A New Systems-Theoretic Approach to Safety. Dr. John Thomas
|
|
- Blaise Anderson
- 5 years ago
- Views:
Transcription
1 A New Systems-Theoretic Approach to Safety Dr. John Thomas
2 Outline Goals for a systemic approach Foundations New systems approaches to safety Systems-Theoretic Accident Model and Processes STPA (hazard analysis) CAST (accident analysis)
3 Goals for a systemic approach Need to expand our view of safety Safety is dependent on many aspects Technical, human, organizational, etc. Need to understand the whole system of interactions Need to build in safety from the start Versus waiting to assure a finished design is safe Handle challenges in modern systems Traditional approaches developed for relatively simple electro-mechanical systems Software and digital complexity make exhaustive testing impossible Role of humans is changing Unanticipated and unexpected emergent system behavior
4 Goals for a systemic approach Need to expand our view of safety Safety depends on many aspects Technical, human, organizational, etc. Technical factors Easy to focus on independent random failures But other technical problems pose growing challenge Design errors Incomplete/incorrect requirements Esp. accidents from software operating as required Incorrect assumptions Technology
5 The problem doesn t exist in any single component It exists in the interactions among many components
6 Goals for a systemic approach Need to expand our view of safety Safety depends on many aspects Technical, human, organizational, etc. Software Doesn t fail like hardware Curse of software Most software-related accidents result from flawed requirements Technology
7 Goals for a systemic approach Need to expand our view of safety Safety depends on many aspects Technical, human, organizational, etc. Human behavior / social factors Human error more than random component failure Need to look deeper than human-machine interface Must consider: Clumsy automation, mode confusion, etc. How technology might induce human error Human error often a symptom of deeper trouble (Dekker) To fix, need to understand why it would make sense at the time Human Technology
8 China Airlines 006 Autopilot compensates for single engine malfunction Autopilot reaches max limits, aircraft turns slightly Pilots not notified Autopilot at its limits Pilots disengage autopilot for manual control Controls return to default Aircraft immediately nosedives
9 Goals for a systemic approach Need to expand our view of safety Safety depends on many aspects Technical, human, organizational, etc. Engineering and development Engineers are human too! Design/requirements errors are another form of human error Fixing design/requirements problems is not enough What about the processes that created them and analysis methods that overlooked them? Human (operations, engineering, etc.) Technology
10 Goals for a systemic approach Need to expand our view of safety Safety depends on many aspects Technical, human, organizational, etc. Stakeholders: vendors, regulators, contractors, public, etc. Organizational, managerial, leadership, culture, etc. Clearly impact safety, but too easily ignored How can we anticipate these influences? How do we include them in a systemic approach? Organizational Human / Social Technology
11 Goals for a systemic approach Need a hollistic view of safety Cannot consider these factors in isolation Highly dependent on interactions These are complex socio-technical systems Social must be integrated with the technical
12 STAMP: a systems approach (Nancy Leveson) A new view of safety based on systems theory Treat safety as a dynamic control problem Safety requires enforcing constraints on system behavior Accidents occur when interactions among components violate those constraints Safety a control problem, not just failure problem Captures dysfunctional interactions and unsafe system behavior Whether due to failures, design errors, flawed requirements, human behavior, etc. Includes unanticipated and unexpected behaviors Includes systemic factors for accidents Nancy Leveson, 2012, Engineering a Safer World
13 Safety as a control problem Examples O-ring did not control propellant gas release in field joint of Challenger Space Shuttle In HPCI example, did not adequately control the flow of water into the plant At Fukushima, did not control the release of radioactivity from the plant Software did not adequately control descent speed of Mars Polar Lander
14 Control Actions Controller Process Model Feedback Controlled Process STAMP Controllers use a process model to determine control actions Accidents often occur when the process model is incorrect Four types of hazardous control actions: 1) Control commands required for safety are not given 2) Unsafe ones are given 3) Potentially safe commands but given too early, too late 4) Control action stops too soon or applied too long Explains software errors, human errors, component interaction accidents, components failures 14 Copyright John Thomas 2013
15 Example Safety Control Structure
16 Control structure examples (from completed analyses)
17 HPCI/RCIC
18 Safety Control Structure
19 More Detailed Control Structure
20 Copyright John Thomas 2013 Proton Therapy Machine High-level Control Structure Gantry Cyclotron Beam path and control elements
