DOCSLIB.ORG

NASA Bayesian Inference for Probabilistic Risk Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
NASA Bayesian Inference for Probabilistic Risk Analysis NASA/SP-2009-569 Bayesian Inference for NASA Probabilistic Risk and Reliability Analysis Dr. Homayoon Dezfuli NASA Project Manager, NASA Headquarters, Washington, DC Dana Kelly Idaho National Laboratory, Idaho Falls, ID Dr. Curtis Smith Idaho National Laboratory, Idaho Falls, ID Kurt Vedros Idaho National Laboratory, Idaho Falls, ID William Galyean Idaho National Laboratory, Idaho Falls, ID National Aeronautics and Space Administration June 2009 NASA STI Program ... in Profile Since its founding, NASA has been dedicated • CONFERENCE PUBLICATION. Collected to the advancement of aeronautics and space papers from scientific and technical science. The NASA scientific and technical conferences, symposia, seminars, or other information (STI) program plays a key part in meetings sponsored or co-sponsored helping NASA maintain this important role. by NASA. The NASA STI program operates under the • SPECIAL PUBLICATION. Scientific, auspices of the Agency Chief Information Officer. technical, or historical information from It collects, organizes, provides for archiving, and NASA programs, projects, and missions, disseminates NASA’s STI. The NASA STI often concerned with subjects having program provides access to the NASA substantial public interest. Aeronautics and Space Database and its public interface, the NASA Technical Report Server, • TECHNICAL TRANSLATION. English- thus providing one of the largest collections of language translations of foreign scientific aeronautical and space science STI in the world. and technical material pertinent to Results are published in both non-NASA channels NASA’s mission. and by NASA in the NASA STI Report Series, which includes the following report types: Specialized services also include creating custom thesauri, building customized • TECHNICAL PUBLICATION. Reports of databases, and organizing and publishing completed research or a major significant research results. phase of research that present the results of NASA Programs and include extensive data For more information about the NASA STI or theoretical analysis. Includes compilations program, see the following: of significant scientific and technical data and information deemed to be of continuing • Access the NASA STI program home page reference value. NASA counterpart of peer- at http://www.sti.nasa.gov reviewed formal professional papers but has less stringent limitations on manuscript length • E-mail your question via the Internet to and extent of graphic presentations. [email protected] • TECHNICAL MEMORANDUM. Scientific and • Fax your question to the NASA STI Help technical findings that are preliminary or of Desk at 443-757-5803 specialized interest, e.g., quick release reports, working papers, and bibliographies • Phone the NASA STI Help Desk at that contain minimal annotation. Does not 443-757-5802 contain extensive analysis. • Write to: • CONTRACTOR REPORT. Scientific and NASA STI Help Desk technical findings by NASA-sponsored NASA Center for AeroSpace Information contractors and grantees. 7115 Standard Drive Hanover, MD 21076-1320 Foreword This NASA-HANDBOOK is published by the National Aeronautics and Space Administration (NASA) to provide a Bayesian foundation for framing probabilistic problems and performing inference on these problems. It is aimed at scientists and engineers and provides an analytical structure for combining data and information from various sources to generate estimates of the parameters of uncertainty distributions used in risk and reliability models. The overall approach taken in this document is to give both a broad perspective on data analysis issues and a narrow focus on the methods required to implement a comprehensive database repository. It is intended for use across NASA. Recent years have seen significant advances in the use of risk analysis at NASA. These advances are reflected both in the state of practice of risk analysis within projects, and in the status of several NASA requirements and procedural documents. Because risk and reliability models are intended to support decision processes, it is critical that inference methods used in these models be robust and technically sound. To this end, the Office of Safety and Mission Assurance (OSMA) undertook the development of this document. This activity, along with other ongoing OSMA-sponsored projects related to risk and reliability, supports the attainment of the holistic and risk-informed decision-making environment that NASA intends to adopt. This document is not intended to prescribe any technical procedure and/or software tool. The coverage of the technical topics is also limited with respect to (1) the historical genesis of Bayesian methods; (2) comparisons of “classical statistics” approaches with Bayesian ones; (3) the detailed mathematics of a particular method (unless needed to apply the method); and (5) a source