Alex Wilson

Today we launched our VxWorks MILS 2.0 product, details can be found on our web on the VxWorks MILS Page.

VxWorks MILS 2.0 previously went into evaluation at NIAP at Common Criteria EAL 6+ and has been discussed by Paul Parkinson on his blog.

I was interested in this release as the product addresses a lot of the concerns and challenges we are facing in this difficult time. If you have been following the reports coming out of the Paris Airshow, you will have seen many signs of the economic problems facing the commercial airline industry and the hope that the defence industry carries us through to new economic growth.

One of the challenges facing the Aerospace and Defence industry along with many other industries is how to provide increased functionality to its customers, whilst at the same time preserving the safety and security of the system. A good example of this being the EADS Advanced UAV, which has a fully autonomous system for Intelligence, Surveillance, Target Acquisition and Reconnaissance (ISTAR) missions).

VxWorks MILS provides our customers with a platform that allows them to isolate and at the same time integrate this capability into a system, and then evaluate the system to the Common Criteria (and DO-178B) to prove its security.

The cost saving is immense when you consider not only the cost of the evaluation itself – the MILS seminar at The Open Group estimated the cost for evaluation of a MILS kernel to be around $5M – but also the cost of re-evaluation to incorporate technology refresh and protection from obsolescence and the impact of cyber security breaches, recently estimated at $1 trillion!

MILS technology provides a basis for layering your assurance capability in a way that allows you to evaluate the assurance of each component, starting with the trusted hardware, moving up through the Separation Kernel, adding the middleware and finally your Operating Systems and applications. This layered approach allows you to divide your high assurance code into manageable blocks which can be evaluated to the highest degree, and allow non-secure component to co-exist on the final system.

Click here to see a demo of our MILS technology in action at  MILCOM 2008.

I am back in the office after a busy few weeks at Embedded World and Avionics 09. I read in the news that the third C-130AMP has its first flight ahead of schedule which is excellent news in these days of doom and gloom over the economy!

The C-130 AMP is a heavy user of our technology, so that prompted me to go ahead and write about Avionics 09. Wind River had a very busy show, with a conference paper, 3 workshops and a master class, which kept us all busy for the two days!

We showcased the EADS DMG-S for the A400M on our stand, which is a great example of moving map application running on VxWorks 653 with ALT OpenGL graphics engine.

Chip Downing gave a great paper on MILS technology during the main conference. I was privileged to chair one of the main conference sessions, introducing Rockwell Collins to talk about HGS, HUD and other displays, and George Romanski of Verocel who gave an update of the work going on for the DO-178C standard - something we are all looking forwards to!

The conference gave some excellent papers and update on various Avionics projects, unfortunately I missed some of the session to give a workshop and Master class. I did catch the keynote by the FAA who covered Future Air Traffic Management (including NexGen), taking us on a "flight" from flightplanning through to the final taxi to the terminal - a fascinating look at infrastructure and avionics for the future ATC system.

This was aligned and expanded by Eurocontrol who did the same for the EU project SESAR, but who expanded this to show how it will align with Military air users and technology. It is good to see these two projects are in alignment, especially as I travel between them quite frequently!

I presented Larry Kinnan's paper on the issues of multicore and certification, which I think was well received - if any one wants a copy of the paper please feel free to email me.

Olivier Charrier presented an overview of IMA certification with George Romanski of Verocel, and also presented a paper with Michael Fries of AdaCore.

We gave a Master Class of developing high performance graphics with Presagis, GE Fanuc and Seaweed, demonstrating the solution running at 60Hz with VAPS XT, VxWorks, GE Fanuc Magic 1 Embedded Computer and Seaweed's Open GL Stack.

All in all I had a very busy show, with customer meetings and presentations, I don't think I had time to walk around the event to see what other stands were showing!

Did you attend the show and what did you think?

I visited Embedded World in Nueremberg last week and was pretty stunned at the size of the show - it reminded me of the old embedded shows we used to have at Olympia, which have pretty much died out in the UK.

My primary reason for attending was to network with some of our partners who would not be able to make it to Avionics 09 this week in Amsterdam. We will be attending this years show with special interest to see how the industry is coping with the current economic climate.

Of special interest is that of commercial aviation which has already seen a decline, especially in the business aviation sector, but also long delays on the military side as well, such as A400M.

