Supporting Resilence in Air Traffic Management A. Tedeschi, M. Felici, V. Meduri, C. Riccucci SERENE 2008 November 17-19, 2008, Newcastle upon Tyne, UK.

Slides:



Advertisements
Similar presentations
Episode 3 / CAATS II joint dissemination event Gaming Techniques Episode 3 - CAATS II Final Dissemination Event Patricia López Aena Episode 3 Brussels,
Advertisements

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
Applying the Human Views for MODAF to the conception of energy-saving work solutions Dr Anne Bruseberg Systems Engineering & Assessment Ltd, UK on behalf.
Organization Example - PWA
Object-Oriented Analysis and Design LECTURE 3: REQUIREMENTS DISCIPLINE.
ITIL: Service Transition
Using UML, Patterns, and Java Object-Oriented Software Engineering Royce’s Methodology Chapter 16, Royce’ Methodology.
© 2005 Prentice Hall6-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.
Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)
INDUSTRIAL & SYSTEMS ENGINEERING
Knowledge Acquisitioning. Definition The transfer and transformation of potential problem solving expertise from some knowledge source to a program.
Quality of Service in IN-home digital networks Alina Albu 23 October 2003.
Lecture 2b: Software Project Management CSCI102 - Introduction to Information Technology B ITCS905 - Fundamentals of Information Technology.
IT Planning.
Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Goal.
Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.
Introduction to Computer Technology
Enterprise Architecture
Release & Deployment ITIL Version 3
Codex Guidelines for the Application of HACCP
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
S/W Project Management
Information System.
Unit 5:Elements of A Viable COOP Capability (cont.)  Define and explain the terms tests, training, and exercises (TT&E)  Explain the importance of a.
Cognitive Task Analysis and its Application to Restoring System Security by Robin Podmore, IncSys Frank Greitzer, PNNL.
RUP Implementation and Testing
Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.
Business Analysis and Essential Competencies
Chapter 5: Requirement Engineering Process Omar Meqdadi SE 2730 Lecture 5 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
Design Science Method By Temtim Assefa.
Requirements Elicitation. Who are the stakeholders in determining system requirements, and how does their viewpoint influence the process? How are non-technical.
Architecting Web Services Unit – II – PART - III.
2Object-Oriented Analysis and Design with the Unified Process The Requirements Discipline in More Detail  Focus shifts from defining to realizing objectives.
OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.
Module 4: Systems Development Chapter 12: (IS) Project Management.
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:
Lecture 7: Requirements Engineering
Business Process Change and Discrete-Event Simulation: Bridging the Gap Vlatka Hlupic Brunel University Centre for Re-engineering Business Processes (REBUS)
1 Introduction to Software Engineering Lecture 1.
Unified Modeling Language* Keng Siau University of Nebraska-Lincoln *Adapted from “Software Architecture and the UML” by Grady Booch.
Projects EMERALD and EMERTA EMERALD WP5 The Specific case of ASAS/ADS-B.
Object-Oriented Software Engineering using Java, Patterns &UML. Presented by: E.S. Mbokane Department of System Development Faculty of ICT Tshwane University.
Rational Unified Process (RUP) Process Meta-model Inception Phase These notes adopted and slightly modified from “RUP Made Easy”, provided by the IBM Academic.
27/3/2008 1/16 A FRAMEWORK FOR REQUIREMENTS ENGINEERING PROCESS DEVELOPMENT (FRERE) Dr. Li Jiang School of Computer Science The.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
MODEL-BASED SOFTWARE ARCHITECTURES.  Models of software are used in an increasing number of projects to handle the complexity of application domains.
16/11/ Semantic Web Services Language Requirements Presenter: Emilia Cimpian
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Environment and Disaster Planning Hari Srinivas, GDRC Rajib Shaw, Kyoto University Contents of the presentation: -What is the problem? -Precautionary Principles.
Requirements Engineering Process
Introduction to IRRIIS MIT Add-On Components Middleware Improvement Technology for Interdependent Critical Infrastructure 08 February 2007, Rome Giordano.
Foundations of Information Systems in Business. System ® System  A system is an interrelated set of business procedures used within one business unit.
Federal Aviation Administration 1 Collaborative Decision Making Improving Air Traffic Management Together…
Organisation Development(OD)
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.
An Overview of Management
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
Introduction to Software Engineering 1. Software Engineering Failures – Complexity – Change 2. What is Software Engineering? – Using engineering approaches.
1 Security and Dependability Organizational Patterns - A Proof of Concept Demo for SERENITY A. Saidane, F. Dalpiaz, V.H. Nguyen, F. Massacci.
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.
 The processes used for RE vary widely depending on the application domain, the people involved and the organisation developing the requirements.  However,
Decisive Themes, July, JL-1 ARTEMIS Decisive Theme for Integrasys Pedro A. Ruiz Integrasys July, 2011.
ITIL: Service Transition
Architecting Web Services
Architecting Web Services
The Extensible Tool-chain for Evaluation of Architectural Models
Software Development Process Using UML Recap
Presentation transcript:

