An investigation into hazard-centric analysis of complex autonomous systems

This thesis proposes a hypothesis that a conventional, and essentially manual, HAZOP process can be improved with information obtained with model-based dynamic simulation, using a Monte Carlo approach, to update a Bayesian Belief model representing the expected relations between cause and effects – and thereby produce an enhanced HAZOP. The work considers how the expertise of a hazard and operability study team might be augmented with access to behavioural models, simulations and belief inference models. This incorporates models of dynamically complex system behaviour, considering where these might contribute to the expertise of a hazard and operability study team, and how these might bolster trust in the portrayal of system behaviour. With a questionnaire containing behavioural outputs from a representative systems model, responses were collected from a group with relevant domain expertise. From this it is argued that the quality of analysis is dependent upon the experience and expertise of the participants but this might be artificially augmented using probabilistic data derived from a system dynamics model. Consequently, Monte Carlo simulations of an improved exemplar system dynamics model are used to condition a behavioural inference model and also to generate measures of emergence associated with the deviation parameter used in the study. A Bayesian approach towards probability is adopted where particular events and combinations of circumstances are effectively unique or hypothetical, and perhaps irreproducible in practice. Therefore, it is shown that a Bayesian model, representing beliefs expressed in a hazard and operability study, conditioned by the likely occurrence of flaw events causing specific deviant behaviour from evidence observed in the system dynamical behaviour, may combine intuitive estimates based upon experience and expertise, with quantitative statistical information representing plausible evidence of safety constraint violation. A further behavioural measure identifies potential emergent behaviour by way of a Lyapunov Exponent. Together these improvements enhance the awareness of potential hazard cases

Hazards in advising autonomy: developing requirements for a hazard modelling methodology incorporating system dynamics

This paper describes the continuation of a research project to identify and develop tools for the identification and management of hazards likely to arise with the quality and reliability of automatic advice - such as in an automated system advisory function, especially where supporting a “Sense & Avoid” capability as embodied within an airborne autonomous system. An earlier literature survey has been used to map detail onto a Use Case model representing an outline certifiable system development process; thereby helping to identify an appropriate research direction within the broad range of potential end-user requirements. From this direction, an approach has emerged to evaluate hypothetical deviations from declared intent within a behavioral modeling framework to be styled upon Owen's STAMP-Based Hazard Analysis (STPA). For this approach an outline exemplar describing an air-proximity hazard arising between two air-vehicles has been developed, and the representation of the control structure and system dynamics describing this model are considered. Arising from this model some consideration is then given towards the expression of a more systematic approach in the construction of such models, leading towards new methods to derive safety requirements for implementation within autonomous air systems

Hazards in advising autonomy: incorporating hazard modelling with system dynamics into the aerospace safety assessment process for UAS

This paper describes the further continuation of an investigation to identify and develop tools for the identification and management of hazards likely to arise with the quality and behavioural aspects in and resulting from automatic advice - such as might arise with an automated system advisory function facilitating critical decision-making with an autonomous vehicle. An example of a representative critical advisory function is identified in that supporting a necessary “Sense & Avoid” capability, as embodied within a airborne autonomous system. In consideration then of how might a model driven approach, combining physical and dynamical models, statistical data and belief be combined to aid system evaluation, work has so far been undertaken to investigate the nature of suitable models to provide representations of the control structure and system dynamics. Whilst the system engineering methods are to be generic, the context of “Sense & Avoid” provides a relevant framework within which to pose a “toy-problem” with complex behaviour, against which to judge the methods and models

Multiplatform phased mission reliability modelling for mission planning

Autonomous systems are being increasingly used in many areas. A significant example is unmanned aerial vehicles (UAVs), regularly being called upon to perform tasks in the military theatre. Autonomous systems can work alone or be called upon to work collaboratively towards common mission objectives. In this case it will be necessary to ensure that the decisions enable the progression of the platform objectives and also the overall mission objectives. The motivation behind the work presented in this paper is the need to be able to predict the failure probability of missions performed by a number of autonomous systems working together. Such mission prognoses can assist the mission planning process in autonomous systems when conditions change, with reconfiguration taking place if the probability of mission failure becomes unacceptably high. In a multiplatform phased mission a number of platforms perform their own phased mission that contributes to an overall mission objective. Presented in this paper is a methodology for calculating the phase failure probabilities of a multiplatform phased mission. These probabilities are then used to find the total mission failure probability. Prior to the mission the failure probabilities are used to decide if the original mission structure is acceptable. Once underway, failure probabilities, updated as circumstances change, are used to decide whether a mission should continue. Circumstances can change owing to failures on a platform, changing environmental conditions (weather), or the occurrence of unforeseen external events (emerging threats). This diagnostics information should be used to ensure that the updated failure probabilities calculated take into account the most up-to-date system information possible. Since the speed of decision making and the accuracy of the information used are essential, binary decision diagrams (BDDs) are utilized to form the basis of a fast, accurate quantification process

A reliability analysis method using binary decision diagrams in phased mission planning

The use of autonomous systems is becoming increasingly common in many fields. A significant example of this is the ambition to deploy unmanned aerial vehicles (UAVs) for both civil and military applications. In order for autonomous systems such as these to operate effectively, they must be capable of making decisions regarding the appropriate future course of their mission responding to changes in circumstance in as short a time as possible. The systems will typically perform phased missions and, owing to the uncertain nature of the environments in which the systems operate, the mission objectives may be subject to change at short notice. The ability to evaluate the different possible mission configurations is crucial in making the right decision about the mission tasks that should be performed in order to give the highest possible probability of mission success. Because binary decision diagrams (BDDs) may be quickly and accurately quantified to give measures of the system reliability it is anticipated that they are the most appropriate analysis tools to form the basis of a reliability-based prognostics methodology. The current paper presents a new BDD-based approach for phased mission analysis, which seeks to take advantage of the proven fast analysis characteristics of the BDD and enhance it in ways that are suited to the demands of a decision-making capability for autonomous systems. The BDD approach presented allows BDDs representing the failure causes in the different phases of a mission to be constructed quickly by treating component failures in different phases of the mission as separate variables. This allows flexibility when building mission phase failure BDDs because a global variable ordering scheme is not required. An alternative representation of component states in time intervals allows the dependencies to be efficiently dealt with during the quantification process. Nodes in the BDD can represent components with any number of failure modes or factors external to the system that could affect its behaviour, such as the weather. Path simplification rules and quantification rules are developed that allow the calculation of phase failure probabilities for this new BDD approach. The proposed method provides a phased mission analysis technique that allows the rapid construction of reliability models for phased missions and, with the use of BDDs, rapid quantification