Fine Grain Modeling of Task Deviations for Assessing Qualitatively the Impact of Both System Failures and Human Error on Operator Performance

International audienceOperators of critical interactive systems are trained and qualified before being allowed to operate critical systems in “real” contexts. However, during operation, things might happen differently from during training sessions as system failures may occur and operators may make errors when interacting with the system. Both events may also be cross-related as a misunderstanding of a system failure can lead to an erroneous subsequent operation.The proposed approach focuses on assessing the impact that potential failures and/or human errors may have on human performance. This analysis targets the design and development phases of the system, when user tasks are analyzed in order to build the right system (i.e. corresponding to the users’ needs and activities they have to perform on the system). We use a task modeling notation for describing precisely operators’ activities as well as information, knowledge and objects required for performing these activities. These task models are then augmented into several variants through integration of potential system failure patterns (with associated recovery tasks) and human error patterns. The produced deviated task models are used to assess the impact of the task deviation on the operators’ performance

Evaluating humanhuman communication protocols with miscommunication generation and model checking

Abstract. Human-human communication is critical to safe operations in domains such as air transportation where airlines develop and train pilots on communication procedures with the goal to ensure that they check that verbal air traffic clearances are correctly heard and executed. Such communication protocols should be designed to be robust to miscommunication. However, they can fail in ways unanticipated by designers. In this work, we present a method for modeling human-human communication protocols using the Enhanced Operator Function Model with Communications (EOFMC), a task analytic modeling formalism that can be interpreted by a model checker. We describe how miscommunications can be generated from instantiated EOFMC models of human-human communication protocols. Using an air transportation example, we show how model checking can be used to evaluate if a given protocol will ensure successful communication. Avenues of future research are explored

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Systematic Model-based Design Assurance and Property-based Fault Injection for Safety Critical Digital Systems

With advances in sensing, wireless communications, computing, control, and automation technologies, we are witnessing the rapid uptake of Cyber-Physical Systems across many applications including connected vehicles, healthcare, energy, manufacturing, smart homes etc. Many of these applications are safety-critical in nature and they depend on the correct and safe execution of software and hardware that are intrinsically subject to faults. These faults can be design faults (Software Faults, Specification faults, etc.) or physically occurring faults (hardware failures, Single-event-upsets, etc.). Both types of faults must be addressed during the design and development of these critical systems. Several safety-critical industries have widely adopted Model-Based Engineering paradigms to manage the design assurance processes of these complex CPSs. This thesis studies the application of IEC 61508 compliant model-based design assurance methodology on a representative safety-critical digital architecture targeted for the Nuclear power generation facilities. The study presents detailed experiences and results to demonstrate the benefits of Model testing in finding design flaws and its relevance to subsequent verification steps in the workflow. Additionally, to study the impact of physical faults on the digital architecture we develop a novel property-based fault injection method that overcomes few deficiencies of traditional fault injection methods. The model-based fault injection approach presented here guarantees high efficiency and near-exhaustive input/state/fault space coverage, by utilizing formal model checking principles to identify fault activation conditions and prove the fault tolerance features. The fault injection framework facilitates automated integration of fault saboteurs throughout the model to enable exhaustive fault location coverage in the model

Making intelligent systems team players: Case studies and design issues. Volume 1: Human-computer interaction design

Initial results are reported from a multi-year, interdisciplinary effort to provide guidance and assistance for designers of intelligent systems and their user interfaces. The objective is to achieve more effective human-computer interaction (HCI) for systems with real time fault management capabilities. Intelligent fault management systems within the NASA were evaluated for insight into the design of systems with complex HCI. Preliminary results include: (1) a description of real time fault management in aerospace domains; (2) recommendations and examples for improving intelligent systems design and user interface design; (3) identification of issues requiring further research; and (4) recommendations for a development methodology integrating HCI design into intelligent system design

