Air traffic control system

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

1.1. Overview

Since last couple of decades, automation of systems has become very popular impacting much on the economy of the world and in the daily experience. The automation is the use of computers to control the industrial machinery and processes in order to achieve the efficiency and reliability. The automatic control of equipment, process and operation is also called an automation of systems. The human intervention is reduced in automation of systems. In the industries, the automation has notable impact because the use of the human is more cost effective rather than automatic approach and it reduces the burden over a system. That is the reason that most of the manual systems are replaced with the automated ones, for example, the telephone operators are replaced with the answering machines and automated switch cards. Another interesting example is of an automated teller machine, which has reduced the overhead of the customers to visit bank to take cash and transaction.

The human society now has greater than ever dependencies on automated or software controlled systems and this dependency is growing day by day [1-n]. These automated systems are found almost in every walk of the human lives like nuclear power plants, railway systems, weapon manufacturing, defense, aviation, chemical synthesis, aerospace, medicine, industrial robotics, automobiles and home appliance. In [2-n] various dimensions of dependencies of the society on automated systems or computer systems are identified, for example, software based systems are substitute with older technologies in safety critical or mission critical systems, aircraft engine control, railway interlocking and nuclear power plants are examples of such system.

Some of the systems are safety critical where failure may cause the loss of human life, serious injuries and financial disasters as expressed in [3-n]. The commercial aircraft, medical care, weapons and nuclear power plants are the examples of critical systems. The software developed for the safety critical systems are called the safety critical software.

These softwares:

* implement the critical decision-making process

* control or monitor safety critical functions

* intervene when an unsafe condition is present or imminent

* execute on the same target system as safety critical software

* impact systems that run safety critical

* handle safety critical data including display of safety critical information and

* verify and validate safety critical software.

A number of failures in the safety critical systems have been reported in [n-4] [n-5] [n-6] [n-7]. Therac-25 system failed due to the error in software, this system was a radiation therapy machine controlled by computer, which overdose the six peoples. In 1996 another disaster happened when the European Ariane 5 launcher crashed after 40 sec of its take off. The inquiry board consisting of European space agency and CNES (French National Centre for Space Studies) documented that this explosion was the consequence of software error. An exception occurred due to useless computation which was not handled and caught that's why software failed. The F-16 is fighter jet that has faced number of accidents. According to the inquiry report the reason of these accidents are the combination of both onboard computer controller and human error. Many more example of safety critical system failures have been documented which caused the loss of precious human life and equipment.

The air traffic control system is life critical system where even the miner mistake can cause intolerable loss. Air traffic control system (ATC) is a name of service that gives guideline to aircraft, prevent collision, and manage secure and orderly traffic flow. It is a vast network consisting of equipment and people, which ensure the safe operation of aircraft [n-8]. The major reason of the software failure is an inconsistent and ambiguous specification. A significant problem of developing software for safety critical systems is how to guarantee that the functional behavior of a developed software system will satisfy the corresponding functional requirements and will not violate the safety requirements of overall system [n-n]. In order to solve this problem, it is important to analyze thoroughly the safety properties of the overall system, to achieve accurate software functional requirements and to verify properly the implementation of the software.

But it is difficult to analyze all of the above mentioned properties of the software system by the traditional software development methods. Because these development methods are based on the natural languages which are inherently ambiguous and hence it is not possible to write the unambiguous specification from the ambiguous language [1-n].

In [n-10] it is described that, formal methods are widely recognized as a mean to write precise, consistent and unambiguous specification and are helpful to analyze thoroughly the properties of the overall system due to which we can achieve accurate software functional requirements. Formal methods research began in the 1960s, which focused on establishing mathematical and rigorous approaches to program construction and analysis [n-11] [n-12] [n-13] [n-14]. Formal methods are mathematically-based techniques, often supported by reasoning tools that can offer a rigorous and effective way to model, design and analyze computer systems [n-15]. Typical techniques used in formal methods are invariants, proof obligations, and a calculus for refining specifications or proving properties about specifications and implementations, and the relationship between a specification and its implementation [n-16]. Due to the above distinguish properties of the formal methods we have used the formal methods "VDM++" for specification of air traffic control system. VDM++ is a formal specification language, derived from VDM, it is extends by providing object-orientation, parallel and real time features [n-17]. Many models have been developed for air traffic control system using different techniques. In this work, we model the system for the ground level aircraft departure and arrival procedures with the help of gate, ramp, ground and local controller, which are the parts of air traffic controllers. An air traffic controller collaborates with other controllers to hand off an aircraft, after successfully hand off the aircraft communicates with other controllers.