of actual reliability or risk data/information. Additionally, this document is focused on hardware failures; excluded from the current scope are specific inference approaches for phenomenological, software, and human failures. As with many disciplines, there are bound to be differences in technical and implementation approaches. The authors acknowledge that these differences exist and to the extent practical these instances have been identified. The Bayesian Inference handbook assumes that probabilistic inference problems range from simple, well- supported cases to complex, multi-dimensional problems. Consequently, the approaches provided to evaluate these diverse sets of issues range from single-line spreadsheet formula approaches to Monte Carlo-based sampling methods. As such, the level of analyst sophistication should be commensurate with the issue complexity and the selected computational engine. To assist analysts in applying the inference principles, the document provides “call out” boxes to provide definitions, warnings, and tips. In addition, a hypothetical (but representative) system analysis and multiple examples are provided, as are methods to extend the analysis to accommodate real-world complications such as uncertain, censored, and disparate data. For most of the example problems, the Bayesian Inference handbook uses a modern computational approach known as Markov chain Monte Carlo (MCMC). Salient references provide the technical basis and mechanics of MCMC approaches. MCMC methods work for simple cases, but more importantly, they work efficiently on very complex cases. Bayesian inference tends to become computationally intensive when the analysis involves multiple parameters and correspondingly high-dimensional integration. MCMC methods were described in the early 1950s in research into Monte Carlo sampling at Los Alamos. Recently, with the advance of computing power and improved analysis algorithms, MCMC is increasingly being used for a variety of Bayesian inference problems. MCMC is effectively (although not literally) numerical (Monte Carlo) integration by way of Markov chains. Inference is performed by sampling from a target distribution (i.e., a specially constructed Markov chain, based upon the inference problem) until convergence (to the posterior distribution) is achieved. The MCMC approach may be implemented using I BAYESIAN INFERENCE FOR NASA PROBABILISTIC RISK AND RELIABILITY ANALYSIS custom-written routines or existing general purpose commercial or open-source software. In the Bayesian Inference document, an open-source program called OpenBUGS (commonly referred to as WinBUGS) is used to solve the inference problems that are described. A powerful feature of OpenBUGS is its automatic selection of an appropriate MCMC sampling scheme for a given problem. The approach that is taken in the document is to provide analysis “building blocks” that can be modified, combined, or used as-is to solve a variety of challenging problems. Not just for risk and reliability inference, MCMC methods are also being used for other U.S. Government activities (e.g., at the Food and Drug Administration, the Nuclear Regulatory Commission, National Institute of Standards and Technology, and the National Atmospheric Release Advisory Center). The MCMC approach used in the document is implemented via textual scripts similar to a macro-type programming language. Accompanying each script is a graphical diagram illustrating the elements of the script and the overall inference problem being solved. In a production environment, analysis could take place by running a script (with modifications keyed to the problem-specific information). Alternatively, other implementation approaches could include: (1) using an interface-driven front-end to automate an applicable script, (2) encapsulating an applicable script into a spreadsheet function call, or (3) creating an automated script-based inference engine as part of an information management system. In lieu of using the suggested MCMC-based analysis approach, some of the document’s inference problems could be solved using the underlying mathematics. However, this alternative numerical approach is limited because several of the inference problems are difficult to solve either analytically or via traditional numerical methods. As a companion activity to this handbook, a data repository and information management system is being planned by OSMA. The approaches described in the report will be considered in the development of the inference engine for this system. While not a risk or reliability data source itself, the Bayesian Inference document describes typical sources of generic and NASA-specific
Load more

Recommended publications
  • MAIB Annual Report 2020
