Design Assurance Evaluation of Microcontrollers for safety critical Avionics

TL;DR

This paper evaluates whether safety-oriented automotive microcontrollers developed under ISO 26262 follow a design assurance approach similar to DO-254, aiming to reduce assurance efforts for avionics systems using COTS components.

Contribution

It provides an analysis comparing ISO 26262 safety processes with DO-254 design assurance practices for COTS microcontrollers in avionics.

Findings

ISO 26262 safety MCUs focus on reducing design errors.

Potential similarities between ISO 26262 and DO-254 processes.

Evaluation may lead to reduced assurance efforts for COTS in avionics.

Abstract

Dealing with Commercial off-the-shelf (COTS) com- ponents is a daily business for avionic system manufacturers. They are necessary ingredients for hardware designs, but are not built in accordance with the avionics consensus standard DO- 254 for Airborne Electronic Hardware (AEH) design. Especially for complex COTS hardware components used in safety critical AEH, like Microcontroller Units (MCUs), additional assurance activities have to be performed. All of them together shall form a convincing confident, that the hardware is safe in its intended operation environment. The focus of DO-254 is one approach called Design Assurance (DA). Its aim is to reduce design errors by adherence of prescribed process objectives for the entire design life cycle. The effort for certain COTS assurance activities could be reduced if it is possible to demonstrate, that the COTS design process is based on similar effective design process guide- lines to minimize desgin errors. In the last years, semiconductor manufacturers released safety MCUs in compliance to the ISO 26262 standard, dedicated for the development of functional safe automotive systems. These products are COTS components in the sense of avionics, but they are also developed according to a process that focuses on reduction of design errors. In this paper an evaluation is performed to figure out if the ISO 26262 prescribes a similar DA approach as the DO-254, in order to reduce the COTS assurance effort for coming avionic systems.