Software Engineering Laboratory Series: Proceedings of the Twentieth Annual Software Engineering Workshop

The Software Engineering Laboratory (SEL) is an organization sponsored by NASA/GSFC and created to investigate the effectiveness of software engineering technologies when applied to the development of application software. The activities, findings, and recommendations of the SEL are recorded in the Software Engineering Laboratory Series, a continuing series of reports that includes this document

Fire safety risk model for a main vertical zone of a large passenger ship

The scope of this thesis is to shed light on the everlasting issue of on-board fires, with a particular focus on large passenger ships, by proposing a fire risk model for a Main Vertical Zone (MVZ). Historically, fire had and always has been a pressing accident type, along with flooding. Despite the regulatory effort, the total loss trend of fire incidents attributes to around 10% of those. Moreover, as per the high-level hazard identification conducted as part of this thesis, it was ascertained that cruise ships dominate the frequency of accidents whereas RoPax dominate the fatalities. The latter could be explained by the fact that numerous RoPax ships operate in less developed countries, where regulation enforcement is questionable and also experience higher transportation work in terms of volume. Conversely with RoPax ships, cruise ships are becoming larger by the day, offering novel designs and pertinent entertainment, which is usually translated into complex designs, in addition to the higher transportation volume in terms of passengers and crew. Various statistical analyses were scrutinised towards understanding how shipborne fires break out, including the one from research project SafePASS, being the most recent one, and having particular focus on all ships carrying passengers. Amongst all samples the frequency of fire events remained the same, highlighting the issue. Passenger ships, which accommodate large capacities of people experience higher fatality rates, underlining the urgency of improved safety measures. Therefore, for the purpose of this thesis focus was given on large passenger ships. On the other hand, the maritime industry and its stakeholders have always had a rather reactive stance towards safety, with the exception of cruise operators where safety is paramount with respect to their business longevity. The most prevalent example of the aforementioned being the birth of Safety of Life at Sea (SOLAS) after the sinking of the RMS Titanic. Accordingly with the high-level hazard identification, the engine room appeared to be the most usual culprit for fire and explosion events on board ships, attributing to more than 50% of such events, which is to be expected as ship’s engine room acts as a process and propulsion plant with inherent fire risks. The most frequent ignition scenario is the release of flammable oil (fuel or lubricating) which comes into contact with a hot surface, which are abundant in an engine room. Furthermore, the current status of the engine room fire safety has been characterised as sub-optimal as it investigates events only prior or next to ignition and has a particular focus on mitigation through various active and passive means (smoke detectors, deluge systems and fire boundaries respectively). Nevertheless, fire events continue to take place, highlighting the need for further research. Irrespective of the commendable research initiatives, such as project SAFEDOR and FIREPROOF, aimed at introducing the risk assessment and risk-based design respectively, the industry still has a focus on events proximate to ignition. Additionally, in line with Safety II and resilience engineering, systemic analysis of safety critical equipment and operations is thought to be the way forward towards a fire free system. Safety barriers have been adequately used in other industries, such as aerospace, oil and gas, and navy ships, but their adoption within the maritime industry is lagging behind. Sensory equipment and data analysis have been historically employed towards inferring safety barrier statuses, particularly that of technical elements. Systemic investigation, on the other hand, necessitates the investigation between the technical system and the asset and the operator, therefore, organisational and operational elements must be taken into account in order to provide a systemic coverage. Consequently, this research proposes a holistic simulation-based Main Vertical Zone (MVZ) fire risk model, specifically designed to demonstrate the efficacy of safety barriers. The fire risk model of the MVZ was stipulated in the form of a risk contribution tree (bow-tie) having preventive measures on the left-hand side and mitigating on the right. Since engine room fires are historically more prevalent compared to other areas, particular focus was given towards establishing a framework for the systemic derivation of a the so termed Release Prevention Barrier (RPB), aimed at averting engine room flammable oil leaks. Focus on flammable oil leaks was given as the author believes that treating hot surfaces is counter-intuitive as the lagging (if necessary by the provisions) may deteriorate over time and improper fitting could almost be guaranteed through repeated maintenance. The proposed framework offers a systemic structured way of establishing the said barrier, with focus on the placement of sensory equipment, which, as per the literature review, is not straightforward whatsoever. The framework is rather generic in the sense that it can be applied on any flammable oil line of any ship, highlighting its applicability. On the right-hand side, mitigating measures from SOLAS and the Fire Safety Systems Code (FSS Code) were deemed to be adequate towards that end, mainly due to their historical contribution in mitigating the effects of fire. Moreover, these have been scrutinised adequately within project FIREPROOF. Full-scale 3D Computational Fluid Dynamics (CFD) simulations were utilised towards assessing the risk of fire within the MVZ. Except for the engine room, passenger cabin and large public space decks are also liable to fire events, following the occupancy trends of such ships. Moreover, engine room fires, although statistically prevalent, do not pose as much risk to passengers as the aforementioned decks. To that effect, fire simulations were conducted on all these decks. To realise the fire simulations and to demonstrate the inherent difficulties posed by the lack of ship-borne fire data, first principle engineering was utilised to the full extent to deterministically assess the risk in way of pyrolysis modelling. For the purpose of the CFD simulations the Fire Dynamic Simulator (FDS) and Pyrosim were utilised, being the industry standard. Thermophysical and chemical data were employed to successfully construct design fires, while the pyrolysis methodology was successfully validated and verified against full-scale experiments, deeming the design fire methodology as suitable for use onboard ships and subsequently assessing the risk within the MVZ. Investigation beyond a MVZ was not sought as it violates the mentality of the MVZ itself, and due to difficulties posed by computational power and respective means necessary to do so. In the case of the engine room fire simulation, a hybrid deterministic