Design Principles for Survivable System Architecture

Similar documents
2009 SEAri Annual Research Summit. Research Report. Design for Survivability: Concept Generation and Evaluation in Dynamic Tradespace Exploration

Evolving Systems Engineering as a Field within Engineering Systems

2011 INCOSE International Symposium June 21, Presented by: Donna Rhodes. seari.mit.edu

Quantifying Flexibility in the Operationally Responsive Space Paradigm

Design for Affordability in Complex Systems and Programs Using Tradespace-based Affordability Analysis

A Framework for Incorporating ilities in Tradespace Studies

Revisiting the Tradespace Exploration Paradigm: Structuring the Exploration Process

SEAri Short Course Series

RESEARCH OVERVIEW Design for Survivability: Concept Generation and Evaluation in Dynamic Tradespace Exploration

System Architecture Pliability and Trading Operations in Tradespace Exploration

Two Empirical Tests of Design Principles for Survivable System Architecture

SEAri Short Course Series

Flexibility, Adaptability, Scalability, and Robustness for Maintaining System Lifecycle Value

Socio-Technical Decision Making and Designing for Value Robustness

SEAri Short Course Series

New Methods for Architecture Selection and Conceptual Design:

Using Pareto Trace to Determine System Passive Value Robustness

The following paper was published and presented at the 3 rd Annual IEEE Systems Conference in Vancouver, Canada, March, 2009.

Multi-Attribute Tradespace Exploration for Survivability: Application to Satellite Radar

An Iterative Subsystem-Generated Approach to Populating a Satellite Constellation Tradespace

Developing Methods to Design for Evolvability: Research Approach and Preliminary Design Principles

Assessing the Value Proposition for Operationally Responsive Space

An insight in the evolution of GEO satellite technologies for broadband services

A Taxonomy of Perturbations: Determining the Ways That Systems Lose Value

Heidi Robinson Today, I m going to talk to you about resiliency. Resiliency is not a term that is easily defined nor is it easily achievable. As I con

Shaping Socio-Technical System Innovation Strategies using a Five Aspects Taxonomy

SEAri Working Paper Series

Multi-Epoch Analysis of a Satellite Constellation to Identify Value Robust Deployment across Uncertain Futures

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Agent Model of On-Orbit Servicing Based on Orbital Transfers

A Framework for Incorporating ilities in Tradespace Studies

A New Approach to the Design and Verification of Complex Systems

Understanding DARPA - How to be Successful - Peter J. Delfyett CREOL, The College of Optics and Photonics

DRONACHARYA GROUP OF INSTITUTIONS, GREATER NOIDA. SATELLITE COMMUNICATIONS (EEC 021) QUESTION BANK

Benefits analysis. Benefit categorisation. Lesley Murphy QinetiQ. ESA Space Weather Programme study Final presentation, 6th-7th December 2001

15 th Annual Conference on Systems Engineering Research

Miguel A. Aguirre. Introduction to Space. Systems. Design and Synthesis. ) Springer

STRATEGIC DEFENSE INITIATIVE ORGANIZATION (SDIO) SMALL BUSINESS INNOVATION RESEARCH PROGRAM Submitting Proposals

Design of a Piezoelectric-based Structural Health Monitoring System for Damage Detection in Composite Materials

The Global Exploration Roadmap International Space Exploration Coordination Group (ISECG)

A Review of Vulnerabilities of ADS-B

The Tradespace Exploration Paradigm Adam Ross and Daniel Hastings MIT INCOSE International Symposium July 14, 2005

MSL Lessons Learned Study. Presentation to NAC Planetary Protection Subcommittee April 29, 2013 Mark Saunders, Study Lead

A Method Using Epoch-Era Analysis to Identify Valuable Changeability in System Design

Fault Management Architectures and the Challenges of Providing Software Assurance

A New Approach to Safety in Software-Intensive Systems

1. Basic radar range equation 2. Developing the radar range equation 3. Design impacts 4. Receiver sensitivity 5. Radar cross-section 6.