PennWell took over the show this year and we hope to see improved numbers attending, plus they are taking the show over to the US in June, which I will unfortunately miss as it is my birthday!

Do you still attend trade shows and which ones do you find most successful?

I have just attended The Open Group meeting in Munich. The Open Group look after standards such as POSIX and as such Wind River are a member of the Real Time and Embedded Systems Forum.

This week as part of the Real Time Group we were looking at "Dependability through Assuredness" and had some great presentations on formal methods and security. We (or rather my boss Rob Hoffman) presented on the MILS architecture. If you want to see a demo of this technology then visit MILCOM 2008

Security (as with safety) is something that has to be designed into the system architecture. It is fascinating to listen to the experts discussing potential threats and covert channels into systems and how you can start to formally prove your system is secure.

This was further strengthened by the report on the BBC on keyboard sniffers. The technique allows the "hacker" to listen in on what the keyboard is sending into the computer from a distance of up to 20m and the report concludes "The results led the researchers to declare keyboards were "not safe to transmit sensitive information". "

This just goes to show how much thought you have to put into potential security threats, how often have you sat in a cafe and typed away on your laptop without a care in the world.....

It is good to see that even with the current Financial Meltdown we continue to see funding for advanced technology and systems making slow but sure progress through the design life-cycle.

Some examples have made the news in the last few weeks that I thought worth mentioning.

The first is the increased use of MAV and in particular the fact that MAV are being used already in IRAQ.

Another FCS item that I saw was the Army firing its first round from a NLOS-C mounted on an FCS chassis.

Photo by U.S. Army

Finally, NASA, looking way ahead announced several research projects for "N+3" aircraft - in other words three generations ahead for flight in the 2030 time frame. I especially like the Thunderbird-like artists impression of the future supersonic aircraft!

I can only hope that the current funds being poured into the failing financial system does not pull too much from the aerospace research budgets as we need to fund these if the industry is going to be sustainable!

Well, it's been some time since my last blog - I guess I suffered from a severe case of blogger's block :-)

What prompted me to blog today was my experience flying home from Amsterdam this week, and an unusual news story.

As usual I started to doze as the aircraft taxied out to the runway, but as we started to take off the usual acceleration was halted followed by braking and air brakes coming up on the wings. We then turned around and headed back to the taxi way....

Pilot informed us they had a "technical problem" which was followed by the usual 2 hour delay and changing aircraft before setting off for home again. Turned out one of a dual redundant indicator in the cockpit shows and engine over temperature fault and the technician would not sign off the aircraft as safe to fly. I don't mind this as safety in flying is paramount - although I did regret paying for getting an earlier flight!

A couple of things struck me about this as I had been thinking about Unmanned Passenger Aircraft following a conference I attended earlier in the year (UV Europe in London) where one of the presenters thought we would see unmanned commercial passenger flights within the next 10 years.

On the face of it this problem was a logic problem, the fault occurred in the safe part of the take off, the pilot saw the fault and aborted safely. I see no reason a computer could not have done the same, in fact the computer control would have probably not had so much delay as it would have said fault - return to base - and that's it; I can't imagine a computer making a decision to fly anyway or to fly with a faulty indicator, as clearly the pilot would have done if the technician signed it off. (That does remind me of the Bomb #20 in Dark Star!)

Another item hit the news this week that definitely would have been helped by having an unmanned aircraft - two pilots fell asleep at the controls !

Now, I have heard of folks missing their stops on the train and even the bus, but  two pilots falling asleep at the controls is definitely a good argument for unmanned aircraft!

Would you fly in an Unmanned Passenger Plane?

Following on from my last blog, I see that  RTI has also joined the Eclipse Framework.

This bring to the Eclipse life cycle model RTI's excellent tool for looking at distributed systems using RTI's DDS through Eclipse Perspectives. You can read more about DDS at RTI's web site

This means you now have the capability in Eclipse to move from UML all the way through coding and testing, to OS deployment and now middleware with distributed systems - What a  cool environment!

With each new tool added to Eclipse it becomes more and more powerful for developer's and in particular for developers of device software.

Personally, I think it is good to see these tools coming together in such a seamless way.

What do you think?

Changing tracks for a moment I couldn't help but pick up on one of my Google Alerts this morning regarding what is essentially the technology behind DSO standardisation - ECLIPSE.

