Evolutionary Safety Analysis: Motivations from the Air Traffic Management Domain

  • Massimo Felici
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3688)


In order realistically and cost-effectively to realize the ATM (Air Traffic Management) 2000+ Strategy, systems from different suppliers will be interconnected to form a complete functional and operational environment, covering ground segments and aerospace. Industry will be involved as early as possible in the lifecycle of ATM projects. EUROCONTROL manages the processes that involve the definition and validation of new ATM solutions using Industry capabilities (e.g., SMEs). In practice, safety analyses adapt and reuse system design models (produced by third parties). Technical, organisational and cost-related reasons often determine this choice, although design models are unfit for safety analysis. Design models provide limited support to safety analysis, because they are tailored for system designers. The definition of an adequate model and of an underlying methodology for its construction will be highly beneficial for whom is performing safety analyses. Limited budgets and resources, often, constrain or inhibit the model definition phase as an integral part of safety analysis. This paper is concerned with problems in modeling ATM systems for safety analysis. The main objective is to highlight a model specifically targeted to support evolutionary safety analysis.


Safety Analysis Safety Case Flight Safety Aviation Safety Heterogeneous Engineering 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aviation Safety Reporting System. Controller Reports (2003)Google Scholar
  2. 2.
    Aviation Safety Reporting System. TCAS II Incidents (2004)Google Scholar
  3. 3.
    Bergman, M., King, J.L., Lyytinen, K.: Large-scale requirements analysis as heterogeneous engineering. Social Thinking - Software Practice, 357–386 (2002)Google Scholar
  4. 4.
    Bergman, M., King, J.L., Lyytinen, K.: Large-scale requirements analysis revisited: The need for understanding the political ecology of requirements engineering. requirements engineering 7(3), 152–171 (2002)CrossRefGoogle Scholar
  5. 5.
    BFU. Investigation Report, AX001-1-2/02 (2002)Google Scholar
  6. 6.
    Enders, J.H., Dodd, R.S., Fickeisen, F.: Continuing airworthiness risk evaluation (CARE): An exploratory study. Flight Safety Digest 18(9-10), 1–51 (1999)Google Scholar
  7. 7.
    EUROCONTROL. EUROCONTROL Airspace Strategy for the ECAC States, ASM.ET1.ST03.4000-EAS-01-00, 1.0 edn. (2001)Google Scholar
  8. 8.
    EUROCONTROL. EUROCONTROL Safety Regulatory Requirements (ESARR). ESARR 4 - Risk Assessment and Mitigation in ATM, 1.0 edn (2001)Google Scholar
  9. 9.
    EUROCONTROL. EUROCONTROL Air Traffic Management Strategy for the years 2000+ (2003)Google Scholar
  10. 10.
    EUROCONTROL. EUROCONTROL Air Navigation System Safety Assessment Methodology, 2.0 edn. (2004)Google Scholar
  11. 11.
    Felici, M.: Observational Models of Requirements Evolution. PhD thesis, Laboratory for Foundations of Computer Science, School of Informatics, The University of Edinburgh (2004)Google Scholar
  12. 12.
    Flight Safety Fundation. The Human Factors Inplication for Flight Safety of Recent Development. The Airline Industry, (22)3-4 in Flight Safety Digest (March-April 2003)Google Scholar
  13. 13.
    Greenwell, W.S., Strunk, E.A., Knight, J.C.: Failure analysis and the safety-case lifecycle. In: Proceedings of the IFIP Working Conference on Human Error, Safety and System Development (HESSD), pp. 163–176 (2004)Google Scholar
  14. 14.
    Heitmeyer, C.L.: Software cost reduction. In: Marciniak, J.J. (ed.) Encyclopedia of Software Engineering, 2nd edn., John Wiley & Sons, Chichester (2002)Google Scholar
  15. 15.
    Hoffman, D.M., Weiss, D.M. (eds.): Software Fundamentals: Collected Papers by David L. Parnas. Addison-Wesley, Reading (2001)Google Scholar
  16. 16.
    Hollnagel, E.: Human Reliability Analysis: Context and Control. Academic Press, London (1993)Google Scholar
  17. 17.
