Reliability Assessment of Legacy Safety-Critical Systems Upgraded with Fault-Tolerant Off-the-Shelf Software

This paper presents a new way of applying Bayesian assessment to systems, which consist of many components. Full Bayesian inference with such systems is problematic, because it is computationally hard and, far more seriously, one needs to specify a multivariate prior distribution with many counterintuitive dependencies between the probabilities of component failures. The approach taken here is one of decomposition. The system is decomposed into partial views of the systems or part thereof with different degrees of detail and then a mechanism of propagating the knowledge obtained with the more refined views back to the coarser views is applied (recalibration of coarse models). The paper describes the recalibration technique and then evaluates the accuracy of recalibrated models numerically on contrived examples using two techniques: u-plot and prequential likelihood, developed by others for software reliability growth models. The results indicate that the recalibrated predictions are often more accurate than the predictions obtained with the less detailed models, although this is not guaranteed. The techniques used to assess the accuracy of the predictions are accurate enough for one to be able to choose the model giving the most accurate prediction

Preliminary space mission design under uncertainty

This paper proposes a way to model uncertainties and to introduce them explicitly in the design process of a preliminary space mission. Traditionally, a system margin approach is used in order to take the min to account. In this paper, Evidence Theory is proposed to crystallise the inherent uncertainties. The design process is then formulated as an optimisation under uncertainties(OUU). Three techniques are proposed to solve the OUU problem: (a) an evolutionary multi-objective approach, (b) a step technique consisting of maximising the belief for different levels of performance, and (c) a clustering method that firstly identifies feasible regions.The three methods are applied to the Bepi Colombo mission and their effectiveness at solving the OUU problem are compared

Large Area Crop Inventory Experiment (LACIE). Level 3 baseline; Yield Estimation Subsystem (YES) requirements, volume 3, revision A

There are no author-identified significant results in this report

Validation and Verification of Future Integrated Safety-Critical Systems Operating under Off-Nominal Conditions

Loss of control remains one of the largest contributors to aircraft fatal accidents worldwide. Aircraft loss-of-control accidents are highly complex in that they can result from numerous causal and contributing factors acting alone or (more often) in combination. Hence, there is no single intervention strategy to prevent these accidents and reducing them will require a holistic integrated intervention capability. Future onboard integrated system technologies developed for preventing loss of vehicle control accidents must be able to assure safe operation under the associated off-nominal conditions. The transition of these technologies into the commercial fleet will require their extensive validation and verification (V and V) and ultimate certification. The V and V of complex integrated systems poses major nontrivial technical challenges particularly for safety-critical operation under highly off-nominal conditions associated with aircraft loss-of-control events. This paper summarizes the V and V problem and presents a proposed process that could be applied to complex integrated safety-critical systems developed for preventing aircraft loss-of-control accidents. A summary of recent research accomplishments in this effort is also provided

Control technology overview in CSI

A brief control technology overview is given in Control Structures Interaction (CSI) by illustrating that many future NASA mission present significant challenges as represented by missions having a significantly increased number of important system states which may require control and by identifying key CSI technology needs. The JPL CSI related technology developments are discussed to illustrate that some of the identified control needs are being pursued. Since experimental confirmation of the assumptions inherent in the CSI technology is critically important to establishing its readiness for space program applications, the areas of ground and flight validation require high priority

Large Deployable Reflector (LDR) system concept and technology definition study. Volume 2: Technology assessment and technology development plan

A study was conducted to define reasonable and representative LDR system concepts for the purpose of defining a technology development program aimed at providing the requisite technological capability necessary to start LDR development by the end of 1991. This volume presents thirteen technology assessments and technology development plans, as well as an overview and summary of the LDR concepts. Twenty-two proposed augmentation projects are described (selected from more than 30 candidates). The five LDR technology areas most in need of supplementary support are: cryogenic cooling; astronaut assembly of the optically precise LDR in space; active segmented primary mirror; dynamic structural control; and primary mirror contamination control. Three broad, time-phased, five-year programs were synthesized from the 22 projects, scheduled, and funding requirements estimated

Fault detection and diagnosis in HVAC systems using analytical models

Faults that develop in the heat exchanger subsystems in air-conditioning installations can lead to increased energy costs and jeopardise thermal comfort. The sensor and control signals associated with these systems contain potentially valuable information about the condition of the system, and energy management and control systems are able to monitor and store these signals. In practice, the only checks made are to verify set-points are being maintained and that certain critical variables remain within predetermined limits. This approach may allow the detection of certain abrupt or catastrophic faults, but degradation faults often remain undetected until their effects become quite severe. This thesis investigates the appropriateness of using mathematical models to track the development of degradation faults. An approach is developed, which is based on the use of analytical models in conjunction with a recursive parameter estimation algorithm. A subset of the parameters of the models, which are closely related to faults, is estimated recursively. Significant deviations in the values of the estimated parameters from nominal values, which represent `correct operation', are used as an indication that the system has developed a fault. The extent of the deviation from the nominal values is used as an estimate of the degree of fault. This thesis develops the theory and examines the robustness of the parameter estimator using simulation-based testing. Results are also presented from testing the fault detection and diagnosis scheme with data obtained from a simulated air-conditioning system and from a full size test installation

Model-based condition monitoring of a HVAC cooling coil sub-system in a real building

A comparison of the performance of two fault detection and diagnosis methods applied to a cooling coil subsystem in an air-handling unit installed in a real building is presented. Both methods employ a rst principles based reference model of the target system. One scheme carries out diagnosis using expert rules and the other recursively re-estimates selected parameters of the system model that correspond to particular faults. The procedures and information required to con- gure the schemes for condition monitoring are discussed. The results of testing the methods on an HVAC cooling coil subsystem in a commercial of ce building in the UK over an entire cooling season are reported. Both methods were able to both detect faults and provide some diagnosis. The expert rule method, however, appears to be more robust. Issues associated with the con guration and implementation of both methods are discussed in terms of performance and cost

Framework for a space shuttle main engine health monitoring system

A framework developed for a health management system (HMS) which is directed at improving the safety of operation of the Space Shuttle Main Engine (SSME) is summarized. An emphasis was placed on near term technology through requirements to use existing SSME instrumentation and to demonstrate the HMS during SSME ground tests within five years. The HMS framework was developed through an analysis of SSME failure modes, fault detection algorithms, sensor technologies, and hardware architectures. A key feature of the HMS framework design is that a clear path from the ground test system to a flight HMS was maintained. Fault detection techniques based on time series, nonlinear regression, and clustering algorithms were developed and demonstrated on data from SSME ground test failures. The fault detection algorithms exhibited 100 percent detection of faults, had an extremely low false alarm rate, and were robust to sensor loss. These algorithms were incorporated into a hierarchical decision making strategy for overall assessment of SSME health. A preliminary design for a hardware architecture capable of supporting real time operation of the HMS functions was developed. Utilizing modular, commercial off-the-shelf components produced a reliable low cost design with the flexibility to incorporate advances in algorithm and sensor technology as they become available