Modeling Safety Case Evolution – Examples from the Air Traffic Management Domain

  • Massimo Felici
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3943)


In order realistically and cost-effectively to realize the ATM (Air Traffic Management) 2000+ Strategy, systems from different suppliers will be interconnected to form a complete functional and operational environment, covering ground segments and aerospace. Industry will be involved as early as possible in the lifecycle of ATM projects. EUROCONTROL manages the processes that involve the definition and validation of new ATM solutions using Industry capabilities (e.g., SMEs). In practice, safety analyses adapt and reuse system design models (produced by third parties). Technical, organisational and cost-related reasons often determine this choice, although design models are unfit for safety analysis. This paper is concerned with evolutionary aspects in judging safety for ATM systems. The main objective is to highlight a model specifically targeted to support evolutionary safety analysis. The systematic production of safety analysis (models) will decrease the cost of conducting safety analysis by supporting reuse in future ATM projects.


Modeling Transformation Safety Analysis Proof System Kripke Model Safety Space 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aviation Safety Reporting System. Controller Reports (2003)Google Scholar
  2. 2.
    Aviation Safety Reporting System. TCAS II Incidents (2004)Google Scholar
  3. 3.
    Bergman, M., King, J.L., Lyytinen, K.: Large-scale requirements analysis as heterogeneous engineering. Social Thinking - Software Practice, 357–386 (2002)Google Scholar
  4. 4.
    Bergman, M., King, J.L., Lyytinen, K.: Large-scale requirements analysis revisited: The need for understanding the political ecology of requirements engineering. Requirements Engineering 7(3), 152–171 (2002)CrossRefGoogle Scholar
  5. 5.
    BFU. Investigation Report, AX001-1-2/02 (2002)Google Scholar
  6. 6.
    Chagrov, A., Zakharyaschev, M.: Modal Logic. Oxford Logic Guides, vol. 35. Oxford University Press, Oxford (1997)zbMATHGoogle Scholar
  7. 7.
    Enders, J.H., Dodd, R.S., Fickeisen, F.: Continuing airworthiness risk evaluation (CARE): An exploratory study. Flight Safety Digest 18(9-10), 1–51 (1999)Google Scholar
  8. 8.
    EUROCONTROL. Human Factor Module - Human Factors in the Development of Air Traffic Management Systems, 1.0 edition (1998)Google Scholar
  9. 9.
    EUROCONTROL. EUROCONTROL Airspace Strategy for the ECAC States, ASM.ET1.ST03.4000-EAS-01-00, 1.0 edition (2001)Google Scholar
  10. 10.
    EUROCONTROL. EUROCONTROL Safety Regulatory Requirements (ESARR). ESARR 4 - Risk Assessment and Mitigation in ATM, 1.0 edition (2001)Google Scholar
  11. 11.
    EUROCONTROL. EUROCONTROL Air Traffic Management Strategy for the years 2000+ (2003)Google Scholar
  12. 12.
    EUROCONTROL. EUROCONTROL Air Navigation System Safety Assessment Methodology, 2.0 edition (2004)Google Scholar
  13. 13.
    Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning about Knowledge. The MIT Press, Cambridge (2003)zbMATHGoogle Scholar
  14. 14.
    Felici, M.: Observational Models of Requirements Evolution. PhD thesis, Laboratory for Foundations of Computer Science, School of Informatics, The University of Edinburgh (2004)Google Scholar
  15. 15.
    Felici, M.: Evolutionary safety analysis: Motivations from the air traffic management domain. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 208–221. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Fitting, M., Mendelsohn, R.L.: First-Order Modal Logic. Kluwer Academic Publishers, Dordrecht (1998)CrossRefzbMATHGoogle Scholar
  17. 17.
    Flight Safety Fundation. The Human Factors Implication for Flight Safety of Recent Developments In the Airline Industry, number (22)3-4 in Flight Safety Digest (March-April 2003)Google Scholar
  18. 18.
    Greenwell, W.S., Strunk, E.A., Knight, J.C.: Failure analysis and the safety-case lifecycle. In: Proceedings of the IFIP Working Conference on Human Error, Safety and System Development (HESSD), pp. 163–176 (2004)Google Scholar
  19. 19.
    Halpern, J.Y.: Reasoning about Uncertainty. The MIT Press, Cambridge (2003)zbMATHGoogle Scholar
