A controlled experiment for the empirical evaluation of safety analysis techniques for safety-critical software

Context: Today's safety critical systems are increasingly reliant on software. Software becomes responsible for most of the critical functions of systems. Many different safety analysis techniques have been developed to identify hazards of systems. FTA and FMEA are most commonly used by safety analysts. Recently, STPA has been proposed with the goal to better cope with complex systems including software. Objective: This research aimed at comparing quantitatively these three safety analysis techniques with regard to their effectiveness, applicability, understandability, ease of use and efficiency in identifying software safety requirements at the system level. Method: We conducted a controlled experiment with 21 master and bachelor students applying these three techniques to three safety-critical systems: train door control, anti-lock braking and traffic collision and avoidance. Results: The results showed that there is no statistically significant difference between these techniques in terms of applicability, understandability and ease of use, but a significant difference in terms of effectiveness and efficiency is obtained. Conclusion: We conclude that STPA seems to be an effective method to identify software safety requirements at the system level. In particular, STPA addresses more different software safety requirements than the traditional techniques FTA and FMEA, but STPA needs more time to carry out by safety analysts with little or no prior experience.Comment: 10 pages, 1 figure in Proceedings of the 19th International Conference on Evaluation and Assessment in Software Engineering (EASE '15). ACM, 201

Space program: Space debris a potential threat to Space Station and shuttle

Experts estimate that more than 3.5 million man-made objects are orbiting the earth. These objects - space debris - include whole and fragmentary parts of rocket bodies and other discarded equipment from space missions. About 24,500 of these objects are 1 centimeter across or larger. A 1-centimeter man-made object travels in orbit at roughly 22,000 miles per hour. If it hit a spacecraft, it would do about the same damage as would a 400-pound safe traveling at 60 miles per hour. The Government Accounting Office (GAO) reviews NASA's plans for protecting the space station from debris, the extent and precision of current NASA and Defense Department (DOD) debris-tracking capabilities, and the extent to which debris has already affected shuttle operations. GAO recommends that the space debris model be updated, and that the findings be incorporated into the plans for protecting the space station from such debris. GAO further recommends that the increased risk from debris to the space shuttle operations be analyzed

Improved orbit predictions using two-line elements

The density of orbital space debris constitutes an increasing environmental challenge. There are three ways to alleviate the problem: debris mitigation, debris removal and collision avoidance. This paper addresses collision avoidance, by describing a method that contributes to achieving a requisite increase in orbit prediction accuracy. Batch least-squares differential correction is applied to the publicly available two-line element (TLE) catalog of space objects. Using a high-precision numerical propagator, we fit an orbit to state vectors derived from successive TLEs. We then propagate the fitted orbit further forward in time. These predictions are compared to precision ephemeris data derived from the International Laser Ranging Service (ILRS) for several satellites, including objects in the congested sun-synchronous orbital region. The method leads to a predicted range error that increases at a typical rate of 100 meters per day, approximately a 10-fold improvement over TLE's propagated with their associated analytic propagator (SGP4). Corresponding improvements for debris trajectories could potentially provide initial conjunction analysis sufficiently accurate for an operationally viable collision avoidance system. We discuss additional optimization and the computational requirements for applying all-on-all conjunction analysis to the whole TLE catalog, present and near future. Finally, we outline a scheme for debris-debris collision avoidance that may become practicable given these developments.Comment: Submitted to Advances in Space Research. 13 pages, 4 figure

Orbital Debris-Debris Collision Avoidance

We focus on preventing collisions between debris and debris, for which there is no current, effective mitigation strategy. We investigate the feasibility of using a medium-powered (5 kW) ground-based laser combined with a ground-based telescope to prevent collisions between debris objects in low-Earth orbit (LEO). The scheme utilizes photon pressure alone as a means to perturb the orbit of a debris object. Applied over multiple engagements, this alters the debris orbit sufficiently to reduce the risk of an upcoming conjunction. We employ standard assumptions for atmospheric conditions and the resulting beam propagation. Using case studies designed to represent the properties (e.g. area and mass) of the current debris population, we show that one could significantly reduce the risk of nearly half of all catastrophic collisions involving debris using only one such laser/telescope facility. We speculate on whether this could mitigate the debris fragmentation rate such that it falls below the natural debris re-entry rate due to atmospheric drag, and thus whether continuous long-term operation could entirely mitigate the Kessler syndrome in LEO, without need for relatively expensive active debris removal.Comment: 13 pages, 8 figures. Accepted for publication in Advances in Space Researc

Threat perception while viewing single intruder conflicts on a cockpit display of traffic information

Subjective estimates of the threat posed by a single intruder aircraft were determined by showing pilots photographs of a cockpit display of traffic information. The time the intruder was away from the point of minimum separation was found to be the major determinant of the perception of threat. When asked to choose a maneuver to reduce the conflict, pilots selected maneuvers with a bias toward those that would have kept the intruders in sight had they been visible out the cockpit window