1.2. Purpose of Research

The major concern of air traffic control system is to ensure the safe operation of private and commercial aircrafts [n-18]. ATC is heavily dependent upon the capabilities of human operator; some accidents in ATC were documented by "human error" with the causal factor involving the perception, memory, decision making, communication and term resource management [n-19]. Therefore formal analysis is very essential for proving safety properties of ATC system. Formal methods are used to remove the ambiguities in specification of system and have been applied to specify and verify the complex systems. The above mentioned reason motivated us to use formal methods to design ATC system. The work of S. Ahmad and V. Saxena [n-8] used the Sami formal notation UML which cannot be verified systematically to ensure a specification's accuracy [n-20]. VDM++ has the following advantages to design air traffic control system.

* This specification technique is more comprehensive form than other methods.

* It gives a precise definition of what is going to build.

* In our research, VDM++ helped to clarify the key ideas of ATC system.

* It provided a precise way of defining the data and underlying functions of the ATC system.

* It also provided us a way to specify the interface between components of the entire system under development in a precise manner.

1.3. Related work

The researchers always try to develop feasible critical systems. Air traffic control is a critical system and researchers have proposed a lot of research work on air traffic control system. The Federal aviation administration has spent billions of dollars for air traffic control system since 1981[n-21]. The target is to develop the additional feature of air traffic control system up to 2015 and this will take more cost. To detect the ambiguity and design flaw at the early stage the formal specification is very useful. Formal specification of Flight Guidance System, which is most modern system in the aircraft, is also written in Z language [n-22]. VDM++ has been used for developing the voice communication system for air traffic control system [n-23]. To minimize the delay of arrival aircraft automated air traffic management system was also developed [n-24]. This automation system is a scheduler for air traffic control, which is a combined effort of both NASA and the federal aviation administration. The air traffic control command monitoring system was developed by the china natural science foundation, which include radar information system, it also inform about weather condition, voice communication system and flight plan system [n-25]. The work of D. Leadbeter et al. [n-26] is presented in simplified abstract model of ATC as a brief sub component using Z notation. The focus of this work is to reduce the error, which are caused by human operator in ATC system. D. Bjorner has also work on domain analysis and software architecture of ATC system using formal methods in terms of RAISE [n-27]. J. C. Bicarregui et al. [n-28] uses VDM for the detection of errors in requirement specification of the ATC system. M. Jamal et al. [n-29] has resolved the connectivity issue of different zone by using graph theory on ATC system. The major objective of their work is a safe separation between aircrafts with the concept of protected zone using Z notation. S. Ahmad et al. [n-8] have also done the same type of work on the ATC system using UML. UML has Semi-formal notation as stated in [n-20], is more accessible but it cannot be verified systematically to ensure a specification's accuracy.

Central control function (CCF) display information system was developed from 1989 to 1992 for London air traffic control centre. This system includes arriving and departing flights information, weather conditions and equipment status at the airports, and it responses within one to two second. It was developed by Praxis, and today it is still in operation [n-30]. Parix system is software engineering Company located in bath, England, which has developed considerable strength in the field of formal methods for the development of the system. It has done significant project by using formal methods including communicating sequential process (CSP), Vienna development methods (VDM), Z and temporal logic [n-31]. Another system developed by Parix is structured system analysis and design method toolset (SSADM) which was developed for the support of computer assisted system engineering toolset. The project SSADM has two parts the first one was a framework or infrastructure and second one was automated tool set for this framework, so it was very complex system. This complex system was developed using Z notation. The requirements (in English) were formalized by producing the requirement in Z. This project was delivered on scheduled time and was within the budget allocated for it.

