This short travel grant supported the configuration and integration of safety-critical code developed by many different organisations. We focused on space-based software. Configuration management is particularly important in this context because of the increasing need to integrate commercial space operations into the missions developed by NASA and the European Space Agency (ESA).

The travel funds supported trips to the NASA Johnson Space Centre and to US Air Force Space Command. It also funded shorter trips to analyse the integration of Satellite Based Augmentation Systems into the next generation of European railway signalling systems.

Our work helped to reduce the risks that software failures pose for manned and unmanned systems. We worked with NASA's engineers and their contractors to consider the challenges posed by the rise of commercial space flight and the end of Shuttle missions. Our techniques supported configuration management for software across multiple platforms. This is of critical importance - for instance, on 2nd March 2011 the International Space Station (ISS) networks simultaneously hosted Europe's ATV, HTV, Russia's Soyuz and Progress and the US Shuttle Discovery. We worked with the Chief of NASA's Space Station Division to consider the challenges that this creates, especially for future missions when these platforms will be joined by commercial vehicles such as those being developed by SpaceX. The consequences of software failures were reinforced by a joint study with NASA engineers into the problems that led to the simultaneous failure of all six Russian ISS central and terminal computers during mission STS-117.

The reliability of space-based software is critical for the safety of astronauts and cosmonauts onboard the International Space Station. However, satellite systems also provide location and timing data to a host of national critical infrastructures, including the electricity distribution grid, as well as mass market navigation systems. The importance of these systems is likely to increase with the certification of the EGNOS Safety of Life service. The European Commission and European Space Agency have developed this infrastructure to extend the use of GPS to safety-critical systems. Using EGNOS, it is possible to derive estimates of the accuracy of a signal, to estimate the delay before any errors are detected and also to provide guarantees about coverage. In practical terms, EGNOS supports the use of satellite signals to guide aircraft during precision approaches to runways in areas that would not otherwise be able to afford the necessary ground based systems. It can also increase the capacity of railway systems by reducing the space between trains, based on knowledge of the exact location and speed of each locomotive on the network. In this project, we worked with the teams that designed the EGNOS software infrastructures. We developed a range of techniques that enable engineers to communicate the safety arguments that support these systems. In particular, these approaches are intended to help other software developers who are more interested in using the satellite-based signals than they are in understanding the detailed infrastructures. The same techniques can also be used when engineers are not permitted to access the underlying engineering details for commercial or security reasons.

Towards the end of this project, we responded to recent concerns about the vulnerability of satellite based systems. A Royal Academy of Engineering report (Thomas, 2011) identified numerous threats to national systems that rely on satellite navigation and timing data. With support from NASA, ESA, the US Air Force and by companies in the UK and Europe we were able to identify the potential impact that security threats might have on the safety arguments that support the latest generation of space-based, critical infrastructures.

@techreport{Johnson:space1, TITLE = "Mapping the Impact of Security Threats on Safety-Critical Global Navigation Satellite Systems", AUTHOR = "C.W. Johnson and A. Atencia Yepez", BOOKTITLE = "Proceedings of the 29th International Systems Safety Society, Las Vegas, USA 2011", PUBLISHER = "International Systems Safety Society", ADDRESS = "Unionville, VA, USA", NOTE = "Draft Submitted", YEAR = "2011"}

@techreport{Johnson:space2, TITLE = "Myths and Barriers to the Introduction of Safety Cases in Space-Based Systems ", AUTHOR = "C.W. Johnson and D.A. Robins", BOOKTITLE = "Proceedings of the 29th International Systems Safety Society, Las Vegas, USA 2011", PUBLISHER = "International Systems Safety Society", ADDRESS = "Unionville, VA, USA", NOTE = "Draft Submitted", YEAR = "2011"}

@techreport{Johnson:space3, TITLE = "Using Assurance Cases and Boolean Logic Driven Markov Processes to Formalise Cyber Security Concerns for Safety-Critical Interaction with Global Navigation Satellite Systems", AUTHOR = "C.W. Johnson", BOOKTITLE = "Proceedings of the 4th Formal Methods for Interactive Systems Workshop 2011", EDITOR = "J. Bowen and S. Reeves", ADDRESS = "Limerick, ireland", NOTE = "Draft of a paper to accompany a keynote talk", YEAR = "2011"}

