Survey of Human Models for Verification of Human-Machine Systems

We survey the landscape of human operator modeling ranging from the early cognitive models developed in artificial intelligence to more recent formal task models developed for model-checking of human machine interactions. We review human performance modeling and human factors studies in the context of aviation, and models of how the pilot interacts with automation in the cockpit. The purpose of the survey is to assess the applicability of available state-of-the-art models of the human operators for the design, verification and validation of future safety-critical aviation systems that exhibit higher-level of autonomy, but still require human operators in the loop. These systems include the single-pilot aircraft and NextGen air traffic management. We discuss the gaps in existing models and propose future research to address them

Model-Based Analysis of User Behaviors in Medical Cyber-Physical Systems

Human operators play a critical role in various Cyber-Physical System (CPS) domains, for example, transportation, smart living, robotics, and medicine. The rapid advancement of automation technology is driving a trend towards deep human-automation cooperation in many safety-critical applications, making it important to explicitly consider user behaviors throughout the system development cycle. While past research has generated extensive knowledge and techniques for analyzing human-automation interaction, in many emerging applications, it remains an open challenge to develop quantitative models of user behaviors that can be directly incorporated into the system-level analysis. This dissertation describes methods for modeling different types of user behaviors in medical CPS and integrating the behavioral models into system analysis. We make three main contributions. First, we design a model-based analysis framework to evaluate, improve, and formally verify the robustness of generic (i.e., non-personalized) user behaviors that are typically driven by rule-based clinical protocols. We conceptualize a data-driven technique to predict safety-critical events at run-time in the presence of possible time-varying process disturbances. Second, we develop a methodology to systematically identify behavior variables and functional relationships in healthcare applications. We build personalized behavior models and analyze population-level behavioral patterns. Third, we propose a sequential decision filtering technique by leveraging a generic parameter-invariant test to validate behavior information that may be measured through unreliable channels, which is a practical challenge in many human-in-the-loop applications. A unique strength of this validation technique is that it achieves high inter-subject consistency despite uncertain parametric variances in the physiological processes, without needing any individual-level tuning. We validate the proposed approaches by applying them to several case studies

Model-based operator guidance in interactive, semi-automated production processes

This contribution focuses on the task of guiding and supervision of technical processes realized by human operators. The review of publications of the last decades discloses that especially technical processes with strong interconnection of human operator and manufacturing process are not adequately addressed by the evolved automation approaches. Integrating human process knowledge and experience into the resulting automation system is still a major concern. Besides the introduction of automation in a handcrafting process that is increasing the overall system complexity, the design of the human-machine interface to the automation system is of central importance. Within this thesis, the trade-off between manual manufacturing and automation is addressed by a semi-automation approach. The application example is the no-bake molding process, a mold manufacturing process for casts that is traditionally handmade. Within this process the human operator plays a central role (i.e. knowledge and expertise), whereas the (intelligent) automation is carrying out physical operation, which is guided and supervised by the human operator. This is achieved by experimentally identified quality representing process variables that allow for in-process feedback to the human operator. Process guiding assistance is given using a formalization approach of the human-automation-interaction. By deducing situative information of interest from the resulting human-automation-system model with respect to the current process goal, the established process model is used for supervision and assistance of the overall process. The design of the human-machine-interface is based on a detailed analysis of the handcrafted process and is realized as a direct, intuitively usable, marker-based interaction technique. The integrated human-automation-system and the corresponding human-machine-interface with process guidance assistance functionality is initially evaluated. The results are discussed for the future work with respect to the individual, human operator-specific process understanding and process reproducibility.Diese Arbeit befasst sich mit Fachkraftaufgaben in der Führung und Überwachung von technischen Prozessen. Die Übersicht der Publikationen der letzten Jahrzehnte eröffnet, dass insbesondere technische Prozesse mit enger Verknüpfung von Mensch und Herstellungsprozess bei den entwickelten Automatisierungsansätzen nicht hinreichend berücksichtigt werden. Die Integration von Prozesswissen und -erfahrung in das resultierende Automatisierungssystem bleibt eine offene Fragestellung. Neben der Einführung von Automation in Handarbeitsprozesse, die die Komplexität des Gesamtsystems erhöhen, ist die Gestaltung der Mensch-Maschine-Schnittstelle zum Automatisierungssystem von zentraler Bedeutung. Der Konflikt zwischen Handarbeit und Automatisierung wird in dieser Arbeit durch die Einführung einer Teilautomatisierung gelöst. Das Anwendungsbeispiel ist das Kaltharzverfahren, ein traditionell in Handarbeit bewältigter Herstellungsprozess für Gussformen. In diesem Prozess spielt die Fachkraft eine zentrale Rolle (z. B. durch ihr Prozesswissen und ihre Expertise), während die (intelligente) Automatisierung –geführt und überwacht durch die Fachkraft– anfallende physische Aktionen ausführt. Dies wird durch experimentell ermit- telte qualitäts-beschreibende Prozessgrößen erreicht, die eine in-prozess Rückführung zum Bedienpersonal ermöglichen. Prozessführungsassistenz ist basierend auf die Formalisierung der Mensch-Automation-Interaktion gegeben. Durch die Bestimmung von situativen Informationen hoher Wichtigkeit aus dem resultierenden Mensch-Automation-System Modell bezogen auf das aktuelle Prozessziel, wird das bestehende Prozessmodell zur Überwachung und Prozessführungsassistenz des Gesamtprozesses genutzt. Die Gestaltung der Mensch-Maschine-Schnittstelle basiert auf einer detaillierten Analyse des Handarbeitsprozesses und ist als direkte, intuitiv bedienbare, markerbasierte Interaktionstechnik realisiert. Das integrierte Mensch-Automation-System sowie die zugehörige Mensch-Maschine-Schnittstelle inklusive Prozessführungsassistenzfunktionen wurden initial evaluiert. Die erzielten Ergebnisse werden hinsichtlich des individuellen, fachkraftabhängigen Prozesswissens und der Reproduzierbarkeit für den Ausblick diskutiert

