Assurance Benefits of ISO 26262 Compliant Microcontrollers for Safety-Critical Avionics

  • Andreas SchwierzEmail author
  • Håkan Forsberg
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11093)


The usage of complex Microcontroller Units (MCUs) in avionics systems constitutes a challenge in assuring their safety. They are not always developed according to the assurance requirements accepted by the aerospace industry. These Commercial off-the-shelf (COTS) hardware components usually target other domains like the telecommunication branch, because of the volume of sales and reduced liability. In the last years MCUs developed in compliance to the ISO 26262 have been released on the market for safety-related automotive applications. The avionics market could profit taking credit for some of the activities conducted in developing these MCUs. In this paper we present evaluation results based on comparing assurance activities from ISO 26262 that could be considered for compliance to relevant assurance guidance for COTS MCU in avionics.


Microcontroller DO-254 Assurance Reuse Avionics ISO 26262 COTS 



This paper is sponsored by the Airbus Defense and Space endowed professorship “System Technology for safety-related Applications” supported by “Stifterverband für die Deutsche Wissenschaft e.V.”. MDHs work in this paper is supported by the Swedish Knowledge Foundation within the project DPAC.

Disclaimer. Although this paper contributes to a reuse argumentation aligned to the regulatory position of CAs, it does not represent them. Only one way to formulate a reuse argument is suggested which has to be finalized in a project context by specific considerations of safety risks and an evaluation of functional or performance requirements in respect to the required integrity level of the avionics systems.


  1. 1.
    RTCA: DO-254 Design Assurance Guidance for Airborne Electronic Hardware (2000)Google Scholar
  2. 2.
    FAA: AC 20–152, June 2005Google Scholar
  3. 3.
    CAST: CAST-32A: Multi-core Processors, November 2016Google Scholar
  4. 4.
    CAST: CAST-29: Use of COTS Graphical Processors (CGP) in Airborne Display Systems, February 2007Google Scholar
  5. 5.
    EASA: EASA CM - SWCEH - 001 Development Assurance of Airborne Electronic Hardware, March 2012Google Scholar
  6. 6.
    ISO: ISO 26262 Road vehicles - Functional safety (2011)Google Scholar
  7. 7.
    Schwierz, A., Seifert, G., Hiergeist, S.: Funktionale Sicherheit in Automotive und Avionik: Ein Staffellauf. In: Proceedings of the Automotive - Safety & Security. GI-Edition - Lecture Notes in Informatics, LNI, pp. 13–25 (2017)Google Scholar
  8. 8.
    Schwierz, A., Forsberg, H.: Design assurance evaluation of microcontrollers for safety critical avionics. In: 2017 IEEE/AIAA 36th Digital Avionics Systems Conference, DASC, pp. 1–9. IEEE (2017)Google Scholar
  9. 9.
    Mutuel, L.: Electronic DOT/FAA/TC-17/50: Commercial Off-The-Shelf Airborne Hardware Assurance Methods—Phase 3—Embedded Controllers (2017)Google Scholar
  10. 10.
    DeWalt, M., McCormick, G.F.: Technology independent assurance method. In: 2014 IEEE/AIAA 33rd Digital Avionics Systems Conference, DASC, pp. 8A1-1–8A1-14. IEEE (2014)Google Scholar
  11. 11.
    Jean, X., Mutuel, L., Brindejonc, V.: Assurance methods for COTS multi-cores in avionics. In: IEEE (eds.) 35th DASC - Digital Avionics Systems Conference. IEEE (2016)Google Scholar
  12. 12.
    SAE Aerospace: ARP4754A: Guidelines for Development of Civil Aircraft and Systems (2010)Google Scholar
  13. 13.
    ISO: ISO 15026–1: Systems and software engineering - Systems and software assurance - Part 1: Concepts and vocabulary (2013)Google Scholar
  14. 14.
    Holloway, C.M.: Explicate ’78: uncovering the implicit assurance case in DO-178C. In: Parsons, M., Anderson, T. (eds.) Engineering Systems for Safety, pp. 205–225. Safety-Critical Systems Club (2015)Google Scholar
  15. 15.
    Mahapatra, R.N., Bhojwani, P., Lee, J.: DOT/FAA/AR-08/14: Microprocessor Evaluations for Safety-Critical, Real-Time Applications: Authority for Expenditure No. 43 Phase 2 Report, June 2008Google Scholar
  16. 16.
    Condra, L., Horan, G., Forsberg, H., et al.: DOT/FAA/TC-16/57: Commercial Off-The-Shelf Airborne Electronic Hardware Issues and Emerging Solutions: Authority for Expenditure No. 75 Report (2017)Google Scholar
  17. 17.
    Faubladier, F., Rambaud, D.: EASA.2008/1: Safety Implications of the use of system-on-chip (SoC) on commercial-of-the-shelf (COTS) devices in airborne critical applications (2008)Google Scholar
  18. 18.
    Mutuel, L., Jean, X., Brindejonc, V., Roger, A., Megel, T., Alepins, E.: DOT/FAA/TC-16/51: Assurance of Multicore Processors in Airborne Systems (2017)Google Scholar
  19. 19.
    Strasburger, J.: FAA Status on Multi-Core Processors (2014)Google Scholar
  20. 20.
    Bieth, P., Brindejonc, V.: EASA.2012.C15: COTS-AEH -Use of complex COTS (Commercial-Off-The-Shelf) in airborne electronic hardware - failure mode and mitigation, April 2014Google Scholar
  21. 21.
    NXP: Safety Manual for MPC5744P, June 2014Google Scholar
  22. 22.
    ST: Safety application guide for SPC56ELx family, January 2018Google Scholar
  23. 23.
    TI: Safety Manual for TMS570LC4x Hercules ARM Safety MCUs, September 2016Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Research Center: Competence Field AviationTechnische Hochschule IngolstadtIngolstadtGermany
  2. 2.School of Innovation, Design and Engineering, Division of Intelligent Future TechnologiesMälardalen UniversityVästeråsSweden

Personalised recommendations