Skip to main content
Skip to article control options
No AccessFull-Length Paper

Improving Hazard Analysis and Certification of Integrated Modular Avionics

Published Online:

Integrated modular avionics systems present new opportunities and benefits for developing advanced aircraft avionics, as well as a series of challenges related to hazard analysis and certification. This paper addresses some of those challenges and proposes a new procedure for improving hazard analysis of integrated modular avionics systems. A significant objective of integrated modular avionics architectures is the ability to develop individual software applications independently and then integrate those applications onto one platform. It has been very difficult for both designers and certifiers to understand and predict how the system will behave when the applications are integrated into one system. Traditional fault-based hazard analysis techniques are limited with respect to this problem. Therefore, this paper uses a different technique, called Systems-theoretic Process Analysis, to identify hazardous behavior that emerges when individual applications are integrated. Systems-theoretic process analysis is a systems-theoretic hazard analysis technique that accounts for hazardous behavior due to component interaction, including cases when the components have not failed or faulted. Systems-theoretic process analysis is extended in this paper to account for behavior that emerges when software applications share data, which is a requirement in aircraft systems. The paper illustrates the new approach with an example that includes real-world avionics functions.


  • [1] Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations,” Radio Technical Commission for Aeronautics DO-297, Washington, D.C., 2005. Google Scholar

  • [2] Baker K., “Filling the FAA Guidance and Policy Gap for Systems Integration and Safety Assurance,” 30th Digital Avionics Systems Conference, IEEE, Piscataway, NJ, 2011, pp. 1B4-1–1B4-4. Google Scholar

  • [3] Bartley G. and Lingberg B., “Certification Concerns of Integrated Modular Avionics (IMA) Systems,” 27th Digital Avionics Systems Conference, IEEE, Piscataway, NJ, 2008, pp. 1.E.1-1–1.E.1-12. Google Scholar

  • [4] Lewis J. and Rierson L., “Certification Concerns with Integrated Modular Avionics (IMA) Projects,” 22nd Digital Avionics Systems Conference, IEEE, Piscataway, NJ, 2003, pp. 1.A.3–1.1-9. Google Scholar

  • [5] “Certication Considerations for Highly-Integrated or Complex Aircraft Systems, Revision A,” Society of Automotive Engineers, SAE International, SAE-ARP4754A, 2010. Google Scholar

  • [6] “Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment,” Society of Automotive Engineers, SAE International, SAE-ARP4761, 1996. Google Scholar

  • [7] Watkins C. B. and Walter R., “Transitioning from Federated Avionics Architectures to Integrated Modular Avionics,” 26th Digital Avionics Systems Conference, Vol. 1, IEEE, Piscataway, NJ, 2007, pp. 2.A.1-1–2.A.1-10. Google Scholar

  • [8] Watkins C., “Integrated Modular Avionics: Managing the Allocation of Shared Intersystem Resources,” 25th Digital Avionics Systems Conference, IEEE, Piscataway, NJ, 2006, pp. 1–12. Google Scholar

  • [9] Ramsey J. W., “Integrated Modular Avionics: Less is More-Fresh Approaches to Integrated Modular Avionic Architectures will Save Weight, Improve Reliability of A380 and B787 Systems,” Avionics Magazine, Vol. 31, No. 2, 2007, p. 24. Google Scholar

  • [10] Vincoli J. W., “Basic Guide to System Safety,” Wiley-Interscience, New York, 2006, p. 201. CrossrefGoogle Scholar

  • [11] Wang S. and Liu Y., “A Survey of System Safety Technique of Commercial Aircraft,” 9th International Conference on Reliability, Maintainability and Safety (ICRMS), IEEE, Piscataway, NJ, 2011, pp. 504–512. Google Scholar

  • [12] Rushby J., “New Challenges in Certification for Aircraft Software,” Proceedings of the Ninth ACM International Conference on Embedded Software, ACM, New York, 2011, pp. 211–218. Google Scholar

  • [13] Graydon P. and Kelly T., “Assessing Software Interference Management When Modifying Safety-Related Software,” SAFECOMP, Springer, Berlin, 2012, pp. 132–145. Google Scholar

  • [14] Prisaznuk P., “Arinc 653 Role in Integrated Modular Avionics (IMA),” 27th Digital Avionics Systems Conference, IEEE, Piscataway, NJ, 2008, pp. 1.E.5-1–1.E.5-10. Google Scholar

  • [15] Lalli V. R., Kastner R. E. and Hartt H. N., “Training Manual for Elements of Interface Definition and Control,” NASA TR-1370, 1997. Google Scholar

  • [16] Espinoza H., Ruiz A., Sabetzadeh M. and Panaroni P., “Challenges for an Open and Evolutionary Approach to Safety Assurance and Certification of Safety-Critical Systems,” IEEE First International Workshop on Software Certification (WoSoCER), IEEE, Piscataway, NJ, 2011, pp. 1–6. Google Scholar

  • [17] Page-Jones M., “The Practical Guide to Structure Systems Design,” Prentice–Hall, Upper Saddle River, NJ, 1988, pp. 63–66, 69–73. Google Scholar