21 Proton Therapy Machine High-level Control Structure Antoine PhD Thesis, 2012 Copyright John Thomas 2013
22 Proton Therapy Machine Control Structure Antoine PhD Thesis, 2012 Copyright John Thomas 2013
23 Image from: Chemical Plant
24 ESW p354 Copyright John Thomas 2013 Chemical Plant Captures interactions between Management, Operations, Technology, Engineering, etc. Image from:
25 Ballistic Missile Defense System Extremely complex system But the complexity is managed Image from: 21_Missile%201_Bulkhead%20Center14_BN4H0939.jpg Safeware Corporation
26 Copyright John Thomas 2013 U.S. pharmaceutical safety control structure Image from:
27 CAST and STPA CAST Accident Analysis STPA Hazard Analysis How do we find inadequate control in a design or accident? STAMP Model Accidents are caused by inadequate control Nancy Leveson, 2012, Engineering a Safer World 27 Copyright John Thomas 2013
28 Systems Theoretic Process Analysis (STPA) Method of applying STAMP for a design Integrates safety into system engineering Can drive design from the beginning of project (more efficient) Can also analyze hazards in existing design Starts at very high-level of abstraction Scalable to extremely complex systems Can help identify unexpected accident scenarios
29 STPA (System-Theoretic Process Analysis) STPA Hazard Analysis STAMP Model Identify accidents and hazards Construct the control structure Step 1: Identify unsafe control actions Step 2: Identify causal factors and control flaws Control Actions Controller Controlled process Feedback 29
30 Identifying Unsafe Control Actions Control Action Not providing causes hazard Providing causes hazard Incorrect Timing/ Order Stopped Too Soon / Applied too long
31 STPA Step 2 Inappropriate, ineffective, or missing control action Controller Inadequate Control Algorithm (Flaws in creation, process changes, incorrect modification or adaptation) Actuator Inadequate operation Control input or external information wrong or missing Process Model (inconsistent, incomplete, or incorrect) Sensor Inadequate operation Missing or wrong communication with another Controller controller Inadequate or missing feedback Feedback Delays Controller Delayed operation Conflicting control actions Process input missing or wrong Controlled Process Component failures Changes over time Unidentified or out-of-range disturbance Incorrect or no information provided Measurement inaccuracies Feedback delays Process output contributes to system hazard 31
32 Is it Practical? STPA has been or is being used in a large variety of industries Nuclear and Electrical Power Spacecraft Aircraft Air Traffic Control UAVs (RPAs) Defense Automobiles (GM, Ford, Nissan?) Medical Devices and Hospital Safety Chemical plants Oil and Gas C0 2 Capture, Transport, and Storage Etc.
33 Is it Practical? (2) Social and Managerial Analysis of the management structure of the space shuttle program (post-columbia) Risk management in the development of NASA s new manned space program (Constellation) NASA Mission control re-planning and changing mission control procedures safely Food safety Safety in pharmaceutical drug development Risk analysis of outpatient GI surgery at Beth Israel Deaconess Hospital Analysis and prevention of corporate fraud
34 Does it Work? Most of these systems are very complex (e.g., the U.S. Missile Defense System) In all cases where a comparison was made: STPA found the same hazard causes as the old methods Plus it found more causes than traditional methods All components were operating exactly as intended but complexity of component interactions led to unanticipated system behavior Examples: missing case in software requirements, timing problems in sending and receiving messages, etc. Sometimes found accidents that had occurred that other methods missed Cost was orders of magnitude less than the traditional hazard analysis methods
35 One Example: Blood Gas Analyzer (Vincent Balgos) 75 scenarios found by FMEA 175 identified by STPA Took much less time and resources (mostly human) FMEA took a team of people months to perform STPA took one person two weeks (and he was just learning STPA) Only STPA found scenario that had led to a Class 1 recall by FDA (actually found nine scenarios leading to it)
36 Automating STPA Hazards Hazardous Control Actions Formal (modelbased) requirements specification Can automate most of Step 1 (but requires human decision making) Formal underlying discrete mathematical models allow for automated consistency/completeness checks (can detect conflicts) Have not yet automated Step 2 (causes of unsafe control actions) 36
37 Thank you! Interested in systems approach to security? STAMP / STPA works for security too! Book: Engineering a Safer World MIT Press, 2012 (Nancy Leveson) STPA Primer More examples, exercises Search Google for STPA Primer
A New Approach to Safety in Software-Intensive Systems
A New Approach to Safety in Software-Intensive Systems Nancy G. Leveson Aeronautics and Astronautics Dept. Engineering Systems Division MIT Why need a new approach? Without changing our patterns of thought,
More informationIntro to Systems Theory and STAMP John Thomas and Nancy Leveson. All rights reserved.