The uses of process modeling : a framework for understanding modeling formalisms

There is wide-spread recognition of the urgent need to improve software processes in order to improve the performance of software organizations. Process models are essential in achieving understanding and visibility of processes and are important for other uses including the analysis of processes for improvement. It has been increasingly difficult to compare and evaluate the variety of process modeling formalisms that have appeared in recent years without a clear understanding of precisely for what they will be used. The contribution of this paper is to provide an understanding and a fairly comprehensive catalog of the applications of process modeling for which formalisms may be used. The primary mechanism for doing this is a guided tour of the literature on process modeling supplemented by recent industrial experience. In the paper, basic definitions concerning processes, process descriptions and process modeling are reviewed and then uses of process modeling are surveyed under the following headings: communication among process participants, construction of new processes, control of processes, process· analysis, and process support by automation. Comments are offered on paradigms for process modeling formalisms and directions for future work to permit evolution of a discipline of process engineering are given

A Language-centered Approach to support environmental modeling with Cellular Automata

Die Anwendung von Methodiken und Technologien aus dem Bereich der Softwaretechnik auf den Bereich der Umweltmodellierung ist eine gemeinhin akzeptierte Vorgehensweise. Im Rahmen der "modellgetriebenen Entwicklung"(MDE, model-driven engineering) werden Technologien entwickelt, die darauf abzielen, Softwaresysteme vorwiegend auf Basis von im Vergleich zu Programmquelltexten relativ abstrakten Modellen zu entwickeln. Ein wesentlicher Bestandteil von MDE sind Techniken zur effizienten Entwicklung von "domänenspezifischen Sprachen"( DSL, domain-specific language), die auf Sprachmetamodellen beruhen. Die vorliegende Arbeit zeigt, wie modellgetriebene Entwicklung, und insbesondere die metamodellbasierte Beschreibung von DSLs, darüber hinaus Aspekte der Pragmatik unterstützen kann, deren Relevanz im erkenntnistheoretischen und kognitiven Hintergrund wissenschaftlichen Forschens begründet wird. Hierzu wird vor dem Hintergrund der Erkenntnisse des "modellbasierten Forschens"(model-based science und model-based reasoning) gezeigt, wie insbesondere durch Metamodelle beschriebene DSLs Möglichkeiten bieten, entsprechende pragmatische Aspekte besonders zu berücksichtigen, indem sie als Werkzeug zur Erkenntnisgewinnung aufgefasst werden. Dies ist v.a. im Kontext großer Unsicherheiten, wie sie für weite Teile der Umweltmodellierung charakterisierend sind, von grundsätzlicher Bedeutung. Die Formulierung eines sprachzentrierten Ansatzes (LCA, language-centered approach) für die Werkzeugunterstützung konkretisiert die genannten Aspekte und bildet die Basis für eine beispielhafte Implementierung eines Werkzeuges mit einer DSL für die Beschreibung von Zellulären Automaten (ZA) für die Umweltmodellierung. Anwendungsfälle belegen die Verwendbarkeit von ECAL und der entsprechenden metamodellbasierten Werkzeugimplementierung.The application of methods and technologies of software engineering to environmental modeling and simulation (EMS) is common, since both areas share basic issues of software development and digital simulation. Recent developments within the context of "Model-driven Engineering" (MDE) aim at supporting the development of software systems at the base of relatively abstract models as opposed to programming language code. A basic ingredient of MDE is the development of methods that allow the efficient development of "domain-specific languages" (DSL), in particular at the base of language metamodels. This thesis shows how MDE and language metamodeling in particular, may support pragmatic aspects that reflect epistemic and cognitive aspects of scientific investigations. For this, DSLs and language metamodeling in particular are set into the context of "model-based science" and "model-based reasoning". It is shown that the specific properties of metamodel-based DSLs may be used to support those properties, in particular transparency, which are of particular relevance against the background of uncertainty, that is a characterizing property of EMS. The findings are the base for the formulation of an corresponding specific metamodel- based approach for the provision of modeling tools for EMS (Language-centered Approach, LCA), which has been implemented (modeling tool ECA-EMS), including a new DSL for CA modeling for EMS (ECAL). At the base of this implementation, the applicability of this approach is shown

