design and analysis of safety critical systems
play

Design and Analysis of Safety Critical Systems Peter Seiler and Bin - PowerPoint PPT Presentation

Aug 02, 2023 •247 likes •796 views

Design and Analysis of Safety Critical Systems Peter Seiler and Bin Hu Department of Aerospace Engineering & Mechanics University of

  1. � ��������� � ���������� ��� � �������� Design and Analysis of Safety Critical Systems Peter Seiler and Bin Hu Department of Aerospace Engineering & Mechanics University of Minnesota September 30, 2013

  2. � ��������� � ���������� ��� � �������� Uninhabited Aerial Systems (UAS) Flight Research (UMN UAV Lab) Public Safety (AeroVironment) http://www.uav.aem.umn.edu/ Emergency Response (NASA/JPL) Agricultural Monitoring 2

  3. � ��������� � ���������� ��� � �������� Design Challenges for Low-Cost UAS Human Factors Guidance and Controls Navigation Modeling/System Identification Safety Critical Software 3

  4. � ��������� � ���������� ��� � �������� Design Challenges for Low-Cost UAS Systems Design and Reliability 4

  5. � ��������� � ���������� ��� � �������� Recent Policy Changes Increased reliability needed to integrate UAS into the national airspace 5

  6. � ��������� � ���������� ��� � �������� Outline • Existing design techniques in commercial aviation • Analytical redundancy is rarely used • Certification issues • Tools for Systems Design and Certification • Motivation for model-based fault detection and isolation (FDI) • Extended fault trees • Stochastic false alarm and missed detection analysis • Conclusions and future work 6

  7. � ��������� � ���������� ��� � �������� Outline • Existing design techniques in commercial aviation • Analytical redundancy is rarely used • Certification issues • Tools for Systems Design and Certification • Motivation for model-based fault detection and isolation (FDI) • Extended fault trees • Stochastic false alarm and missed detection analysis • Conclusions and future work 7

  8. � ��������� � ���������� ��� � �������� Commercial Fly-by-Wire Boeing 787-8 Dreamliner 210-250 seats • • Length=56.7m, Wingspan=60.0m • Range < 15200km, Speed< M0.89 • First Composite Airliner • Honeywell Flight Control Electronics Boeing 777-200 • 301-440 seats Length=63.7m, Wingspan=60.9m • • Range < 17370km, Speed< M0.89 Boeing’s 1 st Fly-by-Wire Aircraft • • Ref: Y.C. Yeh, “Triple-triple redundant 777 primary flight computer,” 1996. 8

  9. � ��������� � ���������� ��� � �������� 777 Primary Flight Control Surfaces [Yeh, 96] • Advantages of fly-by-wire: • Increased performance (e.g. reduced drag with smaller rudder), increased functionality (e.g. “soft” envelope protection), reduced weight, lower recurring costs, and possibility of sidesticks. • Issues: Strict reliability requirements • <10 -9 catastrophic failures/hr • No single point of failure 9

  10. � ��������� � ���������� ��� � �������� Classical Feedback Diagram Pilot Primary Inputs Actuators Flight Computer Sensors Reliable implementation of this classical feedback loop adds many layers of complexity. 10

  11. � ��������� � ���������� ��� � �������� Triplex Control System Architecture Actuators Sensors Actuator Each ACE votes on redundant Control actuator commands Electronics Pilot Column All data communicated Inputs on redundant data buses Primary Each PFC votes on redundant sensor/pilot inputs Flight Computer 11

  12. � ��������� � ���������� ��� � �������� 777 Triple-Triple Architecture [Yeh, 96] Triple-Triple Databus Sensors Actuator Electronics Primary Flight x3 x3 x4 Computers 12

  13. � ��������� � ���������� ��� � �������� 777 Triple-Triple Architecture [Yeh, 96] Left PFC INTEL AMD MOTOROLA Triple-Triple Databus Sensors Actuator Electronics Primary Flight x3 x3 x4 Computers 13

  14. � ��������� � ���������� ��� � �������� Redundancy Management • Main Design Requirements: • < 10 -9 catastrophic failures per hour • No single point of failure • Must protect against random and common-mode failures • Basic Design Techniques • Hardware redundancy to protect against random failures • Dissimilar hardware / software to protect against common-mode failures • Voting: To choose between redundant sensor/actuator signals • Encryption: To prevent data corruption by failed components • Monitoring: Software/Hardware monitoring testing to detect latent faults • Operating Modes: Degraded modes to deal with failures • Equalization to handle unstable / marginally unstable control laws • Model-based design and implementation for software 14

