Integrating runtime verification into an automated UAS traffic management system

Abstract

Unmanned Aerial Systems (UAS) are quickly integrating into the National Air Space. Doing so safely is a pressing concern, as the US alone has over 1.5 million registered small (under 55 pounds) UAS and the FAA projects further rapid expansion. This drives the need for an intelligent, automated system for UAS Traffic Management (UTM). Even more than for manned aircraft, UTM must integrate runtime checks to ensure system safety, at the very least to make up for the lack of humans on-board to employ the common-sense safety checks ingrained into the culture of human aviation. We overview a candidate automated, intelligent UTM system and propose multiple integration points for runtime verification to ensure that each part of the UTM adheres to safety requirements during operation. We write, validate, and present patterns for formal requirements across multiple subsystems of this UTM framework. We incorporate specifications that use set aggregation as a way of raising their abstraction from single sensors to sets of sensors, which allow us to monitor for system requirement violations with smaller specifications. After encoding our requirements as flight-certifiable runtime observers in the R2U2 RV engine, we execute them in simulation across multiple real-life test flights supplemented with simulated data to cover additional cases that did not occur in flight. Lessons learned accompany an analysis of the efficacy and performance of RV integration into the UTM framework.