    2020 Marine Accident Recommendations and Statistics ANNUAL REPORT ANNUAL H NC RA N B IO GAT TI S INVE T DEN ACCI This document is posted on our website: www.gov.uk/maib Marine Accident Investigation Branch Email: [email protected] RINE First Floor, Spring Place, 105 Commercial Road Telephone: 023 8039 5500 MA Southampton, SO15 1GH United Kingdom 9 June 2021 MARINE ACCIDENT INVESTIGATION BRANCH The Marine Accident Investigation Branch (MAIB) examines and investigates all types of marine accidents to or on board UK vessels worldwide, and other vessels in UK territorial waters. Located in ofices in Southampton, the MAIB is a separate, independent branch within the Department for Transport (DfT). The head of the MAIB, the Chief Inspector of Marine Accidents, reports directly to the Secretary of State for Transport. © Crown copyright 2021 This publication, excluding any logos, may be reproduced free of charge in any format or medium for research, private study or for internal circulation within an organisation. This is subject to it being reproduced accurately and not used in a misleading context. The material must be acknowledged as Crown copyright and the title of the publication specified. Details of third party copyright material may not be listed in this publication. Details should be sought in the corresponding accident investigation report or [email protected] contacted for permission to use. CONTENTS CHIEF INSPECTOR'S STATEMENT 1 PART 1 - 2020: CASUALTY REPORTS TO MAIB 5 Statistical overview 5 Summary of investigations started
    [Show full text]
  • Critical Systems
    Critical Systems ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 3 Slide 1 Objectives ● To explain what is meant by a critical system where system failure can have severe human or economic consequence. ● To explain four dimensions of dependability - availability, reliability, safety and security. ● To explain that, to achieve dependability, you need to avoid mistakes, detect and remove errors and limit damage caused by failure. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 3 Slide 2 Topics covered ● A simple safety-critical system ● System dependability ● Availability and reliability ● Safety ● Security ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 3 Slide 3 Critical Systems ● Safety-critical systems • Failure results in loss of life, injury or damage to the environment; • Chemical plant protection system; ● Mission-critical systems • Failure results in failure of some goal-directed activity; • Spacecraft navigation system; ● Business-critical systems • Failure results in high economic losses; • Customer accounting system in a bank; ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 3 Slide 4 System dependability ● For critical systems, it is usually the case that the most important system property is the dependability of the system. ● The dependability of a system reflects the user’s degree of trust in that system. It reflects the extent of the user’s confidence that it will operate as users expect and that it will not ‘fail’ in normal use. ● Usefulness and trustworthiness are not the same thing. A system does not have to be trusted to be useful. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 3 Slide 5 Importance of dependability ● Systems that are not dependable and are unreliable, unsafe or insecure may be rejected by their users.
    [Show full text]
  • Ask Magazine | 1
    National Aeronautics and Space Administration Academy Sharing Knowledge The NASA Source for Project Management and Engineering Excellence | APPEL SUMMER | 2013 Inside THE KNOWLEDGE MANAGEMENT JOURNEY KSC SWAMP WORKS PREDICTABLE PROJECT SURPRISES gnarta SuhsoJn amrir AoineS, ecroFr i. AS.: Utidero CtohP Utidero AS.: i. ecroFr AoineS, amrir SuhsoJn gnarta ON THE COVER Above Bear Lake, Alaska, the Northern Lights, or aurora borealis, are created by solar radiation entering the atmosphere at the magnetic poles. The appearance of these lights is just one way solar radiation affects us; it can also interfere with NASA missions in low-Earth orbit. To achieve long-duration human spaceflight missions in deeper space, several NASA centers are working to find better safety measures and solutions to protect humans from space radiation. ASK MAGAZINE | 1 Contents 21 5 9 DEPARTMENTS INSIGHTS STORIES 3 9 5 In This Issue Predictable Surprises: Back to the Future: BY DON COHEN Bridging Risk-Perception Gaps KSC Swamp Works BY PEDRO C. RIBEIRO Concerns about BY KERRY ELLIS Kennedy’s new Swamp project-threatening risks are often ignored Works encourages innovation through 4 or unspoken. experimentation and knowledge sharing. From the NASA CKO Our Knowledge Legacy BY ED HOFFMAN 21 13 The Knowledge Management Journey University Capstone Projects: BY EDWARD W. ROGERS Goddard’s CKO Small Investments, Big Rewards 42 reflects on what ten years on the job have BY LAURIE STAUBER Glenn’s partnership The Knowledge Notebook taught him. with universities generates first-rate Big Data—The Latest Organizational space-medicine research. Idea-Movement BY LAURENCE PRUSAK 25 Creating NASA’s Knowledge Map 17 BY MATTHEW KOHUT AND HALEY STEPHENSON One Person’s Mentoring Experience 44 A new online tool helps show who knows BY NATALIE HENRICH The author explains ASK Interactive what at NASA.