  15. � ��������� � ���������� ��� � �������� Redundancy Management • Main Design Requirements: • < 10 -9 catastrophic failures per hour • No single point of failure • Must protect against random and common-mode failures • Basic Design Techniques • Hardware redundancy to protect against random failures • Dissimilar hardware / software to protect against common-mode failures • Voting: To choose between redundant sensor/actuator signals • Encryption: To prevent data corruption by failed components • Monitoring: Software/Hardware monitoring testing to detect latent faults • Operating Modes: Degraded modes to deal with failures • Equalization to handle unstable / marginally unstable control laws • Model-based design and implementation for software 15

  16. � ��������� � ���������� ��� � �������� Outline • Existing design techniques in commercial aviation • Analytical redundancy is rarely used • Certification issues • Tools for Systems Design and Certification • Motivation for model-based fault detection and isolation (FDI) • Extended fault trees • Stochastic false alarm and missed detection analysis • Conclusions and future work 16

  17. � ��������� � ���������� ��� � �������� Analytical Redundancy Small UASs cannot support the weight associated with physical redundancy. Approach: Use model-based or data- driven techniques to detect faults. Parity-equation architecture (Wilsky) 17

  18. � ��������� � ���������� ��� � �������� Analytical Redundancy Small UASs cannot support the weight associated with physical redundancy. Approach: Use model-based or data- driven techniques to detect faults. Research Objectives: • Hardware, models, data (Freeman, Balas) • Advanced filter design • Tools for systems design, analysis and certification Parity-equation architecture (Wilsky) 18

  19. � ��������� � ���������� ��� � �������� Analytical Redundancy Small UASs cannot support the weight associated with physical redundancy. Approach: Use model-based or data- driven techniques to detect faults. Research Objectives: • Hardware, models, data (Freeman, Balas) • Advanced filter design • Tools for systems design, analysis and certification Parity-equation architecture (Wilsky) 19

  20. � ��������� � ���������� ��� � �������� Tools for Systems Design and Certification Diagram Reference: R. Isermann. Fault-Diagnosis Systems: An Introduction from Fault Detection to Fault Tolerance. Springer-Verlag, 2006. 20

  21. � ��������� � ���������� ��� � �������� Tools for Systems Design and Certification Why are new tools required? Example: Fault Tree Analysis Diagram Reference: R. Isermann. Fault-Diagnosis Systems: An Introduction from Fault Detection to Fault Tolerance. Springer-Verlag, 2006. 21

  22. � ��������� � ���������� ��� � �������� Fault Tree Analysis 22

  23. � ��������� � ���������� ��� � �������� Fault Tree Analysis Probability of hardware component failure can be estimated from field data. 23

  24. � ��������� � ���������� ��� � �������� Fault Tree Analysis Probability of hardware component failure can be estimated from field data. Model-based fault detection introduces new failure models (false alarms, missed detections, etc.) 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI Mechanized Analysis: 1

433 views • 20 slides
Safety-critical systems design: the TASTE tool-chain Julien Delange

Safety-critical systems design: the TASTE tool-chain Julien Delange

Safety-critical systems design: the TASTE tool-chain Julien Delange &lt;julien.delange@esa.int&gt; Maxime Perrotin &lt;maxime.perrotin@esa.int&gt; 1 High-integrity software constraints Real-Time determinism Safety &amp; security

692 views • 22 slides
Representing Design Tradeoffs in Safety-Critical Systems Jennifer Morris, Philip Kooman

Representing Design Tradeoffs in Safety-Critical Systems Jennifer Morris, Philip Kooman

Representing Design Tradeoffs in Safety-Critical Systems Jennifer Morris, Philip Kooman [jenmorris, koopman]@cmu.edu ECE Department, Carnegie Mellon University ICSE WADS 2005 May 17, 2005 Motivation Increased reliance on software in

