The transition towards autonomous operations for Urban Air Mobility introduces significant safety challenges, necessitating novel safety assurance strategies. One such strategy is runtime assurance, which ensures the safe behavior of a system during its actual operation. This can be implemented by using a safety monitor that detects unsafe behaviors and then activates a switch to a recovery function to return the system to a safe state. This paper investigates the certification aspects of runtime monitoring, a core component of runtime assurance. We analyze the regulatory framework of urban air mobility, and discuss implications of aviation software standards such as DO-178C and it supplements on runtime assurance. As a concrete example to discuss, Detect-and-Avoid is introduced and motivated from the requirements of the Minimum Operational Performance Standards. The use case is analyzed from a system and a software perspective. From a system perspective, the architecture is compared to the runtime assurance standard practice published by ASTM International. From a software perspective, we assess the stream-based specification language RTLola against the development assurance objectives in the de-facto software development standard DO-178C. As an example, we highlight the role of traceability between the different levels of software requirements. The goal of this research is to illustrate the use of runtime monitoring in the context of certification for Urban Air Mobility applications to improve operational safety and enable increasing levels of automation.
AIAA SciTech Forum / AIAA Aerospace Sciences Meeting (AIAA)
2024-01-08
2024-07-25