Integrating air transport elicits the need to harmonise software certification while maintaining safety and achieving security

Abstract

Both Europe and the US have set ambitious new goals to improve air transport by simultaneously increasing capacity, reducing cost while improving an already impressive safety record. This requires integration of the systems of the various actors involved. The virtual enterprise concept, supported by a network-centric architecture, offers one possible solution. A prototype demonstrates the technical feasibility of this approach. Work on a certifiable safety-critical Java subset, the language used to implement the prototype, demonstrates the technical feasibility for each required safety level. Unfortunately, current software certification standards differ for the various systems involved, imposing different and sometimes even non-compatible requirements. Based on the certification requirements of the prototyped services the applicable software certification standards are assessed. Network-centric solutions are based on the extensive use of Commercial-Off-The-Shelf (COTS) products and services. COTS is predicated on multiple users for a product or service, so the relevance of software certification schemes from other safety-conscious domains for air transport is reviewed to arrive at recommendations to improve the software certification process. Without special provisions network-centric systems could lead to a new type of security vulnerability. Two remedial approaches, security certification and COTS security solutions are discussed below.