Intro to Systems Theory and STAMP 1 Why do we need something different? Fast pace of technological change Reduced ability to learn from experience Changing nature of accidents New types of hazards Increasing
More informationEngineering a Safer World
Engineering a Safer World Nancy Leveson MIT Presentation Outline Complexity in new systems reaching a new level (tipping point) Old approaches becoming less effective New causes of accidents not handled
More informationEngineering a Safer World. Prof. Nancy Leveson Massachusetts Institute of Technology
Engineering a Safer World Prof. Nancy Leveson Massachusetts Institute of Technology Why Our Efforts are Often Not Cost-Effective Efforts superficial, isolated, or misdirected Too much effort on assuring
More informationWeek 2 Class Notes 1
Week 2 Class Notes 1 Plan for Today Accident Models Introduction to Systems Thinking STAMP: A new loss causality model 2 Accident Causality Models Underlie all our efforts to engineer for safety Explain
More informationEngineering a Safer and More Secure World
Engineering a Safer and More Secure World Nancy Leveson MIT Topics What is the problem? Why do we need something new? Applying systems theory to system safety engineering STAMP: a new model of accident
More informationWelcome to the STAMP/STPA Workshop
Welcome to the STAMP/STPA Workshop Introduction Attendance: Nearly 250 attendees From 19 countries And nearly every industry Sponsored by Engineering Systems Division, Aeronautics and Astronautics Department
More informationMy 36 Years in System Safety: Looking Backward, Looking Forward
My 36 Years in System : Looking Backward, Looking Forward Nancy Leveson System safety engineer (Gary Larsen, The Far Side) How I Got Started Topics How I Got Started Looking Backward Looking Forward 2
More informationEngineering a Safer and More Secure World
Engineering a Safer and More Secure World Nancy Leveson MIT Bottom Line Up Front (BLUF) Complexity is reaching a new level (tipping point) Old approaches becoming less effective New causes of mishaps appearing
More informationAn Integrated Approach to Requirements Development and Hazard Analysis
An Integrated Approach to Requirements Development and Hazard Analysis John Thomas, John Sgueglia, Dajiang Suo, and Nancy Leveson Massachusetts Institute of Technology 2015-01-0274 Published 04/14/2015
More information4 th European STAMP Workshop 2016
4 th European STAMP Workshop 2016 STPA Tutorial - Part 1 Introduction Objectives and Content Overview 2 Objectives and Organization The goal of this tutorial is to give you an overview of STPA. Targeted
More informationApplying systems thinking to safety assurance of Nuclear Power Plants
Applying systems thinking to safety assurance of Nuclear Power Plants Francisco Luiz de Lemos Instituto de Pesquisas Energeticas/ Comissao Nacional de Energia Nuclear IPEN/CNEN _ Brazil IMPRO Dialog Forum
More informationIntroduction. 25 th Annual INCOSE International Symposium (IS2015) Seattle, WA, July 13 July 16, 2015
25 th Annual INCOSE International Symposium (IS2015) Seattle, WA, July 13 July 16, 2015 Integrating Systems Safety into Systems Engineering during Concept Development Cody Harrison Fleming Aeronautics
More informationSafety-Driven Design for Software-Intensive Aerospace and Automotive Systems
Safety-Driven Design for Software-Intensive Aerospace and Automotive Systems The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation
More informationSTPA FOR LINAC4 AVAILABILITY REQUIREMENTS. A. Apollonio, R. Schmidt 4 th European STAMP Workshop, Zurich, 2016
STPA FOR LINAC4 AVAILABILITY REQUIREMENTS A. Apollonio, R. Schmidt 4 th European STAMP Workshop, Zurich, 2016 LHC colliding particle beams at very high energy 26.8 km Circumference LHC Accelerator (100
More informationIncluding Safety during Early Development Phases of Future ATM Concepts
Including Safety during Early Development Phases of Future ATM Concepts Cody H. Fleming & Nancy G. Leveson 23 June 2015 11 th USA/EUROPE ATM R&D Seminar Motivation Cost, Effectiveness 1 80% of Safety Decisions
More informationrones-vulnerable-to-terrorist-hijackingresearchers-say/
http://www.youtube.com/v/jkbabvnunw0 http://www.foxnews.com/tech/2012/06/25/d rones-vulnerable-to-terrorist-hijackingresearchers-say/ 1 The Next Step: A Fully Integrated Global Multi-Modal Security and
More informationThe Need for New Paradigms in Safety Engineering
The Need for New Paradigms in Safety Engineering The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published Publisher Leveson,
More informationApplication of STPA in Radiation Therapy: a Preliminary Study
Application of STPA in Radiation Therapy: a Preliminary Study Natalia Silvis-Cividjian Wilko Verbakel Marjan Admiraal MIT STAMP Workshop 2018 VU medical center Vrije Universiteit (VU) campus Amsterdam,
More informationEngineering Spacecraft Mission Software using a Model-Based and Safety-Driven Design Methodology
JOURNAL OF AEROSPACE COMPUTING, INFORMATION, AND COMMUNICATION Vol. 3, November 2006 Engineering Spacecraft Mission Software using a Model-Based and Safety-Driven Design Methodology Kathryn Anne Weiss
More informationSoftware Challenges in Achieving Space Safety
Software Challenges in Achieving Space Safety The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published Publisher Leveson,
More informationEvaluation of STPA in the Safety Analysis of the Gantry 2 Proton Radiation Therapy System Martin Rejzek, Paul Scherrer Institute, Switzerland
Evaluation of STPA in the Safety Analysis of the Gantry 2 Proton Radiation Therapy System Martin Rejzek, Paul Scherrer Institute, Switzerland 11.04.2012 STAMP/STPA Workshop - Massachusetts Institute of
More information4. OPE INTENT SPECIFICATION TRACEABILITY...
