Dependability evaluation of an air traffic control computing system

As air traffic over France is growing rapidly, the existing Air Traffic Control (ATC) system has to evolve to satisfy the increasing demand. The selection of the new automated computing system (denoted CAUTRA) is based, among other things, on dependability evaluation. This paper is devoted to the dependability evaluation of a subset of the CAUTRA, the Regional Control Center (RCC). Starting from the analysis of the impact of CAUTRA failures on air traffic safety, five levels of service degradation are defined for the global system grading the effects of these failures on the service delivered to the controllers to ensure traffic safety. The RCC failure modes leading to these degradation levels are then defined and evaluated using stochastic Petri nets. The modeling approach consists in modeling the system as a set of modules interconnected via coupling mechanisms. The system model is constructed in several steps according to an incremental approach. Each step integrates the failure and recovery assumptions of an additional component and updates the model of the previous step by accounting for the impact of the new component on the behavior of those already included in the model. The application of this approach to the CAUTRA allowed us to analyze several configurations of the CAUTRA architecture and to identify improvement areas to minimize the impact of CAUTRA failures on air traffic safety