  20. 20.
    Hollnagel, E.: Human Reliability Analysis: Context and Control. Academic Press, London (1993)Google Scholar
  21. 21.
    Hollnagel, E.: The art of efficient man-machine interaction: Improving the coupling between man and machine. In: Expertise and Technology: Cognition & Human-Computer Cooperation, pp. 229–241. Lawrence Erlbaum Associates, Mahwah (1995)Google Scholar
  22. 22.
    Hughes, A.C., Hughes, T.P. (eds.): Systems, Experts, and Computers: The Systems Approach in Management and Engineering, World War II and After. The MIT Press, Cambridge (2000)Google Scholar
  23. 23.
    Johnson, C.W.: Failure in Safety-Critical Systems: A Handbook of Accident and Incident Reporting. University of Glasgow Press, Glasgow, Scotland (2003)Google Scholar
  24. 24.
    Kelly, T.P.: Arguing Safety - A Systematic Approach to Managing Safety Cases. PhD thesis, Department of Computer Science, University of York (1998)Google Scholar
  25. 25.
    Kelly, T.P., McDermid, J.A.: A systematic approach to safety case maintenance. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 13–26. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  26. 26.
    Kinnersly, S.: Whole airspace atm system safety case - preliminary study. Technical Report AEAT LD76008/2 Issue 1, AEA Technology (2001)Google Scholar
  27. 27.
    Laprie, J.-C., et al.: Dependability handbook. Technical Report LAAS Report no 98-346, LIS LAAS-CNRS (August 1998)Google Scholar
  28. 28.
    Leveson, N.G.: SAFEWARE: System Safety and Computers. Addison-Wesley, Reading (1995)Google Scholar
  29. 29.
    MacKenzie, D.A.: Inventing Accuracy: A Historical Sociology of Nuclear Missile Guidance. The MIT Press, Cambridge (1990)Google Scholar
  30. 30.
    MacKenzie, D.A., Wajcman, J. (eds.): The Social Shaping of Technology, 2nd edn. Open University Press, Stony Stratford (1999)Google Scholar
  31. 31.
    Matthews, S.: Future developments and challenges in aviation safety. Flight Safety Digest 21(11), 1–12 (2002)Google Scholar
  32. 32.
    Overall, M.: New pressures on aviation safety challenge safety management systems. Flight Safety Digest 14(3), 1–6 (1995)Google Scholar
  33. 33.
    Pasquini, A., Pozzi, S.: Evaluation of air traffic management procedures - safety assessment in an experimental environment. Reliability Engineering & System Safety (2004)Google Scholar
  34. 34.
    Perrow, C.: Normal Accidents: Living with High-Risk Technologies. Princeton University Press, Princeton (1999)Google Scholar
  35. 35.
    Ranter, H.: Airliner accident statistics 2002: Statistical summary of fatal multi-engine airliner accidents in 2002. Technical report, Aviation Safety Network (January 2003)Google Scholar
  36. 36.
    Ranter, H.: Airliner accident statistics 2003: Statistical summary of fatal multi-engine airliner accidents in 2003. Technical report, Aviation Safety Network (January 2004)Google Scholar
  37. 37.
    Reason, J.: Managing the Risks of Organizational Accidents. Ashgate Publishing Limited (1997)Google Scholar
  38. 38.
    Review. Working towards a fully interoperable system: The EUROCONTROL overall ATM/CNS target architecture project (OATA). Skyway, 32 46–47 (Spring 2004)Google Scholar
  39. 39.
    Shappell, S.A., Wiegmann, D.A.: The human factors analysis and classification system - HFACS. Technical Report DOT/FAA/AM-00/7, FAA (February 2000)Google Scholar
  40. 40.
    Stirling, C.: Modal and Temporal Properties of Processes. Texts in Computer Science. Springer, Heidelberg (2001)Google Scholar
  41. 41.
    Storey, N.: Safety-Critical Computer Systems. Addison-Wesley, Reading (1996)Google Scholar
  42. 42.
    van Es, G.W.H.: A Review of Civil Aviation Accidents - Air Traffic Management Related Accident: 1980-1999. In: Proceedings of the 4th International Air Traffic Management R&D Seminar, New-Mexico (December 2001)Google Scholar
  43. 43.
    Wiegmann, D.A., Shappell, S.A.: A human error analysis of commercial aviation accidents using the human factors analysis and classification system (HFACS). Technical Report DOT/FAA/AM-01/3, FAA (February 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Massimo Felici
    • 1
  1. 1.LFCS, School of InformaticsThe University of EdinburghEdinburghUK

Personalised recommendations