1 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

MULTI DOMAIN ARINC 653

Fault Tolerant Technology

2 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

AGENDA

Computer Architecture

Performance

ARINC 653 Review

Malware

Fault Tolerance

3 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

ARINC 653

Operating

System for the

IMA

APplication

EXecutive

(APEX)

Spatial and

Temporal

Partitions

Health Monitor

& Recovery

4 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

DRAWBACKS ARINC 653

CPU

overhead

Complete

partition failures

Malware

vulnerabilities

5 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

Virtual systems are not

immune to malware,

despite what some people

may believe.

6 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

“It does not work on certified flight hardware”

FAA & EASA

Android app gains

control inside an airplane

ANDROID APP GAINS

CONTROL INSIDE

AN AIRPLANE

7 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

Mikko Hypponen

Android malware spread to the

planes only because employees

were charging their phones with

the USB port in the cockpit.

8 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

UNITED 737/800

HACKED

PASS OXYGEN ON

anyone?

- Chris Roberts

9 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

MULTI DOMAIN ARCHITECTURE

DID (How)

PAD (When) PAD (Where)

10 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

HARDWARE VIEW

CPU

Memory Controller

APEX

Kernel

I/O

I/O

Application Partition 1

Application Partition 2

Application Partition 3

Application Partition 4

CPU

Memory Controller

I/O

Application Partition 1

Application Partition 2

Application Partition 3

Application Partition 4

APEX

Kernel

Single Domain Multiple Domain

11 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

FEATURE COMPARISON

Single Domain

Detects

Viruses

CPU

Overhead

1

2

Multiple Domain

Prevents

Viruses

No CPU

Overhead

1

2

12 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

@

13 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

CLOUDY PERFORMANCE: STEADY STATE PACKING

14 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

CLOUDY PERFORMANCE: STEADY STATE PACKING

15 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

HARDWARE VIEW

CPU

Memory Controller

APEX

Kernel

I/O

I/O

Application Partition 1

Application Partition 2

Application Partition 3

Application Partition 4

CPU

Memory Controller

I/O

Application Partition 1

Application Partition 2

Application Partition 3

Application Partition 4

APEX

Kernel

Single Domain Multiple Domain

16 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

ARINC 653

Reduced resource

consumption (CPU,

MEM) on the

compute node

Near bare metal

performance in

the guest

Fast network

operation

Multi Domain Architecture

17 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

FEATURE COMPARISON

Single Domain

Detects

Viruses

CPU

Overhead

1

2

Partition

Failure

3

Multiple Domain

Prevents

Viruses

No CPU

Overhead

1

2

Component

Failure

3

18 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

Hardware

- Partition Level

Sensor

PUF Definition

Hardware

- Component Level

CPU

Component

Sensor

Virus Prevention

ARINC 653

Single Domain Multiple Domain

>

>

>

>

>

>

>

>

19 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

Software

Partition Level

Stateless Recovery

-

Detects Viruses

Software

Thread Level

State Recovery

Forensic Analysis

Prevents Viruses

ARINC 653

Single Domain Multiple Domain

> >

> >

> >

>

> >

20 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

MULTI DOMAIN ARCHITECTURE

Meets ARINC

653 APEX

standards

Container

Performance

VM

versatility Prevents

Malware

21 ft@ft-technology.com ©Fault Tolerant Technology Flight Software Workshop December 14, 2016

Fault Tolerant Technology

THANK YOU