Security Risk Management in the Aviation Turnaround Sector

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10018)


Security in the airline industry receives heightened attention due to an increase of diverse attacks, many being driven by information technology. Ongoing research does not take into account the sociotechnical nature of security in critical domains such as airline turnaround systems. To cut time and costs, the latter comprises several companies for ticket- and luggage management, maintenance checks, cleaning, passenger transportation, re-fueling, and so on. The airline industry has adopted extensively information technology for assuring an incoming airplane is in a state to take off again as quickly as possible. Increasingly, this leads to the emergence of a virtual enterprise that uses information technologies to seamlessly integrate respective airline-turnaround processes into one composition. The resulting sociotechnical security risk management issues are not well understood and require diligent investigation. This paper fills the gap with an evaluation about the application of a security risk management method to identify critical business- and information-technology assets for a deeper risk mitigation analysis. The results of this paper yield insights about the utility of existing security risk management approach.


Security Risk analysis Airline turnaround Virtual organization Decentralization Composition Mitigation Sociotechnical E-governance Business process Cross-organizational 


  1. 1.
    US Department of Transportation: Aircraft weight and balance handbook (2007).
  2. 2.
    NATA Safety 1st eToolkit (2015).
  3. 3.
    Anton, V.U., Eduardo, B.F.: An extensible pattern-based library, taxonomy of security threats for distributed systems. Secur. Inf. Syst. Adv. New Challenges 36, 734–747 (2014)Google Scholar
  4. 4.
    Bartelt, C., Rausch, A., Rehfeldt, K.: Quo vadis cyber-physical systems: research areas of cyber-physical ecosystems: a position paper. In: Proceedings of the 1st International Workshop on Control Theory for Software Engineering, CTSE 2015, pp. 22–25. ACM, New York (2015)Google Scholar
  5. 5.
    Belobaba, P., Odoni, A., Barnhart, C.: The global airline industry. Wiley, Chichester (2015)Google Scholar
  6. 6.
    Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A systematic approach to define the domain of information system security risk management. In: Nurcan, S., Salinesi, C., Souveyet, C., Ralyté, J. (eds.) Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Kutvonen, L., Norta, A., Ruohomaa, S.: Inter-enterprise business transaction management in open service ecosystems. In: 2012 IEEE 16th International on Enterprise Distributed Object Computing Conference (EDOC), pp. 31–40. IEEE (2012)Google Scholar
  8. 8.
    Leonardi, M., Piracci, E., Galati, G.: Ads-b vulnerability to low cost jammers: risk assessment and possible solutions. In: 2014 Tyrrhenian International Workshop on Digital Communications-Enhanced Surveillance of Aircraft and Vehicles (TIWDC/ESAV), pp. 41–46. IEEE (2014)Google Scholar
  9. 9.
    Long, S.: Socioanalytic Methods: Discovering the Hidden in Organisations and Social Systems. Karnac Books, London (2013)Google Scholar
  10. 10.
    Maiden, Neil Arthur McDougall, Ncube, Cornelius, Lockerbie, James: Inventing Requirements: Experiences with an Airport Operations System. In: Rolland, Colette (ed.) REFSQ 2008. LNCS, vol. 5025, pp. 58–72. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Massacci, F., Paci, F., Tedeschi, A.: Assessing a requirements evolution approach: empirical studies in the air traffic management domain. J. Syst. Soft. 95, 70–88 (2014)CrossRefGoogle Scholar
  12. 12.
    Mayer, N.: Model-based management of information system security risk. Ph.D. thesis. University of Namur (2009)Google Scholar
  13. 13.
    Business Process Model. Notation (bpmn) version 2.0. Object Management Group specification (2011).
  14. 14.
    Nõukas, R.: Service brokering environment for an airline, (Master Thesis). Tallinn University of Technology (2015)Google Scholar
  15. 15.
    Norta, Alex: Creation of Smart-Contracting Collaborations for Decentralized Autonomous Organizations. In: Matulevičius, Raimundas, Dumas, Marlon (eds.) BIR 2015. LNBIP, vol. 229, pp. 3–17. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  16. 16.
    Norta, A., Grefen, P., Narendra, N.C.: A reference architecture for managing dynamic inter-organizational business processes. Data Knowl. Eng. 91, 52–89 (2014)CrossRefGoogle Scholar
  17. 17.
    Norta, A., Ma, L., Duan, Y., Rull, A., Kõlvart, M., Taveter, K.: eContractual choreography-language properties towards cross-organizational business collaboration. J. Internet Serv. Appl. 6(1), 1–23 (2015)CrossRefGoogle Scholar
  18. 18.
    Samarütel, S., Matulevičius, R., Norta, A., Nõukas, R. In: Horkoff, J., Jeusfeld, M., Persson, A. (eds.) The Practice of Enterprise Modeling. LNBIP, vol. 267, 1st edn. Springer, Heidelberg (2016)Google Scholar
  19. 19.
    Sampigethaya, K., Poovendran, R.: Aviation cyber-physical systems: foundations for future aircraft and air transport. Proc. IEEE 101(8), 1834–1855 (2013)CrossRefGoogle Scholar
  20. 20.
    Shim, W., Massacci, F., Tedeschi, A., Pollini, A.: A relative cost-benefit approach for evaluating alternative airport security policies. In: 2014 Ninth International Conference on Availability, Reliability and Security (ARES), pp. 514–522. IEEE (2014)Google Scholar
  21. 21.
    van Solingen, R., Basili, V., Caldiera, G., Rombach, H.D.: Goal Question Metric (GQM) Approach. Wiley, New York (2002)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Institute of Computer ScienceUniversity of TartuTartuEstonia
  2. 2.Department of InformaticsTallinn University of TechnologyTallinnEstonia

Personalised recommendations