Fine Grain Modeling of Task Deviations for Assessing Qualitatively the Impact of Both System Failures and Human Error on Operator Performance

International audienceOperators of critical interactive systems are trained and qualified before being allowed to operate critical systems in “real” contexts. However, during operation, things might happen differently from during training sessions as system failures may occur and operators may make errors when interacting with the system. Both events may also be cross-related as a misunderstanding of a system failure can lead to an erroneous subsequent operation.The proposed approach focuses on assessing the impact that potential failures and/or human errors may have on human performance. This analysis targets the design and development phases of the system, when user tasks are analyzed in order to build the right system (i.e. corresponding to the users’ needs and activities they have to perform on the system). We use a task modeling notation for describing precisely operators’ activities as well as information, knowledge and objects required for performing these activities. These task models are then augmented into several variants through integration of potential system failure patterns (with associated recovery tasks) and human error patterns. The produced deviated task models are used to assess the impact of the task deviation on the operators’ performance

Robustness For Protection Envelopes with Respect to Human Task Variation

Abstract-Safety critical systems can suffer severe and even fatal consequences due to aberrant behavior of human operators. Human operators are unique in their decision making capability, judgment and nondeterminism. There is a need for analyzing the interactions among computer systems and human operators where the operators are allowed to deviate from their prescribed behaviors for executing a task. In this paper we wish to examine the ability of a system to remain safe under broad classes of variations of the prescribed human task. To facilitate this concept we consider the concept of a protection envelope giving a wider class of behaviors than strictly prescribed by the human task while providing guarantees of restrictions on human operator to the system. We develop methods for addressing two issues. The first issue is: given a human task specification and a protection envelope, will the protection envelope properties still hold under standard variations as described by Hollnagel [10]. The second issue is: in the absence of a protection envelope, can we approximate a protection envelope that will at least have the property of being robust against the aforementioned variations. We present methodology and tool for assisting in this regard