Proceedings of the First NASA Formal Methods Symposium

Topics covered include: Model Checking - My 27-Year Quest to Overcome the State Explosion Problem; Applying Formal Methods to NASA Projects: Transition from Research to Practice; TLA+: Whence, Wherefore, and Whither; Formal Methods Applications in Air Transportation; Theorem Proving in Intel Hardware Design; Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering; Model Checking for Autonomic Systems Specified with ASSL; A Game-Theoretic Approach to Branching Time Abstract-Check-Refine Process; Software Model Checking Without Source Code; Generalized Abstract Symbolic Summaries; A Comparative Study of Randomized Constraint Solvers for Random-Symbolic Testing; Component-Oriented Behavior Extraction for Autonomic System Design; Automated Verification of Design Patterns with LePUS3; A Module Language for Typing by Contracts; From Goal-Oriented Requirements to Event-B Specifications; Introduction of Virtualization Technology to Multi-Process Model Checking; Comparing Techniques for Certified Static Analysis; Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder; jFuzz: A Concolic Whitebox Fuzzer for Java; Machine-Checkable Timed CSP; Stochastic Formal Correctness of Numerical Algorithms; Deductive Verification of Cryptographic Software; Coloured Petri Net Refinement Specification and Correctness Proof with Coq; Modeling Guidelines for Code Generation in the Railway Signaling Context; Tactical Synthesis Of Efficient Global Search Algorithms; Towards Co-Engineering Communicating Autonomous Cyber-Physical Systems; and Formal Methods for Automated Diagnosis of Autosub 6000

Human-Intelligence and Machine-Intelligence Decision Governance Formal Ontology

Since the beginning of the human race, decision making and rational thinking played a pivotal role for mankind to either exist and succeed or fail and become extinct. Self-awareness, cognitive thinking, creativity, and emotional magnitude allowed us to advance civilization and to take further steps toward achieving previously unreachable goals. From the invention of wheels to rockets and telegraph to satellite, all technological ventures went through many upgrades and updates. Recently, increasing computer CPU power and memory capacity contributed to smarter and faster computing appliances that, in turn, have accelerated the integration into and use of artificial intelligence (AI) in organizational processes and everyday life. Artificial intelligence can now be found in a wide range of organizational systems including healthcare and medical diagnosis, automated stock trading, robotic production, telecommunications, space explorations, and homeland security. Self-driving cars and drones are just the latest extensions of AI. This thrust of AI into organizations and daily life rests on the AI community’s unstated assumption of its ability to completely replicate human learning and intelligence in AI. Unfortunately, even today the AI community is not close to completely coding and emulating human intelligence into machines. Despite the revolution of digital and technology in the applications level, there has been little to no research in addressing the question of decision making governance in human-intelligent and machine-intelligent (HI-MI) systems. There also exists no foundational, core reference, or domain ontologies for HI-MI decision governance systems. Further, in absence of an expert reference base or body of knowledge (BoK) integrated with an ontological framework, decision makers must rely on best practices or standards that differ from organization to organization and government to government, contributing to systems failure in complex mission critical situations. It is still debatable whether and when human or machine decision capacity should govern or when a joint human-intelligence and machine-intelligence (HI-MI) decision capacity is required in any given decision situation. To address this deficiency, this research establishes a formal, top level foundational ontology of HI-MI decision governance in parallel with a grounded theory based body of knowledge which forms the theoretical foundation of a systemic HI-MI decision governance framework