Many other critical and complex systems were also developed by using formal techniques, like the customer information control system (CICS). It is an online transaction process system. This system was developed by IBM Horsley laboratories with the help of oxford university research group called program research group (PRG) by working on Z methods [n-32]. SACEM is a railway signaling system it is a safety critical system, which was developed for the purpose of the automatic train protection (ATP). This signaling system is used for reducing the load of Paris subway railway line. Due to this system train interlock reduced 2 minutes and another construction of line is saved [n-33]. The Hoare's method used for this system that is procedure of manual writing of pre-and post assertion, it is very efficient in discovering bugs. B method is used to validate the Hoare's methods. TEKRONIX is a manufacturer of electronic instrument which is design for reusable software framework [n-34] for oscilloscopes. It was a joint effort of Tektronix research lab and its business group. Formal methods in terms of Z notation were used for the development of this framework [n-35].

Formal methods have also contribution in designing and development of security critical systems. The Multi gate way is a security critical system which is an internet device, which provides data gram services based on protocol, providing service for secure delivery of data gram between source and destination [n-36]. Formal methods were used for the development of this system, the Gypsy verification environment was used to prove the security properties of the Multi Gate way system. Token based access control system (TBACS) is a cartographic authentication smart card access control used for the replacement of traditional password-based system. This is another example of security critical system. Formal development methodology is used for the verification and validation of this security system [n-37]. The objective of the product was to explore ways of providing improved authentication techniques for network access control. The objective was to push smartcard technology and to have cryptography occur on the smart token. More generally, there is an interest in exploring the applications of cryptography in computer security [n-31].

1.4. Air Traffic Control System

Air traffic control is a system in which services are continuously provided to aircraft by the ground base controllers [n-38] [n-39]. All the principles and technique of ATC system are defined by International Civil Aviation Organization (ICAO) which is an agency of United nation. This agency was established in 1944 and its head quarter is in Montreal, Canada. The air traffic control system has the following main objectives: separation of aircraft so that collision can be avoided, organizing and expediting the traffic flow, providing information and other support to pilots. ATC system can also be used for the security and defense role.

1.5. Problem Statement

The air traffic control system is highly complex, security and safety critical and complicated system. For such critical and complex systems, failure is not bearable. Security and safety issues are the main stream of this system. Safe and secure departure and arrival procedure of aircraft is requiring to model. Formal model of this system will caters all these properties and enhance the confidence of software. The ATC systems are highly complex pieces of machinery, they employ standard verification and modeling technique to coordinate, distribute and track the aircraft. The currently used systems need to employ procedures for improved safety and efficiency, which include flexibility, potential cost savings and reduction in staffing. This means that there is a lack of advanced technology and desire to support the controllers. Thus, there is need to build ATC system based on a method, which can handle increased air traffic capacity to provide a safety critical interactive system [n-8]. That is why formal methods in terms of VDM++ are applied for modeling of ground level departure and arrival procedure of aircrafts, which are critical component of this system.

1.6. Formal Methods

Formal methods are mathematical based techniques, which are used in computer system for the specification, design and verification of software and hardware systems. In broad sense, we can say that mathematically based techniques that are used to describe the systems properties are called formal methods [n-40].

According to the A. Hall [n-41] the main activities in formal methods are, writing formal specifications, proving properties about formal specification, construction of program by mathematically and finally verifying it by logical argument. The formal methods give us precise and accurate specification of the system under the development process. The number of levels of formal methods are defined, which are given below.

Level 0: Formal Specification

Formal specification is written in mathematical descriptive format, with precisely defined vocabulary, syntax and semantics. It describes all about the system, what this system should do and how it will be done.

Level 1: Formal Development

Formal development is procedure where we convert formal specification into executable code. Here the formal specification is used as a guideline for concrete system development.

Level 2: Theorem Provers

Theorem prover gives us fully formal proof of the system for example the machine-checked proof like the Z\EVES gives us semantic and syntax proof.

