WWW.DISSERTATION.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Dissertations, online materials
 
<< HOME
CONTACTS



Pages:   || 2 | 3 | 4 | 5 |   ...   | 21 |

«B.S. Engineering Hope College, 2003 M.Eng. Civil & Environmental Engineering Massachusetts Institute of Technology, 2004 Submitted to the Department ...»

-- [ Page 1 ] --

Safety-driven Early Concept Analysis

and Development

by

Cody Harrison Fleming

B.S. Engineering

Hope College, 2003

M.Eng. Civil & Environmental Engineering

Massachusetts Institute of Technology, 2004

Submitted to the Department of Aeronautics and Astronautics

in partial fulfillment of the requirements for the degree of

Doctor of Philosophy

at the

Massachusetts Institute of Technology

February 2015

©2015 Massachusetts Institute of Technology. All rights reserved.

Signature of Author:

Department of Aeronautics and Astronautics 19 January, 2015

Certified by:

Nancy G. Leveson Professor of Aeronautics and Astronautics and Engineering Systems Thesis Committee Chair

Certified by:

Je↵rey A. Ho↵man Professor of the Practice, Aeronautics and Astronautics Thesis Committee Member

Certified by:

James K. Kuchar Leader, Air Tra c Control Systems Group, Lincoln Laboratory Thesis Committee Member

Accepted by:

Paulo C. Lozano Associate Professor of Aeronautics and Astronautics Chair, Graduate Program Committee [Page intentionally left blank] To Morris.

For shining a light on my life.

[Page intentionally left blank] Safety-driven Early Concept Analysis and Development by Cody Harrison Fleming Abstract As aerospace systems become increasingly complex and the roles of human operators and autonomous software continue to evolve, traditional safety-related analytical methods are becoming inadequate. Traditional hazard analysis tools are based on an accident causality model that does not capture many of the complex behaviors found in modern engineered systems. Additionally, these traditional approaches are most e↵ective during late stages of system development, when detailed design information is available. However, system safety cannot cost-e↵ectively be assured by discovering problems at these late stages and adding expensive updates to the design. Rather, safety should be designed into the system from its very conception. The primary barrier to achieving this objective is the lack of e↵ectiveness of the existing analytical tools during early concept development.

This thesis introduces a new technique, which is based on a more powerful model of accident causality that can capture behaviors that are prevalent in these complex, software-intensive systems. The proposed approach builds on a new accident causality model, called Systems-Theoretic Accident Model and Process, developing a methodology on the model so that it can be applied during the early concept development stages of systems engineering.

The goals are to (1) develop rigorous, systematic tools for the analysis of future concepts in order to identify hazardous scenarios, and (2) extend these tools to assist stakeholders in the development of concepts using a safety-driven approach.

This work first develops a methodology for hazard analysis of a concept of operations (ConOps) using control theory to generate a model of that ConOps. Formal, systems-theoretic concepts such as hierarchy, emergence, communication, and coordination are used to analyze the model and identify hazards in the concept. These hazardous scenarios then guide the development of requirements and the generation of a system architecture, defined as a hierarchical control structure.

This model-based approach represents a significant departure from the state of the art; in the new approach a concept is defined, developed, and analyzed according to a control theoretic model rather than free form, natural language text. The power of the proposed approach—called Systems-Theoretic Early Concept Analysis—is demonstrated on a concept currently being developed by the United States Federal Aviation Administration.

Thesis Supervisor: Nancy Leveson Title: Professor of Aeronautics and Astronautics [Page intentionally left blank] Acknowledgements Professor Nancy Leveson accepted me into this program. She saw in me a mindset that is synergistic with the lab, and she nurtured me along and guided me through some rough terrain. I cannot express enough how much I appreciate her vision, as well as her ability to give us the space to find and work through our own problems.

Professor Leveson provided many opportunities above and beyond what is typically given to a graduate student, and these enriched my experience here at MIT. Thank you, Nancy.

Thanks also to my committee members, Professor Je↵ Ho↵man and Dr. Jim Kuchar.

Without fail, at every committee meeting they asked questions and o↵ered comments about things I had never thought of. This is the true reason for having a committee.

Professor Sheila Widnall provided support and inspiration in countless ways, from early coursework during the PhD program, all the way to the end and beyond. Professor Hamsa Balakrishnan took time out of her extremely busy schedule, and took a foray into relatively unfamiliar subject matter, to provide valuable feedback for this thesis.