The Road to General Intelligence

Humans have always dreamed of automating laborious physical and intellectual tasks, but the latter has proved more elusive than naively suspected. Seven decades of systematic study of Artificial Intelligence have witnessed cycles of hubris and despair. The successful realization of General Intelligence (evidenced by the kind of cross-domain flexibility enjoyed by humans) will spawn an industry worth billions and transform the range of viable automation tasks.The recent notable successes of Machine Learning has lead to conjecture that it might be the appropriate technology for delivering General Intelligence. In this book, we argue that the framework of machine learning is fundamentally at odds with any reasonable notion of intelligence and that essential insights from previous decades of AI research are being forgotten. We claim that a fundamental change in perspective is required, mirroring that which took place in the philosophy of science in the mid 20th century. We propose a framework for General Intelligence, together with a reference architecture that emphasizes the need for anytime bounded rationality and a situated denotational semantics. We given necessary emphasis to compositional reasoning, with the required compositionality being provided via principled symbolic-numeric inference mechanisms based on universal constructions from category theory. • Details the pragmatic requirements for real-world General Intelligence. • Describes how machine learning fails to meet these requirements. • Provides a philosophical basis for the proposed approach. • Provides mathematical detail for a reference architecture. • Describes a research program intended to address issues of concern in contemporary AI. The book includes an extensive bibliography, with ~400 entries covering the history of AI and many related areas of computer science and mathematics.The target audience is the entire gamut of Artificial Intelligence/Machine Learning researchers and industrial practitioners. There are a mixture of descriptive and rigorous sections, according to the nature of the topic. Undergraduate mathematics is in general sufficient. Familiarity with category theory is advantageous for a complete understanding of the more advanced sections, but these may be skipped by the reader who desires an overall picture of the essential concepts This is an open access book

Model-Based Testing of Off-Nominal Behaviors

Off-nominal behaviors (ONBs) are unexpected or unintended behaviors that may be exhibited by a system. They can be caused by implementation and documentation errors and are often triggered by unanticipated external stimuli, such as unforeseen sequences of events, out of range data values, or environmental issues. System specifications typically focus on nominal behaviors (NBs), and do not refer to ONBs or their causes or explain how the system should respond to them. In addition, untested occurrences of ONBs can compromise the safety and reliability of a system. This can be very dangerous in mission- and safety-critical systems, like spacecraft, where software issues can lead to expensive mission failures, injuries, or even loss of life. In order to ensure the safety of the system, potential causes for ONBs need to be identified and their handling in the implementation has to be verified and documented. This thesis describes the development and evaluation of model-based techniques for the identification and documentation of ONBs. Model-Based Testing (MBT) techniques have been used to provide automated support for thorough evaluation of software behavior. In MBT, models are used to describe the system under test (SUT) and to derive test cases for that SUT. The thesis is divided into two parts. The first part develops and evaluates an approach for the automated generation of MBT models and their associated test infrastructure. The test infrastructure is responsible for executing the generated test cases of the models. The models and the test infrastructure are generated from manual test cases for web-based systems, using a set of heuristic transformation rules and leveraging the structured nature of the SUT. This improvement to the MBT process was motivated by three case studies of MBT that we conducted that evaluate MBT in terms of its effectiveness and efficiency for identifying ONBs. Our experience led us to develop automated approaches to model and test-infrastructure creation, since these were some of the most time-consuming tasks associated with MBT. The second part of the thesis presents a framework and associated tooling for the extraction and analysis of specifications for identifying and documenting ONBs. The framework infers behavioral specifications in the form of system invariants from automatically generated test data using data-mining techniques (e.g. association-rule mining). The framework follows an iterative test -> infer -> instrument -> retest paradigm, where the initial invariants are refined with additional test data. This work shows how the scalability and accuracy of the resulting invariants can be improved with the help of static data- and control-flow analysis. Other improvements include an algorithm that leverages the iterative process to accurately infer invariants from variables with continuous values. Our evaluations of the framework have shown the utility of such automatically generated invariants as a means for updating and completing system specifications; they also are useful as a means of understanding system behavior including ONBs