DO-278A Training | Software Integrity Assurance

DO-278A Training Software Integrity Assurance 

DO-278A is the second version of the baseline DO-278 document.  It’s a corollary to DO-178C, which is a similar standard for airborne software safety, e.g., software that typically executes onboard aircraft which contributes to flight safety.

DO-278 provides guidelines for the production of software for ground based avionics systems and equipment that performs its intended function with a level of confidence in safety. The guidelines are in the form of:

• Objectives of software life cycle processes
• Description of activities and design considerations for achieving these objectives
• Description of the evidence that indicate that the objectives have been satisfied

The document discusses those aspects of certification that pertain to the production of software for ground based avionics systems and used in CNS or ATM equipment.

Today, DO-278A is a standalone document. Although it describes many activities, processes, and objectives that are in common with DO-178C, it is no longer necessary to use them side-by-side.

The Assurance Levels in DO-278A are labeled AL1 through AL6 and they are slightly different from those in DO-178C where they are labeled A through E. DO-278A has specific objectives based upon the assurance level (AL) of the software

DO-278A is all about developing ground-based systems (containing software) which are involved with aircraft operations. These ground-based systems almost always make heavy use of Commercial Off The Shelf (COTS) technologies including hardware and software.

The ground-based systems governed by DO-278A often have much larger, and more diverse, software components than their airborne avionic counterparts.

Thus the size, diversity, and increased reliance upon COTS technology all play a key role in the need for DO-278A and the difference between DO-278A and DO-178C.

Sometimes called the aviation standard for ground-based systems, DO-278A also applies to other application domains, such as:

• UAS ground controllers/stations (e.g., pilot stations)
• GPS equipment on the ground when in the airplane control realm
• Ground-based transceivers, including ADS-B functionality

DO-278A has specific objectives based upon the assurance level (AL) of the software.

Higher AL’s must satisfy more DO-278A objectives than lower levels.  After the software criticality level has been determined, you examine DO-278A to determine exactly which objectives must be satisfied for the software.

DO-278A Training Course Description

DO-278A training provides you with the knowledge, concepts, principals, history, standards, and tools relevant to DO-278A. Learn about  DO-278A, Software Integrity Assurance Considerations for Communication, Navigation, Surveillance and Air Traffic Management (CNS/ATM) Systems.

We will teach you how to create, develop, and verify avionic software to DO-278A/ED- 109A. Also, we will cover the supplements of DO-278A/ED-109A to deliver extra support for model-based design, object-oriented programming and official techniques. DO-278A training will also discuss the logic behind the goals in DO-278A/ED-109A, the Tool Qualification document (DO-330/ED-215) and the supplements including DO-331/ED-216, DO-332/ED-217 and DO-333/ED-218.

DO-278A training is delivered in two separate modules; lectures and practical activities. Participants will learn all the theoretical material needed to develop and implement DO-278A via fun, interactive lectures and then they will experience what they have been taught through practical activities. The Practical module includes several labs, group activities, and hands-on seminars.

Audience

DO-278A training is a 3-day course designed for:

• Software engineers
• Software testers
• Managers
• Quality assurance or certification personnel
• All individuals interested in learning about DO-278A

Training Objectives

Upon the completion of DO-278A training, the attendees are able to:

• Create, develop, and verify software to fulfill the goals of DO-278A/ED-109A
• Understand the difference between high-level and low-level requirements of DO-278A
• Discuss the meaning of DO-278A/ED-109A by requirements-based evaluation?
• Discuss the modified condition/decision coverage (MC/DC)?
• Explain the data coupling evaluation and control coupling
• Understand the data adaptation its application
• Use the product service history
• Apply supporting data in DO-248C/ED-94C
• Understand the concept and value of model simulation
• Understand the concept and value of qualified auto-code generators
• Discuss and explain the supplemental goals while using object-oriented technology
• Employ the object- oriented technology complement in their project even if they don’t use object-oriented methods
• Understand the concept and value of formal methods
• Reduce the frequency and amount of testing
• Create, develop, and verify software methods to fulfill the objectives of DO-330/ED-215
• Describe the five Tool Qualification Levels TQL1-TQL5
• Explain and understand the supplement DO-331/ED-216 on Model-Based Development and Verification
• Demonstrate model requirements
• Explain supplement DO-332/ED-217 on object-oriented technique and associated tools?
• Explain the extra objectives during the use of object-oriented technology
• Elaborate the needs of employing the object- oriented technology supplement to their project
• Explain the supplement DO-333/ED-217 on Formal Methods

Course Outline

Overview of DO-278A

• What is DO-278A
• What is ED-109A
• History of DO-278A/ED-109A
• DO-278A/ED-109A requirements
• DO-278A/ED-109A applications
• Gap Analysis
• Compliance Determination

DO-278A Key Features

• DO-278A fundamental principles
• DO-278A objectives
• Safety, software, hardware and certification of the avionic environment
• DO-278A audition
• DO-278A project management
• DO-278A budget management
• DO-278A schedule management
• Typical DO-278A initiation mistakes

DO-278A Planning Process

• DO-278A requirements
• DO-278A designing
• DO-278A coding
• DO-278A integration
• DO-278A reverse-engineering
• DO-278A verification and validation
• DO-278A quality assurance
• DO-278A configuration management

DO-278A Main Differences with DO-178

• Assurance Levels
• Classification
• Mitigation
• Commercial Off-The-Shelf (COTS) technology incorporation

Software Verification Process

• Avionics development data
• Data analysis
• Testing
• Coverage evaluation
• Traceability
• Verification and validation

Software Considerations

• Comprehensive input testing
• Reliability models
• Manifold version different software verification
• Previously-developed software
• Product service record
• Tools for developing environment

DO-278A Assurance Levels and Their Corresponding DO-178B / ED-12 Safety Levels

• AL1, corresponding to Level A
  • Disastrous: stops continual safe flight or landing, many lethal damages
• AL2, corresponding to Level B
  • Hazardous/Severe: possible lethal damages to a small amount of occupants
• AL3, corresponding to Level C
  • Major: damages crew efficacy, distress or possible damages to occupants
• AL4, no equivalent
• AL5, corresponding to Level D
  • Minor: abridged aircraft safety limitations, but well inside crew competences
• AL6, corresponding to Level E
  • No impact: does not impact the safety of the airplane at all

DO-278A Requirements Documentation

• SAAP: Software Aspects of Approval Plan
• SQAP: Software Quality Assurance Plan
• SCMP: Software Configuration Management Plan
• CCP: Configuration Control Protocols
• Software code standard
• Software design standard
• Software requirements guideline
• SDP: Software Development Plan
• SVP: Software Verification Plan
• Source, implementable object code, SCI and SECI
• Software design documentation
• Software requirements documentation
• Traceability
• Test cases
• Verification outcomes
• Quality assurance logs
• Configuration management logs

Security Tools

• Cryptography
• Access security
• Intrusion detection
• Information and data protection
• Hazard analysis
• Vulnerability analysis

DO-278A Supplements

• RTCA DO-330
  • Software tool qualification considerations
• RTCA DO-331
  • Model-Based development and verification supplement
• RTCA DO-332
  • Object-oriented technology and related techniques supplement to DO-178C and DO-278
• RTCA DO-333
  • Formal methods supplement

TONEX Case Study Sample: Flight-Crucial Data Reliability Assurance For Ground-Based COTS Elements

• System description
• Current guidelines associated with ground-based systems and COTS
• DO-278A coverage associated with this topic
• FFA ground-based standards
• Approaches to safety and security
• Risk mitigation evaluation
• Data integrity in ground-based systems
• Recommendations
• Proof-of-concept architecture

DO-278A Training