What would the graduate student experience be without a lab? John Thomas, the maestro, you are the kindest and most patient person I have ever met in an environment like this, and you are quite clever, too. Blandine Antoine and John Helferich always provided lively conversation and important feedback. Adam Williams, Bill Young, Dan Montes, and Kip Johnson, thank you for all your help and best wishes on your own PhD journeys. Dajiang, Melissa, Seth, Cameron, Aubrey, Ibrahim, and Connor—many thanks for your collaboration, sharpening me with your questions, and showing up to the o ce with smiles on your faces.





Several folks in the broader MIT community deserve acknowledgement. Yves Boussemart provided a soft landing when I arrived here and ensured that my stress level never got too high; Ani Mazumdar picked up right where Yves left o↵. Sophia Hasenfus and Anthony Zolnik provided a level of sanity within the department and made sure I was always comfortable and smiling. Kevin Ford provided a breath of fresh air, almost weekly. I admired the work of John Hansman and Oli de Weck from afar, and many of their students pointed me in the right direction. Thank you to Luke Jensen and Dani Selva.

Roger Veldman help start me on my academic journey long ago, while I was an undergraduate, and has walked alongside me since. Brian Potter was a most enthusiastic mentor during my foray in the “real world” and was equally enthusiastic and encouraging when I decided to leave. Evan Lapointe was there my first time around here at MIT, making sure I did well enough that they would let me come back and supporting me the second time around. Likewise for Jerome Connor.

Of course I literally and figuratively would not be here without family and friends.

Mom, you taught me how to love learning, among many other things. Brady and Kiley, you taught me about love, loyalty, and fun. Proper respect to Sam and E(than) from way back, Chad and Jamie in the not-too-distant past, and D(iana) and Matt more recently.

Last, and certainly not least, thanks to my “own” family. Sarah, you are so beautiful, sweet, supportive, and loving. Your intellectual curiosity inspires me every day, reminding me constantly of why I would want to be in academia in the first place.

What more could a guy ask for? To the next adventure!

[Page intentionally left blank]

–  –  –

List of Figures Fig. 1 Decision E↵ectiveness during Life Cycle (adapted from [Strafaci, 2008]) 18 Fig. 2 System Engineering Vee Model [de Weck, 2009]............ 24 Fig. 3 PHA Inputs, Process, and Outputs [Ericson, 2005]........... 30 Fig. 4 Swiss Cheese Accident Model [Reason, 1990].............. 41 Fig. 5 The consequences of equating safety and reliability.......... 44 Fig. 6 STPA Control Loop with Causal Factors................. 48 Fig. 7 Techniques based on STAMP Accident Causality Model........ 49 Fig. 8 Basic Features of a Hierarchical System (adapted from [Mesarovic et al., 1970])................................. 57 Fig. 9 Proposed Methodology—STECA..................... 58 Fig. 10 STPA Control Loop with Causal Factors................. 59 Fig. 11 Control Loop with generic entities.................... 61 Fig. 12 Proposed Methodology—Analysis.................... 79 Fig. 13 Generic Process Control Loop....................... 80 Fig. 14 Proposed Methodology—STECA..................... 88 Fig. 15 Methodology—Top-Level Systems Engineering............. 96 Fig. 16 High Level Control Structure & Responsibilities............ 99 Fig. 17 Methodology—Identifying Control Concepts.............. 100 Fig. 18 Graphical Control Model of Airborne Conformance Monitor..... 106 Fig. 19 Graphical Control Model of Ground Conformance Monitor...... 107 Fig. 20 Individual Control Loops derived via Analysis............. 118 Fig. 21 TBO Conformance Monitoring Control Structure............ 119 Fig. 22 Methodology—Identifying Hazardous Scenarios............ 125 Fig. 23 ANSP (Ground) Control Loops...................... 127 Fig. 24 JPDO Proposed Conformance Monitoring Model [JPDO, 2011].... 135 Fig. 25 Methodology—Refine Safety Constraints................ 140 Fig. 26 Methodology—Refine Safety Constraints................ 150 Fig. 27 Nominal TBO Control Model—Trajectory Negotiation......... 152 Fig. 28 Modified TBO Control Model—Trajectory Negotiation........ 153 Fig. 29 Alternative Control Structure—Trajectory Negotiation........ 154 Fig. 30 JPDO Safety Assessment Approach [adapted from JPDO, 2012]... 158 Fig. 31 Software in Fault Tree Analysis [JPDO, 2012].............. 160

