An application of multiattribute decision analysis to the Space Station Freedom program. Case study: Automation and robotics technology evaluation

The results are described of an application of multiattribute analysis to the evaluation of high leverage prototyping technologies in the automation and robotics (A and R) areas that might contribute to the Space Station (SS) Freedom baseline design. An implication is that high leverage prototyping is beneficial to the SS Freedom Program as a means for transferring technology from the advanced development program to the baseline program. The process also highlights the tradeoffs to be made between subsidizing high value, low risk technology development versus high value, high risk technology developments. Twenty one A and R Technology tasks spanning a diverse array of technical concepts were evaluated using multiattribute decision analysis. Because of large uncertainties associated with characterizing the technologies, the methodology was modified to incorporate uncertainty. Eight attributes affected the rankings: initial cost, operation cost, crew productivity, safety, resource requirements, growth potential, and spinoff potential. The four attributes of initial cost, operations cost, crew productivity, and safety affected the rankings the most

Managing Complexity with the Department of Defense Architecture Framework: Development of a Dynamic System Architecture Model

Architecture frameworks are tools for managing system complexity by structuring data in a common language and format. By characterizing the form, function, and rules governing systems, architecture frameworks serve as a communication tool to stakeholder communities with different views of the system and facilitate comparative evaluation across architectures. The goal of this research is to explore the applicability of architecture frameworks to the study of emergent properties of satellites. The U.S. Department of Defense Architecture Framework was selected to achieve this goal given its orientation towards technical systems in contrast to the majority of architecture frameworks focused on business enterprises. Although developed by military planners in the 1990’s to support the acquisition of interoperable information systems, the Department of Defense Architecture Framework can be used to connect operational concepts and capabilities to the technical architecture of any system. While the views of the Department of Defense Architecture Framework are well-defined, little guidance is provided on how the views are to be constructed. Vitech Corporation’s software program CORE,® a systems engineering modeling tool with the ability rapidly to produce architecture views from a common data repository, was employed to complete Department of Defense Architecture Frameworks for the Hubble Space Telescope. Upon characterizing Hubble within this common structure, the value of the Department of Defense Architecture Framework for conducting dynamic quantitative analyses of system architectures was explored. A methodology is proposed and tested for evaluating human and robotic architectures for on-orbit servicing—the extension of the useful life of spacecraft through refueling, upgrading, repair, relocation, et al. In particular, a multi-year servicing campaign is modeled for Hubble including behavioral threads that characterize the Orbiting Observatory, servicing architecture, and science customers. Preliminary results indicate that, when coupled with an executable model, the Department of Defense Architecture Framework can be utilized for dynamic quantitative evaluation of space system architectures. The paper concludes with lessons learned from using the Department of Defense Architecture Framework and proposes improvements for the application of its static views to model-based systems engineering

A GENERAL FRAMEWORK FOR CHARACTERIZING AND EVALUATING ATTACKER MODELS FOR CPS SECURITY ASSESSMENT

Characterizing the attacker’s perspective is essential to assessing the security posture and resilience of cyber-physical systems. The attacker’s perspective is most often achieved by cyber-security experts (e.g., red teams) who critically challenge and analyze the system from an adversarial stance. Unfortunately, the knowledge and experience of cyber-security experts can be inconsistent leading to situations where there are gaps in the security assessment of a given system. Structured security review processes (such as TAM, Mission Aware, STPA-SEC, and STPA-SafeSec) attempt to standardize the review processes to impart consistency across an organization or application domain. However, with most security review processes, the attackers’ perspectives are ad hoc and often lack structure. Attacker modeling is a potential solution but there is a lack of uniformity in published literature and a lack of structured methods to integrate the attacker perspective into established security review processes. This dissertation proposes a generalized framework for characterizing and evaluating attacker models for CPS security assessment. We developed this framework from a structured literature survey on attacker model characteristics which we used to create an ontology of attacker models from a context of security assessment. This generalized framework facilitates the characterization and functional representation of attacker models, leveraged in a novel scalable integration workflow. This workflow leverages an intermediate functional representation module to integrate attacker models into a security review process. In conclusion, we demonstrate the efficacy of our attacker modeling framework through a use case in which we integrate an attacker model into an established security review process

A compositional method for reliability analysis of workflows affected by multiple failure modes

We focus on reliability analysis for systems designed as workflow based compositions of components. Components are characterized by their failure profiles, which take into account possible multiple failure modes. A compositional calculus is provided to evaluate the failure profile of a composite system, given failure profiles of the components. The calculus is described as a syntax-driven procedure that synthesizes a workflows failure profile. The method is viewed as a design-time aid that can help software engineers reason about systems reliability in the early stage of development. A simple case study is presented to illustrate the proposed approach