Fault Management Algorithm Risk Assessment for the NASA Space Launch System

This paper presents the false positive (FP) and false negative (FN) risk assessment process currently being conducted for the Space Launch System (SLS) Artemis II Fault Management (FM) detection functions. Because initial analyses indicated a dominance in the total risk by software and firmware failures, efforts were made to refine those risks which involved: • Establishing software function traces for each detection algorithm, • Utilizing the Logical Source Lines of Code (LSLOC) count, • Refinement of the software failure rate, and • Establishing fractional multipliers for common hardware and software failure modes across the applicable individual fault trees. These efforts and their impact on the overall analyses are also discussed. The analysis scope, general assumptions and guide rules, and key modeling concepts are discussed to establish the basis of the risk assessments conducted. Even with the implementation of the analysis refinements, software and firmware are still key risk contributors, but hardware failures, primarily in the form of Common Cause Failures (CCFs), are also indicated as risk drivers. The refinements enable risk estimations of individual detection functions as well as the entire FM suite. There still remains issues of how to account for time and redundancy in the software risk estimations that will continue to be the focus of future work.