    Hollnagel, E.: The art of efficient man-machine interaction: Improving the coupling between man and machine. In: Expertise and Technology: Cognition & Human-Computer Cooperation, pp. 229–241. Lawrence Erlbaum Associates, Mahwah (1995)Google Scholar
  18. 18.
    Hughes, A.C., Hughes, T.P. (eds.): Systems, Experts, and Computers: The Systems Approach in Management and Engineering, World War II and After. The MIT Press, Cambridge (2000)Google Scholar
  19. 19.
    Johnson, C.W.: Failure in Safety-Critical Systems: A Handbook of Accident and Incident Reporting, October 2003. University of Glasgow Press, Glasgow (2003)Google Scholar
  20. 20.
    Kelly, T.P., McDermid, J.A.: A systematic approach to safety case maintenance. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 13–26. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  21. 21.
    Kelly, T.P.: Arguing Safety - A Systematic Approach to Managing Safety Cases. PhD thesis, Department of Computer Science, University of York (1998)Google Scholar
  22. 22.
    Kinnersly, S.: Whole airspace atm system safety case - preliminary study. Technical Report AEAT LD76008/2 Issue 1, AEA Technology (2001)Google Scholar
  23. 23.
    Laprie, J.-C., et al.: Dependability handbook. Technical Report LAAS Report no 98-346, LIS LAAS-CNRS (August. 1998)Google Scholar
  24. 24.
    Leveson, N.G.: SAFEWARE: System Safety and Computers. Addison-Wesley, Reading (1995)Google Scholar
  25. 25.
    Leveson, N.G.: Intent specifications: An approach to building human-centered specifications. IEEE Transactions on Software Engineering 26(1), 15–35 (2000)CrossRefGoogle Scholar
  26. 26.
    MacKenzie, D.A.: Inventing Accuracy: A Historical Sociology of Nuclear Missile Guidance. The MIT Press, Cambridge (1990)Google Scholar
  27. 27.
    MacKenzie, D.A., Wajcman, J.: The Social Shaping of Technology, 2nd edn. Open University Press, Stony Stratford (1999)Google Scholar
  28. 28.
    Matthews, S.: Future developments and challenges in aviation safety. Flight Safety Digest 21(11), 1–12 (2002)Google Scholar
  29. 29.
    Overall, M.: New pressures on aviation safety challenge safety management systems. Flight Safety Digest 14(3), 1–6 (1995)Google Scholar
  30. 30.
    Pasquini, A., Pozzi, S.: Evaluation of air traffic management procedures - safety assessment in an experimental environment. Reliability Engineering & System Safety 89(1), 105–117 (2005)CrossRefGoogle Scholar
  31. 31.
    Perrow, C.: Normal Accidents: Living with High-Risk Technologies. Princeton University Press, Princeton (1999)Google Scholar
  32. 32.
    Ranter, H.: Airliner accident statistics 2002: Statistical summary of fatal multi-engine airliner accidents in 2002. Technical report, Aviation Safety Network (January 2003)Google Scholar
  33. 33.
    Ranter, H.: Airliner accident statistics 2003: Statistical summary of fatal multi-engine airliner accidents in 2003. Technical report, Aviation Safety Network (January 2004)Google Scholar
  34. 34.
    Reason, J.: Managing the Risks of Organizational Accidents. Ashgate Publishing Limited (1997)Google Scholar
  35. 35.
    Review. Working towards a fully interoperable system: The EUROCONTROL overall ATM/CNS target architecture project (OATA). Skyway, 32, 46–47, Spring (2004)Google Scholar
  36. 36.
    Shappell, S.A., Wiegmann, D.A.: The human factors analysis and classification system - HFACS. Technical Report DOT/FAA/AM-00/7, FAA (February 2000)Google Scholar
  37. 37.
    Storey, N.: Safety-Critical Computer Systems. Addison-Wesley, Reading (1996)Google Scholar
  38. 38.
    van Es G.W.H.: A review of civil aviation accidents - air traffic management related accident: 1980-1999. In: Proceedings of the 4th International Air Traffic Management R&D Seminar, New-Mexico (December 2001)Google Scholar
  39. 39.
    Wiegmann, D.A., Shappell, S.A.: A human error analysis of commercial aviation accidents using the human factors analysis and classification system (HFACS). Technical Report DOT/FAA/AM-01/3, FAA (February 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Massimo Felici
    • 1
  1. 1.LFCS, School of InformaticsThe University of EdinburghEdinburghUK

Personalised recommendations