Data-centric distribution technology in ARINC-653 systems

Abstract—Standard distribution middleware has recentlyemerged as a potential solution to interconnect distributedsystems in the avionics domain, as it would bring importantbenefits throughout the software development process. Aremaining challenge, however, is reducing the complexityassociated with current distribution standards which leads toprohibitive certification costs. To overcome this complexity, thiswork explores the use of the DDS distribution standard on topof a software platform based on the ARINC-653 specification.Furthermore, it discusses how both technologies can beintegrated in order to apply them in mission and safety-criticalscenarios.Keywords—distributed systems; middleware; ARINC-653;hypervisor; DDS; real-time systems. I. I NTRODUCTION Today’s airborne systems typically rely on the integratedmodular avionics (IMA) architecture to simplify thedevelopment of onboard software. One important aspect ofthis architecture is the ARINC-653 specification [1], wherethe partitioning concept can provide applications with strongtemporal and space isolation, thus easing their verification,validation and certification [2]. In this kind of systems, partitions are interconnected usingARINC-653 communication services and through specialpurpose networks such as AFDX [3]. However, partitionedsystems are shifting to rely on standard distributionmiddleware for communications, as it can bring importantfeatures to avionic systems (e.g., interoperability, locationtransparency or the abstraction of network services). Onemajor effort in this direction is the Technical Standard forFuture Airborne Capability Environment (FACE) [4], whichaims to standardize approaches based on open standardsolutions for airborne systems. Among others, FACEincludes the Data Distribution Service for Real-TimeSystems (DDS) [5] as a suitable candidate to providedistribution capabilities within avionic systems.The DDS standard is starting to be applied to emergingreal-time applications such as those related to cloudenvironments [6] or cyber-physical systems [7].Nevertheless, the use of DDS in safety-critical systems isstill an open challenge that is being addressed through theextension of DDS with a safety-critical profile [8][9] suitablefor partitioned systems.An early experience dealing with the integration of DDSinto partitioned systems was introduced in [10], where theuse of DDS in partitioned applications with low levels ofcriticality is discussed. However, safety-critical applicationsshould rely on the ARINC-653 facilities for inter-partitioncommunications. Therefore, this paper provides a stepforward towards the integration of both technologies byexploring the use of DDS on top of the ARINC-653communication services. To this end, it not only identifies aset of integration issues when using both standards, but italso proposes solutions for them. Furthermore, the workincludes the development of a partitioned distributed real-time platform as a proof of concept, and a preliminaryevaluation about the proposed integration. To the best of our knowledge, few research papers havedealt with the use of DDS in safety-critical environments.The work in [11] proposes an architecture which relies onDDS for communications in the automotive domain.Furthermore, [12] presents an architecture for fractionatedspacecraft in which a middleware layer provides high-levelabstractions for client/server and publisher/subscribercommunications based on CORBA [13] and DDS [5],respectively. The approach of this paper differs from theexisting literature on DDS for safety-critical systems byintegrating a new communication service into DDS for inter-partition communications instead of relying on thetraditional UDP/IP transport. Similarly to our work, the useof other transports in DDS is addressed in [14] and [15]which explore the integration of the CAN bus and theFlexRay communications system, respectively. The execution of DDS in a virtual environment waspreviously dealt in [16] and [17]. Unlike our approach, theseworks rely on general-purpose virtualization technology.More generally, comprehensive surveys on challenges forreal-time virtualization can be found in [18] and [19]. Whilethe former deals with real-time embedded systems, the latter