Toward a Human-Centered Uml for Risk Analysis

Safety is now a major concern in many complex systems such as medical robots. A way to control the complexity of such systems is to manage risk. The first and important step of this activity is risk analysis. During risk analysis, two main studies concerning human factors must be integrated: task analysis and human error analysis. This multidisciplinary analysis often leads to a work sharing between several stakeholders who use their own languages and techniques. This often produces consistency errors and understanding difficulties between them. Hence, this paper proposes to treat the risk analysis on the common expression language UML (Unified Modeling Language) and to handle human factors concepts for task analysis and human error analysis based on the features of this language. The approach is applied to the development of a medical robot for teleechography

Vers un profil UML pour la conception de composants multivues

International audienceThis paper aims to present an UML profile based on multiviews components. A multiviews component allows to encapsulate and deliver information according to the user's point of view and offers mechanisms to manage the dynamic evolution of viewpoints and consistency among views. In this paper, we first present the notion of multiviews component and its integration into a UML profile, and thus detail an object-oriented multiviews modelling applied to a concrete example. The transition to the coding stage is described through a generic implementation pattern.L' objectif de cet article est de présenter un profil UML permettant la construction de composants logiciels multivues. Un composant multivues est une extension de la notion de composant UML permettant de stocker et restituer de l' information en fonction du profil de l' utilisateur (point de vue), et offrant la possibilité de changement dynamique de point de vue. Dans cet article, nous présentons tout d' abord la notion de classe multivues, puis le composant multivues et son intégration dans un profil UML. Nous illustrons à l' aide d' un exemple concret la mise en oeuvre d' une modélisation objet multivues. La transition vers la phase de codage est présentée à travers un patron d'implémentation générique

Verification of Decision Making Software in an Autonomous Vehicle: An Industrial Case Study

Correctness of autonomous driving systems is crucial as\ua0incorrect behaviour may have catastrophic consequences. Many different\ua0hardware and software components (e.g. sensing, decision making, actuation,\ua0and control) interact to solve the autonomous driving task, leading to a level of complexity that brings new challenges for the formal verification\ua0community. Though formal verification has been used to prove\ua0correctness of software, there are significant challenges in transferring\ua0such techniques to an agile software development process and to ensure\ua0widespread industrial adoption. In the light of these challenges, the identification\ua0of appropriate formalisms, and consequently the right verification\ua0tools, has significant impact on addressing them. In this paper, we\ua0evaluate the application of different formal techniques from supervisory\ua0control theory, model checking, and deductive verification to verify existing\ua0decision and control software (in development) for an autonomous\ua0vehicle. We discuss how the verification objective differs with respect tothe choice of formalism and the level of formality that can be applied.\ua0Insights from the case study show a need for multiple formal methods to\ua0prove correctness, the difficulty to capture the right level of abstraction\ua0to model and specify the formal properties for the verification objectives

Building safer robots: Safety driven control

In recent years there has been a concerted effort to address many of the safety issues associated with physical human-robot interaction (pHRI). However, a number of challenges remain. For personal robots, and those intended to operate in unstructured environments, the problem of safety is compounded. In this paper we argue that traditional system design techniques fail to capture the complexities associated with dynamic environments. We present an overview of our safety-driven control system and its implementation methodology. The methodology builds on traditional functional hazard analysis, with the addition of processes aimed at improving the safety of autonomous personal robots. This will be achieved with the use of a safety system developed during the hazard analysis stage. This safety system, called the safety protection system, will initially be used to verify that safety constraints, identified during hazard analysis, have been implemented appropriately. Subsequently it will serve as a high-level safety enforcer, by governing the actions of the robot and preventing the control layer from performing unsafe operations. To demonstrate the effectiveness of the design, a series of experiments have been conducted using a MobileRobots PeopleBot. Finally, results are presented demonstrating how faults injected into a controller can be consistently identified and handled by the safety protection system. © The Author(s) 2012

