A Safety and Human-Centered Approach to Developing New Air Traffic Management Tools

This paper describes a safety-driven, human-centered process for designing and integrating new components into an airspace management system. The general design of a conflict detection function currently being evaluated by Eurocontrol is being used as the testbed for the methodology, although the details differ somewhat. The development and evaluation approach proposed is based on the principle that critical properties must be designed into a system from the start. As a result, our methodology integrates safety analysis, functional decomposition and allocation, and human factors from the very beginning of the system development process. It also emphasizes using both formal and informal modeling to accumulate the information needed to make tradeoff decisions and ensure that desired system qualities are satisfied early in the design process when changes are easier and less costly. The formal modeling language was designed with readability as a primary criterion and therefore the models can act as an unambiguous communication medium among the developers and implementers. The methodology is supported by a new specification structuring approach, called Intent Specifications, that supports traceability and documentation of design rationale as the development process proceeds.

[1]  M. Rodriguez,et al.  Identifying mode confusion potential in software design , 2000, 19th DASC. 19th Digital Avionics Systems Conference. Proceedings (Cat. No.00CH37126).

[2]  Barbara G. Kanki,et al.  The impact of cockpit automation on crew coordination and communication. Volume 1: Overview, LOFT evaluations, error severity, and questionnaire data , 1991 .

[3]  Jacques Leplat,et al.  Occupational accident research and systems approach , 1984 .

[4]  Nancy G. Leveson,et al.  Safety Analysis Using Petri Nets , 1987, IEEE Transactions on Software Engineering.

[5]  Nancy G. Leveson Intent Specifications: An Approach to Building Human-Centered Specifications , 2000, IEEE Trans. Software Eng..

[6]  Nancy G. Leveson,et al.  Analyzing Software Safety , 1983, IEEE Transactions on Software Engineering.

[7]  Nancy G. Leveson,et al.  Software Deviation Analysis , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[8]  Nancy G. Leveson,et al.  Designing automation to reduce operator errors , 1997, 1997 IEEE International Conference on Systems, Man, and Cybernetics. Computational Cybernetics and Simulation.

[9]  Charles E. Billings,et al.  Aviation Automation: The Search for A Human-centered Approach , 1996 .

[10]  Amy R. Pritchett,et al.  Integrated human centered systems approach to the development of advanced cockpit and air traffic management systems , 1997, 16th DASC. AIAA/IEEE Digital Avionics Systems Conference. Reflections to the Future. Proceedings.

[11]  Nancy G. Leveson,et al.  Completeness and Consistency in Hierarchical State-Based Requirements , 1996, IEEE Trans. Software Eng..

[12]  Nadine B. Sarter,et al.  How in the World Did We Ever Get into That Mode? Mode Error and Awareness in Supervisory Control , 1995, Hum. Factors.

[13]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[14]  D. Woods,et al.  Automation Surprises , 2001 .

[15]  William G. Johnson,et al.  Mort Safety Assurance Systems , 1980 .

[16]  Jens Rasmussen,et al.  The role of hierarchical knowledge representation in decisionmaking and system management , 1985, IEEE Transactions on Systems, Man, and Cybernetics.

[17]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[18]  Nancy G. Leveson Completeness in formal specification language design for process-control systems , 2000, FMSP '00.