Application of a Safety-Driven Design Methodology to an Outer Planet Exploration Mission Brandon D. Owens, Margaret Stringfellow Herring, Nicolas Dulac, and Nancy G. Leveson Complex Systems Research Laboratory
More informationLecture 13: Requirements Analysis
Lecture 13: Requirements Analysis 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 1 Mars Polar Lander Launched 3 Jan
More informationPSAS. Welcome!! And thanks to our sponsors: Akamai Technologies Liberty Mutual Insurance General Motors Corp.
Welcome!! And thanks to our sponsors: Akamai Technologies Liberty Mutual Insurance General Motors Corp. Statistics 264 registered from 13 countries and 5 continents USA Brazil Japan China Netherlands Germany
More information8.2.1 Therac-25 Radiation Overdoses
Reuse of software: the Ariane 5 rocket and No Fly lists 8.2 Case Study: The Therac-25 377 Less than 40 seconds after the first launch of France s Ariane 5 rocket, the rocket veered off course and was destroyed
More informationSafety in large technology systems. Technology Residential College October 13, 1999 Dan Little
Safety in large technology systems Technology Residential College October 13, 1999 Dan Little Technology failure Why do large, complex systems sometimes fail so spectacularly? Do the easy explanations
More informationUnderstanding STPA-Sec Through a Simple Roller Coaster Example
Understanding STPA-Sec Through a Simple Roller Coaster Example William Young Jr PhD Candidate, Engineering Systems Division Systems Engineering Research Lab Massachusetute of Technology 2016 STAMP
More informationA New Accident Model for Engineering Safer Systems
A New Accident Model for Engineering Safer Systems Nancy Leveson Aeronautics and Astronautics Dept., Room 33-313 Massachusetts Institute of Technology 77 Massachusetts Ave., Cambridge, Massachusetts, USA
More informationSystem Safety Engineering
System Safety Engineering Nancy Leveson John Thomas 1 What were some of the causal factors in the Uberlingen accident? 2 Uncoordinated Control Agents SAFE STATE TCAS provides coordinated instructions to
More informationThe Project Objectives
STPA Software Module A Eurostars Funded Project 5 th European STAMP/STPA Workshop and Conference 13-15 September 2017 - Reykjavík, Iceland Christopher Brown and Jianfei Zheng The Project Objectives Provide
More informationINTRODUCTION TO STAMP
INTRODUCTION TO STAMP Dr. Robert J. de Boer Aviation Academy, Amsterdam Euro Stamp Workshop Reykjavik, September 13th, 2017 Presentation based on: - STPA Primer, Version 1.0; Leveson N. (2015). STAMP Tutorial,
More informationEthics. Paul Jackson. School of Informatics University of Edinburgh
Ethics Paul Jackson School of Informatics University of Edinburgh Required reading from Lecture 1 of this course was Compulsory: Read the ACM/IEEE Software Engineering Code of Ethics: https: //ethics.acm.org/code-of-ethics/software-engineering-code/
More informationA system-theoretic, control-inspired view and approach to process safety
A system-theoretic, control-inspired view and approach to process safety The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation
More informationApplying STPA-based Hazard Analysis to support HBSE for Systems built using MAPs
Applying STPA-based Hazard Analysis to support HBSE for Systems built using MAPs ISPCE 2015 Chicago, IL, USA Sam Procter, John Hatcliff, Kim Fowler SAnToS Lab Kansas State University Anura Fernando Underwriters
More informationArchitecture-Led Safety Process
Architecture-Led Safety Process Peter H. Feiler Julien Delange David P. Gluch John D. McGregor December 2016 TECHNICAL REPORT CMU/SEI-2016-TR-012 Software Solutions Division http://www.sei.cmu.edu Copyright
More informationDesigning for recovery New challenges for large-scale, complex IT systems
Designing for recovery New challenges for large-scale, complex IT systems Prof. Ian Sommerville School of Computer Science St Andrews University Scotland St Andrews Small Scottish town, on the north-east
More informationA systems approach to risk analysis of maritime operations
A systems approach to risk analysis of maritime operations Børge Rokseth 1*, Ingrid Bouwer Utne 1, Jan Erik Vinnem 1 1 Norwegian University of Science and Technology (NTNU), Department of Marine Technology
More informationFocusing Software Education on Engineering
Introduction Focusing Software Education on Engineering John C. Knight Department of Computer Science University of Virginia We must decide we want to be engineers not blacksmiths. Peter Amey, Praxis Critical
More informationCIS 890: High-Assurance Systems