Vers des robots collaboratifs autonomes sûrs de fonctionnement

This manuscript of HDR (Habilitation à Diriger des Recherches, french accreditation to supervise research) presents research work of Jérémie Guiochet carried out at LAAS-CNRS in the Dependable computing and Fault Tolerance (TSF) team. His research work is mainly related to the dependability of collaborative autonomous robotic systems. Specific challenges raised by these systems, including human-system physical interactions and the presence of uncertainties in the perception and decision mechanisms, induce the need to revisit dependability and risk analysis methods. The main contributions address the following topics: safety assessment of collaborative robotic systems (hazard Identi- fication with UML-HAZOP and quantitative assessment of confidence in safety cases), and fault tolerance mechanisms for autonomous robotic systems (redundant planning and synthesis of on-line verifiable safety rules). This manuscript also opens perspectives in the fields of testing of autonomous robots in virtual worlds, uncertainty management for the certification of autonomous robots in human environments, and safety monitoring at different levels in an autonomous software architecture.Ce manuscript d'Habilitation à Diriger des Recherches (HDR) présente les travaux menés par Jérémie Guiochet au LAAS-CNRS au sein de l’équipe Tolérance aux Fautes et Sûreté de fonctionnement informatique (TSF). Ces travaux se sont principalement articulés autour de la problématique de la sûreté de fonctionnement des systèmes robotique collaboratifs autonomes. Les spécificités de ces systèmes, notamment les interactions physiques humain-robot et la présence d’incertitudes liées aux mécanismes de perception ou de décision, font que les méthodes de sûreté de fonctionnement ou d’analyse du risque utilisées pour les systèmes critiques doivent être reconsidérées. Les principales contributions se concentrent sur deux axes : les méthodes d'analyse de la sécurité-innocuité pour des systèmes robotique collaboratifs (Identification des dangers avec HAZOP-UML et évaluation quantitative de la confiance dans un argumentaire de sécurité de type \emph{safety case}), et les mécanismes de tolérance aux fautes pour des systèmes robotique autonomes (planification redondante et synthèse de règles de sécurité vérifiables en ligne). Ces travaux ouvrent également des perspectives concernant le test des systèmes autonomes dans des mondes virtuels, la gestion des incertitudes pour la certification des robots autonomes en milieu humain, et la surveillance en ligne des différents niveaux d’une architecture logicielle de robot autonome

Maîtrise de la sécurité des systèmes de la robotique de service - Approche UML basée sur une analyse du risque système

Service robot systems, as medical robots, can perform complex tasks and sharetheir working area with humans. Therefore, they belong to safety critical systems. In nowadaysdevelopment process, safety is often managed by the way of dependability techniques. Wepropose a new global approach, based on the risk concept in order to guide designers along thesafety analysis of such complex systems. Safety depends on risk management activity, whichcore is risk analysis. This one consists in three steps : system definition, hazard identificationand risk estimation. We first propose the use of UML (Unified Modeling Language) as thedescription language and we integrate human factors activities for the system definition step.Then, for the next steps, interactions of UML and risk analysis techniques such as FMECA(Failure Mode, Effects and Criticality Analysis) and FTA (Fault Tree Analysis) are studied.As an illustration of its potentiality, the proposed approach is then applied to the case studyof a system for robotic tele-echography (ultrasound scan examination) actuated by artificialmuscles of McKibben.Les systèmes de la robotique de service, tels que les robots médicaux, permettentde réaliser des tâches complexes en milieu humain, et s'intègrent à ce titre dans les systèmes àsécurité critique. Lors de la conception de ces nouvelles applications, la sécurité est souventtraitée grâce à des techniques de sûreté de fonctionnement. Nous proposons cependant unenouvelle approche plus globale, basée sur la notion de risque. L'objectif de cette thèse estde proposer une démarche aux concepteurs pour appréhender la sécurité de tels systèmes, enintégrant le concept de risque et en se plaçant à un niveau système. La maîtrise de la sécuritédépend alors de l'activité de gestion du risque dont le coeur est l'analyse du risque. Cetteactivité centrale se décompose en trois étapes : la description du système et de son utilisation,l'identification des dangers, et l'estimation des risques de dommages induits par l'utilisationdu système. Nous proposons d'utiliser la notation UML (Unified Modeling Language) pour ladescription du système. Les modèles UML sont alors couplés avec des activités du domainedes facteurs humains, incluses dans l'analyse du risque proposée. Puis, pour les deux étapessuivantes, les interactions entre cette notation et des techniques d'analyse du risque commel'AMDEC (Analyse des Modes de Défaillance, et de leurs Effets Critiques) et les arbres defautes sont étudiées. Cette démarche est ensuite appliquée sur le cas concret du développementd'un robot télé-échographe actionné par des muscles artificiels de McKibben

