Modeling Multiple Human-Automation Distributed Systems using Network-form Games

The paper describes at a high-level the network-form game framework (based on Bayes net and game theory), which can be used to model and analyze safety issues in large, distributed, mixed human-automation systems such as NextGen

An overview of the V&V of Flight-Critical Systems effort at NASA

As the US is getting ready for the Next Generation (NextGen) of Air Traffic System, there is a growing concern that the current techniques for verification and validation will not be adequate for the changes to come. The JPDO (in charge of implementing NextGen) has given NASA a mandate to address the problem and it resulted in the formulation of the V&V of Flight-Critical Systems effort. This research effort is divided into four themes: argument-based safety assurance, distributed systems, authority and autonomy, and, software intensive systems. This paper presents an overview of the technologies that will address the problem

Predicting Pilot Behavior in Medium Scale Scenarios Using Game Theory and Reinforcement Learning

Effective automation is critical in achieving the capacity and safety goals of the Next Generation Air Traffic System. Unfortunately creating integration and validation tools for such automation is difficult as the interactions between automation and their human counterparts is complex and unpredictable. This validation becomes even more difficult as we integrate wide-reaching technologies that affect the behavior of different decision makers in the system such as pilots, controllers and airlines. While overt short-term behavior changes can be explicitly modeled with traditional agent modeling systems, subtle behavior changes caused by the integration of new technologies may snowball into larger problems and be very hard to detect. To overcome these obstacles, we show how integration of new technologies can be validated by learning behavior models based on goals. In this framework, human participants are not modeled explicitly. Instead, their goals are modeled and through reinforcement learning their actions are predicted. The main advantage to this approach is that modeling is done within the context of the entire system allowing for accurate modeling of all participants as they interact as a whole. In addition such an approach allows for efficient trade studies and feasibility testing on a wide range of automation scenarios. The goal of this paper is to test that such an approach is feasible. To do this we implement this approach using a simple discrete-state learning system on a scenario where 50 aircraft need to self-navigate using Automatic Dependent Surveillance-Broadcast (ADS-B) information. In this scenario, we show how the approach can be used to predict the ability of pilots to adequately balance aircraft separation and fly efficient paths. We present results with several levels of complexity and airspace congestion

Using Game Theoretic Models to Predict Pilot Behavior in NextGen Merging and Landing Scenario

In this paper, we present an implementation of the Semi Network-Form Game framework to predict pilot behavior in a merging and landing scenario. In this scenario, two aircraft are approaching to a freeze horizon with approximately equal distance when they become aware of each other via an ADS-B communication link that will be available in NextGen airspace. Both pilots want to gain advantage over the other by entering the freeze horizon earlier and obtain the first place in landing. They re-adjust their speed accordingly. However, they cannot simply increase their speed to the maximum allowable values since they are concerned with safety, separation distance, effort, possibility of being vectored-off from landing and possibility of violating speed constraints. We present how to model these concerns and the rest of the system using semi network-from game framework. Using this framework, based on certain assumptions on pilot utility functions and on system configuration, we provide estimates of pilot behavior and overall system evolution in time. We also discuss the possible employment of this modeling tool for airspace design optimization. To support this discussion, we provide a case where we investigate the effect of increasing the merging point speed limit on the commanded speed distribution and on the percentage of vectored aircraft

Safety Related Considerations in Autonomy

In this talk I will describe NASA strategy and research efforts to provide safety assurance for increasingly autonomous systems used in aviation. In the near future, autonomy will play an important role in civil aviation, and its applications will range from vehicles and platforms (UAVs, transport-class, including supersonic to hypersonic, aircraft) to airspace operations, or health management systems. This infusion of autonomy is driven by a need for optimizing airspace operations to accommodate increasing traffic density (e.g., adaptive trajectory-based operations, autonomous tugs, close parallel runways, and dynamic separation assurance), reducing operation costs to ensure that US operators can compete with emergent countries, and enabling new business models (e.g., fire fighting, UAS-based package delivery and precise aerial photography). In essence virtually every component of the National Airspace System will become increasingly autonomous. Yet we need to do so in a safe manner and have techniques and processes in place to ensure the safety of the public. This talk describes NASA plans to address this proble

V&V of Lexical, Syntactic and Semantic Properties for Interactive Systems Through Model Checking of Formal Description of Dialog

International audienceDuring early phases of the development of an interactive system, future system properties are identified (through interaction with end users in the brainstorming and prototyping phase of the application, or by other stakeholders) imposing requirements on the final system. They can be specific to the application under development or generic to all applications such as usability principles. Instances of specific properties include visibility of the aircraft altitude, speed… in the cockpit and the continuous possibility of disengaging the autopilot in whatever state the aircraft is. Instances of generic properties include availability of undo (for undoable functions) and availability of a progression bar for functions lasting more than four seconds. While behavioral models of interactive systems using formal description techniques provide complete and unambiguous descriptions of states and state changes, it does not provide explicit representation of the absence or presence of properties. Assessing that the system that has been built is the right system remains a challenge usually met through extensive use and acceptance tests. By the explicit representation of properties and the availability of tools to support checking these properties, it becomes possible to provide developers with means for systematic exploration of the behavioral models and assessment of the presence or absence of these properties. This paper proposes the synergistic use two tools for checking both generic and specific properties of interactive applications: Petshop and Java PathFinder. Petshop is dedicated to the description of interactive system behavior. Java PathFinder is dedicated to the runtime verification of Java applications and as an extension dedicated to User Interfaces. This approach is exemplified on a safety critical application in the area of interactive cockpits for large civil aircrafts

Advanced Software V&V for Civil Aviation and Autonomy

With the advances in high-computing platform (e.g., advanced graphical processing units or multi-core processors), computationally-intensive software techniques such as the ones used in artificial intelligence or formal methods have provided us with an opportunity to further increase safety in the aviation industry. Some of these techniques have facilitated building safety at design time, like in aircraft engines or software verification and validation, and others can introduce safety benefits during operations as long as we adapt our processes. In this talk, I will present how NASA is taking advantage of these new software techniques to build in safety at design time through advanced software verification and validation, which can be applied earlier and earlier in the design life cycle and thus help also reduce the cost of aviation assurance. I will then show how run-time techniques (such as runtime assurance or data analytics) offer us a chance to catch even more complex problems, even in the face of changing and unpredictable environments. These new techniques will be extremely useful as our aviation systems become more complex and more autonomous

A Robust Compositional Architecture for Autonomous Systems

Space exploration applications can benefit greatly from autonomous systems. Great distances, limited communications and high costs make direct operations impossible while mandating operations reliability and efficiency beyond what traditional commanding can provide. Autonomous systems can improve reliability and enhance spacecraft capability significantly. However, there is reluctance to utilizing autonomous systems. In part this is due to general hesitation about new technologies, but a more tangible concern is that of reliability of predictability of autonomous software. In this paper, we describe ongoing work aimed at increasing robustness and predictability of autonomous software, with the ultimate goal of building trust in such systems. The work combines state-of-the-art technologies and capabilities in autonomous systems with advanced validation and synthesis techniques. The focus of this paper is on the autonomous system architecture that has been defined, and on how it enables the application of validation techniques for resulting autonomous systems