409 views • 12 slides
attachment I: FOOD SAFETY MANAGEMENT SYSTEMS 1 HACCP HAZARD ANALYSIS AND CRITICAL CONTROL

attachment I: FOOD SAFETY MANAGEMENT SYSTEMS 1 HACCP HAZARD ANALYSIS AND CRITICAL CONTROL

attachment I: FOOD SAFETY MANAGEMENT SYSTEMS 1 HACCP HAZARD ANALYSIS AND CRITICAL CONTROL POINTS 2 1. Introduction The HACCP System is designed to control the production process and is based on principles and preventive concepts. It

1.8k views • 142 slides
Safety Analysis of Systems Aaron R. Bradley Stanford University Safety Analysis of Systems

Safety Analysis of Systems Aaron R. Bradley Stanford University Safety Analysis of Systems

Safety Analysis of Systems Aaron R. Bradley Stanford University Safety Analysis of Systems 1/39 Why Analyze Systems? Two trends: increasing prominence in controlling and decision-making roles rising complexity (multi-core

1.16k views • 86 slides
API 17V - Recommended Practice for Analysis, Design, Installation and Testing of Safety Systems for

API 17V - Recommended Practice for Analysis, Design, Installation and Testing of Safety Systems for

API 17V - Recommended Practice for Analysis, Design, Installation and Testing of Safety Systems for Subsea Applications Christopher Curran BSEE Workshop January 2014 Context Historically have used API 14C Advances in subsea developments

351 views • 6 slides
Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems design Marc Pantel and many others IRIT - ACADIE ENSEEIHT - INPT - Universit de Toulouse Institute of Cybernetics Institute Tallinn

1.58k views • 110 slides
C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering

C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering

C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering GmbH guenter.obiltschnig@appinf.com A life-critical system or safety-critical system is a system whose failure or malfunction may result in: &gt;

899 views • 87 slides
Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Assurance For Safety Critical IA Systems 1 Introduction Increasing

557 views • 18 slides
Clearsy Provides safety critical systems and softwares Fersil is the railway activity of

Clearsy Provides safety critical systems and softwares Fersil is the railway activity of

Clearsy Provides safety critical systems and softwares Fersil is the railway activity of Clearsy Clearsy Provides safety critical sytems SIL2 to SIL4 Provides safety critical softwares SIL2 to SIL4 Uses the B formal method to

490 views • 13 slides
Certification and qualification concerns in the development of safety critical systems Ricardo

Certification and qualification concerns in the development of safety critical systems Ricardo

Safe MDE concerns Certification and Qualification Application to Code generation tools Application to Static analysis tools Certification and qualification concerns in the development of safety critical systems Ricardo Bedin-Frana,

621 views • 61 slides
Design of a mobile, safety-critical in-hospital glucose management system 1

Design of a mobile, safety-critical in-hospital glucose management system 1

Design of a mobile, safety-critical in-hospital glucose management system 1 08/2011 Bernhard HLL a, , Stephan SPAT a , Johannes PLANK b , Lukas SCHAUPP b , Katharina NEUBAUER b , Peter BECK a , Franco

253 views • 13 slides
U-233, U-235 AND PU-239 Criticality Safety Analysis Nhu Thuy Tran and Eugene Masala NCSD 2013

U-233, U-235 AND PU-239 Criticality Safety Analysis Nhu Thuy Tran and Eugene Masala NCSD 2013

SUB-CRITICAL MASS DETERMINATION FOR CYLINDRICAL SYSTEMS OF U-233, U-235 AND PU-239 Criticality Safety Analysis Nhu Thuy Tran and Eugene Masala NCSD 2013 Wilmington, NC Criticality Safety in the Modern Era: Raising the Bar UNRESTRICTED /

559 views • 19 slides
CDR - Critical Design Review 1 Agenda Launch Vehicle Recovery Overview Subscale

CDR - Critical Design Review 1 Agenda Launch Vehicle Recovery Overview Subscale

49er Rocketry Team The University of North Carolina at Charlotte CDR - Critical Design Review 1 Agenda Launch Vehicle Recovery Overview Subscale Flight Analysis Payload Safety Project Plan The University of

1.11k views • 72 slides
Proposed Australian design standard and installer certification for safety- critical anchors to

Proposed Australian design standard and installer certification for safety- critical anchors to

22/05/2015 Proposed Australian design standard and installer certification for safety- critical anchors to concrete - David J Heath - Ramil Crisolo www.aefac.org.au 1 D ISCLAIMER These seminar notes have been prepared for general information