CIS 890: High-Assurance Systems Hazard Analysis Lecture: Failure Modes, Effects, and Criticality Analysis Copyright 2016, John Hatcliff, Kim Fowler. The syllabus and all lectures for this course are copyrighted
More informationFocus on Mission Success: Process Safety for the Atychiphobist
Focus on Mission Success: Process Safety for the Atychiphobist Mary Kay O Connor Process Safety International Symposium Bill Nelson and Karl Van Scyoc October 28-29, 2008 First: A Little Pop Psychology
More informationAssurance Cases The Home for Verification*
Assurance Cases The Home for Verification* (Or What Do We Need To Add To Proof?) John Knight Department of Computer Science & Dependable Computing LLC Charlottesville, Virginia * Computer Assisted A LIMERICK
More informationObjectives. Designing, implementing, deploying and operating systems which include hardware, software and people
Chapter 2. Computer-based Systems Engineering Designing, implementing, deploying and operating s which include hardware, software and people Slide 1 Objectives To explain why software is affected by broader
More informationExecutive Summary. Chapter 1. Overview of Control
Chapter 1 Executive Summary Rapid advances in computing, communications, and sensing technology offer unprecedented opportunities for the field of control to expand its contributions to the economic and
More informationAddressing System Boundary Issues in Complex Socio-Technical Systems CSER 2007
Paper #63 Addressing System Boundary Issues in Complex Socio-Technical Systems CSER 2007 Joseph R. Laracy Engineering Systems Division Massachusetts Institute of Technology 70 Pacific St. #241 A Cambridge,
More informationLeadership, Safety Culture and Catastrophe: Lessons from 10 Case Studies from 7 Safety Critical Industries
Leadership, Safety Culture and Catastrophe: Lessons from 10 Case Studies from 7 Safety Critical Industries ASPECT 2012-11 th September 2012 Xavier Quayzin 1 Invensys 2012 INTRODUCTION Catastrophic accidents
More informationNancy G. Leveson and Clark S. Turner, An Investigation of the Therac-25 Accidents. Computer 26(7), pp , Jul Presented by Dror Feitelson
Nancy G. Leveson and Clark S. Turner, An Investigation of the Therac-25 Accidents. Computer 26(7), pp. 18-41, Jul 1993. Presented by Dror Feitelson The Big Picture The Therac-25 was a computerized radiation
More informationModelling and Hazard Analysis for Contaminated Sediments Using STAMP Model
Publications 5-2011 Modelling and Hazard Analysis for Contaminated Sediments Using STAMP Model Karim Hardy Mines Paris Tech, hardyk1@erau.edu Franck Guarnieri Mines ParisTech Follow this and additional
More informationUsing STPA in the Design of a Nuclear Power Plant Control Room
Using STPA in the Design of a Nuclear Power Plant Control Room A. Lucas STEPHANE MS Business Intelligence MS Experimental Psychology Research Assistant Florida Institute of Technology April 19, 2012 MIT
More informationDesign and Operation of Micro-Gravity Dynamics and Controls Laboratories
Design and Operation of Micro-Gravity Dynamics and Controls Laboratories Georgia Institute of Technology Space Systems Engineering Conference Atlanta, GA GT-SSEC.F.4 Alvar Saenz-Otero David W. Miller MIT
More informationClosed-Loop Transportation Simulation. Outlines
Closed-Loop Transportation Simulation Deyang Zhao Mentor: Unnati Ojha PI: Dr. Mo-Yuen Chow Aug. 4, 2010 Outlines 1 Project Backgrounds 2 Objectives 3 Hardware & Software 4 5 Conclusions 1 Project Background
More informationInstrumentation and Control
Program Description Instrumentation and Control Program Overview Instrumentation and control (I&C) and information systems impact nuclear power plant reliability, efficiency, and operations and maintenance
More informationOutline. Outline. Assurance Cases: The Safety Case. Things I Like Safety-Critical Systems. Assurance Case Has To Be Right
Assurance Cases: New Directions & New Opportunities* John C. Knight University of Virginia February, 2008 *Funded in part by: the National Science Foundation & NASA A summary of several research topics
More informationHigh Reliability Organizing Conference. Deepwater Horizon Incident Investigation
1 High Reliability Organizing Conference Deepwater Horizon Incident Investigation April 20, 2011 2 Disclaimer The PowerPoint presentation given by Mark Griffon, Board Member, United States Chemical Safety
More informationStanford Center for AI Safety
Stanford Center for AI Safety Clark Barrett, David L. Dill, Mykel J. Kochenderfer, Dorsa Sadigh 1 Introduction Software-based systems play important roles in many areas of modern life, including manufacturing,
More informationApplication of STPA in Radiation Therapy: a Preliminary Study
