This case study focuses on safety and security monitoring of an avionics application. It targets autonomous detection and classification of unexpected system behaviour. The intention is to assemble an effective mitigation strategy, which results in a set of suggestions for the pilot. Those are then to be either approved or modified and acted upon. Alternatively, the person in charge of the system, i.e. the pilot, may also decline the proposed mitigation strategy. This interaction, between the machine and the pilot, places the human into the loop of the system as a form of improving the system safety and security monitoring.
The avionics use-case is therefore composed of two applications: Flyance: A Flight Management System (FMS) dependable application which role is to autonomously pilot an aircraft from its take-off airport to the landing airport, and the Cyber Black-Box (CBB) monitoring application which role is to ensure the correct behaviour of the FMS software on the target hardware.
The purpose of the FMS application is to mimic a Flight Management System (FMS) that is used in modern avionics is to provide the crew with centralized control for the aircraft navigation sensors, computer-based flight planning, fuel management, radio navigation management, and geographical situation information. The FMS is responsible for services that allow in-flight guidance of the plane. Throughout the pre-set flight plans, starting with the airport take-off and finishing with the airport landing, the FMS is responsible for plane localisation and trajectory computation. It is FMS that enables the plane to follow the flight plan, and reaction to pilot directives. The FMS application is constituted by 25 time-critical tasks that are regrouped as presented in Figure 2:
The role of the CBB application is to ensure the correct behaviour of the autonomous piloting software (the FMS) on the hardware CPSoS. Figure 3 is presenting the different components involved in the cyber-blackbox.
Both the flight management system and the cyber-blackbox are being mapped to the target hardware board provided by I&M. The hardware includes an Aurix Tricore carrier board connected to an ARM-based NXP iMx8 socket on module. Mapping the different components of the cyber-blackbox to this hardware requires consideration of each component requirements in terms of performance and connectivity while minimising the potential timing interference with the safety-critical real-time application that is the Flight Management System.
The challenges that will be solved via the TEACHING platform
Within the TEACHING project, we will couple hardware monitoring systems with machine learning to 1) offline, learn how the FMS software behave on the hardware in a normal / nominal context, building a signature of the correct software behaviour; and 2) online, infer deviation from the normal / expected behaviour to detect anomalies corresponding to either safety issues or security threats.
Integrating AI components into autonomous piloting system is challenging even though we for now focus on a HUMS / HIDS system monitoring the autonomous piloting application. In the avionics domain, the ability to be able to perform post-mortem analysis is critical, while explainability is key challenge for machine learning algorithms.
The impact of TEACHING in the avionics domain
As autonomous piloting has been in its existence for decades in the avionics industry without relying on AI algorithms, there is a certain level of resistance to introduce such algorithms to autonomous piloting. These algorithms are generally not considered by the avionics standards and there are no specific rules on how to certify such algorithms; the prime concern of being able to perform post-mortem analysis is in contradiction with the lack of explainability on how deep neural network, in particular, are computing the correct solution.
However, monitoring is also an important part of the safety process, where it can detect and correct errors on the fly, detect failures and start safety-related procedures to fail back to a nominal state as quickly as possible, etc. Such systems could be separated into two categories. From the perspective of safety, Health Usage and Monitoring Systems (HUMS) utilise data collection and analysis techniques to help ensure availability, reliability and safety of the aircraft systems, whereas, on the security side, Host-based Intrusion Detection Systems (HIDS) monitor malicious activity or policy violations to detect intrusion or cyber-attacks.
This monitoring activity would benefit from an introduction of AI-based algorithms, without impacting the ability to certify autonomous piloting. In the TEACHING project, the avionics use-case is considering the addition of an AI-based cyber-blackbox, whose role is to ensure the nominal and normal behaviour of the software on the hardware.