Supporting Resilence in Air Traffic Management A. Tedeschi, M. Felici, V. Meduri, C. Riccucci SERENE 2008 November 17-19, 2008, Newcastle upon Tyne, UK

2 Overview The SERENITY project Design Patterns Evaluation Scenarios SERENITY S&D Patterns The SERENITY Process Tailoring S&D Patterns to the Air Traffic Management (ATM) domain An ATM Scenario Scenario Unfolding Emergent Resilience Conclusions

3 The SERENITY Project The primary goal of SERENITY IP project is to enhance security and dependability for AmI ecosystems by capturing security expertise and making it available for automated processing through Patterns. Patterns are expression of a fundamental structural organization schema for a socio-technical system, which consists of subsystems, their responsibilities and interrelations. SERENITY provides a framework supporting the automated integration, configuration, monitoring and adaptation of security and dependability mechanisms for such ecosystems.

4 The SERENITY Scenarios Industry Scenarios cover a broad spectrum of domains, adhere to real-world situations, and address outstanding industrial problems Assess the methods, techniques, and tools developed by the other project activities (e.g. organisational patterns) Apply the SERENITY framework to provide S&D solutions for the selected application scenarios

5 SERENITY S&D Patterns The SERENITY pattern description identifies information (i.e., Trust Mechanisms, Provided Property, Pre-conditions, etc.) concerning S&D aspects The description associates the specified pattern with specific S&D properties, implementation aspects (e.g., components, parameters, etc.) and environmental constraints (e.g., pre-conditions) Three Pattern Categories Organizational Workflow Infrastructure

6 The SERENITY Process 1.Capturing and formalizing relevant knowledge by S&D Patterns 2.Defining reaction plans along with mappings between the plan’s structures and those of S&D Patterns 3.The SERENITY Runtime Framework (SRF) monitors the system, manages the matching between the reaction plan, its execution and relevant S&D Patterns 4.Exploiting the knowledge formalized by S&D Patterns It enables reaction mechanisms by deploying S&D Patterns

7 The SERENITY Runtime Framework The SERENITY Runtime Framework (SRF) makes the knowledge captured by S&D Patterns available to the actors participating in the response by means of functionalities to: Alter plans during response and execution Share plans Inspect plans Monitor plans execution

8 Air Traffic Management (ATM) Air Traffic Management (ATM) is the dynamic and integrated management of air traffic flow to minimize delays while guaranteeing safety of operation in the airspace. The airspace managed by each Area Control Center (ACC) is organised into adjacent volumes, so-called Sectors. Each sector is operated by a team of two Air Traffic Controllers, consisting of a Planning Controller and an Executive Controller. The Planning Controller and the Executive work together and share the responsibility for the safe operation of the sector they control. Groups of neighbouring Sectors are coordinated by a Supervisor, who is in charge of managing the traffic forecast in the next period and modify the sectors configuration accordingly. The Supervisor is also responsible for the formation of the Sector Teams.