–  –  –

List of Tables Tab. 1 Sample Preliminary Hazard Analysis (PHA) Worksheet, adapted from [Vincoli, 2005]............................... 28 Tab. 2 PHA for Trajectory-Based Operations, adapted from [JPDO, 2012]. 31 Tab. 3 Risk Assessment Matrix [US DoD, 2012]................. 33 Tab. 4 ACE Missile Example (adapted from [Ericson, 2005])......... 36 Tab. 5 Hypothetical Risk Assessment Matrix, 5x4............... 38 Tab. 6 Control-theoretic Analysis of Text.................... 62 Tab. 7 Database Version of Control Model.................... 63 Tab. 8 General Systems Engineering and Safety-driven Design........ 87 Tab. 9 Definition of Terms in Safety-Driven Design.............. 89 Tab. 10 Example Analysis of Text—TBO Conformance Monitoring...... 101 Tab. 11 Preliminary Control Model of Conformance Monitor Example.... 101 Tab. 12 Initial Control Model of Ground Conformance Model......... 102 Tab. 13 ANSP/Ground—TBO Conformance Monitoring............ 104 Tab. 14 Preliminary Control Model of Ground Conformance Monitor.... 104 Tab. 15 Updated Control Model for I –3..................... 108 Tab. 16 Updated Control Model for I –4..................... 109 Tab. 17 Updated Control Model for I –5..................... 111 Tab. 18 Updated Control Model for I –6..................... 112 Tab. 19 Updated Control Model for I –7..................... 114 Tab. 20 Updated Control Model for I –8..................... 116 Tab. 21 Conformance Monitoring Model Variables............... 121 Tab. 22 Requirements Related to “Completeness of Individual Control Loops” 142 Tab. 23 Requirements Related to “Analyzing Safety-Related Responsibilities” 144 Tab. 24 Requirements Related to “Coordination and Consistency”...... 147 Tab. 25 TBO Negotiation Structure—Information Exchanges.......... 151 Tab. 26 Comparison of Software-related Results................. 162 Tab. 26 Comparison of Software-related Results................. 163 Tab. 27 Comparison of Human Operator-related Results............ 164 Tab. 27 Comparison of Human Operator-related Results............ 165 Tab. 28 Comparison of Component Interaction-related Results........ 168 Tab. 28 Comparison of Component Interaction-related Results........ 169 Tab. 30 Analysis for Negotiation with ANSP................... 202 Tab. 31 Analysis for Negotiation with FOC.................... 210 Tab. 32 Analysis for Negotiation with Pilots................... 217 Chapter 1 Introduction Safety must be designed and built into airplanes, just as are performance, stability, and structural integrity. [Stieglitz, 1948] Often the perception among engineers and other stakeholders is that safety is expensive. Safety-related features are also seen as intrusive because they seem to result in reduced performance, increased weight, or unnecessary complexity. In fact safety often is costly, both in terms of economics and technical performance, but this is not due to any intrinsic property of safety itself. Rather, the reason safety costs so much is that it is often considered only after the major architectural tradeo↵s and design decisions have been made. Once the basic design is finalized, the only choice is to add expensive redundancy or excessive design margins [Leveson, 2009].

It has been estimated in the defense community that 70-80% of the decisions affecting safety are made in the early concept development stages of a project [Frola and Miller, 1984]. As Figure 1 illustrates, compensating later for making poor choices at the beginning can be very costly. Stieglitz’ quote is appropriate for all complex systems, not merely airplane design. Safety must be designed and built into systems from the very beginning of concept development.



Pages:   || 2 | 3 | 4 | 5 |   ...   | 21 |


Similar works:

«Lost and Found in Translation: Cross-Lingual Question Answering with Result Translation Kristen Parton Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2012 c 2012 Kristen Parton All Rights Reserved ABSTRACT Lost and Found in Translation: Cross-Lingual Question Answering with Result Translation Kristen Parton Using cross-lingual question answering (CLQA), users can find information in...»

«Uncertainty, Reward, and Attention in the Bayesian Brain. Louise Whiteley Dissertation submitted for the degree of doctor of philosophy of the university of london Gatsby computational neuroscience unit university college london 1 Declaration I, Louise Emma Whiteley, confirm that the work presented in this thesis is my own. Where information has been derived from other sources, I confirm that this has been indicated in the thesis. 17th September 2008 2 Abstract The ‘Bayesian Coding...»

«1 MORALS BY AGREEMENT DAVID GAUTHIER Chapter I OVERVIEW OF A THEORY What theory of morals can ever serve any useful purpose, unless it can show that all the duties it recommends are also the true interest of each individual?1 David Hume, who asked this question, seems mistaken; such a theory would be too useful. Were duty no more than interest, morals would be superfluous. Why appeal to right or wrong, to good or evil, to obligation or to duty, if instead we may appeal to desire or aversion, to...»

