Publications
2008
-
M. Felici, V.Meduri, C. Riccucci, A.Tedeschi
Supporting Resilience in Air Traffic Management, to appear in Proceedings of the RISE/EFTS Joint International Workshop on Software Engineering for REsilient systEms (SERENE 08), 17-19 November 2008, Newcastle-Upon-Tyne, UK.
This paper reports about the empirical validation of a tool for decision support in the context of Air Traffic Management (ATM). The empirical validation highlights how resilience emerges in complex socio-technical settings.
-
H. Moniz, P.Masci, A.Tedeschi
Services for Fault-Tolerant Conflict Resolution in Air Traffic Management, to appear in Proceedings of the RISE/EFTS Joint International Workshop on Software Engineering for REsilient systEms, 17-19 November 2008, Newcastle-Upon-Tyne, UK.
Airborne Self-Separation is a new concept of dynamic management of air traffic flow, where pilots are allowed to select their flight paths in real-time. In this new operational concept, each aircraft is guided by an automated decision procedure and, based on the available information, enters into negotiations with surrounding aircraft in order to coordinate actions and avoid collisions. In this work, we explore the possibility of combining an approach based on Satisficing Game Theory together with a fault-tolerant agreement service to obtain a robust approach for conflict resolution and air traffic optimization in the context of Airborne Self-Separation.
-
Pasquini, A., Pozzi, S. & Save, L.
The Wrong Question to the Right People. A Critical View of Severity Classification Methods in ATM Experimental Projects. In Proceedings of "Safecomp 2008", Newcastle, United Kingdom
The knowledge of operational experts plays a fundamental role in performing safety assessments in safety critical organizations. The complexity and socio-technical nature of such systems produce hazardous situations which require a thorough understanding of concrete operational scenarios and cannot be anticipated by simply analyzing single failures of specific functions. This paper addresses some limitations regarding state-of-the-art safety assessment techniques, with special reference to the use of severity classes associated to specific outcomes (e.g. accident, incident, no safety effect, etc.). Such classes tend to assume a linear link between single hazards considered in isolation and specified consequences for safety, thus neglecting the intrinsic complexity of the systems under analysis and reducing the opportunities for an effective involvement of operational experts. An alternative approach is proposed to overcome these limitations, by allowing operational people to prioritize the severity of hazards observed in concrete operational scenarios and by involving them in the definition of the possible means of mitigation.
-
Pasquini, A., Pozzi, S. & McAuley, G.
Eliciting Information for Safety Assessment. Safety Science, Vol. 46 (10), pp. 1469–1482.
This paper presents an approach that has been used in the Mediterranean Free Flight project to elicit information from operational experts (pilots and controllers). The project investigates new Air Traffic Management (ATM) concepts and procedures delegating to aircrew some controller tasks related to separation assurance. The information obtained from the operational experts has been used for the safety assessment of these new concepts and procedures. A set of specific exercises were added to the conventional real time and cockpit simulations, to offer the operational experts the opportunity to familiarise with the new procedures and to experience normal and abnormal events during their usage. In this way – even if concepts and procedures were extremely innovative and there was a lack of real operational experience about them – valid information from the operational experts could be gathered. The information elicited has been very useful for the identification and analysis of the possible hazards related to the use of the new concepts and procedures, and for the definition of the related safety requirements.
-
Pozzi S., Lotti G., Matrella G., Save L.
Turning information into knowledge.
The case of Automatic Safety Data Gathering. In Proceedings of the EUROCONTROL Annual Safety R&D Seminar, 22-24 October 2008, Southampton, UK.This paper provides an overview on the results of an ENAV feasibility study, where we exploited an automatic safety data gathering tool to analyze the ATM system performances. In particular, it addresses the use of ASMT (Automatic Safety Monitoring Tool) as a support to monitor Multi Radar Tracking issues and STCA performance. The contribution of this study is to show how ATM can profit from the use of Automatic Safety Data Gathering and from the collection of large amount of data. We also reflect on open issues and areas of future research that would need to be addressed for an optimal use of ASDG.
-
Pasquini A., Pozzi S., Save L., Sujan M.
Monitoring Resilience. A socio-technical perspective on incident reporting.
In Proceedings of the 3rd Symposium on Resilience Engineering, 28-30 October 2008, Juan-Les-Pins, France. -
Chialastri, A. & Pozzi, S.
Resilience in the aviation system. In Proceedings of “Safecomp 2008”, Newcastle, Regno Unito.
This paper presents an overview of the main characteristics of the civil aviation domain and their relation with concepts coming from the approach of resilience engineering. Our objective is to first outline the structural properties of the aviation domain (i.e. regulations, standards, relationships among the various actors, system dynamics), to then present some example processes that bear an effect on the system resilience. We will in particular reason on training and on the role of automation, to discuss how and to what extent they impact on system resilience. We contend that, in a complex system like aviation, resilience engineering is not a matter of simple technical upgrades, rather is about facing contradictory tensions and dynamic system changes. This paper contains a pilot’s first-hand reflections, so it aims to stimulate discussion on some issues that are still open, rather than providing solutions.
-
V. Di Giacomo, M. Felici, V. Meduri, D. Presenza, C. Riccucci, A. Tedeschi
Using Security and Dependability Patterns for Reaction Processes, in Proceedings of the Nineteenth International Workshop on Database and Expert Systems Application (DEXA 2008), 1-5 September 2008, Turin, Italy
Security and Dependability (S&D) Patterns support the structuring and reusing of design solutions to specific known problems. They capture S&D features and support reusing strategies across ‘similar’ design problems. Despite the fact that they simplify the analysis and implementation of specific design problems concerning with S&D features, the empirical results about S&D patterns and their usages are still patchy. Moreover, there is yet little experience in reporting how S&D patterns transfer across different industry domains. This paper is concerned with the adoption of S&D patterns. It reports our experience in adopting and eliciting S&D patterns in the Air Traffic Management (ATM) domain. Empirical results show how patters provide useful guidance in order to structure the analysis of operational aspects. This paper highlights how S&D patterns, used at the design stage, provide structuring guidance at the operational stage. Hence, they are also useful as structured reaction mechanisms to threats or hazards. In conclusions, this paper provides useful insights about adopting and deploying S&D patters into and across industry domains.
-
F. Bellomi, R. Bonato, V. Nanni, A. Tedeschi
Satisficing Game Theory for Conflict Resolution and Traffic Optimization, ATC Quarterly, vol. 16, num. 3, pag. 221-233, (2008).
In the current, centralized approach to Air Traffic Control (ATC) air traffic controllers are responsible for the safe and efficient flow of aircraft. This situation would change with the introduction of Airborne Self-Separation as a distributed and scalable approach to ATC. The major technological challenge that must be tackled to make Airborne Self-Separation a viable alternative to the traditional controller-based approach is to devise a safe and reliable technology to solve conflicts and improve global performances in an uncontrolled environment. In this paper we introduce an algorithm that applies Satisficing Game Theory (SGT) to solve conflicts in the framework of an overall optimisation of the traffic flow. This decentralized and cooperative algorithm is inspired by the work presented in [1]. The SGT provides a strategy that permits decision-makers to reach a compromise in the interest of achieving both individual and group goals, implementing altruistic behaviour. The paper presents the first results we collected by running a software tool which simulates the behavior of the SGT algorithm in a 3D environment, using air traffic samples provided by the Italian air traffic service provider (ENAV). These results are the starting point of a further enquiry to explore the actual impact of the introduction of such a technology in a realistic ATC environment.