9 ATM Peculiarities Organizational and management aspects of S&D Stresses on organizational reaction to threats and hazards Stresses on safety, dependability and resilience, more than security Deals not only with digital systems, but with complex socio-technical systems systems involve people, artifacts, organizations, physical spaces and digital devices

10 ATM Scenario Overview Italian airspace, summer time: an unexpected increase of air traffic risks exceeding Sector SU capacity. In order to safely manage all the incoming traffic, standard re-sectorization is decided: sector SU gets split into SU1 and SU2. The re-sectorization is not sufficient: partial delegation of airspace is negotiated and issued. After the traffic peak has been safely managed, previous configuration of airspace is restored.

11 Supporting Work Practices Coordination Decision Support Contextualization Evolution

12 Organizational Patterns Critical roles and responsibilities of the Air Traffic Controllers (ATCOs) Complex organizations Source of S&D patterns Examples of Organizational Patterns Public Artefact. This pattern concerns any situation in which shared resources are used to share information among several agents that carry on similar or related tasks. Reinforcing Overlapping Responsibilities. This pattern is concerned with critical tasks that must be accomplished by several agents with high level of safety. Therefore, those agents share responsibility for achieving these tasks. It is, therefore, necessary to set up work groups in which more than one worker can perform the same activity.

13 Examples of Organizational Patterns Public Artefact Two Supervisors Assessment of the Partial Delegation’s feasibility Timing, Decision Support, Situation Awareness Any controller involved in the decision-making process shares the same information artefacts Reinforcing Overlapping Responsibilities Assistance for critical situations Matching required capabilities with available resources For instance, an Executive controller can act as Planner Controller

14 System Functionalities Reminder Communicator Recorder Advisor

15 S&D Pattern Elicitation and Validation Requirement Collection ATM experts, together with evaluation responsible, walk through scenario workflows and first prototype ‘slideware’ to collect feedback for developers Light Evaluations the Player is shown to ATM experts in an informal setting and played on shorter sequences of the scenario. Feedback is collected for developers Complete Evaluations simulations performed with ATM experts on a full, multi-path version of the scenario. Feedback on the effectiveness and usefulness of Serenity is collected through feedback collection

16 ATM Scenario Evaluation - Overview “Wizard of Oz” Evaluation Scenario simulations with ATM experts through reproduction of “pivot points” Re-enactments with introduction of a prototype Feedback on comparison collected through individual questionnaires, interviews and focus groups

17 The “Wizard of Oz” A “Wizard” simulates the system’s intelligence and interacts with the users/actors through a real or mock computer interface Users/actors will be ATM experts, and feedback on usefulness of the tool will be collected through feedbacks activities

18 ATM Scenario Evaluation Tools The “scenario player”: Scenario (i.e. radar) screenshots Prototype SRF + ATM Cooperation Tool (ACT) Additional data to increase realism ACC Position Application

19 Scenario Unfolding 1.Safety Hazard 2.Subsequent Strategy Decisions 3.Emerging Resilience

20 Safety Hazard Traffic exceeding sector's capacity

21 Subsequent Strategy Decisions

22 Emergent Resilience Resulting capacity containing traffic peaks

23 Emergent Resilience Is socio-technical Involves work practices Requires systems to support work practices A lack of understanding of these fundamental aspects may cause undependabilities or result in system failures

24 Conclusions A socio-technical characterization of Resilience combining S&D Patterns, system functionalities and work practices Identification of suitable software functionalities implemented in an instance of the SERENITY Runtime Framework (SRF) tailored to the ATM domain Initial validation activities S&D requirements for tailoring pattern technology to the ATM domain S&D Patterns as models to orient actions of actors involved in reaction processes to threats or attacks S&D Patterns capture organizational, procedural and infrastructural aspects The SERENITY framework provides a means for delivering S&D patterns (and their features) into industry domains