@inproceedings{Johnson:space4, TITLE = "The Application of Resilience Engineering to Human Space Flight", AUTHOR = "C.W. Johnson and A. Herd and M. Wolff", BOOKTITLE = "Proceedings of the Fourth International Association for the Advancement of Space Safety, Huntsville Alabama", PUBLISHER = "NASA/ESA, Available from ESA Communications, ESTEC", ADDRESS = "Noordwijk, The Netherlands", EDITOR = "H. Lacoste-Francis", NOTE = "ISBN 978-92-9221-244-5", NUMBER = "SP-680", YEAR = "2010"}

@inproceedings{Johnson:space5, TITLE = ""Software Configuration Management for Safety Related Applications in Space Systems: Extending the Application of the USAF 8-Step Method", AUTHOR = "C.W. Johnson", BOOKTITLE = "Proceedings of the Fourth International Association for the Advancement of Space Safety, Huntsville Alabama", PUBLISHER = "NASA/ESA, Available from ESA Communications, ESTEC", ADDRESS = "Noordwijk, The Netherlands", EDITOR = "H. Lacoste-Francis", NOTE = "ISBN 978-92-9221-244-5", NUMBER = "SP-680", YEAR = "2010"}

@inproceedings{Johnson:space6, TITLE = "Safety Cases for Global Navigation Satellite Systems' Safety of Life (SoL) Applications", AUTHOR = "C.W. Johnson and A. Atencia Yepez", BOOKTITLE = "Proceedings of the Fourth International Association for the Advancement of Space Safety, Huntsville Alabama", PUBLISHER = "NASA/ESA, Available from ESA Communications, ESTEC", ADDRESS = "Noordwijk, The Netherlands", EDITOR = "H. Lacoste-Francis", NOTE = "ISBN 978-92-9221-244-5", NUMBER = "SP-680", YEAR = "2010"}

@inproceedings{Johnson:space7, TITLE = "Epistemic Questions and Answers for Software System Safety", AUTHOR = "C.M. Holloway and C.W. Johnson", BOOKTITLE = "Proceedings of the 28th International Systems Safety Society, Minneapolis, USA 2010", PUBLISHER = "International Systems Safety Society", ADDRESS = "Unionville, VA, USA", NOTE = "ISBN 0-9721385-9-5", YEAR = "2010"}

@inproceedings{Johnson:space8, TITLE = "Safety Arguments for Next Generation Location Aware Computing", AUTHOR = "C.W. Johnson and C.M. Holloway", BOOKTITLE = "Proceedings of the IET Systems Safety Conference, Manchester, UK, 2010", PUBLISHER = "IET", ADDRESS = "Savoy Place, London" NOTE = "ISBN 978-1-84919303-0", YEAR = "2010"}

@inproceedings{Johnson:space9, TITLE = "Configuration Management as a Common Factor in Space Related Mishaps", AUTHOR = "C.W. Johnson and L.L. Fletcher and C.M. Holloway and C. Shea", EDITOR = "J.M. Livingston and R. Barnes and D. Swallom and W. Pottraz", BOOKTITLE = "Proceedings of the 27th International Conference on Systems Safety, Huntsville, Alabama, USA 2009", PUBLISHER = "International Systems Safety Society", ADDRESS = "Unionville, VA, USA", PAGES = "3047-3057", YEAR = "2009"}

@inproceedings{Johnson:space10, TITLE = " Configuration Management: A Critical Analysis of Applications Using the 8-Step Problem Solving Method", AUTHOR = "L.L. Fletcher and J.M. Kaiser and C.W. Johnson and C. Shea", EDITOR = "J.M. Livingston and R. Barnes and D. Swallom and W. Pottraz", BOOKTITLE = "Proceedings of the 27th International Conference on Systems Safety, Huntsville, Alabama, USA 2009", PUBLISHER = "International Systems Safety Society", PAGES = "2807-2817", ADDRESS = "Unionville, VA, USA", YEAR = "2009"}

@article{Johnson:space11, TITLE = " Configuration Management", AUTHOR = "L.L. Fletcher and J.M. Kaiser and C.W. Johnson and C. Shea and B.W. Cole", JOURNAL = "US Air Force Wingman Publication", YEAR = "2009"}