification up to SIL 3 – Industrial & Energy

• IEC 60880 full compliance – Nuclear Instrumentation & Control• IEC 62304 full compliance – Medical Systems• EN 13849 full compliance – Industrial Machines Safety

• ISO 26262 certification up to ASIL D – Automotive (2013)

•Same products qualified at the highest level of safety across 5 market segments by 10 safety authorities, worldwide

© 2013 ANSYS, Inc. April 8, 202334 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

SCADE Product Family

Model-Based System Engineering

System Architecture,System Verification

HMISoftware Design

Prototyping, Design, Verification, Qualified

Code GenerationSystem & Software

Lifecycle Mgt

Certification Plans, Metrics, Requirements, Configuration

Management,Documentation

Generation

ControlSoftware Design

Prototyping, Design,Verification, Qualified

Code Generation

© 2013 ANSYS, Inc. April 8, 202335 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

The ARINC 661 Use Model

UA SUPPLIER

Embedded IMA System(Logics)

EmbeddedCockpit Display System

(Graphics)

A661 RunTime ServerUA2

(e.g. ATC)UA3

(e.g. TCAS)UA1

(e.g. FMS)

01101010100011100101010001010111101

Binary Definition Files

Set Parameter

Notify

ARINC 661

Pilot inputs

CDS SUPPLIER

© 2013 ANSYS, Inc. April 8, 202336 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

SCADE Solutions for ARINC 661Cockpit Display System: Configurable ARINC 661 Server Generation

Embedded IMA System(Logics)

EmbeddedCockpit Display System

(Graphics)

Request/Notify

WidgetCreator

EmbeddedA661Server

Configurable

A661 Server

+ Widget Library

Custom A661 Widget Library

C

UA SUPPLIER(s) / AIRFRAMER CDS SUPPLIER / AIRFRAMER

UA Logic (SCADE Suite)

UA PageCreator

Logic / Graphics Coupling

CodeC

SCADE Suite KCG

DFXML BIN

SCADE UA1

(e.g. FMS)

SCADE UA2

(e.g. TCAS)

Other UA3

(e.g. ATC)

ARINC 661

Custom A661 Widget Library

Server CreatorSCADE Suite & Display KCG)

A661 Widget Library

Custom A661 Widget Library

A661 Conf

UA Adaptor

UA DF Generator

© 2013 ANSYS, Inc. April 8, 202337 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

SCADE Solutions for IMA

IMA HW Platform (CPU, I/O, Networks: AFDX, ARINC 429…)

IMA Operating System

IMA Configuration

Table

Application2(e.g. FCS)

Application3(e.g. TCAS)

Application1(e.g. FMS)

CPANI106

DPCAPMON

DPCAPCOM

DPFOCOM

DPFOMON

CPANI108

BPRIMOK

... ...2.0

1...

13 0 f alse

CONFS

R

f alse f alse

BASC

778

*

11

N080110

(-24.0) 24.0 4P080525Z8

... ...2.0

1...

13 0 f alse

CONFS

R

f alse f alse

BASC

779

*

12

N080110

(-24.0) 24.0 4P080525Z8

BPO...

BFSSRDPCAPMONP

BFSSRDPCAPMON

BFDPCAP

BFDPFO

BFSSRDPFOMONP

BFSSRDPFOMON

BFFOROLL

BFCAPROLL

P080525ZU P080525ZA P080525ZB

P080525ZR

P080525Z7

P080525Z6

P080525Z8

P080525ZS P080525ZG P080525ZH

P080525ZR

P080525Z0

P080525Z1

P080525Z8

P080525ZP

P080525ZQ

P080525ZC

P080525ZI

P080525ZD

P080525ZE

P080525ZHP080525Z5

P080525Z6

P080525Z1

P080525Z3 P080525ZB

Partitions

Manual or legacy Code

IMA Usage Domain (Platform Constraints)

IMA Platform provider

Partitions Partitions

A653 API

© 2013 ANSYS, Inc. April 8, 202338 © Esterel Technologies - An ISO 9001:2008 Certified Company - Confidential & Proprietary

What is in SCADE for FACE?

• SCADE provides a complete set of solutions for efficient implementation of applications in the FACE environment:o Code generation: SCADE Suite KCG

• DO-178B/C certified and automatic code generation from SCADE models (Portable Components)

• Automatic wrapping of SCADE generated code with FACE communication layers/API (i.e. TS)

o CDS and User Applications: SCADE Solutions for ARINC 661 Compliant Systems • Full implementation of the ARINC 661 standard to generate the Cockpit

Display Server and the User Applications (Portable Components)• Support Direct or In-Direct Graphic Rendering with OPENGL SC/ES graphic

driverso IMA: SCADE Solutions for IMA

• Description of ARINC 653/IMA architecture and automatic generation of IMA configuration tables

FACE™ Technical Interchange Meeting

(TIM)

April 2, 2013

Wright-Patterson Air Force Base

Holiday Inn Dayton Fairborn

http://www.opengroup.org/FACE/events

Over 25 FACE Consortium vendors will display their products at this event

Joint FACE™ COTS Solution Demonstration at WPAFB TIM

Audience Q & A

Chip Downing, Senior Director of Aerospace and Defense, Wind River

David French, Director of Business Development, GE Intelligent Platforms

Dr. Edwin de Jong, Director of Product Management and Strategy, RTI

Bernard Dion, CTO, Esterel Technologies

Thanks for joining us

Event archive available at:

http://ecast.opensystemsmedia.com/

E-mail us at: clong@opensystemsmedia.com

The FACE Consortium

Steering CommitteeChair: Bob Matthews

(NAVAIR)Vice Chair: Jeff Howington

(Rockwell Collins)Judy Cerenzia

(The Open Group)

OutreachSubcommitteeChip Downing (Wind River)

LibrarySubcommittee

David Boyett(US Army AMRDEC)

ConformanceSubcommitteeSteve Goetz

(US Army AMRDEC)

Business Model SubcommitteeGabriel Flores

(Northrop Grumman)

Enterprise ArchitectureSteve Davidson

(Raytheon)

AdvisoryBoard

FACE / UCS AlignmentBill Antypas

(Real Time Innovations)

Data Model & Data Definition

Jeff Hegedus(Raytheon)

Reference Implementation

GuideKirk Avery

(Lockheed Martin)

SecuritySubcommittee

Joe Neal(Harris)

Verification Matrix

Marcell Padilla (NAVAIR)

Technical Working GroupChair: Rob Sweeney

(NAVAIR)Vice Chair: Kirk Avery

(Lockheed Martin)

Business Working GroupChair: Dennis Stevens

(Lockheed Martin)Vice Chair: David Boyett

(US Army AMRDEC)

575 Individual Participants

50+ FACE Consortium

Members

FACE Consortium ContactsBob Matthews, PMA209EA

FACE Steering Committee Chair

robert.matthews@navy.mil(301) 995-4971

Website: www.opengroup.org/face

Judy Cerenzia, The Open Group

FACE Program Directorj.cerenzia@opengroup.org

(814) 234-2234

Mike Hickey, The Open Group

Membership Contactm.hickey@opengroup.org

(512) 343-9159