High Dependability Computing Program Modeling Dependability(20)

Individuals and organizations increasingly use sophisticated software systems from which they demand great reliance. “Reliance ” is contextually subjective and depends on the particular stakeholder’s needs; therefore, in different circumstances, the sta

Display aircraft planned route

Display aircraft synthesized route

Conflict Detection & Warning*

Conflict Avoidance Maneuvers* Display the aircraft planned route (flight plan). Color is blue. The air traffic controller can select flights to be displayed. Display the synthesized aircraft route. Color is pink.

The air traffic controller may select synthesized routes to be displayed Probe along the synthesized routes, searching for points at which two flights break legal separation. Provide timely and reliable warnings to controllers should any imminent loss of separation be detected. The conflict warnings are relayed to the controller in the form of visual and aural signals. danger for about three minutes, in response to high-risk conflict warnings.

The conflict warnings are relayed to the controller in the form of visual and

aural signals.

(Note) * Functionality not implemented by the TSAFE version in [Dennis03]

3.2 Data Gathering

For the case study, a small group of computer science researchers and students acted as stakeholders (specifically as air traffic controllers), after being given a short introduction to TSAFE and its purposes. The aim of this initial case study was in fact to evaluate the feasibility of the suggested approach, rather than identifying the correct dependability requirements for TSAFE. However, in order to better evaluate the UMD tool capabilities, and represent real-life situations during which the stakeholders might be unfamiliar with automatic tools, all the acting stakeholders have interacted with the UMD tool through an analyst.

Figure 9. The UMD Tool “Scope” table