«PATRICK GRIM SUNY Distinguished Teaching Professor Department of Philosophy State University of New York at Stony Brook Stony Brook, New York 11794 (631) 632-7578 cell (631) 790-2356 fax (631) 632-7522 pgrim@notes.cc.sunysb.edu http://www.sunysb.edu/philosophy/faculty/pgrim/pgrim.html www.ptft.org Specializations Philosophical Logic, Philosophical Computer Modeling (Agent-Based Modeling, Artificial Societies, and Evolutionary Game Theory), Ethics, Contemporary Metaphysics, Philosophy of...»

«CROSS-RACIAL MEASURMENT EQUIVALENCE OF THE EYBERG CHILD BEHAVIOR INVENTORY FACTORS AMONG YOUNG AFRICAN AMERICAN AND EUROPEAN AMERICAN CHILDREN By ASHLEY MICHELLE BUTLER A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA © 2009 Ashley Michelle Butler To my mother and sister for their presence, support, encouragement, and love ACKNOWLEDGMENTS I thank my undergraduate...»

«Hideaki Shimazaki, Ph.D RIKEN Brain Science Institute 2-1 Hirosawa, Wako, Saitama 351-0198 Japan Phone: +81-48-467-9644 Fax: +81-48-467-9670 E-Mail: shimazaki@brain.riken.jp HP: http://goo.gl/viSNG Education Doctor of Philosophy, Kyoto University 2004 Apr 2007 Mar Department of Physics, Graduate School of Science, Kyoto University, Kyoto, Japan. Supervisor: Prof. Shigeru Shinomoto Thesis title: Recipes for selecting the bin size of a histogram. Master of Arts (Neuroscience), Johns Hopkins...»

«Instructions for use Growth Dynamics and Applications of Selectively–Grown InGaAs Nanowires (有機金属気相選択成長法による InGaAs ナノワイヤの 成長ダイナミクスと素子応用に関する研究) A dissertation submitted in partial fulfillment of the requirement for the degree of Doctor of Philosophy (Engineering) in Hokkaido University February, 2014 by Yoshinori KOHASHI Dissertation Supervisor Professor Junichi MOTOHISA Dedicated to my parents, Etsuko KOHASHI...»

«EXPLORING THE MULTI-FACTORIAL MANIFESTATIONS OF JOINT HYPERMOBILITY SYNDROME AND THE IMPACT ON QUALITY OF LIFE Carol Clark A thesis submitted in partial fulfillment of the requirements of Bournemouth University for the degree of Doctor of Philosophy [June, 2012] Bournemouth University COPYRIGHT STATEMENT This copy of the thesis has been supplied on condition that anyone who consults it is understood to recognise that its copyright rests with the author and due acknowledgement must always be...»

«Eileen C. Sweeney Department of Philosophy Boston College Chestnut Hill, MA 02167 (617) 552-3857 eileen.sweeney@bc.edu EDUCATION Ph.D. (Philosophy), University of Texas at Austin. Thesis: Aquinas' Notion of Science M.A. (Philosophy), University of Texas at Austin. B.A. magna cum laude (Philosophy), University of Dallas. Certificat des Études Pratiques de Français, University of Lyon, France. POSITIONS 2011-present, Professor, Boston College 19922011, Associate Professor, Boston College...»

«Philosophy and the Arts, Midwest Studies in Philosophy, Peter A. French, Theodore E. Uehling, Jr., and Howard Wettstein, eds., (NotreDame: University of Notre Dame Press, 1991), 196-208; reprinted in Synthese, 95 (1993), 13-28; in Lire Goodman, J. Cometti, ed., (Combas: Editions d’Eclat, 1992), 49-67 (in French). UNDERSTANDING: ART AND SCIENCE Catherine Z. Elgin Abstract: This paper explores exemplification in art and science. Both scientific experiments and works of art highlight,...»

«‘I think – you know’ Two epistemic stance markers and their significance in an innovation process JEANETTE LANDGREBE Introduction As early as the 17th century, The French philosopher Descartes proposed the expression “cogito ergo sum” ‘I think, therefore I am’ (Descartes, [1644] 1988). This illustrates a very literal interpretation of the linguistic expression ‘I think’ and thus paved the way for how western philosophers later were to perceive of knowledge and reality. The...»

«DC PULSE-POWERED MICRODISCHARGES ON PLANAR ELECTRODES AND THEIR USE IN VAPOR AND LIQUID PHASE CHEMICAL SENSING IN AMBIENT AIR by Bhaskar Mitra A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Electrical Engineering) in The University of Michigan 2008 Doctoral Committee: Professor Yogesh B. Gianchandani, Chair Professor Kensall D. Wise Professor Fred L. Terry Jr. Associate Professor John E. Foster Assistant Professor Michel M. Maharbiz...»





 
<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.