Architecting Systems of Systems with Ilities: an Overview of the SAI Method

RDT&E BUDGET ITEM JUSTIFICATION SHEET (R-2 Exhibit)

RECOMMENDATION ITU-R SA (Question ITU-R 131/7) a) that telecommunications between the Earth and stations in deep space have unique requirements;

The Preliminary Risk Analysis Approach: Merging Space and Aeronautics Methods

NEW TECHNOLOGIES. Philippe Francken. WSRF 2012, Dubai 1

Piezoelectric-Based In-Situ Damage Detection in Composite Materials for Structural Health Monitoring Systems

Comments of Shared Spectrum Company

NASA s X2000 Program - an Institutional Approach to Enabling Smaller Spacecraft

Background T

Week 2 Class Notes 1

CGMS Agency Best Practices in support to Local and Regional Processing of LEO Direct Broadcast data for Achieving

Guiding Cooperative Stakeholders to Compromise Solutions Using an Interactive Tradespace Exploration Process

A FRAMEWORK FOR PERFORMING V&V WITHIN REUSE-BASED SOFTWARE ENGINEERING

Software-Intensive Systems Producibility

System Architecture An Overview and Agenda

Efficient use of Satellite Resources through the use of Technical Developments and Regulations

Technology Roadmapping. Lesson 3

MASSACHUSETTS INSTITUTE OF TECHNOLOGY Department of Ocean Engineering PROJECTS IN NAVAL SHIPS CONVERSION DESIGN IAP 2003

The EDA SUM Project. Surveillance in an Urban environment using Mobile sensors. 2012, September 13 th - FMV SENSORS SYMPOSIUM 2012

Systems Architecting for Survivability: Limitations of Existing Methods for Aerospace Systems

-SWQ-SCOTTISH QUALIFICATIONS AUTHORITY HIGHER NATIONAL UNIT SPECIFICATION GENERAL INFORMATION SATELLITE COMMUNICATION TECHNOLOGY

Technology Considerations for Advanced Formation Flight Systems

STRATEGIC COMMUNICATIONS NETWORK PERFORMANCE EVALUATION MODEL

Jager UAVs to Locate GPS Interference

HU-1044 Budapest, Ipari Park Str.10.

Future IMT Bands: WRC-15 & C-band Satellite Solutions for the Caribbean. David Hartshorn Secretary General GVF

Empirical Research on Systems Thinking and Practice in the Engineering Enterprise

RECOMMENDATION ITU-R SA (Question ITU-R 210/7)

Use of Knowledge Modeling to Characterize the NOAA Observing System Architecture

RECOMMENDATION ITU-R S.1341*

Exploring Trends in Technology and Testing in Satellite Communications

Satellite Signals and Communications Principles. Dr. Ugur GUVEN Aerospace Engineer (P.hD)

Test Results of a 7-Element Small Controlled Reception Pattern Antenna

Engineered Resilient Systems NDIA Systems Engineering Conference October 29, 2014

Addressing Systems Engineering Challenges Through Collaborative Research

NASA Ground and Launch Systems Processing Technology Area Roadmap

RESEARCH OVERVIEW Methodology to Identify Opportunities for Flexible Design

Frequency bands and transmission directions for data relay satellite networks/systems

Signature of Author: Stephen Ajemian System Design and Management Program

Proposed Curriculum Master of Science in Systems Engineering for The MITRE Corporation

PowerMAX Redundant SSPA Systems. Soft-fail Redundancy Modular, Hot-swap Assemblies Indoor and Outdoor Packages

AN ENABLING FOUNDATION FOR NASA S EARTH AND SPACE SCIENCE MISSIONS

SEAri Short Course Series

Testimony to the President s Commission on Implementation of the United States Space Exploration Policy

Our Acquisition Challenges Moving Forward

INFORMATION AND COMPUTATION HIERARCHY

Opportunistic Vehicular Networks by Satellite Links for Safety Applications

Revisiting the Tradespace Exploration Paradigm: Structuring the Exploration Process

The Effect of Radio Frequency Interference on GNSS Signals and Mitigation Techniques Presented by Dr. Tarek Attia

Engineered Resilient Systems DoD Science and Technology Priority

B ==================================== C

NASA Technology Road Map: Materials and Structures. R. Byron Pipes

W-Band Satellite Transmission in the WAVE Mission

Transcription:

