Jump to content
Join the Alien Search, login or register FREE on Aliens and Space Forum
Members Can Post Anonymously On This Site

Key Considerations When Developing Avionics for Safety-Critical Systems

NASA

By NASA
in NASA

 Share

Recommended Posts

  • Publishers
NASA Mentor

NASA

Posted
  • Publishers
Posted

This article is from the 2024 Technical Update.

Multiple human spaceflight programs are underway at NASA including Orion, Space Launch System, Gateway, Human Landing System, and EVA and Lunar Surface Mobility programs. Achieving success in these programs requires NASA to collaborate with a variety of commercial partners, including both new spaceflight companies and robotic spaceflight companies pursuing crewed spaceflight for the first time. It is not always clear to these organizations how to show their systems are safe for human spaceflight. This is particularly true for avionics systems, which are responsible for performing some of a crewed spacecraft’s most critical functions. NASA recently published guidance describing how to show the design of an avionic system meets safety requirements for crewed missions.

Background
The avionics in a crewed spacecraft perform many safety critical functions, including controlling the position and attitude of the spacecraft, activating onboard abort systems, and firing pyrotechnics. The incorrect operation of any of these functions can be catastrophic, causing loss of the crew. NASA’s human rating requirements describe the need for “additional rigor and scrutiny” when designing safety-critical systems beyond that done
for uncrewed spacecraft [2]. Unfortunately, it is not always clear how to interpret this guidance and show an avionics architecture is sufficiently safe. To address this problem, NASA recently published NASA/TM−20240009366 [1]. It outlines best practices for designing safety-critical avionics, as well as describes key artifacts or evidence NASA needs to assess the safety of an avionics architecture.

Failure Hypothesis
One of the most important steps to designing an avionics architecture for crewed spacecraft is specification of the failure hypothesis (FH). In short, the FH summarizes any assumptions the designers make about the type, number, and persistence of component failures (e.g., of onboard computers, network switches). It divides the space of all possible failures into two parts – failures the system is designed to tolerate and failures it is not.

screenshot-2024-12-12-at-9-58-01 am.png?

One key part of the FH is a description of failure modes the system can tolerate – i.e., the behavior exhibited by a failed component. Failure modes are categorized using a failure model. A typical failure model for avionics splits failures into two broad categories:

  • Value failures, where data produced by a component is missing (i.e., an omissive failure) or incorrect (i.e., a transmissive failure).
  • Timing failures, where data is produced by a component at the wrong time.

Timing failures can be further divided into many sub-categories, including:

  • Inadvertent activation, where data is produced by a component without the necessary preconditions.
  • Out-of-order failures, where data is produced by a component in an incorrect sequence.
  • Marginal timing failures, where data is produced by a component slightly too early or late.

In addition to occurring when data is produced by a component, these failure modes can also occur when data enters a component. (e.g., a faulty component can corrupt a message it receives). Moreover, all failure modes can manifest in one of two ways:

  • Symmetrically, where all observers see the same faulty behavior.
  • Asymmetrically, where some observers see different faulty behavior.

Importantly, NASA’s human-rating process requires that each of these failure modes be mitigated if it can result in catastrophic effects [2]. Any exceptions must be explicitly documented and strongly justified. In addition to specifying the failure modes a system can tolerate, the FH must specify any limiting assumptions about the relative arrival times of permanent failures and radiation-induced upsets/ errors or the ability for ground operator to intervene to safe the system or take recovery actions. For more information on specifying a FH and other artifacts needed to evaluate the safety of an avionics architecture for human spaceflight, see the full report [1].

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Similar Topics

    • NASA
      NASA Tests Key Spacesuit Parts Inside This Icy Chamber
      By NASA
      6 min read
      Preparations for Next Moonwalk Simulations Underway (and Underwater)
      An astronaut glove designed for International Space Station spacewalks is prepped for testing in a chamber called CITADEL at NASA JPL. Conducted at temperatures as frigid as those Artemis III astronauts will see on the lunar South Pole, the testing supports next-generation spacesuit development.NASA/JPL-Caltech Engineers with NASA Johnson and the NASA Engineering and Safety Center ready an astronaut glove for insertion into the main CITADEL chamber at JPL. The team tested the glove in vacuum at minus 352 degrees Fahrenheit (minus 213 degrees Celsius).NASA/JPL-Caltech A JPL facility built to support potential robotic spacecraft missions to frozen ocean worlds helps engineers develop safety tests for next-generation spacesuits.
      When NASA astronauts return to the Moon under the Artemis campaign and eventually venture farther into the solar system, they will encounter conditions harsher than any humans have experienced before. Ensuring next-generation spacesuits protect astronauts requires new varieties of tests, and a one-of-a-kind chamber called CITADEL (Cryogenic Ice Testing, Acquisition Development, and Excavation Laboratory) at NASA’s Jet Propulsion Laboratory in Southern California is helping.
      Built to prepare potential robotic explorers for the frosty, low-pressure conditions on ocean worlds like Jupiter’s frozen moon Europa, CITADEL also can evaluate how spacesuit gloves and boots hold up in extraordinary cold. Spearheaded by the NASA Engineering and Safety Center, a glove testing campaign in CITADEL ran from October 2023 to March 2024. Boot testing, initiated by the Extravehicular Activity and Human Surface Mobility Program at NASA’s Johnson Space Center in Houston, took place from October 2024 to January 2025.

