An Integrated Modular Avionics (IMA) architecture provides a common platform for software partitions with shared processing and input/output (I/O) resources. A key feature of the IMA architecture is I/O partitioning. An IMA system will prevent one software partition from changing an I/O resource that is owned by another software partition. This prevents one software partition from controlling the outputs of another due to hardware fault or software error. The IMA system must have protection mechanisms in place to enforce the I/O partitioning.
This invention is a command authorization process implemented in a high-integrity I/O controller that handles critical effector commands from multiple software partitions over a data network. The software partitions are executing on a Flight Control Module (FCM) and produce effector commands that are sent to the I/O controller in a command packet over the On-Board Digital Network (ODN).
Each software partition providing vehicle control is assigned ownership of the effectors required to perform the intended function. Each effector is assigned a unique effector identifier. The controlling partition controls its effectors by sending a command packet to the I/O controller containing commands for multiple effector IDs. Along with the effector ID is a data field to indicate the action to be taken for the effector.
Once received by the I/O controller, the command packet is processed to evaluate the effector commands. The I/O controller uses a Packet Description List (PDL) and a Command Authorization Table (CAT) to perform the command authorization. The PDL contains the partition ID for the packet owner. Each command is read from the command packet, and the effector ID is used as an address index into the CAT. The CAT entry contains the partition ID for the owning partition for the particular effector. The partition ID from the PDL is compared with the partition ID from the CAT entry to authorize the command. If the partition IDs do not match, the command packet is discarded.
This work was done by Dean E. Sunderland, Terry J. Ahrendt, and Tim Moore of Honeywell for Johnson Space Center. For further information, contact the JSC Technology Transfer Office at (281) 483-3809. MSC-24783-1