629 views • 32 slides
Pierre Dissaux AADL Demo Day Arlington, 28 Oct 2019 Critical Software Design tools (HOOD)

Pierre Dissaux AADL Demo Day Arlington, 28 Oct 2019 Critical Software Design tools (HOOD)

Pierre Dissaux AADL Demo Day Arlington, 28 Oct 2019 Critical Software Design tools (HOOD) Eurofighter Typhoon Tiger Airbus A350 Real-Time, Safety and Security modeling and analysis tools (AADL) software early design verification AADL

497 views • 11 slides
= arg min t (could be Maximum Likelihood) AUTOMATIC CONTROL AUTOMATIC CONTROL

= arg min t (could be Maximum Likelihood) AUTOMATIC CONTROL AUTOMATIC CONTROL

The Problem 2(47) Nonlinear System Identification: A Palette from Tunn: measurement; Tjock: simulation 5 y 1 0 5 0 1 2 3 4 5 6 7 8 9 10 0.5 Off-white to Pit-black y 2 0 0.5 0.5 0 1 2 3 4 5 6 7 8 9 10 y 3 0

435 views • 12 slides
Numerical Zoom and Domain Decomposition http://www.ann.jussieu.fr/pironneau Olivier Pironneau 1 1

Numerical Zoom and Domain Decomposition http://www.ann.jussieu.fr/pironneau Olivier Pironneau 1 1

Numerical Zoom and Domain Decomposition http://www.ann.jussieu.fr/pironneau Olivier Pironneau 1 1 University of Paris VI, Laboratoire J.-L. Lions, Olivier.Pironneau@upmc.fr with J.-B. Apoung Kamga, H. Hecht, A. Lozinski Olivier Pironneau (LJLL)

1.03k views • 33 slides
Improving the Quality of Supervised Finite-State Machine Construction Using Real-Valued Variables

Improving the Quality of Supervised Finite-State Machine Construction Using Real-Valued Variables

Improving the Quality of Supervised Finite-State Machine Construction Using Real-Valued Variables Igor Buzhinsky, Daniil Chivilikhin, Vladimir Ulyantsev, Fedor Tsarev Master student (20132015) ITMO University Computer Technologies

734 views • 24 slides
Real-Time Operating Systems COMS W4995-02 Prof. Stephen A. Edwards Fall 2002 Columbia

Real-Time Operating Systems COMS W4995-02 Prof. Stephen A. Edwards Fall 2002 Columbia

Real-Time Operating Systems COMS W4995-02 Prof. Stephen A. Edwards Fall 2002 Columbia University Department of Computer Science What is an Operating System? Provides environment for executing programs: Process abstraction for

537 views • 38 slides
Communication systems for vehicle electronics Presentation overview Background automotive

Communication systems for vehicle electronics Presentation overview Background automotive

Communication systems for vehicle electronics Communication systems for vehicle electronics Presentation overview Background automotive electronics as an application area for real-time communication Real time protocols LIN Local

724 views • 38 slides
Vietoris-Rips Complexes of Regular Polygons Samir Chowdhury Adam Jaffe The Ohio State University

Vietoris-Rips Complexes of Regular Polygons Samir Chowdhury Adam Jaffe The Ohio State University

Vietoris-Rips Complexes of Regular Polygons Samir Chowdhury Adam Jaffe The Ohio State University Stanford University Joint work with Henry Adams (Colorado State University) Bonginkosi Sibanda (Brown University) January 13, 2018 AMS Special

741 views • 40 slides
Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Object Oriented Software Development Naufal F. Setiawan School of Computing and Information Systems University of Melbourne Workshop 5 Object Oriented Software Development Keywords What does it mean for a

612 views • 25 slides
Fast and Accurate Inference of PlackettLuce Models Lucas Maystre , Matthias Grossglauser LCA

Fast and Accurate Inference of PlackettLuce Models Lucas Maystre , Matthias Grossglauser LCA

Fast and Accurate Inference of PlackettLuce Models Lucas Maystre , Matthias Grossglauser LCA 4, EPFL Swiss Machine Learning Day November 10 th , 2015 1 Outline 1. Introduction to PlackettLuce models 2. Model inference : state of the

276 views • 26 slides

More recommend