      An astronaut boot — part of a NASA lunar spacesuit prototype, the xEMU — is readied for testing in JPL’s CITADEL. A thick aluminum plate stands in for the cold surface of the lunar South Pole, where Artemis III astronauts will confront conditions more extreme than any humans have yet experienced.NASA/JPL-Caltech In coming months, the team will adapt CITADEL to test spacesuit elbow joints to evaluate suit fabrics for longevity on the Moon. They’ll incorporate abrasion testing and introduce a simulant for lunar regolith, the loose material that makes up the Moon’s surface, into the chamber for the first time.
      “We’ve built space robots at JPL that have gone across the solar system and beyond,” said Danny Green, a mechanical engineer who led the boot testing for JPL. “It’s pretty special to also use our facilities in support of returning astronauts to the Moon.”
      Astronauts on the Artemis III mission will explore the Moon’s South Pole, a region of much greater extremes than the equatorial landing sites visited by Apollo-era missions. They’ll spend up to two hours at a time inside craters that may contain ice deposits potentially important to sustaining long-term human presence on the Moon. Called permanently shadowed regions, these intriguing features rank among the coldest locations in the solar system, reaching as low as minus 414 degrees Fahrenheit (minus 248 degrees Celsius). The CITADEL chamber gets close to those temperatures.
      Engineers from JPL and NASA Johnson set up a test of the xEMU boot inside CITADEL. Built to prepare potential robotic explorers for conditions on ocean worlds like Jupiter’s moon Europa, the chamber offers unique capabilities that have made it useful for testing spacesuit parts.NASA/JPL-Caltech “We want to understand what the risk is to astronauts going into permanently shadowed regions, and gloves and boots are key because they make prolonged contact with cold surfaces and tools,” said Zach Fester, an engineer with the Advanced Suit Team at NASA Johnson and the technical lead for the boot testing.
      Keeping Cool
      Housed in the same building as JPL’s historic 10-Foot Space Simulator, the CITADEL chamber uses compressed helium to get as low as minus 370 F (minus 223 C) — lower than most cryogenic facilities, which largely rely on liquid nitrogen. At 4 feet (1.2 meters) tall and 5 feet (1.5 meters) in diameter, the chamber is big enough for a person to climb inside.
      An engineer collects simulated lunar samples while wearing the Axiom Extravehicular Mobility Unit spacesuit during testing at NASA Johnson in late 2023. Recent testing of existing NASA spacesuit designs in JPL’s CITADEL chamber will ultimately support de-velopment of next-generation suits being built by Axiom Space.Axiom Space More important, it features four load locks, drawer-like chambers through which test materials are inserted into the main chamber while maintaining a chilled vacuum state. The chamber can take several days to reach test conditions, and opening it to insert new test materials starts the process all over again. The load locks allowed engineers to make quick adjustments during boot and glove tests.
      Cryocoolers chill the chamber, and aluminum blocks inside can simulate tools astronauts might grab or the cold lunar surface on which they’d walk. The chamber also features a robotic arm to interact with test materials, plus multiple visible-light and infrared cameras to record operations.
      Testing Extremities
      The gloves tested in the chamber are the sixth version of a glove NASA began using in the 1980s, part of a spacesuit design called the Extravehicular Mobility Unit. Optimized for spacewalks at the International Space Station, the suit is so intricate it’s essentially a personal spacecraft. Testing in CITADEL at minus 352 F (minus 213 C) showed the legacy glove would not meet thermal requirements in the more challenging environment of the lunar South Pole. Results haven’t yet been fully analyzed from boot testing, which used a lunar surface suit prototype called the Exploration Extravehicular Mobility Unit. NASA’s reference design of an advanced suit architecture, this spacesuit features enhanced fit, mobility, and safety.
      In addition to spotting vulnerabilities with existing suits, the CITADEL experiments will help NASA prepare criteria for standardized, repeatable, and inexpensive test methods for the next-generation lunar suit being built by Axiom Space — the Axiom Extravehicular Mobility Unit, which NASA astronauts will wear during the Artemis III mission.
      “This test is looking to identify what the limits are: How long can that glove or boot be in that lunar environment?” said Shane McFarland, technology development lead for the Advanced Suit Team at NASA Johnson. “We want to quantify what our capability gap is for the current hardware so we can give that information to the Artemis suit vendor, and we also want to develop this unique test capability to assess future hardware designs.”
