Abstract

Advanced separation assurance concepts involving higher degrees of automation must meet the challenge of maintaining safety in the presence of inevitable subsystem faults, including the complete failure of the supporting automation infrastructure. This paper examines the types of design features and safeguards that might be used to preserve safety in a highly automated environment. The Advanced Airspace Concept (AAC) being developed by NASA is used as the basis for a fault-tree analysis. Multiple layers of protection, with carefully specified fault management strategies, appear to be important to achieving the desired level of safety.