Discussion on complexity and TCAS indicators for coherent safety net transitions

Transition between Separation Management in ATM and Collision Avoidance constitutes a source of potential risks due to non-coherent detection and resolution clearances between them. To explore an operational integration between these two safety nets, a complexity metric tailored for both Separation Management and Collision Avoidance, based on the intrinsic complexity, is proposed. To establish the framework to compare the complexity metric with current Collision Avoidance detection metrics, a basic pair-wise encounter model has been considered. Then, main indicators for horizontal detection of TCAS, i.e. tau and taumod, have been contrasted with the complexity metric. A simple method for determining the range locus for specific TCAS tau values, depending on relative speeds and encounter angles, was defined. In addition, range values when detection thresholds were infringed have been found to be similar, as well as its sensitivity to relative angles. Further work should be conducted for establishing a framework for the evaluation and validation of this complexity metric. This paper defines basic principles for an extended evaluation, including multi-encounter scenarios and longer look ahead times

Compositional abstraction and safety synthesis using overlapping symbolic models

In this paper, we develop a compositional approach to abstraction and safety synthesis for a general class of discrete time nonlinear systems. Our approach makes it possible to define a symbolic abstraction by composing a set of symbolic subsystems that are overlapping in the sense that they can share some common state variables. We develop compositional safety synthesis techniques using such overlapping symbolic subsystems. Comparisons, in terms of conservativeness and of computational complexity, between abstractions and controllers obtained from different system decompositions are provided. Numerical experiments show that the proposed approach for symbolic control synthesis enables a significant complexity reduction with respect to the centralized approach, while reducing the conservatism with respect to compositional approaches using non-overlapping subsystems

Automating allocation of development assurance levels: An extension to HiP-HOPS

Controlling the allocation of safety requirements across a system's architecture from the early stages of development is an aspiration embodied in numerous major safety standards. Manual approaches of applying this process in practice are ineffective due to the scale and complexity of modern electronic systems. In the work presented here, we aim to address this issue by presenting an extension to the dependability analysis and optimisation tool, HiP-HOPS, which allows automatic allocation of such requirements. We focus on aerospace requirements expressed as Development Assurance Levels (DALs); however, the proposed process and algorithms can be applied to other common forms of expression of safety requirements such as Safety Integrity Levels. We illustrate application to a model of an aircraft wheel braking system

Safe Sequential Path Planning Under Disturbances and Imperfect Information

Multi-UAV systems are safety-critical, and guarantees must be made to ensure no unsafe configurations occur. Hamilton-Jacobi (HJ) reachability is ideal for analyzing such safety-critical systems; however, its direct application is limited to small-scale systems of no more than two vehicles due to an exponentially-scaling computational complexity. Previously, the sequential path planning (SPP) method, which assigns strict priorities to vehicles, was proposed; SPP allows multi-vehicle path planning to be done with a linearly-scaling computational complexity. However, the previous formulation assumed that there are no disturbances, and that every vehicle has perfect knowledge of higher-priority vehicles' positions. In this paper, we make SPP more practical by providing three different methods to account for disturbances in dynamics and imperfect knowledge of higher-priority vehicles' states. Each method has different assumptions about information sharing. We demonstrate our proposed methods in simulations.Comment: American Control Conference, 201

A Model-based transformation process to validate and implement high-integrity systems

Despite numerous advances, building High-Integrity Embedded systems remains a complex task. They come with strong requirements to ensure safety, schedulability or security properties; one needs to combine multiple analysis to validate each of them. Model-Based Engineering is an accepted solution to address such complexity: analytical models are derived from an abstraction of the system to be built. Yet, ensuring that all abstractions are semantically consistent, remains an issue, e.g. when performing model checking for assessing safety, and then for schedulability using timed automata, and then when generating code. Complexity stems from the high-level view of the model compared to the low-level mechanisms used. In this paper, we present our approach based on AADL and its behavioral annex to refine iteratively an architecture description. Both application and runtime components are transformed into basic AADL constructs which have a strict counterpart in classical programming languages or patterns for verification. We detail the benefits of this process to enhance analysis and code generation. This work has been integrated to the AADL-tool support OSATE2

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt

Preliminary human safety assessment (PHSA) for the improvement of the behavioral aspects of safety climate in the construction industry

Occupational safety in the construction industry still represents a relevant problem at a global level. In fact, the complexity of working activities in this sector requires a comprehensive approach that goes beyond normative compliance to guarantee safer working conditions. In particular, empirical research on the factors influencing the unsafe behavior of workers needs to be augmented. Thus, the relationship between human factors and safety management issues following a bottom-up approach was investigated. In particular, an easy-to-use procedure that can be used to better address workers' safety needs augmenting the company's safety climate and supporting safety management issues was developed. Such an approach, based on the assessment of human reliability factors, was verified in a real case study concerning the users of concrete mixer trucks. The results showed that the majority of human failures were action and retrieval errors, underlining the importance of theoretical and practical training programs as a means to improve safety behavior. In such a context, information and communication activities also resulted beneficially to augment the company's safety climate. The proposed approach, despite its qualitative nature, allows a clearer understanding of workers' perceptions of hazards and their risk-taking behavior, providing practical cues to monitor and improve the behavioral aspects of safety climate. Hence, these first results can contribute to augmenting safety knowledge in the construction industry, providing a basis for further investigations on the causalities related to human performances, which are considered a key element in the prevention of accidents