Expert Elicitation for Reliable System Design

This paper reviews the role of expert judgement to support reliability assessments within the systems engineering design process. Generic design processes are described to give the context and a discussion is given about the nature of the reliability assessments required in the different systems engineering phases. It is argued that, as far as meeting reliability requirements is concerned, the whole design process is more akin to a statistical control process than to a straightforward statistical problem of assessing an unknown distribution. This leads to features of the expert judgement problem in the design context which are substantially different from those seen, for example, in risk assessment. In particular, the role of experts in problem structuring and in developing failure mitigation options is much more prominent, and there is a need to take into account the reliability potential for future mitigation measures downstream in the system life cycle. An overview is given of the stakeholders typically involved in large scale systems engineering design projects, and this is used to argue the need for methods that expose potential judgemental biases in order to generate analyses that can be said to provide rational consensus about uncertainties. Finally, a number of key points are developed with the aim of moving toward a framework that provides a holistic method for tracking reliability assessment through the design process.Comment: This paper commented in: [arXiv:0708.0285], [arXiv:0708.0287], [arXiv:0708.0288]. Rejoinder in [arXiv:0708.0293]. Published at http://dx.doi.org/10.1214/088342306000000510 in the Statistical Science (http://www.imstat.org/sts/) by the Institute of Mathematical Statistics (http://www.imstat.org

Towards Automating the Construction & Maintenance of Attack Trees: a Feasibility Study

Security risk management can be applied on well-defined or existing systems; in this case, the objective is to identify existing vulnerabilities, assess the risks and provide for the adequate countermeasures. Security risk management can also be applied very early in the system's development life-cycle, when its architecture is still poorly defined; in this case, the objective is to positively influence the design work so as to produce a secure architecture from the start. The latter work is made difficult by the uncertainties on the architecture and the multiple round-trips required to keep the risk assessment study and the system architecture aligned. This is particularly true for very large projects running over many years. This paper addresses the issues raised by those risk assessment studies performed early in the system's development life-cycle. Based on industrial experience, it asserts that attack trees can help solve the human cognitive scalability issue related to securing those large, continuously-changing system-designs. However, big attack trees are difficult to build, and even more difficult to maintain. This paper therefore proposes a systematic approach to automate the construction and maintenance of such big attack trees, based on the system's operational and logical architectures, the system's traditional risk assessment study and a security knowledge database.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Requirements for software engineering languages

This paper analyzes the concepts of software construction embodied in the Draco system. The analysis relates specific mechanisms in Draco to particular software engineering (SE) principles and suggests future research needed to extend the approach. The purpose of the analysis is to help researchers understand Draco better and thus be able to direct in productive directions future research on this type of software engineering tool

An autonomous satellite architecture integrating deliberative reasoning and behavioural intelligence

This paper describes a method for the design of autonomous spacecraft, based upon behavioral approaches to intelligent robotics. First, a number of previous spacecraft automation projects are reviewed. A methodology for the design of autonomous spacecraft is then presented, drawing upon both the European Space Agency technological center (ESTEC) automation and robotics methodology and the subsumption architecture for autonomous robots. A layered competency model for autonomous orbital spacecraft is proposed. A simple example of low level competencies and their interaction is presented in order to illustrate the methodology. Finally, the general principles adopted for the control hardware design of the AUSTRALIS-1 spacecraft are described. This system will provide an orbital experimental platform for spacecraft autonomy studies, supporting the exploration of different logical control models, different computational metaphors within the behavioral control framework, and different mappings from the logical control model to its physical implementation

A problem structuring method for ecosystem-based management : the DPSIR modelling process

The purpose of this paper is to learn from Complex Adaptive Systems (CAS) theory to inform the development of Problem Structuring Methods (PSMs) both in general and in the specific context of marine management. The focus on marine management is important because it is concerned with a CAS (formed through the interconnection between natural systems, designed systems and social systems) which exemplifies their particularly ‘wicked' nature. Recognition of this compels us to take seriously the need to develop tools for knowledge elicitation and structuring which meet the demands of CAS. In marine management, chief among those tools is the DPSIR (Drivers - Pressures - State Changes - Impacts - Responses) model and, although widely applied, the extent to which it is appropriate for dealing with the demands of a CAS is questionable. Such questioning is particularly pertinent in the context of the marine environment where there is a need to not only recognise a broad range of stakeholders (a question of boundary critique) but also to manage competing knowledge (economic, local and scientific) and value claims. Hence this paper emphasises how a CAS perspective might add impetus to the development of a critical perspective on DPSIR and PSM theory and practice to promote a more systemic view of decision-making and policy development

Matrix management for aerospace 2000

The martix management approach to program management is an organized effort for attaining program objectives by defining and structuring all elements so as to form a single system whose parts are united by interaction. The objective of the systems approach is uncompromisingly complete coverage of the program management endeavor. Starting with an analysis of the functions necessary to carry out a given program, a model must be defined; a matrix of responsibility assignment must be prepared; and each operational process must be examined to establish how it is to be carried out and how it relates to all other processes

Structuring Decisions Under Deep Uncertainty

Innovative research on decision making under ‘deep uncertainty’ is underway in applied fields such as engineering and operational research, largely outside the view of normative theorists grounded in decision theory. Applied methods and tools for decision support under deep uncertainty go beyond standard decision theory in the attention that they give to the structuring of decisions. Decision structuring is an important part of a broader philosophy of managing uncertainty in decision making, and normative decision theorists can both learn from, and contribute to, the growing deep uncertainty decision support literature