approach was stipulated using both first principles and statistical means in way of Monte Carlo simulations. This was performed in an effort to showcase the tremendous difficulties posed by such an endeavour and the reason why deterministic engine room fire simulations are not available.The scope of this thesis is to shed light on the everlasting issue of on-board fires, with a particular focus on large passenger ships, by proposing a fire risk model for a Main Vertical Zone (MVZ). Historically, fire had and always has been a pressing accident type, along with flooding. Despite the regulatory effort, the total loss trend of fire incidents attributes to around 10% of those. Moreover, as per the high-level hazard identification conducted as part of this thesis, it was ascertained that cruise ships dominate the frequency of accidents whereas RoPax dominate the fatalities. The latter could be explained by the fact that numerous RoPax ships operate in less developed countries, where regulation enforcement is questionable and also experience higher transportation work in terms of volume. Conversely with RoPax ships, cruise ships are becoming larger by the day, offering novel designs and pertinent entertainment, which is usually translated into complex designs, in addition to the higher transportation volume in terms of passengers and crew. Various statistical analyses were scrutinised towards understanding how shipborne fires break out, including the one from research project SafePASS, being the most recent one, and having particular focus on all ships carrying passengers. Amongst all samples the frequency of fire events remained the same, highlighting the issue. Passenger ships, which accommodate large capacities of people experience higher fatality rates, underlining the urgency of improved safety measures. Therefore, for the purpose of this thesis focus was given on large passenger ships. On the other hand, the maritime industry and its stakeholders have always had a rather reactive stance towards safety, with the exception of cruise operators where safety is paramount with respect to their business longevity. The most prevalent example of the aforementioned being the birth of Safety of Life at Sea (SOLAS) after the sinking of the RMS Titanic. Accordingly with the high-level hazard identification, the engine room appeared to be the most usual culprit for fire and explosion events on board ships, attributing to more than 50% of such events, which is to be expected as ship’s engine room acts as a process and propulsion plant with inherent fire risks. The most frequent ignition scenario is the release of flammable oil (fuel or lubricating) which comes into contact with a hot surface, which are abundant in an engine room. Furthermore, the current status of the engine room fire safety has been characterised as sub-optimal as it investigates events only prior or next to ignition and has a particular focus on mitigation through various active and passive means (smoke detectors, deluge systems and fire boundaries respectively). Nevertheless, fire events continue to take place, highlighting the need for further research. Irrespective of the commendable research initiatives, such as project SAFEDOR and FIREPROOF, aimed at introducing the risk assessment and risk-based design respectively, the industry still has a focus on events proximate to ignition. Additionally, in line with Safety II and resilience engineering, systemic analysis of safety critical equipment and operations is thought to be the way forward towards a fire free system. Safety barriers have been adequately used in other industries, such as aerospace, oil and gas, and navy ships, but their adoption within the maritime industry is lagging behind. Sensory equipment and data analysis have been historically employed towards inferring safety barrier statuses, particularly that of technical elements. Systemic investigation, on the other hand, necessitates the investigation between the technical system and the asset and the operator, therefore, organisational and operational elements must be taken into account in order to provide a systemic coverage. Consequently, this research proposes a holistic simulation-based Main Vertical Zone (MVZ) fire risk model, specifically designed to demonstrate the efficacy of safety barriers. The fire risk model of the MVZ was stipulated in the form of a risk contribution tree (bow-tie) having preventive measures on the left-hand side and mitigating on the right. Since engine room fires are historically more prevalent compared to other areas, particular focus was given towards establishing a framework for the systemic derivation of a the so termed Release Prevention Barrier (RPB), aimed at averting engine room flammable oil leaks. Focus on flammable oil leaks was given as the author believes that treating hot surfaces is counter-intuitive as the lagging (if necessary by the provisions) may deteriorate over time and improper fitting could almost be guaranteed through repeated maintenance. The proposed framework offers a systemic structured way of establishing the said barrier, with focus on the placement of sensory equipment, which, as per the literature review, is not straightforward whatsoever. The framework is rather generic in the sense that it can be applied on any flammable oil line of any ship, highlighting its applicability. On the right-hand side, mitigating measures from SOLAS and the Fire Safety Systems Code (FSS Code) were deemed to be adequate towards that end, mainly due to their historical contribution in mitigating the effects of fire. Moreover, these have been scrutinised adequately within project FIREPROOF. Full-scale 3D Computational Fluid Dynamics (CFD) simulations were utilised towards assessing the risk of fire within the MVZ. Except for the engine room, passenger cabin and large public space decks are also liable to fire events, following the occupancy trends of such ships. Moreover, engine room fires, although statistically prevalent, do not pose as much risk to passengers as the aforementioned decks. To that effect, fire simulations were conducted on all these decks. To realise the fire simulations and to demonstrate the inherent difficulties posed by the lack of ship-borne fire data, first principle engineering was utilised to the full extent to deterministically assess the risk in way of pyrolysis modelling. For the purpose of the CFD simulations the Fire Dynamic Simulator (FDS) and Pyrosim were utilised, being the industry standard. Thermophysical and chemical data were employed to successfully construct design fires, while the pyrolysis methodology was successfully validated and verified against full-scale experiments, deeming the design fire methodology as suitable for use onboard ships and subsequently assessing the risk within the MVZ. Investigation beyond a MVZ was not sought as it violates the mentality of the MVZ itself, and due to difficulties posed by computational power and respective means necessary to do so. In the case of the engine room fire simulation, a hybrid deterministic approach was stipulated using both first principles and statistical means in way of Monte Carlo simulations. This was performed in an effort to showcase the tremendous difficulties posed by such an endeavour and the reason why deterministic engine room fire simulations are not available