Vers des robots collaboratifs autonomes sûrs de fonctionnement

This manuscript of HDR (Habilitation à Diriger des Recherches, french accreditation to supervise research) presents research work of Jérémie Guiochet carried out at LAAS-CNRS in the Dependable computing and Fault Tolerance (TSF) team. His research work is mainly related to the dependability of collaborative autonomous robotic systems. Specific challenges raised by these systems, including human-system physical interactions and the presence of uncertainties in the perception and decision mechanisms, induce the need to revisit dependability and risk analysis methods. The main contributions address the following topics: safety assessment of collaborative robotic systems (hazard Identi- fication with UML-HAZOP and quantitative assessment of confidence in safety cases), and fault tolerance mechanisms for autonomous robotic systems (redundant planning and synthesis of on-line verifiable safety rules). This manuscript also opens perspectives in the fields of testing of autonomous robots in virtual worlds, uncertainty management for the certification of autonomous robots in human environments, and safety monitoring at different levels in an autonomous software architecture.Ce manuscript d'Habilitation à Diriger des Recherches (HDR) présente les travaux menés par Jérémie Guiochet au LAAS-CNRS au sein de l’équipe Tolérance aux Fautes et Sûreté de fonctionnement informatique (TSF). Ces travaux se sont principalement articulés autour de la problématique de la sûreté de fonctionnement des systèmes robotique collaboratifs autonomes. Les spécificités de ces systèmes, notamment les interactions physiques humain-robot et la présence d’incertitudes liées aux mécanismes de perception ou de décision, font que les méthodes de sûreté de fonctionnement ou d’analyse du risque utilisées pour les systèmes critiques doivent être reconsidérées. Les principales contributions se concentrent sur deux axes : les méthodes d'analyse de la sécurité-innocuité pour des systèmes robotique collaboratifs (Identification des dangers avec HAZOP-UML et évaluation quantitative de la confiance dans un argumentaire de sécurité de type \emph{safety case}), et les mécanismes de tolérance aux fautes pour des systèmes robotique autonomes (planification redondante et synthèse de règles de sécurité vérifiables en ligne). Ces travaux ouvrent également des perspectives concernant le test des systèmes autonomes dans des mondes virtuels, la gestion des incertitudes pour la certification des robots autonomes en milieu humain, et la surveillance en ligne des différents niveaux d’une architecture logicielle de robot autonome

Uml Based Fmeca In Risk Analysis

Today, as systems become more and more complex, safety is becoming critical. Reducing the risk to an acceptable level with a complete risk management activity is necessary. This paper more precisely focuses on risk analysis; its demonstrate how the use of a risk analysis technic such as the Failure Modes, Effects and Criticality Analysis (FMECA) can be coupled to a object oriented system modeling process in order to guide the designer to exhaustively consider all potential risk, to increase the system security . For the system model, we chose the UML notation, which is now a standard in system and software engineering

1. Motivations Safety Analysis of a Medical Robot for Tele-echography

Among many types of medical equipment, ultrasound diagnostic systems are widely used because of their convenience and safety. Performing an ultrasound examination involves good eye-hand coordination and the ability to integrate the acquired information over time and space. Some of these specialized skills may lack in some healthcare centers or for emergency situations. Tele-consultation is therefore an interesting alternative to conventional care. Development of a high performance remote diagnostic system, which enables an expert operator at the hospital to examine a patient at home, in an emergency vehicle or in a remote clinic, may have a very significant added value. Therefore a robotic tele-ultrasound system is proposed in order to realize the examination in small towns or cities without needing highly qualified medical staff. This system fo

Integration of UML in human factors analysis for safety of a medical robot for tele-echography

Abstract — For new robot applications, as medical robots, safety has became a major concern. The human sharing the working area with the robot led to integrate the field of human factors in the development. Hence, the human component has to be integrated in the early steps of the development process. Regards to the complexity of today’s robotic application, and to the requirements of a teamwork, we choose UML as the language. This paper focuses on the UML modeling contribution to the human factors analysis of a medical robot. A first section presents the function allocation and task analysis step, and a second section deals with human error. Each section is illustrated by a case study of a system for robotic tele-echography (ultrasound scan examination). I. MOTIVATION