    [Show full text]
  • |||GET||| Group Interaction in High Risk Environments 1St Edition
    GROUP INTERACTION IN HIGH RISK ENVIRONMENTS 1ST EDITION DOWNLOAD FREE Rainer Dietrich | 9781351932097 | | | | | Looking for other ways to read this? Computational methods such as resampling and bootstrapping are also used when data are insufficient for direct statistical methods. There is little point in making highly precise computer calculations on numbers that cannot be estimated accurately Group Interaction in High Risk Environments 1st edition. Categories : Underwater diving safety. Thus, the surface-supplied diver is much less likely to have an "out-of-air" emergency than a scuba diver as there are normally two alternative air sources available. Methods for dealing with Group Interaction in High Risk Environments 1st edition risks include Provision for adequate contingencies safety factors for budget and schedule contingencies are discussed in Chapter 6. This genetic substudy included Two Sister Study participants and their parents, and some Sister Study participants who developed incident breast cancer invasive or DCIS before age 50 during the follow-up period. In terms of generalizability, our sample is predominantly non-Hispanic white women, and the results may not apply to other racial or ethnic groups. This third parameter may give some management support by establishing early warning indicators for specific serious risks, which might not otherwise have been established. ROVs may be used together with divers, or without a diver in the water, in which case the risk to the diver associated with the dive is eliminated altogether. Suitable equipment can be selected, personnel can be trained in its use and support provided to manage the foreseeable contingencies. However, taken together, there is the possibility that many of the estimates of these factors would prove to be too optimistic, leading.
    [Show full text]
  • Ten Strategies of a World-Class Cybersecurity Operations Center Conveys MITRE’S Expertise on Accumulated Expertise on Enterprise-Grade Computer Network Defense
    Bleed rule--remove from file Bleed rule--remove from file MITRE’s accumulated Ten Strategies of a World-Class Cybersecurity Operations Center conveys MITRE’s expertise on accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities enterprise- grade of leading Cybersecurity Operations Centers (CSOCs), ranging from their structure and organization, computer MITRE network to processes that best enable effective and efficient operations, to approaches that extract maximum defense Ten Strategies of a World-Class value from CSOC technology investments. This book offers perspective and context for key decision Cybersecurity Operations Center points in structuring a CSOC and shows how to: • Find the right size and structure for the CSOC team Cybersecurity Operations Center a World-Class of Strategies Ten The MITRE Corporation is • Achieve effective placement within a larger organization that a not-for-profit organization enables CSOC operations that operates federally funded • Attract, retain, and grow the right staff and skills research and development • Prepare the CSOC team, technologies, and processes for agile, centers (FFRDCs). FFRDCs threat-based response are unique organizations that • Architect for large-scale data collection and analysis with a assist the U.S. government with limited budget scientific research and analysis, • Prioritize sensor placement and data feed choices across development and acquisition, enteprise systems, enclaves, networks, and perimeters and systems engineering and integration. We’re proud to have If you manage, work in, or are standing up a CSOC, this book is for you. served the public interest for It is also available on MITRE’s website, www.mitre.org. more than 50 years.