Application of STPA in Radiation Therapy: a Preliminary Study Natalia Silvis-Cividjian Wilko Verbakel Marjan Admiraal MIT STAMP Workshop 2018 VU medical center Vrije Universiteit (VU) campus Amsterdam,
More informationLessons Learned from the US Chemical Safety and Hazard Investigations Board. presented at
Lessons Learned from the US Chemical Safety and Hazard Investigations Board presented at The IAEA International Conference on Human and Organizational Aspects of Assuring Nuclear Safety Exploring 30 Years
More informationHuman Factors Points to Consider for IDE Devices
U.S. FOOD AND DRUG ADMINISTRATION CENTER FOR DEVICES AND RADIOLOGICAL HEALTH Office of Health and Industry Programs Division of Device User Programs and Systems Analysis 1350 Piccard Drive, HFZ-230 Rockville,
More informationThe Role of Software in Spacecraft Accidents
The Role of Software in Spacecraft Accidents Nancy G. Leveson Aeronautics and Astronautics Department Massachusetts Institute of Technology Abstract: The first and most important step in solving any problem
More informationThe Human and Organizational Part of Nuclear Safety
The Human and Organizational Part of Nuclear Safety International Atomic Energy Agency Safety is more than the technology The root causes Organizational & cultural root causes are consistently identified
More informationSoftware Eng. 2F03: Logic For Software Engineering
Software Eng. 2F03: Logic For Software Engineering Dr. Mark Lawford Dept. of Computing And Software, Faculty of Engineering McMaster University 0-0 Motivation Why study logic? You want to learn some cool
More informationSafety Enhancement SE (R&D) ASA - Research Attitude and Energy State Awareness Technologies
Safety Enhancement SE 207.1 (R&D) ASA - Research Attitude and Energy State Awareness Technologies Safety Enhancement Action: Statement of Work: Aviation community (government, industry, and academia) performs
More informationFailure And Avoiding It In Space Vehicle Mechanisms
Failure And Avoiding It In Space Vehicle Mechanisms Walter Holemans, PSC Don Gibbons, Lockheed Martin Virginia Polytechnic Institute and State University Aerospace and Ocean Engineering Department Blacksburg,
More informationA New Safety Theory: Concept, Methodology, and Application
A New Safety Theory: Concept, Methodology, and Application M.Y. Cai, C.J. Liu Complex and Intelligent System Research Center East China University of Science and Technology Shanghai, China Email: caimengya88@163.com,
More informationSecond European STAMP Workshop Welcome! Stefan Wagner Institute of Software Technology
www.uni-stuttgart.de Second European STAMP Workshop Welcome! Stefan Wagner Institute of Software Technology 22. September 2014 www.uni-stuttgart.de One of the strongest commercial regions in Europe Stuttgart
More informationDistributed Systems Programming (F21DS1) Formal Methods for Distributed Systems
Distributed Systems Programming (F21DS1) Formal Methods for Distributed Systems Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh
More informationCSE 435: Software Engineering
CSE 435: Software Engineering Dr. James Daly 3501 Engineering Building Office: 3501 EB, by appointment dalyjame at msu dot edu TAs: Vincent Ragusa and Mohammad Roohitavaf Helproom Tuesday: 2-4 pm, Wednesday
More informationScientific Certification
Scientific Certification John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Scientific Certification: 1 Does The Current Approach Work? Fuel emergency
More informationDependable Computer Systems
Lecture on Dependable Computer Systems Stefan Poledna TTTech Computertechnik AG www.tttech.com Course: Dependable Computer Systems 2007, Stefan Poledna, All rights reserved part 1, page 1 Overview Overview
More informationMultiple Fault Diagnosis from FMEA
Multiple Fault Diagnosis from FMEA Chris Price and Neil Taylor Department of Computer Science University of Wales, Aberystwyth Dyfed, SY23 3DB, United Kingdom cjp{nst}@aber.ac.uk Abstract The Failure Mode
More informationProject BONUS ESABALT
Project BONUS ESABALT Economic and Non-Economic Feasibility Analysis dr Paweł Banaś Maritime University of Szczecin Content Assumptions 1. Analysis of navigational systems and devices 2. Expected ESABALT
More informationLogic Programming. Dr. : Mohamed Mostafa
Dr. : Mohamed Mostafa Logic Programming E-mail : Msayed@afmic.com Text Book: Learn Prolog Now! Author: Patrick Blackburn, Johan Bos, Kristina Striegnitz Publisher: College Publications, 2001. Useful references
More informationEthics in Materials Engineering
Ethics in Materials Engineering Dr. Parviz Yavari Dr. Ehsan Barjasteh Picture : https://www.linkedin.com/topic/ethical-reasoning Contents 1.Ethics/ Morality/Laws 2.Ethics in Engineering 3.Ethics in material
