A new approach to improve safety of reconfiguration in Integrated Modular Avionics

Reconfiguration, a new technique to realize fault-tolerance and respond to changes in external environment, has been adopted in the design of Integrated Modular Avionics (IMA). The benefits brought to the system include: reducing the cost of hardware redundancy and improving system´s ability to perform various tasks under different situations. The complexity of such reconfigurable system has made it difficult to ensure the safety of it. Traditional analysis approaches mainly focus on single component failure, suffering the potential to underestimate the influence of design flaw during system development and the interaction between components (e.g. human and automation). Furthermore, dynamic changes brought out by reconfiguration might affect not only the human operator, but also the organization in which the system developed. In this paper, an approach has been proposed to address the problem of safety of Avionics reconfiguration. System-Theoretic Process Analysis (STPA) has been used to perform hazard analysis. Focusing on the coordination between human operator and automation, we define two criteria which could be applied to decide autonomy level: 1) Failure Degree; 2) Time budget for mode change scenario. Furthermore, to identify the impact of dynamic changes to the safety of Avionics reconfiguration, System dynamics modeling has been taken to analyze and model the human factors (mental workload, situation awareness and complacency) behind the dynamic process. The analysis results could be used during system development, system operation and project revision process to ensure safety of reconfigurable Avionics system.