    [Show full text]
  • Zero Robotics Tournaments
    Collaborative Competition for Crowdsourcing Spaceflight Software and STEM Education using SPHERES Zero Robotics by Sreeja Nag B.S. Exploration Geophysics, Indian Institute of Technology, Kharagpur, 2009 M.S. Exploration Geophysics, Indian Institute of Technology, Kharagpur, 2009 Submitted to the Department of Aeronautics and Astronautics and the Engineering Systems Division in Partial Fulfillment of the Requirements for the Degrees of Master of Science in Aeronautics and Astronautics and Master of Science in Technology and Policy at the Massachusetts Institute of Technology June 2012 © 2012 Massachusetts Institute of Technology. All rights reserved Signature of Author ____________________________________________________________________ Department of Aeronautics and Astronautics and Engineering Systems Division May 11, 2012 Certified by __________________________________________________________________________ Jeffrey A. Hoffman Professor of Practice in Aeronautics and Astronautics Thesis Supervisor Certified by __________________________________________________________________________ Olivier L. de Weck Associate Professor of Aeronautics and Astronautics and Engineering Systems Thesis Supervisor Accepted by __________________________________________________________________________ Eytan H. Modiano Professor of Aeronautics and Astronautics Chair, Graduate Program Committee Accepted by __________________________________________________________________________ Joel P. Clark Professor of Materials Systems and Engineering Systems Acting Director,
    [Show full text]
  • Service Inquiry Into the Fatal Diving Incident at the National Diving and Activity Centre, Newport on 26 March 2018
    Service Inquiry SERVICE INQUIRY INTO THE FATAL DIVING INCIDENT AT THE NATIONAL DIVING AND ACTIVITY CENTRE, NEWPORT ON 26 MARCH 2018. NSC/SI/01/18 NAVY COMMAND OFFICIAL - SENSITIVE PART 1.1 – COVERING NOTE. NSC/SI/01/18 20 Feb 19 FLEET COMMANDER SERVICE INQUIRY INVESTIGATION INTO THE FATAL DIVING INCIDENT AT THE NATIONAL DIVING AND ACTIVITY CENTRE, NEWPORT ON 26 MARCH 2018. 1. The Service Inquiry Panel assembled at Navy Safety Centre, HMS EXCELLENT on 26 Apr 18 for the purpose of investigating the death of 30122659 LCpl Partridge on 26 Mar 18 and to make recommendations in order to prevent recurrence. The Panel has concluded its inquiries and submits the finalised report for the Convening Authority’s consideration. 2. The following inquiry papers are enclosed: Part 1 REPORT Part 2 RECORD OF PROCEEDINGS Part 1.1 Covering Note and Glossary Part 2.1 Diary of Events Part 1.2 Convening Order and TORs Part 2.2 List of Witnesses Part 1.3 Narrative of Events Part 2.3 Witness Statements Part 1.4 Findings Part 2.4 List of Attendees Part 1.5 Recommendations Part 2.5 List of Exhibits Part 1.6 Convening Authority Comments Part 2.6 Exhibits Part 2.7 List of Annexes Part 2.8 Annexes President Lt Col Army President Diving SI Members Lt Cdr RN Warrant Officer Class 1 Technical Member Diving SME Member 1.1 - 1 NSC/SI/01/18 OFFICIAL - SENSITIVE © Crown Copyright OFFICIAL - SENSITIVE Part 1.1 – Glossary 1. Those technical elements listed below without an explanation here are explained in full when they are first used.