Design Principles for Survivable System Architecture 1 st IEEE Systems Conference April 10, 2007 Matthew Richards Research Assistant, MIT Engineering Systems Division Daniel Hastings, Ph.D. Professor, MIT Department of Aeronautics and Astronautics and Engineering Systems Division Adam Ross, Ph.D. Postdoctoral Associate, MIT Engineering Systems Division Donna Rhodes, Ph.D. Senior Lecturer, MIT Engineering Systems Division Director, SEARI

Agenda Motivation Survivability Framework 12 Design Principles for Enhancing Survivability Passive vs. Active Survivability Conclusion web.mit.edu/seari 2007 Massachusetts Institute of Technology 2

Motivation Despite increased geographic distribution, information technology has increased interdependence of engineering systems Interdependencies magnify risk from local disturbances that rapidly propagate within and among systems Risks exacerbated by emergence of new sources of disturbances Physical: terrorism Electronic: cyber-attacks Shortcomings associated with reductionist conventional approaches to survivability engineering Limited to physical domain Presuppose operating environments and hazards Ineffective for managing emergent, context-dependent system properties Research needed on how survivability should inform design decisions of system architectures web.mit.edu/seari 2007 Massachusetts Institute of Technology 3

Prical Architectures for Survivable Systems and Networks by Peter G. Neumann (2000) U.S. Army Research Laboratory report assesses state of architecting for survivability Scope: distributed systems, systems of systems Identifies several inadequacies with current paradigm Systems and networks with critical survivability requirements are extremely difficult to specify, develop, procure, operate, and maintain. The currently existing evaluation criteria frameworks are not yet comprehensively suitable for evaluating highly survivable systems. there is almost no experience in evaluating systems having a collection of independent criteria that might contribute to survivability, and the interions among different criteria subsets are almost unexplored outside of the context of this report. Identifies several challenges requiring future work, including Generic mission models that can be readily tailored to specific systems to evaluate the adequacy of survivability requirements Families of systems and network topologies that are inherently robust to catastrophic failures Enumeration of design principles for survivability would be a first step towards development of a generic survivability framework web.mit.edu/seari 2007 Massachusetts Institute of Technology 4

Definition of Survivability Ability of a system to minimize the imp of a finite disturbance on value delivery, achieved through either (1) the reduction of the likelihood or magnitude of a disturbance or (2) the satisfion of a minimally acceptable level of value delivery during and after a finite disturbance value original state disturbance Epoch: Time period with a fixed context; charerized by static constraints, design concepts, available technologies, and articulated attributes (Ross 2006) Type 2 Survivability ual recovery τ r recovered state emergency value threshold recovery expected value threshold permitted recovery web.mit.edu/seari 2007 Massachusetts Institute of Technology 5

Type II : Direct Broadcast Satellite TV 14.3 C/N Clear sky C/N rain attenuation Carrier-to-noise ratio (C/N) margin is a design tradeoff between the outage level that customers can be expected to tolerate, the maximum allowable diameter of the receiving dish antenna, and the power output from the satellite transponders (12.2-12.7 GHZ Ku-band) db 8.6 τ r =8.6 db link margin (5.7 db) =0 db Type II survivability is achieved here because τ r < In the case of DIRECTV, τ r must be <0.3% of the (about 25 hours each year) web.mit.edu/seari 2007 Massachusetts Institute of Technology 6

Survivability Framework in out heterogeneous nodes heterogeneous arcs Framework consists of the minimum set of elements to describe system Changes in elements will provide insights into survivability Used to enumerate 12 design principles for survivability 6 identified for Type 1 survivability (reduction in susceptibility) 6 identified for Type 2 survivability (reduction in vulnerability) web.mit.edu/seari 2007 Massachusetts Institute of Technology 7

Prevention (1.1) Imp Definition: suppression of a future or potential future disturbance examples: aircraft suppression of enemy air defense (SEAD), 2 nd Persian Gulf War prevention web.mit.edu/seari 2007 Massachusetts Institute of Technology 8

Mobility (1.2) Definition: ability to relocate to avoid detection Imp examples: Navy TACAMO E-6 strategic communications aircraft, Scud launcher vehicles mobility web.mit.edu/seari 2007 Massachusetts Institute of Technology 9

Concealment (1.3) Definition: of reducing the visibility of a system from an examples: radar signature reduction on B-2 Spirit and F-117 Nighthawk concealment Imp web.mit.edu/seari 2007 Massachusetts Institute of Technology 10

