A Survivable Avionics System for Space Applications.

Authors: Gerd Urban, Hans-Joachim Kolinowitz, Jan Peleska

This paper describes an advanced survivable avionics system for future manned or unmanned space missions. The basic element of such an avionics system is a Byzantine fault tolerant computer (FTC), which has already been developed at DASA-RI for operation in the Russian sement of the International Space Station Alpha (ISSA). The paper will outline the essential design elements of the FTC, especially the efficient realisation of the Byzantine protocol within the constraints of technical risk and cost. We describe a quadruple redundant MIL 1553 bus system with a synchronised packet protocol as communication medium between FTC and the peripheral sensors and actuators. To illustrate the generic approach applied in the FTC design, this paper also describes a fault tolerant Propulsion Drive Electronics (PDE) as a redundant actuator sub-system. The PDE will be equipped with basic communication and control elements re-using the FTC design. The paper outlines, how cost-efficient, fault tolerant end-to-end systems can be established, if generic basic elements are re-used in a replicated way. For the verification of safety-critical software components, an integrated verification and test approach has been applied. This approach is based on formal specifications using CSP (Communicating Sequential Processes) and allows to verifiy and test essential correctness requirements in a highly automated way using tools for model checking of refinement properties, stochastic load analysis and real-time testing.

Keywords: Byzantine Fault Tolerant Computer - CSP - Formal Verfication - Test Automation - Transputer - MIL-STD 1553 Bus - Propulsion Drive Electronic