Bridging the Gap: Applying Argument to MIL-HDBK-516C Certification of a Neural Network Controller Guarded by ASIF Run Time Assurance
- Resource Type
- Conference
- Authors
- Rowanhill, Jonathan; Hobbs, Kerianne L.; Zutshi, Aditya; Hocking, Ashlie B.
- Source
- 2023 IEEE/AIAA 42nd Digital Avionics Systems Conference (DASC) Digital Avionics Systems Conference (DASC), 2023 IEEE/AIAA 42nd. :1-9 Oct, 2023
- Subject
- Aerospace
Communication, Networking and Broadcast Technologies
Computing and Processing
Filtering
Machine learning
Artificial neural networks
Aerospace electronics
Control systems
Filtering theory
Safety
RTA
run time assurance
assurance argument
UAS
ASIF
active set invariance filtering
safety
conformance
MIL-HDBK-516C
- Language
- ISSN
- 2155-7209
Recent advances in artificial intelligence and machine learning may soon yield paradigm-shifting benefits for aerospace systems. However, complexity and/or on-line learning make neural network control systems (NNCS) difficult or impossible to certify under the United States Military Airworthiness Certification Criteria defined in MIL-HDBK-516C. Run time assurance (RTA) is a control system architecture designed to maintain properties such as safety regardless of whether a primary control system is fully verifiable. This work examines how to satisfy compliance with MIL-HDBK-516C while using active set invariance filtering (ASIF), an advanced form of RTA not envisaged by the 516c committee. ASIF filters the commands from a primary controller, passing on safe commands while optimally modifying unsafe commands to ensure safety with minimal deviation. Gaps between existing 516C conformance criteria and best assurance practices for ASIF-RTA are bridged by applying the core theory of ASIF to assurance arguments explaining compliance. The result demonstrates how argument can support compliance of novel technologies with 516C and provide input for updates to the standard.