Verification Guided Refinement of Flight Safety Assessment and Management System for Takeoff

Peer Reviewedhttps://deepblue.lib.umich.edu/bitstream/2027.42/140668/1/1.i010408.pd

Flight Safety Assessment and Management.

This dissertation develops a Flight Safety Assessment and Management (FSAM) system to mitigate aircraft loss of control risk. FSAM enables switching between the pilot/nominal autopilot system and a complex flight control system that can potentially recover from high risk situations but can be hard to certify. FSAM monitors flight conditions for high risk situations and selects the appropriate control authority to prevent or recover from loss of control. The pilot/nominal autopilot system is overridden only when necessary to avoid loss of control. FSAM development is pursued using two approaches. First, finite state machines are manually prescribed to manage control mode switching. Constructing finite state machines for FSAM requires careful consideration of possible exception events, but provides a computationally-tractable and verifiable means of realizing FSAM. The second approach poses FSAM as an uncertain reasoning based decision theoretic problem using Markov Decision Processes (MDP), offering a less tedious knowledge engineering process at the cost of computational overhead. Traditional and constrained MDP formulations are presented. Sparse sampling approaches are also explored to obtain suboptimal solutions to FSAM MDPs. MDPs for takeoff and icing-related loss of control events are developed and evaluated. Finally, this dissertation applies verification techniques to ensure that finite state machine or MDP policies satisfy system requirements. Counterexamples obtained from verification techniques aid in FSAM refinement. Real world aviation accidents are used as case studies to evaluate FSAM formulations. This thesis contributes decision making and verification frameworks to realize flight safety assessment and management capabilities. Novel flight envelopes and state abstractions are prescribed to aid decision making.PhDAerospace EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/133348/1/swee_1.pd

Flight Safety Assessment and Management for Takeoff Using Deterministic Moore Machines

Peer Reviewedhttps://deepblue.lib.umich.edu/bitstream/2027.42/140667/1/1.i010350.pd

Markov Decision Process Framework for Flight Safety Assessment and Management

Peer Reviewedhttps://deepblue.lib.umich.edu/bitstream/2027.42/143068/1/1.G001743.pd

Helicopter Flight Operational Quality Assurance (HFOQA): Development of HFOQA Analysis Software

Flight Operational Quality Assurance (FOQA), or Flight Data Monitoring (FDM), has benefited flight safety in both fixed-wing and helicopter operations. The relative youth of FOQA programs has resulted in their minimal application among the helicopter fleets of the world; thus, Helicopter FOQA (HFOQA) has merited consolidation and expansion. This mixed methods design developed HFOQA analysis software via a blend of the qualitative data from helicopter and FOQA experts with quantitative data represented by a sample of de-identified digital flight data from 1,014 helicopter flights. Development of the software emphasized three domains of interest: (a) helicopter flight phases; (b) helicopter operational and maintenance events; and (c) helicopter event-related and safety/efficiency flight profile measurements. This study\u27s resultant HFOQA analysis software has direct application to multifaceted helicopter operations (Emergency Medical Services [EMS], sightseeing, military, and others), and, in fact, has been utilized by an offshore helicopter operator in its daily operations

Considerations in Assuring Safety of Increasingly Autonomous Systems

Recent technological advances have accelerated the development and application of increasingly autonomous (IA) systems in civil and military aviation. IA systems can provide automation of complex mission tasks-ranging across reduced crew operations, air-traffic management, and unmanned, autonomous aircraft-with most applications calling for collaboration and teaming among humans and IA agents. IA systems are expected to provide benefits in terms of safety, reliability, efficiency, affordability, and previously unattainable mission capability. There is also a potential for improving safety by removal of human errors. There are, however, several challenges in the safety assurance of these systems due to the highly adaptive and non-deterministic behavior of these systems, and vulnerabilities due to potential divergence of airplane state awareness between the IA system and humans. These systems must deal with external sensors and actuators, and they must respond in time commensurate with the activities of the system in its environment. One of the main challenges is that safety assurance, currently relying upon authority transfer from an autonomous function to a human to mitigate safety concerns, will need to address their mitigation by automation in a collaborative dynamic context. These challenges have a fundamental, multidimensional impact on the safety assurance methods, system architecture, and V&V capabilities to be employed. The goal of this report is to identify relevant issues to be addressed in these areas, the potential gaps in the current safety assurance techniques, and critical questions that would need to be answered to assure safety of IA systems. We focus on a scenario of reduced crew operation when an IA system is employed which reduces, changes or eliminates a human's role in transition from two-pilot operations

