Producing a safety case for IMA blueprints

The aim of this paper is to show how a safety argument could be constructed for the use of blueprints in platforms using Integrated Modular Avionics (IMA). It is assumed that the IMA system will contain safety-critical elements. Given current safety analysis techniques, there is no certainty that this can be achieved satisfactorily. Initially there is a need to define a blueprint; once this is done the blueprints will be considered by looking at the impact of Blueprints on IMA Safety. The ultimate objective of IMA is to produce a reconfigurable system. Whilst this has potential safety benefits, there are substantial problems with the ability to argue that a reconfigurable IMA is safe. Consequently, this project will concentrate on a 3 Step Approach towards developing full IMA capability. The three steps are: 1) Fixed number of prioritised configurations (e.g. lookup table); 2) Ground (static) reconfiguration (between operations); 3) Dynamic reconfiguration. This approach is progressively more complex, but will enable confidence to be gained from success at each step. At each step, the above considerations need to be investigated and areas of research will be examined to determine whether they can contribute towards the IMA blueprint safety argument. The safety argument that is produced in this paper is generic and has been produced as part of an MSc project. However, the overall IMA safety argument needs to consider many other issues and factors, which may affect the safety of blueprints and by implication, the ability to certify such systems. This is not covered in this paper, but is expanded in more detail in the MSc project (Jolliffe, 2004)