  • [18] Boeing B747-400 G-BYGA Group ‘A’ L/E Flaps Retracted on Takeoff from O.R. Tambo Airport, South Africa,” South African Civil Aviation Authority Final Rept.  CA18/3/2/0717, Halfway House, South Africa, June 2010. Google Scholar

  • [19] Systems Engineering Handbook, NASA, 2007, p. 138. Google Scholar

  • [20] Conmy P. and McDermid J., “High Level Failure Analysis for Integrated Modular Avionics,” 6th Australian Workshop on Safety Critical Systems and Software, Vol. 3, ACM, New York, 2001, pp. 21–31. Google Scholar

  • [21] Conmy P., Nicholson M. and McDermid J., “Safety Assurance Contracts for Integrated Modular Avionics,” Proceedings of the Eighth Australian Workshop on Safety Critical Systems and Software, ACM, New York, 2003, pp. 69–78. Google Scholar

  • [22] Checkland P., Systems Thinking, Systems Practice, Wiley, New York, 1981, pp. 74–82. Google Scholar

  • [23] Leveson N. G., Engineering a Safer World, MIT Press, Cambridge, MA, 2012, pp. 63–67. CrossrefGoogle Scholar

  • [24] Yong C., Zexin W., Xupo O. and Liang Z., “Approach Civil Integrated Modular Avionics Airworthiness Certification by Iterative Incremental Certification Process,” IEEE 2nd International Conference on Digital Object Identifier, IEEE, Piscataway, NJ, 2010, pp. 148–151. Google Scholar

  • [25] Ruiz A., Habli I. and Espinoza H., “Towards a Case-Based Reasoning Approach for Safety Assurance Reuse,” Computer Safety, Reliability, and Security, Vol. 7613, Lecture Notes in Computer Science, 2012, pp. 22–35. CrossrefGoogle Scholar

  • [26] Kletz T. A., HAZOP and HAZAN: Identifying and Assessing Process Industry Hazards, Inst. of Chemical Engineersm Rugby, England, U.K., 1992, pp. 9–20. Google Scholar

  • [27] Gould J., Glossop M. and Ioannides A., “Review of Hazard Identification Techniques,” Health and Safety Lab. Rept.  HSL/2005/58, Sheffield, England, U.K., 2005. Google Scholar

  • [28] Kletz T., Computer Control and Human Error, Gulf Professional Publ., New York, 1995, pp. 45–56. Google Scholar

  • [29] Hulin B. and Tschachtli R., “Identifying Software Hazards with a Modified Chazop,” PESARO 2011: The First International Conference on Performance, Safety and Robustness in Complex Systems and Applications, XPS (Expert Publishing Systems), Wilmington, DE, 2011, pp. 7–12. Google Scholar

  • [30] Ishimatsu T., Leveson N. G., Thomas J. P., Fleming C. H., Katahira M., Miyamotoand Y., Ujiie R., Nakao H. and Hoshino N., “Hazard Analysis of Complex Spacecraft Using Systems-Theoretic Process Analysis,” Journal of Spacecraft and Rockets, Vol. 51, No. 2, 2014, pp. 509–522. doi: JSCRAG 0022-4650 LinkGoogle Scholar

  • [31] Leveson N., Couturier M., Thomas J., Dierks M., Wierz D., Psaty B. M. and Finkelstein S., “Applying System Engineering to Pharmaceutical Safety,” Journal of Healthcare Engineering, Vol. 3, No. 3, 2012, pp. 391–414. doi: CrossrefGoogle Scholar

  • [32] Pereira S. J., Lee G. and Howard J., “A System-Theoretic Hazard Analysis Methodology for a Non-Advocate Safety Assessment of the Ballistic Missile Defense System,” Defense Technical Information Center (DTIC) Document, ADA466864, Fort Belvoir, VA, 2006. Google Scholar

  • [33] Thomas J., “Extending and Automating a Systems-Theoretic Hazard Analysis for Requirements Generation and Analysis,” Sandia National Labs. Rept.  SAND2012-4080, Albuquerque, NM, 2012. CrossrefGoogle Scholar

  • [34] Thomas J. and Leveson N., “Performing Hazard Analysis on Complex, Software- and Human-Intensive Systems,” 29th International System Safety Conference, International System Safety Society, Unionville, VA, 2011. Google Scholar

  • [35] Suo D., An J., Wu J. and Zhu J., “Filling the Gap Between IMA Development and Safety Assessment Through Safety-Driven Model-Based System Engineering,” 31st Digital Avionics Systems Conference, IEEE, Piscataway, NJ, 2012, pp. 1–22. Google Scholar

  • [36] Fleming C. H., Spencera M., Thomasa J., Levesona N. and Wilkinson C., “Safety Assurance in Nextgen and Complex Transportation Systems,” Vol. 55, Safety Science, 2013, pp. 173–187. Google Scholar

  • [37] Bislins W., “Variable Camber Leading Edge Flaps (Cross-Section),” US Patent US4262868A. Google Scholar