Mathematical Modelling in Air Traffic Management Security

This paper addresses the potential of mathematical modelling in support of the classical security risk assessment and treatment approach. Classical security risk assessment and control selection is strongly based on expert judgment. Within the context of large scale system implementation in air traffic management, there is only a limited availability of resources during the system engineering phase. From that perspective an alternative approach based on system engineering artefacts is highly desirable. Furthermore, robust mathematical modelling can support in the verification of security risk mitigation decisions and provide a means to address trade-off decisions between a variety of different security controls. The research reported in this paper is based on game-theoretic concepts and graph theory. The security control selection problem is modelled as a multi-objective optimization problem. Two interwoven models are developed for addressing the security risk assessment problem of a system. The internal model describes the actual system and its parameters, while the external model is used to describe possible threat scenarios. These models and the modelling technique is instantiated for a simple airport context, and the essential building blocks of the method are discussed on this example. The work reported in this paper shows the general feasibility of a mathematically founded approach to security risk assessment in large-scale system engineering. The proposed modelling approach forms the basis for the development of a dynamic security risk management capability as part of a recently started European research project on global air traffic management security.