A model for fault-tolerant networked control system using TTP/C communication

Document Type


Publication Date



Safety-critical aerospace functions are generally required to have failure rates less than 10-9 per hour (FAA, 1988) and an architecture that supports several such functions is required to have failure rates less than 10-10 per hour. Although the requirement for an individual automobile may be more relaxed, similar requirements apply for automobiles in general (Rushby, 2001b), because of their large number as compared to aircraft. Consumer-grade electronics have failure rates that are orders of magnitude worse than this. Hence, redundancy to improve failure rates and fault tolerance to prevent faults from propagating both are essential elements of a safety critical networked control system (NCS). TTP/C is a member of the time-triggered protocol (TTP) family that satisfies Society of Automotive Engineers Class C requirements for hard real-rime fault-tolerant communication. A model is presented for a fault-tolerant NCS using TTP/C communication. Appropriate features of TTP/C are incorporated in the model. A simulation is presented for the electric power steering node with switching controller, which makes the node tolerant to the parameter faults column. © 2004 IEEE.

Publication Title

IEEE Transactions on Vehicular Technology