Architecture and Information Requirements to Assess and Predict Flight Safety Risks During Highly Autonomous Urban Flight Operations

As aviation adopts new and increasingly complex operational paradigms, vehicle types, and technologies to broaden airspace capability and efficiency, maintaining a safe system will require recognition and timely mitigation of new safety issues as they emerge and before significant consequences occur. A shift toward a more predictive risk mitigation capability becomes critical to meet this challenge. In-time safety assurance comprises monitoring, assessment, and mitigation functions that proactively reduce risk in complex operational environments where the interplay of hazards may not be known (and therefore not accounted for) during design. These functions can also help to understand and predict emergent effects caused by the increased use of automation or autonomous functions that may exhibit unexpected non-deterministic behaviors. The envisioned monitoring and assessment functions can look for precursors, anomalies, and trends (PATs) by applying model-based and data-driven methods. Outputs would then drive downstream mitigation(s) if needed to reduce risk. These mitigations may be accomplished using traditional design revision processes or via operational (and sometimes automated) mechanisms. The latter refers to the in-time aspect of the system concept. This report comprises architecture and information requirements and considerations toward enabling such a capability within the domain of low altitude highly autonomous urban flight operations. This domain may span, for example, public-use surveillance missions flown by small unmanned aircraft (e.g., infrastructure inspection, facility management, emergency response, law enforcement, and/or security) to transportation missions flown by larger aircraft that may carry passengers or deliver products. Caveat: Any stated requirements in this report should be considered initial requirements that are intended to drive research and development (R&D). These initial requirements are likely to evolve based on R&D findings, refinement of operational concepts, industry advances, and new industry or regulatory policies or standards related to safety assurance

Evaluation of Low Noise Integration Concepts and Propulsion Technologies for Future Supersonic Civil Transports

This report covers the entire effort of GE Global Research's NASA Prime Contract NNC15CA02C "Evaluation of Low Noise Integration Concepts and Propulsion Technologies for Future Supersonic Civil Transports". GE Global Research was supported by GE Aviation and Lockheed Martin in exploring the potential of wing shielding, flight path optimization, and jet noise technology to target aggressive community noise levels of 10 EPNdB lower than Chapter 14 for a future (mid-term) commercial supersonic transport aircraft

Space Shuttle Program Orbiter Approach and Landing Test

The orbiter approach and landing test (ALT) reports are published to provide senior NASA management with timely information on ALT program plans and accomplishments. The ALT reports will be comprised of this pre-ALT report, ALT pre-flight memoranda, and an ALT post-flight report following each flight. The purpose of this pre-ALT report is to provide an overview of the ALT program, describing the flight vehicles involved and summarizing the planned flights

A System Safety Assessment of an Unmanned, Solar-Powered Stratospheric Aircraft Using the STPA Methodology

Developed for electromechanical systems, traditional safety analysis methods can not provide sufficient guidance to handle the complexity of modern, software intensive systems. New ways of modeling complex systems and human operators in their sociotechnical environment and performing holistic, guided safety analysis based on these models have been developed by Nancy Leveson, Professor of Aeronautics and Astronautics and Professor of Engineering Systems at the Massachusetts Institute of Technology (MIT). This assignment compares the basic principles of the approach on how to achieve safety of a system proposed by the SAE ARP4754A and the approach proposed by Nancy Leveson’s Systems-Theoretic Accident Model and Processes (STAMP) causality theory, including the thereon based Systems-Theoretic Process Analysis (STPA) hazard analysis method. General definitions and assumptions, boundaries, potential weaknesses and advantages of the approaches are estimated, compared and summarized. STPA, including an extension based on works by M. France and J. P. Thomas on how to model and analyze human operators effectively, is further applied on exemplary parts of the High Altitude Platform (HAP) unmanned, solar-powered stratospheric aircraft of the German Aerospace Center (DLR). Applicability is shown, safety issues and causal loss scenarios in the system are identified, and design, operation and operator training recommendations are given. Identified advantages, difficulties and recommendations of practical application of STAMP/STPA are discussed. A proposal on how to include STAMP/STPA in future versions of the SAE ARP4754A is given