NASA Office of Logic Design

NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.


NASA SP-504: Space Shuttle Avionics System

Section 3  USAF Requirements

The U.S. Air Force requirements which influenced the Space Shuttle avionics system design or which raised significant design issues included the following: autonomy, radiation hardening, and communications and data security. The autonomy requirement was defined to be the capability to conduct mission operations without dependence on ground support systems dedicated only to the Space Shuttle. As indicated in previous sections, the avionics design which evolved included provisions for onboard management of vehicle systems, and, except for the lack of an orbital navigation capability, mission operations could be conducted as desired. Incorporation of an autonomous navigation capability was deferred pending the development of the DOD GPS.

The radiation hardening requirement proved to be extremely difficult to quantify in terms of a reasonable threat and even more difficult to meet without a prohibitive weight penalty. The result was a program decision to accept the degree of hardening provided by the shielding and other measures which were incorporated to protect against lightning strikes.

The communications and data security requirements included transmission and reception of encrypted information over the various RF links; processing, storing, and general handling of classified, unencrypted data onboard the spacecraft; and denial of unfriendly access or control while conducting classified mission operations. (Hereafter, unclassified or encrypted data are defined as "black"; classified, unencrypted data are called "red.") Because classified military and unclassified civilian missions were to be interspersed, means had to be provided to purge the spacecraft of any residual red data. In addition, imposition of the Air Force Tempest Specification for prevention of compromise of classified information through spurious radiation placed unique requirements on the system design.

Several alternatives were considered, ranging from a system which integrated all USAF requirements into the basic Orbiter avionics system to one which created a red/black data barrier between the Orbiter avionics and an essentially independent USAF system. The system baseline that evolved was a hybrid of these extremes which incorporated many of the basic requirements in the Orbiter system but segregated the unique requirements behind a red/black barrier. The transmission/reception requirements were met, as indicated in the Communications section, by incorporating encryption/decryption devices in the communications system and by providing for the necessary authentication protocol. Power, data interfaces, and associated wiring were provided between the Orbiter system and an area in the mission specialist station in which processors, controls, displays, etc., unique to a USAF mission could be installed. Wiring dedicated to this area was subject to the full Tempest requirement. The rest of the Orbiter wiring was required to meet only the normal manned-space-flight standards for electromagnetic interference, etc. Special inhibit switches and procedures were installed and used to preclude any possibility of hostile takeover or access to classified information. Procedures and the necessary associated software were incorporated to purge memories, recorders, and other portions of the system which could possibly retain red data.


Home - NASA Office of Logic Design
Last Revised: February 03, 2010
Digital Engineering Institute
Web Grunt: Richard Katz
NACA Seal