Resumen-Airports are equipped with manned towers to provide Air Traffic Control services (ATC), including technical and organizational provisions and resources to control aircraft during their arrival, departure, and ground movements at the airport. Lately, Air Navigation Service Providers (ANSPs) have started to rethink the status quo and to explore new technology driven concepts, such as Remotely operated Towers (RT), which concentrate ATC services for multiple airports at a single central location. Safety and security requirements intrinsic to RT deployments present ideal environments for an adaptive Multiple Independent Levels of Security/Safety (MILS) architecture due to the need to - securely and timely - share information between separate domains across networks. This paper introduces a MILS based architecture to implement a Remote Tower reference system. Basically, this requires an air picture (Radar) and optical sensors (cameras), providing a high-quality real-time image of the runway, the airport ramp and the very nearby airspace (data domain). Beside the live video feed from the airport, air traffic management information (data domain) and voice communication systems (voice domain) are necessary to operate a tower remotely. To be resilient, an RT system must be adaptable such that it can be dynamically reconfigured at runtime without compromising the robustness and integrity of the system. This paper focuses on an adaptive MILS architecture that extends MILS with adaptation mechanisms and a framework within which those mechanisms may be safely and securely employed for reconfiguration within the constraints of a configuration policy. We explain how an integrated RT controller working position implements a MILS console to interact with different isolated domains for operation purposes and, in addition, shares specific platform interfaces for system adaption and monitoring. Finally, the paper introduces the complete work flow starting with the initial SLIMIAADL model, system configuration, operation and adaptation. Suggestions to evaluate overall performance and a discussion of the technical challenges arising from the use of an adaptive MILS approach in a safety-critical environment concludes the contribution.
[1]
Alessandro Cimatti,et al.
Model-Based Run-Time Synthesis of Architectural Configurations for Adaptive MILS Systems
,
2019,
SAFECOMP.
[2]
Henning Schulzrinne,et al.
RTP: A Transport Protocol for Real-Time Applications
,
1996,
RFC.
[3]
Mark Handley,et al.
SIP: Session Initiation Protocol
,
1999,
RFC.
[4]
Hagen Spies,et al.
Motion
,
2000,
Computer Vision and Applications.
[5]
Wolfgang Kampichler,et al.
Implementing System Wide Information Management (swim) for ATM systems using a distributed MILS architecture
,
2013,
2013 IEEE/AIAA 32nd Digital Avionics Systems Conference (DASC).
[6]
Peter H. Feiler,et al.
Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis & Design Language
,
2012
.
[7]
Jerry den Hartog,et al.
From System Specification to Anomaly Detection (and back)
,
2017,
CPS-SPC@CCS.
[8]
Joseph Sifakis,et al.
Four Exercises in Programming Dynamic Reconfigurable Systems: Methodology and Solution in DR-BIP
,
2018,
ISoLA.