ENHANCING CLOUD SYSTEM RUNTIME TO ADDRESS COMPLEX FAILURES

As the reliance on cloud systems intensifies in our progressively digital world, understanding and reinforcing their reliability becomes more crucial than ever. Despite impressive advancements in augmenting the resilience of cloud systems, the growing incidence of complex failures now poses a substantial challenge to the availability of these systems. With cloud systems continuing to scale and increase in complexity, failures not only become more elusive to detect but can also lead to more catastrophic consequences. Such failures question the foundational premises of conventional fault-tolerance designs, necessitating the creation of novel system designs to counteract them. This dissertation aims to enhance distributed systems’ capabilities to detect, localize, and react to complex failures at runtime. To this end, this dissertation makes contributions to address three emerging categories of failures in cloud systems. The first part delves into the investigation of partial failures, introducing OmegaGen, a tool adept at generating tailored checkers for detecting and localizing such failures. The second part grapples with silent semantic failures prevalent in cloud systems, showcasing our study findings, and introducing Oathkeeper, a tool that leverages past failures to infer rules and expose these silent issues. The third part explores solutions to slow failures via RESIN, a framework specifically designed to detect, diagnose, and mitigate memory leaks in cloud-scale infrastructures, developed in collaboration with Microsoft Azure. The dissertation concludes by offering insights into future directions for the construction of reliable cloud systems

Data-Driven Detection and Diagnosis of System-Level Failures in Middleware-Based Service Compositions

