This chapter introduces the reader to the benefits of distributed computing in air transportation. It presents a solution to airborne self-separation based on RAPTOR, a stack of distributed protocols that allows aircraft to reach different types of agreement in the presence of faults, both of accidental and malicious nature. These protocols are used as primitives to implement specific services for airborne self-separation, which are created within the context of a conflict resolution algorithm based on game theory.
TopIntroduction
Air Traffic Management (ATM) is concerned with the management of air traffic flow in a safe and efficient manner. In its current form, ATM is based on rigid off-line flight planning and ground-based air traffic controllers (ATCOs). The airspace is divided into sectors, and each sector is assigned an ATCO team, which becomes its central authority. The ACTOs are responsible for maintaining horizontal and vertical separation among aircraft, while ensuring an orderly and expeditious air traffic flow.
This task is performed by issuing directions to aircraft and by providing flight context information to pilots, such as routes to waypoints and weather conditions.
The current controller-based approach to ATM relies heavily on controllers' skills, with little or no autonomy for pilots and companies. Moreover, it does not scale up to cope with the increasing volume of future air traffic, which is expected to grow at a rate of 5 to 6 percent per year (Eurocontrol, 1999). Several alternative solutions and complementary approaches to overcome the limits of current ATM are actively under investigation. Recent advances in technologies are making possible a new concept of ATM, namely airborne self-separation (FAA/Eurocontrol, 2001). It represents a concept in which the responsibility for aircraft separation is shifted from the ground to the air and where pilots are allowed to select their flight paths without any external intervention by air traffic controllers (Nordwall, 1995; Perry, 1997). In a future self-separation environment, pilots will have more responsibility for the safe and efficient conduction of the flight and they should be supported by an automated decision-support system that processes all available information, thus assisting the pilot in optimizing the aircraft trajectory while maintaining separation among aircraft.
In general terms, the economic advantages of airborne self-separation will manifest in two ways. First, it should lead to reduced costs. Self-optimization by the airlines could be more effective than any global optimization that can be performed by a human controller (RTCA Task Force 3, 1995). This is because different airlines might give higher priority to different parameters. One airline might prefer to optimize fuel consumption, while other might prefer to optimize flight delays. These preferences depend on company strategy or other factors only known to the airline and crew. Second, the global expansion in capacity of air traffic volume, due to the departure from the centralized and human-centric approach, will allow airlines to meet an increasing demand for air transportation.
This new approach, however, will not emerge without its share of technical issues. As a major paradigm shift, the deployment of airborne self-separation will also unveil a whole new domain of threats to the safety of air transportation. The consequent automation brought in by self-separation unveils a class of attacks that target these navigational systems in increasingly inconspicuous ways. Aircraft will need to rely on information provided by other aircraft in their vicinity to ensure proper coordination. Thus, it becomes imperative that this information is exchanged in a reliable and secure manner. Unfortunately, wireless communication is inherently unreliable, and the presence of a single malicious aircraft with the ability to transmit incoherent information or jam communication brings unpredictable and potentially catastrophic consequences for the safety of aircraft. Techniques must be adopted that allow aircraft to coordinate their maneuvering even if communication among them is subject failures, regardless of their nature - accidental or malicious.
This chapter presents an approach to airborne self-separation, taken from the discipline of distributed computing, that systematically addresses the problem of fault-tolerant decentralized coordination. In a distributed system, at the core of any kind of coordinated activity lies the need for some sort of agreement among the processes that compose the system (Guerraoui & Schiper, 1997; Turek & Shasha, 1992). Reaching agreement in the presence of faults is a fundamental and non-trivial problem in the distributed systems literature - a topic subject of countless papers. See (Cristian, 1991; Correia, Verissimo, & Neves, 2006; Fischer, 1983) for surveys. Within the context of this work, the distributed system represents the airborne self-separation environment, and the processes correspond to the aircraft.