A failure analysis of data distribution middleware in a mission-critical system for air traffic control

Middleware plays a strategic role to reduce development cost and time to market. However, it raises significant dependability challenges when integrated in complex, missioncritical systems. Testing activities, carried out during the development of middleware platforms, may be not enough to assure a proper dependability level after their integration. Middleware failures and their impact on the system as a whole have to be carefully evaluated in critical scenarios. This paper reports a practical experience with a real world, middleware-based Air Traffic Control (ATC) system, being developed in the context of an academic-industrial collaboration. Two equivalent middleware subsystems for data distribution have been compared from the dependability point of view. We identify internal dependencies and execution environment resources characterizing both the solutions. By means of an extensive failure modes emulation campaign, we show that these architectural features can significantly affect the middleware and the overall system dependability level.