1 / 24

Supporting Resilence in Air Traffic Management

Explore how SERENITY project enhances security and dependability in Air Traffic Management through S&D Patterns, evaluating scenarios, and tailoring solutions for ATM domain resilience.

kevinlarkin
Download Presentation

Supporting Resilence in Air Traffic Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Supporting Resilence in Air Traffic Management A. Tedeschi, M. Felici, V. Meduri, C. Riccucci SERENE 2008 November 17-19, 2008, Newcastle upon Tyne, UK

  2. Overview • The SERENITY project • Design Patterns • Evaluation Scenarios • SERENITY S&D Patterns • The SERENITY Process • Tailoring S&D Patterns to the Air Traffic Management (ATM) domain • An ATM Scenario • Scenario Unfolding • Emergent Resilience • Conclusions

  3. The SERENITY Project • The primary goal of SERENITY IP project is to enhance security and dependability for AmI ecosystems by capturing security expertise and making it available for automated processing through Patterns. • Patterns are expression of a fundamental structural organization schema for a socio-technical system, which consists of subsystems, their responsibilities and interrelations. • SERENITY provides a framework supporting the automated integration, configuration, monitoring and adaptation of security and dependability mechanisms for such ecosystems.

  4. The SERENITY Scenarios • Industry Scenarios • cover a broad spectrum of domains, • adhere to real-world situations, and • address outstanding industrial problems • Assess the methods, techniques, and tools developed by the other project activities (e.g. organisational patterns) • Apply the SERENITY framework to provide S&D solutions for the selected application scenarios

  5. SERENITY S&D Patterns • The SERENITY pattern description identifies information (i.e., Trust Mechanisms, Provided Property, Pre-conditions, etc.) concerning S&D aspects • The description associates the specified pattern with specific S&D properties, implementation aspects (e.g., components, parameters, etc.) and environmental constraints (e.g., pre-conditions) • Three Pattern Categories • Organizational • Workflow • Infrastructure

  6. The SERENITY Process • Capturing and formalizing relevant knowledge by S&D Patterns • Defining reaction plans along with mappings between the plan’s structures and those of S&D Patterns • The SERENITY Runtime Framework (SRF) monitors the system, manages the matching between the reaction plan, its execution and relevant S&D Patterns • Exploiting the knowledge formalized by S&D Patterns It enables reaction mechanisms by deploying S&D Patterns

  7. The SERENITY Runtime Framework The SERENITY Runtime Framework (SRF) makes the knowledge captured by S&D Patterns available to the actors participating in the response by means of functionalities to: • Alter plans during response and execution • Share plans • Inspect plans • Monitor plans execution

  8. Air Traffic Management (ATM) • Air Traffic Management (ATM) is the dynamic and integrated management of air traffic flow to minimize delays while guaranteeing safety of operation in the airspace. • The airspace managed by each Area Control Center (ACC) is organised into adjacent volumes, so-called Sectors. • Each sector is operated by a team of two Air Traffic Controllers, consisting of a Planning Controller and an Executive Controller. The Planning Controller and the Executive work together and share the responsibility for the safe operation of the sector they control. • Groups of neighbouring Sectors are coordinated by a Supervisor, who is in charge of managing the traffic forecast in the next period and modify the sectors configuration accordingly. The Supervisor is also responsible for the formation of the Sector Teams.

  9. ATM Peculiarities • Organizational and management aspects of S&D • Stresses on organizational reaction to threats and hazards • Stresses on safety, dependability and resilience, more than security • Deals not only with digital systems, but with complex socio-technical systems • systems involve people, artifacts, organizations, physical spaces and digital devices

  10. ATM Scenario Overview • Italian airspace, summer time: an unexpected increase of air traffic risks exceeding Sector SU capacity. • In order to safely manage all the incoming traffic, standard re-sectorization is decided: sector SU gets split into SU1 and SU2. • The re-sectorization is not sufficient: partial delegation of airspace is negotiated and issued. • After the traffic peak has been safely managed, previous configuration of airspace is restored.

  11. Supporting Work Practices • Coordination • Decision Support • Contextualization • Evolution

  12. Organizational Patterns • Critical roles and responsibilities of the Air Traffic Controllers (ATCOs) • Complex organizations • Source of S&D patterns Examples of Organizational Patterns Public Artefact. This pattern concerns any situation in which shared resources are used to share information among several agents that carry on similar or related tasks. Reinforcing Overlapping Responsibilities. This pattern is concerned with critical tasks that must be accomplished by several agents with high level of safety. Therefore, those agents share responsibility for achieving these tasks. It is, therefore, necessary to set up work groups in which more than one worker can perform the same activity.

  13. Public Artefact Two Supervisors Assessment of the Partial Delegation’s feasibility Timing, Decision Support, Situation Awareness Any controller involved in the decision-making process shares the same information artefacts Reinforcing Overlapping Responsibilities Assistance for critical situations Matching required capabilities with available resources For instance, an Executive controller can act as Planner Controller Examples of Organizational Patterns

  14. System Functionalities • Reminder • Communicator • Recorder • Advisor

  15. S&D Pattern Elicitation and Validation • Requirement Collection • ATM experts, together with evaluation responsible, walk through scenario workflows and first prototype ‘slideware’ to collect feedback for developers • Light Evaluations • the Player is shown to ATM experts in an informal setting and played on shorter sequences of the scenario. Feedback is collected for developers • Complete Evaluations • simulations performed with ATM experts on a full, multi-path version of the scenario. Feedback on the effectiveness and usefulness of Serenity is collected through feedback collection

  16. ATM Scenario Evaluation - Overview “Wizard of Oz” Evaluation • Scenario simulations with ATM experts through reproduction of “pivot points” • Re-enactments with introduction of a prototype • Feedback on comparison collected through individual questionnaires, interviews and focus groups

  17. The “Wizard of Oz” • A “Wizard” simulates the system’s intelligence and interacts with the users/actors through a real or mock computer interface • Users/actors will be ATM experts, and feedback on usefulness of the tool will be collected through feedbacks activities

  18. ACC Position Application ATM Scenario Evaluation Tools • The “scenario player”: • Scenario (i.e. radar) screenshots • Prototype SRF + ATM Cooperation Tool (ACT) • Additional data to increase realism

  19. Scenario Unfolding • Safety Hazard • Subsequent Strategy Decisions • Emerging Resilience

  20. Safety Hazard Traffic exceeding sector's capacity

  21. Subsequent Strategy Decisions

  22. Emergent Resilience Resulting capacity containing traffic peaks

  23. Emergent Resilience • Emergent Resilience • Is socio-technical • Involves work practices • Requires systems to support work practices • A lack of understanding of these fundamental aspects may cause undependabilities or result in system failures

  24. Conclusions • A socio-technical characterization of Resilience combining S&D Patterns, system functionalities and work practices • Identification of suitable software functionalities implemented in an instance of the SERENITY Runtime Framework (SRF) tailored to the ATM domain • Initial validation activities • S&D requirements for tailoring pattern technology to the ATM domain • S&D Patterns as models to orient actions of actors involved in reaction processes to threats or attacks • S&D Patterns capture organizational, procedural and infrastructural aspects • The SERENITY framework provides a means for delivering S&D patterns (and their features) into industry domains

More Related