1.7. Logical Structure

The proposed ATC system using VDM++ is shown in the Fig 1.1. In the logical structure, initially the state of the aircraft is in parking area before its departure. In initial state the gate controller controls the aircraft, further the control is transferred in sequence to ramp, ground and local controller. This scenario is for departure procedure. On the other hand for the arrival of aircraft, initially the local controller controls the aircraft. Then the control is transferred in sequence to ground, ramp and gate controller. The combination of "before aircraft departure" and "after aircraft arrival" is our formal model of ATC system. In the logical structure the air space is denoted by doted circle, however this is out of scope of our research.

The communication between aircraft and air traffic controller in air traffic control system is good research area because controller is used for safety in conflict resolution so this is our goal to achieve in this thesis. However, in this thesis we are concerned at software level whereas hardware used and the communication processes are out of the scope.

1.8. Results

This formalized structure will provide the primary and fundamental basis for safety critical systems. Further, it will also provide necessary and excellent basis for fault tolerance and reliable structure of the system. It also provides the facility to design a good and unambiguous architecture of critical systems. The method will ensure the consistency, reliability, security and safety of the model. All the above properties will reduce the failure ratio of air traffic control system.

1.9. Thesis Organization

The thesis consist of 6 chapters, the brief description of each chapter is as follows:

Chapter 2 introduces the formal methods, tools and techniques and its applications and brief description of VDM++ specification language is also given. A case study is used to demonstrate the features of VDM++ specification language.

Chapter 3 introduces the air traffic control system, and its components different air traffic controllers like gate, ramp, ground and local controllers.

Chapter 4 describes the formal modeling of air traffic control system using VDM ++ specification technique.

Chapter 5 contains a brief review of model checking. It starts with the essential theory of model checking and describes the structure of the VDM++ tool. It continues with proving and model checking techniques.

Chapter 6 concludes the usefulness and benefits of this formalized model of air traffic control system.


[1-n] A. Nadeem "Automated Testing of Object Oriented Systems using VDM++ and UML Communication Diagrams

[2n] B. Littlewood, L. Strigini, "Software Reliability and Dependability: a Roadmap," Proceedings of the Conference on the Future of Software Engineering, ACM Press, 2000.

[3-n] J.C. Knight, "Safety Critical Systems: Challenges and Directions," International Conference on Software Engineering ICSE, ISBN: 1-58113-472-X, pp: 547- 550, 2002.

[n-4] an investigation of the therac-25 accidents IEEE computer Vol, 26. No7 pp 18-41, july 1993

[n-5] lyons.j.l ARINAE 5 Flight 501 failure report by the inquiry board ,Paris Frrance 19 july 1996.

[n-6] Peter G.N " Risks to the public computers and related system , Software engineering Note ,Regular column.

[n-7] Peter G. N, Risks Digest ,forum on risks to the public in computers and related systems ,ACM committee on computers and public policy,2002.

[n-8] S. Ahmad and V. Saxena, "Design of Formal Air Traffic Control System Through UML," Ubiquitous Computing and Communication Journal, Vol. 3, 2008.

[n-9] The Practice of Formal Methods in Safety Critical Systems

[n-10] James D. Kiper, James E. Tomayko, "Techniques for Safety Critical Software Development," IEEE, 1998.

[n-11] James Raymond Blow phd thesis Use of Formal Methods in the Development of Safety Critical Control Software.2002

[n-12] E.W. Dijkstra. A Constructive Approach to the Problem of Program Correctness. BIT, 8:174{186, 1968.

[n-13] R. Floyd. Assigning Meaning to Programs. Proceedings of the Symposium in Applied Mathematics, 19:19{32, 1967.

[n-14] C.A.R. Hoare. An Axiomatic Basis for Computer Programming. Communications of the ACM, 12(10):576{583, October 1969.

[n-15]. An International Survey of Industrial Applications of Formal Methods Volume 2 Case Studies.

