1 / 7

DRAFT

DRAFT. ZETA ASSOCIATES. WAAS Integrity Resolution Process. Pat Reddan 22 June 2005. WIRP Objectives.

shirin
Télécharger la présentation

DRAFT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DRAFT ZETAASSOCIATES WAAS Integrity Resolution Process Pat Reddan 22 June 2005

  2. WIRP Objectives “Purpose of the WIRP is to assess the validity of a threat against the fielded WAAS by providing an evaluation of the threat for the fault tree and, in the event that the probability exceeds the margin in the fault tree, determine an acceptable exposure time to the threat.” • The WAAS Integrity Resolution Process (WIRP) provides means to address integrity threats against fielded WAAS • Integrity threats assigned to nodes on fault tree • Mitigation of threat is lengthy, complex • All changes must adhere to WAAS Change Control Process (WCCP) • Evaluation of threats against operational system introduces complexity in PASS/FAIL criteria as well as action or response • Response options are Service shutdown, switch to emergency mode, place a GEO in test mode, revert to previous system build • Acceptable or tolerable exposure time is THE key factor in dealing with operational system • Focus of WIPP investigation of such threats is exposure time

  3. WIRP

  4. WIRP • Process initiated by either Integrity Hazard Record or WAAS Integrity Problem Report • WAAS Safety Team reviews all hazard records & problem reports (WPRs) in context of fault tree • WIPP review determines whether hazard is an ‘acceptable risk’ & if not, performs hazard assessment analysis • ‘acceptable risk’ finding supported with WIPP assertion (used in HMI analysis document) that reflects characteristic of WAAS which is known to be true along with rationale • Hazard assessment determines a P(HMI) allocation for the threat & the exposure time • Result is an acceptable risk for a specific time period

  5. Hazard Assessment Guidelines • Each integrity threat evaluated on case by case basis, NO definitive set of rules to be applied in Hazard Assessment • Models --- can base on empirical data (IOC 30-day HMI set, FLP HMI sets, offline monitoring data from FAATC, field data) • Level D generated results mean additional data necessary • Single fault at a time -- directly affects exposure time, should only be invoked for truly rare, random & uncorrelated events • Exposure time – set to zero UNLESS HMI analysis allocation has margin to accommodate the specific threat • WIPP collective judgment & rationale forms basis for non-zero exposure period on case by case basis

  6. Types of Integrity Threats

  7. WIRP Example • Range Domain Monitor – algorithm equation error unearthed during review of changes associated with GIVE monitor • WAAS Integrity Fault Tress Resolution – node 10R, RDM Algorithm performance fails, cannot be justified • Temporary Assertion – probability of C&V CP L1/L2 bias or station clock error causing 5.33 sigma error is neglibile • WIRP Probability Allocation – 4.50E-8 • Rationale – actual range domain monitor threat not observed since RDM was fielded, analysis of this observed performance shows event likelihood of …. • Exposure Time – six months if RDM is needed to mitigate HMI

More Related