Safety Assurance of Distributed System Architecture in Air Traffic Control Applications 2007-01-3854
The ATM systems are required to meet the integrity and performance objectives set by service providers' business and safety needs and its regulatory regime. The composability property of architecture is important for assuring safety and performance of ATM systems as it ensures that the integrity properties of the overall system on which its safety and performance depends, can be achieved by combining the integrity properties of its individual components.
This paper highlights an example framework for an ATM system architecture and identifies the integrity requirements for its components and middleware. The basic design and development principles for a robust and sustainable architecture are identified from different standards and best practices. How these principles should be applied to determine the integrity principles for ATM middleware is explained.
The integrity principles for an ATM system architecture include system design guidelines; hardware and software measures for fault detection, isolation and resilience; criteria for ensuring message integrity and confidentiality; and functional integrity of the horizontal and vertical services.
These criteria are being used by NATS UK in the assessment and assurance of ATM systems.