More informationLecture 9: Teleoperation
ME 327: Design and Control of Haptic Systems Autumn 2018 Lecture 9: Teleoperation Allison M. Okamura Stanford University teleoperation history and examples the genesis of teleoperation? a Polygraph is
More informationA Taxonomy of Perturbations: Determining the Ways That Systems Lose Value
A Taxonomy of Perturbations: Determining the Ways That Systems Lose Value IEEE International Systems Conference March 21, 2012 Brian Mekdeci, PhD Candidate Dr. Adam M. Ross Dr. Donna H. Rhodes Prof. Daniel
More informationWhat is AI? AI is the reproduction of human reasoning and intelligent behavior by computational methods. an attempt of. Intelligent behavior Computer
What is AI? an attempt of AI is the reproduction of human reasoning and intelligent behavior by computational methods Intelligent behavior Computer Humans 1 What is AI? (R&N) Discipline that systematizes
More informationMulti-Agent Decentralized Planning for Adversarial Robotic Teams
Multi-Agent Decentralized Planning for Adversarial Robotic Teams James Edmondson David Kyle Jason Blum Christopher Tomaszewski Cormac O Meadhra October 2016 Carnegie 26, 2016Mellon University 1 Copyright
More informationSystem of Systems Software Assurance
System of Systems Software Assurance Introduction Under DoD sponsorship, the Software Engineering Institute has initiated a research project on system of systems (SoS) software assurance. The project s
More informationSenior Design Projects: Sample Ethical Analyses
Senior Design Projects: Sample Ethical Analyses EE 441/442 Spring 2005 Introduction What follows are three sample ethical analyses to help you in the preparation of your senior design project report. Please
More informationWelcome to SENG 480B / CSC 485A / CSC 586A Self-Adaptive and Self-Managing Systems
Welcome to SENG 480B / CSC 485A / CSC 586A Self-Adaptive and Self-Managing Systems Dr. Hausi A. Müller Department of Computer Science University of Victoria http://courses.seng.uvic.ca/courses/2015/summer/seng/480a
More informationWilliam Milam Ford Motor Co
Sharing technology for a stronger America Verification Challenges in Automotive Embedded Systems William Milam Ford Motor Co Chair USCAR CPS Task Force 10/20/2011 What is USCAR? The United States Council
More informationVerification and Validation of Behavior Models using Lightweight Formal Methods
Verification and Validation of Behavior Models using Lightweight Formal Methods An Overview for the SoSECIE Webinar Kristin Giammarco, Ph.D. NPS Department of Systems Engineering 8 August 2017 This work
More informationJudith L. Robinson, Ph.D. Associate Director Space Life Sciences Directorate Johnson Space Center Houston, Texas USA
Building Partnerships In Support of Space Exploration Judith L. Robinson, Ph.D. Associate Director Space Life Sciences Directorate Johnson Space Center Houston, Texas USA Background National Vision for
More informationComputer Simulation for Traffic Control
Computer Simulation for Traffic Control M arvin A. N eedler Systems Engineer Anacomp, Inc. Indianapolis IN TR O D U C TIO N Rosenblueth and Wiener1 stated in 1945, No substantial part of the universe is
More informationModeling Enterprise Systems
Modeling Enterprise Systems A summary of current efforts for the SERC November 14 th, 2013 Michael Pennock, Ph.D. School of Systems and Enterprises Stevens Institute of Technology Acknowledgment This material
More informationOrbiter Cockpit Liang Sim, Kevin R. Duda, Thaddeus R. F. Fulford-Jones, Anuja Mahashabde December 9, 2005
Orbiter Cockpit Liang Sim, Kevin R. Duda, Thaddeus R. F. Fulford-Jones, Anuja Mahashabde December 9, 2005 1 INTRODUCTION The Orbiter cockpit is less advanced than modern aircraft cockpits despite a substantial
More informationThe multi-facets of building dependable applications over connected physical objects
International Symposium on High Confidence Software, Beijing, Dec 2011 The multi-facets of building dependable applications over connected physical objects S.C. Cheung Director of RFID Center Department
More informationSocietal and Ethical Challenges in the Era of Big Data: Exploring the emerging issues and opportunities of big data management and analytics
Societal and Ethical Challenges in the Era of Big Data: Exploring the emerging issues and opportunities of big data management and analytics June 28, 2017 from 11.00 to 12.45 ICE/ IEEE Conference, Madeira
More informationWhite paper on professional practice in software engineering. Canadian Engineering Qualifications Board Software Engineering Task Force.