Towards a simulation-based medical education platform for PVSio-web

Interface design flaws are often at the root cause of use errors in medical devices. Medical incidents are seldom reported, thus hindering the understanding of the incident contributing factors. Moreover, when dealing with a use error, both novices and expert users often blame themselves for insufficient knowledge rather than acknowledge deficiencies in the device. Simulation-Based Medical Education (SBME) platforms can provide appropriate training to professionals, especially if the right incentives to keep training are in place. In this paper, we present a new SBME, particularly targeted at training interaction with medical devices such as ventilators and infusion pumps. Our SBME functions as a game mode of the PVSio-web, a graphical environment for design, evaluation, and simulation of interactive (human-computer) systems. An analytical evaluation of our current implementation is provided, by comparing the features on our SBME with a set of requirements for game-based medical simulators retrieved from the literature. By being developed in a free, open source platform, our SBME is highly accessible and can be easily adapted to specific use cases, such a specific hospital with a defined set of medical devices.Jose Campos work was supported by project "NORTE-01-0145-FEDER-000016" financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF). Carlos Silva work was supported by grant no. POCI-01-0145-FEDER-031943, co-financed by COMPETE2020 under the PT2020 programme, and supported by FEDER. The authors wish to thank Paolo Masci, developer of PVSio-web, for extensive support and input

Survivability modeling for cyber-physical systems subject to data corruption

Cyber-physical critical infrastructures are created when traditional physical infrastructure is supplemented with advanced monitoring, control, computing, and communication capability. More intelligent decision support and improved efficacy, dependability, and security are expected. Quantitative models and evaluation methods are required for determining the extent to which a cyber-physical infrastructure improves on its physical predecessors. It is essential that these models reflect both cyber and physical aspects of operation and failure. In this dissertation, we propose quantitative models for dependability attributes, in particular, survivability, of cyber-physical systems. Any malfunction or security breach, whether cyber or physical, that causes the system operation to depart from specifications will affect these dependability attributes. Our focus is on data corruption, which compromises decision support -- the fundamental role played by cyber infrastructure. The first research contribution of this work is a Petri net model for information exchange in cyber-physical systems, which facilitates i) evaluation of the extent of data corruption at a given time, and ii) illuminates the service degradation caused by propagation of corrupt data through the cyber infrastructure. In the second research contribution, we propose metrics and an evaluation method for survivability, which captures the extent of functionality retained by a system after a disruptive event. We illustrate the application of our methods through case studies on smart grids, intelligent water distribution networks, and intelligent transportation systems. Data, cyber infrastructure, and intelligent control are part and parcel of nearly every critical infrastructure that underpins daily life in developed countries. Our work provides means for quantifying and predicting the service degradation caused when cyber infrastructure fails to serve its intended purpose. It can also serve as the foundation for efforts to fortify critical systems and mitigate inevitable failures --Abstract, page iii

Probabilistic model-checking of collaborative robots: a human injury assessment in agricultural applications

Current technology has made it possible to automate a number of agricultural processes that were traditionally carried out by humans and now can be entirely performed by robotic platforms. However, there are certain tasks like soft fruit harvesting, where human skills are still required. In this case, the robot's job is to cooperate/collaborate with human workers to alleviate their physical workload and improve the harvesting efficiency. To accomplish that in a safe and reliable way, the robot should incorporate a safety system whose main goal is to reduce the risk of harming human co-workers during close human-robot interaction (HRI). In this context, this paper presents a theoretical study, addressing the safety risks of using collaborative robots in agricultural scenarios, especially in HRI situations when the robot's safety system is not completely reliable and a component may fail. The agricultural scenarios discussed in this paper include automatic harvesting, logistics operations, crop monitoring, and plant treatment using UV-C light. A human injury assessment is conducted based on converting the HRI in each agricultural scenario into a formal mathematical representation. This representation is later implemented in a probabilistic model-checking tool. We then use this tool to perform a sensitivity analysis that allows us to determine the probability that a human may get injured according to the occurrence of failures in the robot's safety system. The probabilistic modeling methodology presented in this work can be used by safety engineers as a guideline to construct their own HRI models and then use the results of the model-checking to enhance the safety and reliability of their robot's safety system architectures

A formal approach to discovering simultaneous additive masking between auditory medical alarms

publisher: Elsevier articletitle: A formal approach to discovering simultaneous additive masking between auditory medical alarms journaltitle: Applied Ergonomics articlelink: http://dx.doi.org/10.1016/j.apergo.2016.07.008 content_type: article copyright: © 2016 Elsevier Ltd. All rights reserved