    [Show full text]
  • Evaluating Electrical Distribution Equipment to Determine Replacement Needs
    ASHE Monograph Evaluating Electrical Distribution Equipment to Determine Replacement Needs ASHE Monograph Evaluating Electrical Distribution Equipment to Determine Replacement Needs Krista McDonald Biason, PE © 2013 ASHE American Society for Healthcare Engineering (ASHE) of the American Hospital Association 155 North Wacker Drive, Suite 400 Chicago, IL 60606 312-422-3800 [email protected] www.ashe.org ASHE members can download this monograph from the ASHE website under the Resources tab. Paper copies can be purchased from www.ashestore.com. ASHE catalog #: 055579 About the Author Krista McDonald Biason, PE, is associate vice president of HGA Architects and Engineers in Minneapolis. She focuses on electrical distribution design, specializing in health care facilities, and has designed and implemented numerous electrical infrastructure upgrades. She is a member of Code-Making Panel 13 of the National Fire Protection Association (NFPA) Technical Committee on the National Electrical Code®. NFPA Disclaimer Although Krista Biason is a member of Code-Making Panel 13 of the NFPA Technical Committee on the National Electrical Code®, the views and opinions expressed in this paper are purely those of the author and shall not be considered the official position of NFPA or any of its technical committees. Nor shall it be considered to be, nor be relied upon as, a formal interpretation of any NFPA documents. Readers are encouraged to refer to the entire text of all referenced documents. NFPA members can obtain staff interpretations of NFPA standards at www.nfpa.org. ASHE Disclaimer This document was prepared on a volunteer basis as a contribution to ASHE and is provided by ASHE as a service to its members.
    [Show full text]
  • Design to Fail: Controlling How Machinery and Systems React When Failure Happens
    Designed to Fail Controlling How Machinery and Systems React When Failure Happens Author: Melissa Simpson, P.E., Project Engineer, Envista Forensics Although the phrase “failure is not an option” may be a common philosophy, the prudent engineer will consider the effects of failure and the preferred Highlights outcome in order to mitigate dangerous or undesirable results. Though the • Foundation for Responsible future cannot be predicted with certainty, the certainty of failure is assured. Engineering • Nature of Failures When it comes to the design of machinery or systems, there is a reasonable • Physical vs. Functional Failures expectation for engineers to render a design with careful consideration to • Single Point, Cascade, and operation in both ideal and less-than ideal circumstances. Following industry standards and best practices are implicit in responsible engineering. Widespread Failures • Probability and Possibility of A Foundation for Responsible Engineering Failures • Practical Design Applications There are many large organizations that serve as a foundation for responsible • Anticipating Failure engineering for various industries and applications. For example, the International Code Council (ICC) has developed extensive requirements relevant to the construction of buildings and building systems. In addition, the American Society for Testing and Materials (ASTM), American Petroleum Institute (API), and International Electrotechnical Commission (IEC) have established best practices for the design and construction of raw materials and components. Other organizations have a more unique audience, such as an association for fabricators, manufacturers, or operators, that have publications to address specific concerns regarding failure and safety of a given application relevant to their areas of expertise. Guidelines, recommendations, videos, or case studies may be available that highlight the known risks involved in the design and operation of specific types of machinery.
    [Show full text]
  • MOBILE INTERACTION with SAFETY CRITICAL SYSTEMS: a Feasibility Study
    M¨alardalenUniversity School of Innovation Design and Engineering V¨aster˚as,Sweden Thesis for the Degree of Master of Computer Science with specialization in Embedded Systems 30.0 credits MOBILE INTERACTION WITH SAFETY CRITICAL SYSTEMS: A feasibility study Erik Jonsson [email protected] Examiner: Johan Akerberg˚ M¨alardalenUniversity, V¨aster˚as,Sweden Supervisor: Adnan Causevic M¨alardalenUniversity, V¨aster˚as,Sweden Company supervisor: Markus Wallmyr, Maximatecc, Uppsala, Sweden November 16, 2015 M¨alardalenUniversity Master Thesis Abstract Embedded systems exists everywhere around us and the number of applications seems to be ever growing. They are found in electrical devices from coffee machines to aircrafts. The common denominator is that they are designed for the specific purpose of the application. Some of them are used in safety critical systems where it is crucial that they operate correct and as intended in order to avoid accidents that can harm humans or properties. Meanwhile, general purpose Commercial Off The Shelf (COTS) devices that can be found in the retail store, such as smartphones and tablets, has become a natural part of everyday life in the society. New applications are developed every day that improves everyday living, but numerous are also coupled to specific devices in order to control its functionality. Interaction between embedded systems and the flexible devices do however not come without issues. Security, safety and ethical aspects are some of the issues that should be considered. In this thesis, a case study was performed to investigate the feasibility of using mobile COTS products in interaction with safety critical systems with respect to functional safety.
