Why test an app that is connected to avionics?

Why Test of Avionics Apps

Hello World, this is the first of a series of three articles explaining how to test a secure and safe app connected to avionics.

Avionics modules… What are those?

Per the Federal Aviation Administration Handbook, it is a system that can automatically perform many tasks that pilots used to have to perform manullay. An example is the flight management system (FMS), which defines the flight route and automatically performs most of the course, distance, time and fuel calculations [1]. Avionics requires safety software development depending on its criticality levels assessed by the industrial standards ARP4754A [2] and ARP4761 [3]. The criticality levels go from A (Catastrophic) to E (No effect).

For instance, the Aircraft’s FADEC (or Full Authority Digital Engine Control [4]), is Level A.

Mobile apps connected to avionics

First things first. When developing mobile applications connected to avionics there will be a bi-directional flow of information between both devices:

Figure 1: Bi-directional information flow in an mobile application to a (avionics) Flight Management Computer (FMC).

In this case, the application could display information from the FMC, as the completed flight plan after the aircraft has landed, after a request from the application, such as elapsed fuel, wind data, etc.

Are there any test guidelines for applications connected to avionics?

Now, let’s go back to the goal of the article: Why should you test an app connected to an avionics module?

Aiming to find responses, I performed a state-of-the-art investigation in 2019, starting with the information available in the Global Air avionics directory [5].

The research results:

  • Only two companies offer mobile applications connected to avionics
  • Three companies offer connectivity to avionics
  • Only one company offers connectivity to avionics with certified safety-critical software

And, did I find any guidelines to test an app connected to avionics? The response was NO.

CompanyMobile apps? Connectivity to avionicsCertified software?Products offered
Dynamic EngineeringNoneNot offeredYesAS9100. IO, fan, power filtering applications
GarminConnextOfferedNoProvides systems for general aviation without certification for transport
GE Aviation SystemsCFMSOfferedYesFMS connectivity for EFB tablet application
GSS avionicsNoneNot offeredNoGSS100 is the most advanced database analysis tool. GUI for test and analysis in bench not certified (ARINC 429). Mil-Std-1553
HoneywellNoneNot offeredYesCertified in several platforms. Includes mobility applications but not for FMS or avionics
MAX TechnologiesNoneOfferedNoApplications for bench ARINC 629 analyzers
Rockwell CollinsNoneNot offeredYesMission Flight Management Software (MFMS-1000), Avoidance Re-router (ARR-7000) software. Virtual avionics software products
Universal avionicsNoneNot offeredYesFMS trainer
Table 1 – Benchmark of companies offering applications connectivity to certified avionics


The world is not just avionics

After getting the first NO, I went through a different investigation path, to understand another type of safety-critical systems, as the whole world is not just avionics, right?

As a result of this, I found safety-critical systems as medical, nuclear or power controlling.

For instance, Everbridge offers mobile the safety-critical medical application CARECONVERGE, a Critical Event Manager with key features to monitor critical medical events  [6].

Was I lucky enough to find test recommendations for applications connected to these types of safety-critical systems?
The response was once again NO.

Applications running in a RTOS

After two “failures” I went through a third investigation line: Are there any test recommendations for mobile applications running on a Real-Time Operating System (RTOS)? Let’s talk about it.

First of all, it is important to clarify that a RTOS is an Operative System (OS) with modular design and complies with predictability, reliability, stability, multitasking and other characteristics.

So, are the apps on my mobile phone running under a RTOS? Let explain this through

A verification checklist for iOS

CharacteristicComplies with RTOS?Why
ReliabilityNoOS should operate  without failure for a certain period of time
PredictabilityNoOS is expected to complete tasks (email, messaging, social network, uploading/downloading data) within a specific timeframe
PerformanceYesOS can process several outputs and at the same time is receiving inputs, how well complies with requirements in a timeframe
CompactnessYesOS can be small, portable
ScalabilityNoOS can be upgraded to a newer version, but this is limited to the HW version.
E.g.: An iPhone 3G cannot have an iOS 12.3.1 installed
Pre-emptiveYesOS basic functions as calling (receiving, sending) are preemptive over a music player, or a game; this is, they can interrupt other tasks that have higher priority
MultitaskingYesOS can be in a call, and at the same time receiving an email, SMS or application notification (as from a newspaper).  Seems like activities perform at the same time
SynchronizationYesOS can sync between information as pictures from different applications (Facebook, WhatsApp) with different storage devices (internal memory, Google Drive, iCloud)
Interrupt and Event HandlingYesOS has an interrupt vector that manages reception of emails, SMS and notifications from web site applications (as newspapers)
Input/OutputYesOS display information on screen, send information to the network, to another phone via a call, and constantly receive information
Inter-task CommunicationYesOS manages message queues and memory
Timers and ClocksNoOS only one task can be executed at a time and there is no timer for the task to expire
Table 2 – RTOS characteristics vs iOS

From the assessment made, iOS 12.1 only covers 66% of the RTOS characteristics, is not deterministic, an application can crash no matter if it is safety-critical or not, impacting the reliability, therefore iOS is not an RTOS.

Then, should I continue through this investigation path? I think yes.

Verification methods for FreeRTOS

The research continued and I found verification methods for FreeRTOS. EUREKA? Please don’t claim victory yet Óscar.

C. Pronk documented a case of study to verify the properties of FreeRTOS, an Android modified OS kernel that complies with safety-critical applications and RTOS requirements such as functional correctness, problems of implementation language, timing properties, safety properties, liveness properties, and fairness properties [7]

Are these verification methods satisfying our testing needs for secure and safe applications connected to avionics? Unfortunately NO.

Why? Because Pronk’s test methods are focused on verifying the RTOS characteristics, not to the applications ones.

So, how can I test my app connected to avionics?

Well, this investigation resulted in a test to my resilience and not to applications!

So, I decided to go to a fourth path and defined my own method to test secure and safe applications connected to avionics, by merging the test requirements from  OWASP [8] and DO-178C [9].

I will explain this to you in detail in the following articles that will be published on coderskitchen.com.

Further readings and references

Share:

Legal Notice

This text is the intellectual property of the author and is copyrighted by coderskitchen.com. You are welcome to reuse the thoughts from this blog post. However, the author must always be mentioned with a link to this post!

2 thoughts on “Why test an app that is connected to avionics?”

  1. Great article Oscar.
    Really enjoyed the flow and the topic.
    Keep the resilience test.
    Looking forward for the flowing articles.

    Reply

Leave a Comment

Related Posts

DO-178C and OWASP in avionics app testing
Óscar Lugo Ruíz

DO-178C and OWASP in avionics app testing

My post series is explaining what tests should be applied to an avionics app – in my example to simulate the Instrument Landing System (ILS).