Service-oriented technologies have simplified the development of large, complex software systems that span administrative boundaries. Developers have been enabled to build applications as compositions of services through middleware that hides much of the underlying complexity. The resulting applications inhabit complex, multi-tier operating environments that pose many challenges to their reliable operation and often lead to failures at runtime. Two key aspects of the time to repair a failure are the time to its detection and to the diagnosis of its cause. The prevalent approach to detection and diagnosis is primarily based on ad-hoc monitoring as well as operator experience and intuition. This is inefficient and leads to decreased availability. We propose an approach to data-driven detection and diagnosis in order to decrease the repair time of failures in middleware-based service compositions. Data-driven diagnosis supports system operators with information about the operation and structure of a service composition. We discuss how middleware-based service compositions can be monitored in a comprehensive, yet non-intrusive manner and present a process to discover system structure by processing deployment information that is commonly reified in such systems. We perform a controlled experiment that compares the performance of 22 participants using either a standard or the data-driven approach to diagnose several failures injected into a real-world service composition. We find that system operators using the latter approach are able to achieve significantly higher success rates and lower diagnosis times. Data-driven detection is based on the automation of failure detection through applying an outlier detection technique to multi-variate monitoring data. We evaluate the effectiveness of one-class classification for this purpose and determine a simple approach to select subsets of metrics that afford highly accurate failure detection

Safety and Reliability - Safe Societies in a Changing World

The contributions cover a wide range of methodologies and application areas for safety and reliability that contribute to safe societies in a changing world. These methodologies and applications include: - foundations of risk and reliability assessment and management - mathematical methods in reliability and safety - risk assessment - risk management - system reliability - uncertainty analysis - digitalization and big data - prognostics and system health management - occupational safety - accident and incident modeling - maintenance modeling and applications - simulation for safety and reliability analysis - dynamic risk and barrier management - organizational factors and safety culture - human factors and human reliability - resilience engineering - structural reliability - natural hazards - security - economic analysis in risk managemen

Finding the Hidden: Detecting Atypical Affective States from Physiological Signals

In cognitive science, intuition is described as a strategy of processing information that relies on people's instinctive and emotional criteria. When compared with the deliberate choices made after conscious reasoning, the quick and intuitive decision making strategies can be more effective. The intuitive thinking provokes changes in human physiological responses which can be measured by sensors. Utilising physiological reactions, previous work shows that atypical patterns such as emotion expressions and image manipulations can be identified. This thesis expands the exploration to examine whether more atypical human behaviour can be recognised from physiological signals. The examined subtly atypical behaviour includes depression, doubt and deception, Depression is a serious chronic mental disease and is considered as an atypical health condition in people. Doubt is defined as a non-deliberate attempt to mislead others and is a passive form of deception, representing an atypicality from honest behaviours. Deception is a more purposeful attempt to deceive, and thus is a distinct type of atypicality than honest communication. Through examining physiological reactions from presenters who have a particular atypical behaviour or condition, and observers who view behaviours of presenters, this research aims to recognise atypicality in human behaviour. A collection of six user studies are conducted. In two user studies, presenters are asked to conduct doubting and deceiving behaviours, while the remaining user studies involve observers watching behaviours of presenters who suffer from depression, have doubt, or have conducted deception. Physiological reactions of both presenters and observers are collected, including Blood Volume Pulse, Electrodermal Activity, Skin Temperature and Pupillary Responses. Observers are also asked to explicitly evaluate whether the viewed presenters were being depressed, doubting, or deceiving. Investigations upon physiological data in this thesis finds that detectable cues corresponding with depression, doubt and deception can be found. Viewing depression provokes visceral physiological reactions in observers that can be measured. Such physiological responses can be used to derive features for machine learning models to accurately distinguish between healthy individuals and people with depression. By contrast, depression does not provoke strong conscious recognition in observers, resulting in a conscious evaluation accuracy slightly above chance level. Similar results are also found in detecting doubt and deception. People with doubt and deceit elicit consistent physiological reactions within themselves. These bodily responses can be utilised by machine learning models or deep learning models to recognise doubt or deception. The doubt and deceit in presenters can also be recognised using physiological signals in observers, with excellent recognition rates which are higher when compared with the conscious judgments from the same group of observers. The results indicate that atypicality in presenters can both be captured by physiological signals of presenters and observers. Presenters' physiological reactions contribute to higher recognition of atypicality, but observers' physiological responses can serve as a comparable alternative. The awareness of atypicality among observers happens physiologically, so can be used by machine learning models, even when they do not reach the consciousness of the person. The research findings lead to a further discussion around the implications of observers' physiological responses. Decision support applications which utilise a quantifiable measure of people's unconscious and intuitive 'gut feeling' can be developed based on the work reported here to assist people with medical diagnosis, information credibility evaluation, and criminal detection. Further research suggests exploring more atypical behaviours in the wild

A longitudinal study of the experiences and psychological well-being of Indian surrogates