      In the past, astronauts themselves have been part of thermal testing. For gloves, an astronaut inserted a gloved hand into a chilled “glove box,” grabbed a frigid object, and held it until their skin temperature dropped as low as 50 F (10 C). McFarland stressed that such human-in-the-loop testing remains essential to ensuring future spacesuit safety but doesn’t produce the consistent data the team is looking for with the CITADEL testing.
      To obtain objective feedback, the CITADEL testing team used a custom-built manikin hand and foot. A system of fluid loops mimicked the flow of warm blood through the appendages, while dozens of temperature and heat flux sensors provided data from inside gloves and boots.
      “By using CITADEL and modern manikin technology, we can test design iterations faster and at much lower cost than traditional human-in-the-loop testing,” said Morgan Abney, NASA technical fellow for Environmental Control and Life Support, who conceived the glove testing effort. “Now we can really push the envelope on next-generation suit designs and have confidence we understand the risks. We’re one step closer to landing astronauts back on the Moon.”
      Through Artemis, NASA will send astronauts to explore the Moon for scientific discovery, economic benefits, and build the foundation for the first crewed missions to Mars.
      Houston, We Have a Podcast: next-generation spacesuits Why NASA’s Perseverance rover carries spacesuit materials News Media Contact
      Melissa Pamer
      Jet Propulsion Laboratory, Pasadena, Calif.
      626-314-4928
      melissa.pamer@jpl.nasa.gov
      2025-060
      Share
      Details
      Last Updated Apr 24, 2025 Related Terms
      Artemis 3 Earth's Moon Exploration Systems Development Mission Directorate Jet Propulsion Laboratory NASA Engineering & Safety Center Academy Spacesuits xEVA & Human Surface Mobility Explore More
      3 min read NASA’s Curiosity Rover May Have Solved Mars’ Missing Carbonate Mystery
      Article 7 days ago 4 min read NASA Aims to Fly First Quantum Sensor for Gravity Measurements
      Researchers from NASA’s Jet Propulsion Laboratory in Southern California, private companies, and academic institutions are…
      Article 1 week ago 3 min read Michael Ciancone Builds a Lasting Legacy in Human Spaceflight 
      Article 1 week ago Keep Exploring Discover Related Topics
      Missions
      Humans in Space
      Climate Change
      Solar System
      View the full article
    • NASA
      Developing Oxychalcogenide Membranes for Superconducting Power Transmission
      By NASA
      1 min read
      Preparations for Next Moonwalk Simulations Underway (and Underwater)
      ECF 2024 Quadchart Yang.pdf
      Shuolong Yang
      University of Chicago
      This effort will leverage the latest developments in superconductors to build a power transmission cable that can operate in the extreme cold temperatures found on the Moon with very low electrical losses. The team will use novel manufacturing techniques to grow alternating layers of FeSe SrTiO3 films onto a substrate and the resulting, superconducting tape can be fashioned into electrical transmission lines. The project will culminate with a demonstration 1-meter-long superconducting transmission line which supports 1 amp of power transmission at 1,000 volts.
      Back to ECF 2024 Full List
      Share
      Details
      Last Updated Apr 18, 2025 EditorLoura Hall Related Terms
      Early Career Faculty (ECF) Space Technology Research Grants View the full article
    • NASA
      Piezoelectric-Based Power Conversion for Lunar Surface Systems
      By NASA
      1 min read
      Preparations for Next Moonwalk Simulations Underway (and Underwater)
      ECF 2024 Quadchart Boles.pdf
      Jessica Boles
      University of California, Berkeley
      This project will develop piezoelectric-based power conversion for small power systems on the lunar surface. These piezoelectric systems can potentially offer high power density to significantly reduce size, weight, and cost. They can also offer high efficiency as well as resistance to the extreme lunar environment with its expected prolonged exposure to extreme cold and radiation. The effort will build and test prototype piezoelectric DC-to-DC power converters and DC-to-DC power supplies.
      Back to ECF 2024 Full List
      Share
      Details
      Last Updated Apr 18, 2025 EditorLoura Hall Related Terms
      Early Career Faculty (ECF) Space Technology Research Grants View the full article
    • Space Force
      Developing a Combat-Credible Force: STARCOM at the 40th Space Symposium
      By Space Force
      At the 40th Space Symposium, STARCOM leaders emphasized how the Space Force is developing officer, enlisted and civilian Guardians to build a combat-ready force.

      View the full article
    • Space Force
      Space Systems Command awards National Security Space Launch Phase 3 Lane 2 contracts
      By Space Force
      These Firm Fixed-Price, Indefinite-Delivery Requirements contracts were awarded to SpaceX, United Launch Services, and Blue Origin to provide critical space support to meet national security objectives.

      View the full article

  • Check out these Videos

×
×
  • Create New...