Picture of ATC Tower and Aircraft

Safety- and Cyber-security related Research

As modern systems become increasingly complex and the roles of human operators and autonomous software continue to evolve, traditional safety-related analytical methods are becoming inadequate. Traditional hazard analysis tools are based on an accident causality model that does not capture many of the complex behaviors found in modern engineered systems. Additionally, these traditional approaches are most effective during the late stages of system development, when detailed design information is available. However, system safety and cyber security cannot cost-effectively be assured by discovering problems at these late stages and adding patches or expensive updates to the design. Rather, safety should be designed into the system from its very conception. The primary barrier to achieving this objective is the lack of effectiveness of the existing analytical tools during early concept development.

Cyber-security: Mission-Aware and Systems-Aware Cybersecurity

Mission Aware

Our interest in this area seeks to develop and investigate techniques that:

  • add layer(s) of security to protect the most critical physical system functions

  • monitor for illogical system behavior and, upon detection, reconfigure to compensate

  • build on cybersecurity, fault tolerant and automatic control technologies

  • seek economy through monitoring and reconfiguring a highly secure Sentinel—typically with many more security features than the system being protected can economically employ

  • address not only network-based attacks, but also insider and supply chain attacks

  • implement reusable design patterns to enable more economical solution development

  • use risk-based support tools involving perspectives of both defenders and attackers

Concept Development and Architecting of Complex Systems

Air Traffic Control

Our interest in this area seeks to develop and investigate techniques that:

  • capture dysfunctional behaviors that emerge when components — including human operators — and sub-systems interact. Recent work has helped identify functional interactions between modular software components Fleming2014aaJAIS;

  • identify candidate architectures that satisfy system goals and constraints, using principles of systems and control theory. Current work — funded by NASA — involves developing operational improvements that will be vital to tomorrow's air traffic management system;

  • compare and contrast different candidate architectures, presenting stakeholders and decision makers with important trade-offs early in the design cycle.

Interoperability of independently developed, highly coupled avionics applications

Picture of Flight Deck

Integrated Modular Avionics (IMA) systems present new opportunities and benefits for developing advanced aircraft avionics, as well as a series of challenges related to hazard analysis and certification. This research addresses some of those challenges and proposes a new procedure for improving hazard analysis of IMA systems. A significant objective of IMA architectures is the ability to develop individual software applications independently and then integrate those applications onto one platform. It has been very difficult for both designers and certifiers to understand and predict how the system will behave when the applications are integrated into one system.


This research uses systems-theoretic techniques to identify hazardous behavior that emerges when individual applications are integrated. The techniques account for hazardous behavior due to component interaction, including cases when the components have not failed or faulted.

Future work will apply these techniques to increasingly sophisticated IMA applications as well as to other domains (such as automotive and/or medical technology).