Applying formal methods to standard development: the open distributed processing experience

Since their introduction, formal methods have been applied in various ways to different standards. This paper gives an account of these applications, focusing on one application in particular: the development of a framework for creating standards for Open Distributed Processing (ODP). Following an introduction to ODP, the paper gives an insight into the current work on formalising the architecture of the Reference Model of ODP (RM-ODP), highlighting the advantages to be gained. The different approaches currently being taken are shown, together with their associated advantages and disadvantages. The paper concludes that there is no one all-purpose approach which can be used in preference to all others, but that a combination of approaches is desirable to best fulfil the potential of formal methods in developing an architectural semantics for OD

Safety versus Security in Aviation, Comparing DO-178C with Security Standards

Software development in safety-critical domains is dictated by software standards, such as "Software Considerations in Airborne Systems and Equipment Certification" (DO-178C). This standard is an acceptable means of compliance for achieving the required level of software safety in aviation. In addition to software safety, the security aspects of cyber-physical systems has become increasingly important in recent years, especially for unmanned aircraft systems with an increasing number of autonomous functions. The importance of this topic has grown with recent updates to security standards in 2018 and new regulations proposed by EASA in 2019. However, in literature, software safety and cybersecurity often get handled completely separate. Since most software engineers in aviation need to consider software safety and the corresponding DO-178C standard in some form, this work offers an introduction to the more recent software security standards. To do this, a brief overview of software standards as well as security standards is presented. The focus of the comparison between software safety and cybersecurity will be on "Airworthiness Security Process Specification" (DO-326A), as well as "Airworthiness Security Methods and Considerations" (DO-356A), since these standards, similar to DO-178C, also handle the initial airworthiness considerations. Additional standards, such as the standard "Information Security Guidance for Continuing Airworthiness" (DO-355) and others will also be introduced

Right of way in the sky: Two problems in aircraft self-separation and the auction-based solution

There has been a growing movement to give commercial airliners more freedom in choosing their routes and responsibility for detecting and avoiding conflicts. These "free flight" concepts must contain new rules for assigning right of way in potential conflict situations. To evaluate the effect of prospective rules, the current paper derives the expected response of agents who exhibit different levels of sophistication. Traditional game theoretic analysis is used to derive the behavior of rational agents. Computer simulations are used to predict the behavior of boundedly rational reinforcement learners. The results reveal that several seemingly reasonable, straightforward right-of-way rules might lead to undesirable outcomes. These problematic results are robust to the assumed level of rationality. It is shown that these problems can be alleviated by using auctions to resolve competition for right of way. Actual or potential applications of this research include the usage of second price auctions to address right-of-way and similar conflict