Study question: What is the psychological well-being of Indian surrogates during and after the surrogacy pregnancy? Summary answer: Surrogates were similar to a matched group of expectant mothers on anxiety and stress. However, they scored higher on depression during and after pregnancy. What is known already: The recent ban on trans-national commercial surrogacy in India has led to urgent policy discussions regarding surrogacy. Whilst previous studies have reported the motivations and experiences of Indian surrogates no studies have systematically examined the psychological well-being of Indian surrogates, especially from a longitudinal perspective. Previous research has shown that Indian surrogates are motivated by financial payment and may face criticism from their family and community due to negative social stigma attached to surrogacy. Indian surrogates often recruited by agencies and mainly live together in a “surrogacy house.” Study design, size, duration: A longitudinal study was conducted comparing surrogates to a matched group of expectant mothers over two time points: (a) during pregnancy (Phase1: 50 surrogates, 70 expectant mothers) and (b) 4–6 months after delivery (Phase 2: 45 surrogates, 49 expectant mothers). The Surrogates were recruited from a fertility clinic in Mumbai and the matched comparison group was recruited from four public hospitals in Mumbai and Delhi. Data collection was completed over 2 years. Participants/materials, setting, methods: Surrogates and expectant mothers were aged between 23 and 36 years. All participants were from a low socio-economic background and had left school before 12–13 years of age. In-depth faceto-face semi-structured interviews and a psychological questionnaire assessing anxiety, stress and depression were administered in Hindi to both groups. Interviews took place in a private setting. Audio recordings of surrogate interviews were later translated and transcribed into English. Main results and the role of chance: Stress and anxiety levels did not significantly differ between the two groups for both phases of the study. For depression, surrogates were found to be significantly more depressed than expectant mothers at phase 1 (p = 0.012) and phase 2 (p = 0.017). Within the surrogacy group, stress and depression did not change during and after pregnancy. However, a non-significant trend was found showing that anxiety decreased after delivery (p = 0.086). No participants reported being coerced into surrogacy, however nearly all kept it a secret from their wider family and community and hence did not face criticism. Surrogates lived at the surrogate house for different durations. During pregnancy, 66% (N = 33/50) reported their experiences of the surrogate house as positive, 24% (N = 12/50) as negative and 10% (N = 5/50) as neutral. After delivery, most surrogates (66%, N = 30/45) reported their experiences of surrogacy to be positive, with the remainder viewing it as neutral (28%) or negative (4%). In addition, most (66%, N = 30/45) reported that they had felt “socially supported and loved” during the surrogacy arrangement by friends in the surrogate hostel, clinic staff or family. Most surrogates did not meet the intending parents (49%, N = 22/45) or the resultant child (75%, N = 34/45). Limitations, reasons for caution: Since the surrogates were recruited from only one clinic, the findings may not be representative of all Indian surrogates. Some were lost to follow-up which may have produced sampling bias. Wider implications of the findings: This is the first study to examine the psychological well-being of surrogates in India. This research is of relevance to current policy discussions in India regarding legislation on surrogacy. Moreover, the findings are of relevance to clinicians, counselors and other professionals involved in surrogacy. Trial registration number: N/A

Design and Management of Manufacturing Systems

Although the design and management of manufacturing systems have been explored in the literature for many years now, they still remain topical problems in the current scientific research. The changing market trends, globalization, the constant pressure to reduce production costs, and technical and technological progress make it necessary to search for new manufacturing methods and ways of organizing them, and to modify manufacturing system design paradigms. This book presents current research in different areas connected with the design and management of manufacturing systems and covers such subject areas as: methods supporting the design of manufacturing systems, methods of improving maintenance processes in companies, the design and improvement of manufacturing processes, the control of production processes in modern manufacturing systems production methods and techniques used in modern manufacturing systems and environmental aspects of production and their impact on the design and management of manufacturing systems. The wide range of research findings reported in this book confirms that the design of manufacturing systems is a complex problem and that the achievement of goals set for modern manufacturing systems requires interdisciplinary knowledge and the simultaneous design of the product, process and system, as well as the knowledge of modern manufacturing and organizational methods and techniques

Silviculture of Mixed-Species and Structurally Complex Boreal Stands

Understanding structurally complex boreal stands is crucial for designing ecosystem management strategies that promote forest resilience under global change. However, current management practices lead to the homogenization and simplification of forest structures in the boreal biome. In this chapter, we illustrate two options for managing productive and resilient forests: (1) the managing of two-aged mixed-species forests; and (2) the managing of multi-aged, structurally complex stands. Results demonstrate that multi-aged and mixed stand management are powerful silvicultural tools to promote the resilience of boreal forests under global change