for more information, contact Kenneth A. LaBel
Our goal in generating this document is to aid the individuals in project management, systems engineering, radiation effects, and reliability engineering who carry the responsibilities for successful deployment of NASA systems in orbital particle environments. Traditionally, in a manner which may differ from NASA center to NASA center, this effort has involved many iterative passes through system and subsystem designs with involvement of engineers representing the above disciplines. These efforts began in the 1970s when one or two low level integration device types were identified to be susceptible to single event upset (SEU). Since then, with advances in technology, the arena has expanded to include many types of single event effects (SEEs) in many technologies. The necessary advent of SEE hardened device technologies has alleviated some of the worries, but simultaneously added another dimension to the already complex trade space involved in SEE system design and analysis. Indeed, it is the combination of the universal nature of the concern across NASA centers, coupled with the complexities of the issues, which has prompted this study. Our aim is not to prescribe approaches to SEE immune system design, but rather to examine the analysis process and suggest streamlined approaches to the related design problems. In short, we seek to codify the successful elements which, in many cases, already exist for assessing SEE risk and suggest a timeline and procedure for implementing SEE risk analysis with respect to the system design effort.
A combination of factors have converged to impact the growing importance of the traditionally informal single event effects criticality analysis (SEECA). Among these are:
1) the increased functionality of satellite systems which impacts the number and complexity of various types of microcircuits,
2) the increased device SEE sensitivity commensurate with the smaller feature sizes and advanced technologies (e.g. GaAs signal processors) required to field these systems,
3) the difficulty in acquiring space-qualified and SEE tolerant parts and the cost forces driving the use of commercial-off-the-shelf (COTS) parts, and
4) the overall complexity of a typical orbital platform which relies on the successful execution of an ever-growing number of instructions.
In short, it is often neither possible nor cost effective to construct systems using SEE immune hardware, and the systems engineer must necessarily make decisions within a trade space including availability, performance, schedule, and cost risk associated with single event effects.
Throughout these discussions we recognize that SEECA covers a highly specialized set of concerns which in many ways parallels conventional reliability analysis. While reliability analysis is by no means simple, the concepts and tools employed by the systems engineering teams and project managers are familiar, and methods exist for both the estimation and quantification of risk. Unfortunately, there seems to be no plausible approach to direct application of these tools to single event analyses. This situation is further complicated by the nature of the complex interplay between the environments, mechanisms, effects, and mitigation approaches. This has led to ad hoc treatments of single event analyses. On one side, systems engineers have a sometimes incomplete understanding of the exact nature of the risk. On the other side, experts are familiar with the details of single event effects, particle environments, and radiation hardness issues at the component level but have an incomplete picture of the risk-cost-performance trade space comprising mission reality.
The ad hoc approach has evolved as an informal system which works to meet the perceived mission needs, but it can be argued that it is not optimized without the full appreciation by the SEE expert regarding mission requirements and the commensurate understanding of the systems engineers and project managers concerning the SEE risk. The possibility exists to launch with unforeseen and unacceptable risk, or conversely to be overly conservative and lose the battle in terms of the component costs, power requirements, or system complexity through poorly planned actions aimed at controlling these risks. Finally, as with any source of risk, there is potential to overanalyze the problem and thereby expend limited resources through study while overlooking other important risks, SEE rated or otherwise. As mentioned in the NASA Systems Engineering Handbook, this comprises the equivalent of the Heisenberg Uncertainty Principle in risk management.
It is one key aim of this document to pull together the primary elements of single event effects in microelectronics along with the applicable concepts established and proven through years of risk analysis and planning. In the following sections, an overview will be provided for the key elements in the single event risk management "equation". Functional analysis and criticality, which provide the foundation for defining a system and an SEE problem in criticality studies, will be discussed first. A brief discussion on the radiation environment will then be presented. The orbit and time-dependent environment governing the particle types and energies responsible for single event effects will be covered. An overview of the single event interaction mechanisms and the complex matrix of technologies and effects is also provided. Systems-level impacts are determined by analyzing the propagation of SEEs and assessing criticality for which we will also draw on materials to establish approaches from traditional Failure Modes and Effects Analysis (FMEA). Another section will present SEE mitigation techniques, including software mitigation, error tolerance approaches, component-level hardening, and a discussion of the power-speed-cost trades involved. An additional section presents the application of SEECA useful in the generation and flowdown of SEE requirements. A final section will illustrate, by example, application of SEECA in the assessment of SEE-induced failure modes.
Single Event Effect Criticality Analysis offers a methodology to identify the severity of an SEE in mission, system, and subsystem reliability and also provides guidelines for the assessment of SEE-induced failure modes. SEECA may be used in determining the severity of faults caused by SEEs, accounting for criticality of functions performed, and identifying necessity to provide for SEE tolerance. SEECA is intended as a tool for radiation tolerant design, requirements generation for SEEs, design verification, and requirements validation. Ultimately, SEECA will hopefully aid in launching fully functional satellites with acceptable and understood SEE risks and with minimum cost, complexity, and power consumption in the final product.
Introduction
1. The SEE Problem
2. Functional Analysis and Criticality
3. Ionizing Radiation Environment Concerns
4. Effects in Electronic Devices and SEE Rates
5. SEU Propagation Analysis: System Level Effects
6. SEE Mitigation: Methods of Reducing SEE Impacts
7. Managing SEEs: System Level Planning
8. SEE Criticality Assessment Case Studies