Abstract

New and emerging mission and operational capabilities, such as micro air vehicles, morphing wings, cooperative flight, and automated aerial refueling call for ever-increasing levels of complexity and autonomy. While fundamental controls research has made great progress in addressing these needs, advances in verification and validation (V&V) practices have failed to keep pace. Most V&V is still based exclusively on evidence generated through exhaustive testing. As systems become increasingly complex and involve more system-ofsystems interactions, this level of exhaustive testing will become increasingly infeasible due to the number of interactions that must be exercised. Since V&V practices have remained essentially unchanged, many compelling solutions offered by controls research cannot currently be realized, producing a widening gap between realized system capability and desired system capability. There is clear, pressing need for new V&V techniques that can deliver strong safety guarantees for advanced systems while controlling V&V costs. This paper presents a new run-time assurance approach to provide safety to systems employing advanced control solutions that cannot be certified with today’s V&V technologies. The approach employs a monitor that continually checks that the system lies within safe operating bounds. If uncertified bounds are imminent, then the system is switched to a reversionary, certified control system that can, at least, provide “return-to-base” capabilities. A number of experiments have been completed through both desktop and realtime, hardware-in-the-loop simulations that demonstrate the benefits of this approach.