From: "Heinz Erzberger" <herzberger@mail.arc.nasa.gov>
To: "Gregory Dennis" <gdennis@MIT.EDU>
Cc: <rreisman@mail.arc.nasa.gov>; "Daniel Jackson" <dnj@MIT.EDU>; "Russ Paielli" <rpaielli@mail.arc.nasa.gov>; <Meshow@mail.arc.nasa.gov>
Subject: TSAFE Test Approach
Date: Wednesday, July 03, 2002 3:31 PM

               Greg,
  After thinking about how to answer the questions in you email and what 
data you should use to develop and test TSAFE, we have come to the 
conclusion that you would be better off to build your development around 
CTAS instead of ETMS. We have a new capability available that lets you run 
the portion of CTAS software that you need on an ordinary PC or laptop. You 
would get recorded live radar data files from us that you could replay on a 
PC. The processes of CTAS you would run with this data would only include 
CM and PGUI. Ron Reisman here at Ames has led a project to make  CTAS  run 
on a PC under LINUX. He and his group will help you get started. This setup 
would even allow you eventually to test the algorithms you develop with 
live radar data at full update rate, either Center or TRACON. We can get 
live recorded data from seven centers now and soon will get them for Boston 
and Cleveland Centers also. I believe this will be a nearly ideal test 
setup for you purposes. The TSAFE process you develop would be connected 
into CM via a socket connection and the results displayed on the PGUI. 
There are many other advantages as well.
Ron Reisman recommends that you participate in the weekly telecons he holds 
each Monday on his project. He will email you the time and access number. 
You will be able to ask detailed technical questions.
               Heinz

P.S.  Russ will send you our discussion of your technical approach and 
answers to your questions by this Friday.

========================================================================

From: "Daniel Jackson" <dnj@MIT.EDU>
To: "Daniel Jackson" <dnj@mit.edu>
Cc: "Heinz Erzberger" <herzberger@mail.arc.nasa.gov>; <rreisman@mail.arc.nasa.gov>; "Gregory Dennis" <gdennis@mit.edu>; "Russ Paielli" <rpaielli@mail.arc.nasa.gov>; <Meshow@mail.arc.nasa.gov>; <tsafe@geyer.lcs.mit.edu>; <kepner@ll.mit.edu>; "Roshan Gupta" <roshangupta@yahoo.com>; <welch@ll.mit.edu>
Subject: Re: TSAFE Test Approach / corrected address list
Date: Wednesday, July 10, 2002 3:13 PM

dear heinz, ron, russ and michelle,

i've been discussing the suggestion you made with greg dennis (and with 
roshan gupta who has been working on the design of a playback tool). i'm 
not sure i mentioned to you that we've also been talking to colleagues 
at lincoln labs; my lab (LCS) and the AI lab here at MIT are engaged in 
a collaborative project with lincoln for DARPA, and our TSAFE project 
has been tentatively selected as a testbed project.

i'm taking the liberty of cc'ing jeremy kepner and jerry welch of 
lincoln on this message; jeremy is a lead organizer of the collaboration 
and jerry, as you probably know, has long experience in ATC and his 
group would be our direct contact at lincoln.

we had been concerned about the suitability of ETMS, and we're willing 
to take your advice that we switch to a better data source. we would 
indeed be very grateful if you would supply us with recorded radar 
feeds. we're not clear exactly how you envisage our TSAFE prototype 
fitting in to CTAS. here are my thoughts on how this may be done:

1. since our purpose is to experiment with the development of a small 
trusted computing base, and not to explore the design of trajectory or 
conflict computation algorithms, we would not be experimenting with 
replacements for the TS (trajectory synthesizer). we would expect our 
TSAFE program to run as a client of the CM, receiving aircraft data from 
it, and sending back conflict data to be displayed on the PGUI.

2. of course this architecture compromises the fundamental principle of 
decoupling that underlies TSAFE. it would therefore be viewed as a proof 
of concept, and ultimately we would extract TSAFE and connect it 
directly to the host computer, without using any of CTAS. perhaps 
lincoln would be able to implement the connector that would enable us to 
do that.

3. for it to be feasible for us to develop our TSAFE prototype, and 
investigate how we might make guarantees of dependability, it would have 
to have a very narrow (ie, small and simple) interface to the CM. we 
would also hope to not need to make calls within our TSAFE process to 
any existing CTAS code, and communicate with CTAS only via the network 
connection to the CM. i'm concerned about flight plan parsing in 
particular in this respect; we would probably have to build our own 
parser based on the existing CTAS code if we can't reuse the parser we 
built earlier this summer for ETMS. we are expecting to do all our code 
in Java, btw.

4. we are concerned that the data sent to TSAFE by the CM not be too 
preprocessed, since otherwise it will not be feasible to decouple it at 
a later point. i vaguely recall that the aircraft messages sent by the 
CM are essentially just parsed and formatted host computer messages. is 
that right?

a few pragmatic questions:

5. when do you expect the linux version of CTAS to be ready?

6. what IP issues are there? will we be able to let other researchers 
look at CTAS? are the radar files distributable? what about the ITAR 
issues and foreign students?

7. if all goes to plan, would it be possible to run our TSAFE on the 
recorded radar feeds for the operational errors that russ studied?

8. how might we all (my group, lincoln, ames) work best together on 
this? jeremy suggested that lincoln might be able to give us some stuff 
directly (eg, radar feeds). would it make sense for lincoln to help us 
understand the current CTAS code?

regards,

/daniel