[n-16] Ralf Kneuper. Limits of Formal Methods, Formal Aspects of Computing (1997) 3: 1 000 c 1997 BCS

[n-17]. Engine durr, using VDM++ in the development of a large industrial application

[n-18] A. H. Kacem and N.H. Kacem, " From Formal Specification to Model Checking of MAS using CSP and SPIN," internation journal of computing and information sciences vol.5, no.1. 2007.

[n-19] T.T.Bich Hanh and D.V.Hung. " Verification of an Air Traffic Control System with Probabilistic Real Time Model-Checking," UNU-IIST report 2007.

[n-20] R.Razali, C. F. Snook et al, "Experimental Comparison of the Comprehensibility of a UML-based Formal Specification Versus a Textual One,"11th International Conference on Evaluation and Assessment in Software Engineering, pp: 1-11, UK, 2007. [n-21]

[n-22] F. Fung and D. Jamsek, "Formal Specification of a Flight Guidance System," NASA/CR-1998-206915, 1998.

[n-23 ] J.Horl, B.Aichernig, "Formal Specification of Voice Communication System Used in Air traffic Contol System,"Proceedings of the Wold Congress on Formal Methods in the Development of Computing Systems, ISBN: 3-540-66588-9, Vol. 2, 1999.

[n-24] H. Erzberger, "Design Principles and Algorithms for Automated Air Traffic Management," Mission System of Panel of AGARD and the Consultant and Exchange Program of AGARD, NASA Ames Research Center, USA, 1995.

[n-25] P. Cheng, D. Cui, and C.Wu, "Information-Integration Based Air Traffic Control Command Monitoring System," Journal of Management Science, Vol. 4, pp: 34-40, 2001

[n-26] D. leadbeter, P. Lindsay at al, "Integrating the Operator into Formal Models in the Air Traffic Control Domain," Technical report 00-34, November, 2000.

[n-27] D. bjorner, "Software Engineering from Domain Analysis via Requirements Capture to Software Architecture," Second Asia-Pacific Software Engineering Conference (APSEC'95), ISBN: 0-8186-7171-8, December, 1995.

[n-28] J. C Bicarregui and Fitzgerald at al, proof in VDM A practitioner's guide .Springer New York USA 1994.

[n-29] M. Jamal and N.A. Zafar, "Modeling and Formal Specification of Air Traffic Control System Using Z Notation," Journal of Independent Studies and Research, ISSN: 1727-8309, Vol. 5, 2007.

[n-30] A. Rezazadeh, N. Evans and M. Butler, "Redevelopment of an Industrial Case Study Using Event-B and Rodin," BCS-FACS Christmas Meeting, Formal Methods in Industry, London, 2007.

[n-31]. International survey on industrial application of formal methods

[n-32] f ormal method state of art and future directions

[n-33]G. Guiho, C. Hennebert, "SACEM Software Validation". International Conference on Software Engineering, 1990.

[n-34] Delisle, Norman and David Garlan, "A Formal Specification of an Oscilloscope", IEEE Software, September, 1990, pp. 29-36.

[n-35] Garlan, D. and Delisle, N., "Formal Specifications as Reusable Frameworks", VDM90: VDM and Z!, Springer-Verlag, New York, 1990, pp. 150-163.

[n-36] ''Multinet Gateway --- Towards A1 Certification,'' George Dinolt, Peter Baker, Richard Neely and James Freeman, IEEE Symposium on Security and Privacy,1984

[n-37] "Formal Specification and Verification of Control Software for Cryptographic Equipment", D. Richard Kuhn and James F. Dray, 6th Computer Security Applications Conference, Phoenix AZ, December 6-8, 1990.

[n-38] Federal aviation administration publication, Aeronatiutical information manual , official guide to basic Flight information and ATC procedure, February 16,2006.

[n-39] VATSIM Europe Division- Training department, Air traffic control manual.

[n-40] J. Wing, "A Specifier's Introduction to Formal Methods," IEEE Computer Society Press, ISSN: 0018-9162, Sep, 1990.

[n-41] A. Hall, "Seven Myths of Formal Methods, " IEEE Computer Society Press, ISSN: 0740-7459, September, 1990.