Deterrence (1.4) Definition: dissuasion of a rational from committing a disturbance; increases perceived costs above perceived benefits of attack example: Mutually Assured Destruction deterrence Imp web.mit.edu/seari 2007 Massachusetts Institute of Technology 11

Preemption (1.5) Definition: suppression of an imminent disturbance example: missile defense, Israeli attack on Egyptian forces in 1967 Six Day War preemption Imp web.mit.edu/seari 2007 Massachusetts Institute of Technology 12

Avoidance (1.6) Imp Definition: ability to maneuver away from a disturbance examples: aircraft missile evasion, precision landing on Mars Science Laboratory (MSL) avoidance web.mit.edu/seari 2007 Massachusetts Institute of Technology 13

Type I Survivability Principles at Work τ r 1.3 concealment 1.1 prevention 1.2 mobility 1.4 deterrence 1.5 preemption 1.6 avoidance web.mit.edu/seari 2007 Massachusetts Institute of Technology 14

Hardness (2.1) Imp Definition: resistance of a system to deformation examples: error correcting codes, Milstar satellite radiation hardening hardness web.mit.edu/seari 2007 Massachusetts Institute of Technology 15

Evolution (2.2) Definition: alteration of system elements to reduce disturbance effectiveness (engineered mismatch) example: post-deployment armor-plating of Humvees evolution Imp web.mit.edu/seari 2007 Massachusetts Institute of Technology 16

Redundancy (2.3) Definition: duplication of critical system components to increase reliability Imp examples: back-up GEO communications satellites, Space Shuttle avionics system of 5 identical general-purpose computers redundancy web.mit.edu/seari 2007 Massachusetts Institute of Technology 17

Diversity (2.4) Definition: variation in system elements (chareristic or spatial) to decrease effectiveness of homogeneous disturbances example: heterogeneous operating systems decreases effectiveness of malware, separation of computers on spacecraft diversity Imp web.mit.edu/seari 2007 Massachusetts Institute of Technology 18

Replacement (2.5) Definition: substitution of system elements to improve value delivery Imp example: launch of XM-3 and XM-4 to replace XM-1 and XM-2 due to solar panel fogging that reduced Boeing 702 lifes from 15 to 6 years replacement A X web.mit.edu/seari 2007 Massachusetts Institute of Technology 19

Repair (2.6) Imp Definition: restoration of system to improved state of value delivery example: Hubble servicing missions repair web.mit.edu/seari 2007 Massachusetts Institute of Technology 20

Survivability Principles at Work ive passive τ r 1.3 concealment 1.1 prevention 1.4 deterrence 1.5 preemption 2.1 hardness 1.6 avoidance 2.5 replacement 2.2 evolution 2.6 repair 1.2 mobility 2.3 redundancy 2.4 diversity web.mit.edu/seari 2007 Massachusetts Institute of Technology 21

Passive vs. Active Survivability Philosophy Chareristics Design Principles Forecasting Architecture Design Focus Failures Relevant Disciplines Passive Survivability Survivability is something that a system has proive, resistant, robust concealment, hardness, redundancy, diversity Presupposes knowledge of disturbance environment Closed (static) Defensive barriers at system-level to resist disturbances Causal chain (often linear) Component reliability, safety engineering, risk analysis, domainspecific technologies Active Survivability Survivability is something that a system does reive, flexible, adaptive prevention, mobility, deterrence, preemption, avoidance, evolution, replacement, repair Acknowledges uncertainty in projection of future disturbances Open (dynamic) Architectural agility to avoid, deter, and recover from disturbances Tight couplings, functional resonance (nonlinear) Real options, organizational theory, process design, domain-specific technologies web.mit.edu/seari 2007 Massachusetts Institute of Technology 22

Conclusion Definition, framework, and enumeration of passive and ive survivability design principles is only a first step Helpful for understanding a larger set of survivability techniques Enumeration is not intended as a systems engineering checklist Intended to provide designers with a portfolio of options from which to consider a larger tradespace of survivable designs Successful designs must balance investments in survivability with performance and cost e.g., incorporate subset of the twelve principles with varying weights Future work Development of quantitative metrics for each design principle Incorporation of survivability as an attribute in an existing satellite tradespace web.mit.edu/seari 2007 Massachusetts Institute of Technology 23

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback