MM-RTA
Why
Multi-Monitor
Run-Time Assurance ?
MM-RTA safely bounds complex and unpredictable behavior
Level 5 Autonomy Labs has expanded the concept of a run-time assurance architecture to multiple, independent, software isolated, functionally partitioned monitors. Each monitor addresses a specific element of safety, and on their own, are simple enough to carry through standard certification processes.
Conventional Run Time Assurance Architecture
An RTA architecture wraps around a complex system monitoring a safety boundary while allowing the complex system to control the system. The RTA switch takes control from the complex behavior when the monitor predicts the safety boundary is about to be breached and hands control to a trusted controller. Control is returned to the complex system when the safety boundary is no long in imminent danger of being breached.
RTA
Conventional Run Time Assurance Challenges
The complexities of the real world pose many safety hazards to flight. Building a monitor that would address all of these hazards would be a complex system in itself, and thus posing the same difficulty in certifying the RTA architecture as the complex system.
Why
Multi-Monitor
Run-Time Assurance ?
Monitors act as safety nets
The multi-monitor architecture developed by Level 5, partitions boundary monitoring into software isolated modules, each with a specific functional focus. Each monitor is a relatively simple, deterministic function that greatly eases the determination of airworthiness.
Architecture and control coordination
Risk-based decision making
Monitor control and coordination is achieved through a multi-position RTA switch. Switch position (and thus control) is governed by the Moral Compass following a set of rules of behavior which weights the consequence of breaching a specific safety boundary.