Here is what I read

Pluginfest Day Two By Adrian Taylor

Some of the tools available from WindRiver, for example, are just light years ahead of what’s available for Symbian OS. ... The QNX and WindRiver tools are terrific. WindRiver’s memory profiling stuff in particular blew me away. ...

www.macrobug.com - http://www.macrobug.com/blog

Now, as one of the DSO tenets is that of software standardisation and in particular the alignment of tools across the project life cycle, I couldn't resist taking a look at this. This has traditionally been difficult in the A&D industry due to the complexity and diversity of end user systems.

But as the ECLIPSE project really matures we can start to see the benefits of this standardisation from the software development side.

Take a look at the great screen shots of products working together here, I particularly wanted to point out the shots of Workbench with Perforce, Rhapsody, Klocwork and IBM (RSD and TestRT), (scroll down past the Symbian stuff to see this...)

I think this is great news for our industry and will benefit us all by bringing together a comprehensive software development framework across the entire life cycle to allow us to get on with developing device software applications rather than figuring out how the tools can be made (or forced) to work together!

I wonder why it is always the case that the period of time just before year end is suddenly very hectic! There must be a universal law about that, something like Murphy's Law...

Anyway, I have just returned from 2 weeks of travel around Italy, Sweden and the US visiting customers and presenting our solutions. I always enjoy meeting folks and seeing what they can do with our software as I love to see the latest and greatest devices; and so I have been negligent in posting to my blog for that time and noticed over the last few weeks some noticeable events have taken place.

Firstly we had the final certification of the Airbus A380, a long awaited event, especially after the reported delays [See blogs by John Bruggerman and Paul Parkinson] . I noticed an interesting point in the press release on this. Namely that the certification had begun with system tests in 2001. This shows you the amount of time and effort it takes to take a complex aircraft such as the A380 through certification.  I was amused by the lack of software mentioned in the press release, I guess most readers don't want to  hear the aircraft is flown by software these days?

Secondly, we had the first flight of the long awaited F-35 Lightning II. The UK government has also finally signed up to the next phase of the project which means we can expect to see some UK business for F-35 over the next few years. It is kind of interesting seeing these arguments over technology transfers in a company who has embraced Open Source in a big way!

Both of these aircraft are using RTCA DO-178B for software certification, so I think I'll take a look at that standard. I wonder if the UK F-35 will be accepted with DO-178B or will they need our own DEF STAN 00-56?

Which brings me to the point of my blog, which is why are there so many software safety standards out there? It seems that this area of software development that does need to consider a little standardising of it's own, or even using a standard of standards (I guess you can do that if (as Paul Tingey discusses) you can have a "consortia of consortia"?)

It seems each time a new aircraft (certainly military), or unusual project begins, committees form and new standards for software safety emerge, even though the FAA and RTCA have been using DO-178B for a number of years, and very successfully too.

Some of the customers I met with do have another issue on this; that is they are creating devices that could put lives at risk in systems that do not have an applicable safety authority, such as land vehicles or submersibles (which reminds me - I must find out if the road safety authorities look at software safety).

The time spent on creating these "new" safety standards would be better spent utilising what already exists - if all of these efforts had been used to enhance best practices around the use of DO-178B wouldn't that make the device software world a whole lot safer? After all isn't that one of the key tenets of DSO?

Another great piece of news!

I was really pleased to see the announcement on BARCO's use of our VxWorks 653 operating system in their MOSArt system.

I remember many years ago when BARCO decided to embark on the MOSArt project and they chose  Green Hills over us, if I recall correctly because at the time we had only just started our ARINC653 product line. Now they have come back to us to build a state-of-the-art environment based on our technology.

We originally developed VxWorks 653 to address the technical requirements of the  C-130AMP programme, which is now flying ,  and this is now also being used in demanding environments on the Airbus A330MRTT and Boeing 787 . It's been a privilege seeing Wind River participate in the ARINC 653 working group and contribute to the evolution in this standard, and this ensures that as the standard 'evolves', so does our product.

I was lucky enough to be at Avionics 06 earlier in the year and got to see a demo of the MOSArt software at work, along with some pretty cool digital mapping software! This must make life easier for pilots and navigators.

I also think this is another great example of DSO and the use of open standards. An application developed that used the ARINC 653 API would just be able to move between ARINC 653 OSes - which is one thing you want from an open standard - portability.