White paper on professional practice in software engineering Canadian Engineering Qualifications Board Software Engineering Task Force White paper Preamble Provincial and territorial engineering regulators
More informationLeveraging 21st Century SE Concepts, Principles, and Practices to Achieve User, Healthcare Services, and Medical Device Development Success
Leveraging 21st Century SE Concepts, Principles, and Practices to Achieve User, Healthcare Services, and Medical Device Development Success Charles Wasson, ESEP Wasson Strategics, LLC Professional Training
More informationProduct Safety and RF Energy Exposure Booklet for Portable Two-Way Radios
Product Safety and RF Energy Exposure Booklet for Portable Two-Way Radios The information provided in this document supersedes the general safety information contained in user guides published prior to
More informationA New Approach to the Design and Verification of Complex Systems
A New Approach to the Design and Verification of Complex Systems Research Scientist Palo Alto Research Center Intelligent Systems Laboratory Embedded Reasoning Area Tolga Kurtoglu, Ph.D. Complexity Highly
More informationResilience Engineering: The history of safety
Resilience Engineering: The history of safety Professor & Industrial Safety Chair MINES ParisTech Sophia Antipolis, France Erik Hollnagel E-mail: erik.hollnagel@gmail.com Professor II NTNU Trondheim, Norge
More informationChallenges for Qualitative Electrical Reasoning in Automotive Circuit Simulation
Challenges for Qualitative Electrical Reasoning in Automotive Circuit Simulation Neal Snooke and Chris Price Department of Computer Science,University of Wales, Aberystwyth,UK nns{cjp}@aber.ac.uk Abstract
More informationDecreasing Bolt and Bearing Failures on Process Rolls
Decreasing Bolt and Bearing Failures on Process Rolls For Vibration Institute Piedmont Chapter Ken Singleton Bob Bracher 1. Background 2. Review of Roll-Shaft Reliability Problem Areas 3. Detection Vibration
More informationThe Advancement of Simulator Models
The Advancement of Simulator Models How the Evolution of Simulator Technology has Impacted its Application Michael M. Petersen Xcel Energy The Age of Simulation Simulation is the imitation of the operation
More informationBayesian Filter to accurately track airport moving objects
Bayesian Filter to accurately track airport moving objects Hamza Taheri Moving from human based operations to machine-based systems is a global trend Congestion in airports complicates surveillance, and
More informationElectrical and Automation Engineering, Fall 2018 Spring 2019, modules and courses inside modules.
Electrical and Automation Engineering, Fall 2018 Spring 2019, modules and courses inside modules. Period 1: 27.8.2018 26.10.2018 MODULE INTRODUCTION TO AUTOMATION ENGINEERING This module introduces the
More informationTechnologies that will make a difference for Canadian Law Enforcement
The Future Of Public Safety In Smart Cities Technologies that will make a difference for Canadian Law Enforcement The car is several meters away, with only the passenger s side visible to the naked eye,
More informationSITUATIONS OF STAMP IN EUROPE
SITUATIONS OF STAMP IN EUROPE Dr. Nektarios Karanikas, CEng, PMP, GradIOSH, MRAeS, MIET, Lt. Col. (ret.) Associate Professor of Safety & Human Factors Aviation Academy Member of the European STAMP Steering
More information