    [Show full text]
  • Autonomous Robot Control Via Autonomy Levels
    Autonomous Robot Control via Autonomy Levels Lawrence A.M. Bush and Andrew Wang Autonomous systems need to exhibit intelligent In the future, unmanned systems will behaviors while performing complex operations. » gain decision-making intelligence that These systems will be deployed in clusters to enables them to autonomously operate in clusters to perform collaborative tasks. perform collaborative missions with human For successful field deployment of unmanned systems, supervisors. Autonomous systems will take on operators will need confidence that autonomous decision expanded roles, requiring higher-order decision- making leads to optimal behaviors in uncertain environ- making capabilities supporting autonomous ments. Adjustable autonomy technologies, concepts, and simulation environments evaluating teaming behaviors mission planning, resource allocation, route will enable researchers to develop these systems. Net- planning, and scheduling and execution of work and sensing advances have created the opportunity coordinated tasks. for increased mission performance, but at the expense of greater complexity in sensor coordination and analysis. Current unmanned systems are typically teleoperated and are labor intensive, relying on human operators and their decision-making capabilities to perform mission tasks. Today, mission and sensing complexity that are man- aged through increased automation of lower-level func- tions (e.g., mechanical-system controls) help operators focus on higher-level decisions. The lower-order decision- making algorithms under development include those for waypoint following and collision detection and avoidance. Some of these algorithms have been incorporated in oper- ational platforms. Deployment A team of unmanned aerial and ground vehicles might be deployed in a natural disaster relief scenario as depicted in Figure 1. In this example, a major earthquake has dam- aged buildings, roads, and bridges, and disrupted commu- nication, power, and water distribution services.
    [Show full text]
  • Critical Systems
    Critical Systems Adapted from Bruce Hemingway from Ian Summerville CSE 466 1 Objectives To explain what is meant by a critical system where system failure can have severe human or economic consequence. To explain four dimensions of dependability - availability, reliability, safety and security. To explain that, to achieve dependability, you need to avoid mistakes, detect and remove errors and limit damage caused by failure. CSE 466 2 Topics covered A simple safety-critical system System dependability Availability and reliability Safety Security Critical Systems Safety-critical systems Failure results in loss of life, injury or damage to the environment; Chemical plant protection system; Mission-critical systems Failure results in failure of some goal-directed activity; Spacecraft navigation system; Business-critical systems Failure results in high economic losses; Customer accounting system in a bank; CSE 466 4 Reliability regimes Fail-operational systems continue to operate when they fail. Examples: elevators, the gas thermostats in most home furnaces, and passively safe nuclear reactors. Fail-safe systems become safe when they cannot operate. Many medical systems fall into this category. Fail-secure systems maintain maximum security when they can not operate. Example: security doors. Fail-Passive systems a system failure “does no harm”…Example: aircraft autopilots that stop controlling the plane, but won’t steer aircraft in the wrong direction. Fault-tolerant systems avoid service failure when faults are introduced to the system. CSE 466 5 I. System dependability For critical systems, it is usually the case that the most important system property is the dependability of the system. The dependability of a system reflects the user’s degree of trust in that system.
    [Show full text]