Establishing a framework for dynamic risk management in 'intelligent' aero-engine control

The behaviour of control functions in safety critical software systems is typically bounded to prevent the occurrence of known system level hazards. These bounds are typically derived through safety analyses and can be implemented through the use of necessary design features. However, the unpredictability of real world problems can result in changes in the operating context that may invalidate the behavioural bounds themselves, for example, unexpected hazardous operating contexts as a result of failures or degradation. For highly complex problems it may be infeasible to determine the precise desired behavioural bounds of a function that addresses or minimises risk for hazardous operation cases prior to deployment. This paper presents an overview of the safety challenges associated with such a problem and how such problems might be addressed. A self-management framework is proposed that performs on-line risk management. The features of the framework are shown in context of employing intelligent adaptive controllers operating within complex and highly dynamic problem domains such as Gas-Turbine Aero Engine control. Safety assurance arguments enabled by the framework necessary for certification are also outlined

Formal Verification of Neural Network Controlled Autonomous Systems

In this paper, we consider the problem of formally verifying the safety of an autonomous robot equipped with a Neural Network (NN) controller that processes LiDAR images to produce control actions. Given a workspace that is characterized by a set of polytopic obstacles, our objective is to compute the set of safe initial conditions such that a robot trajectory starting from these initial conditions is guaranteed to avoid the obstacles. Our approach is to construct a finite state abstraction of the system and use standard reachability analysis over the finite state abstraction to compute the set of the safe initial states. The first technical problem in computing the finite state abstraction is to mathematically model the imaging function that maps the robot position to the LiDAR image. To that end, we introduce the notion of imaging-adapted sets as partitions of the workspace in which the imaging function is guaranteed to be affine. We develop a polynomial-time algorithm to partition the workspace into imaging-adapted sets along with computing the corresponding affine imaging functions. Given this workspace partitioning, a discrete-time linear dynamics of the robot, and a pre-trained NN controller with Rectified Linear Unit (ReLU) nonlinearity, the second technical challenge is to analyze the behavior of the neural network. To that end, we utilize a Satisfiability Modulo Convex (SMC) encoding to enumerate all the possible segments of different ReLUs. SMC solvers then use a Boolean satisfiability solver and a convex programming solver and decompose the problem into smaller subproblems. To accelerate this process, we develop a pre-processing algorithm that could rapidly prune the space feasible ReLU segments. Finally, we demonstrate the efficiency of the proposed algorithms using numerical simulations with increasing complexity of the neural network controller

Confidence Arguments for Evidence of Performance in Machine Learning for Highly Automated Driving Functions

Due to their ability to efficiently process unstructured and highly dimensional input data, machine learning algorithms are being applied to perception tasks for highly automated driving functions. The consequences of failures and insu_ciencies in such algorithms are severe and a convincing assurance case that the algorithms meet certain safety requirements is therefore required. However, the task of demonstrating the performance of such algorithms is non-trivial, and as yet, no consensus has formed regarding an appropriate set of verification measures. This paper provides a framework for reasoning about the contribution of performance evidence to the assurance case for machine learning in an automated driving context and applies the evaluation criteria to a pedestrian recognition case study

A systematic review of the evidence for single stage and two stage revision of infected knee replacement

BACKGROUND: Periprosthetic infection about the knee is a devastating complication that may affect between 1% and 5% of knee replacement. With over 79 000 knee replacements being implanted each year in the UK, periprosthetic infection (PJI) is set to become an important burden of disease and cost to the healthcare economy. One of the important controversies in treatment of PJI is whether a single stage revision operation is superior to a two-stage procedure. This study sought to systematically evaluate the published evidence to determine which technique had lowest reinfection rates. METHODS: A systematic review of the literature was undertaken using the MEDLINE and EMBASE databases with the aim to identify existing studies that present the outcomes of each surgical technique. Reinfection rate was the primary outcome measure. Studies of specific subsets of patients such as resistant organisms were excluded. RESULTS: 63 studies were identified that met the inclusion criteria. The majority of which (58) were reports of two-stage revision. Reinfection rated varied between 0% and 41% in two-stage studies, and 0% and 11% in single stage studies. No clinical trials were identified and the majority of studies were observational studies. CONCLUSIONS: Evidence for both one-stage and two-stage revision is largely of low quality. The evidence basis for two-stage revision is significantly larger, and further work into direct comparison between the two techniques should be undertaken as a priority

Targeting of human interleukin-12B by small hairpin RNAs in xenografted psoriatic skin

<p>Abstract</p> <p>Background</p> <p>Psoriasis is a chronic inflammatory skin disorder that shows as erythematous and scaly lesions. The pathogenesis of psoriasis is driven by a dysregulation of the immune system which leads to an altered cytokine production. Proinflammatory cytokines that are up-regulated in psoriasis include tumor necrosis factor alpha (TNFα), interleukin-12 (IL-12), and IL-23 for which monoclonal antibodies have already been approved for clinical use. We have previously documented the therapeutic applicability of targeting TNFα mRNA for RNA interference-mediated down-regulation by anti-TNFα small hairpin RNAs (shRNAs) delivered by lentiviral vectors to xenografted psoriatic skin. The present report aims at targeting mRNA encoding the shared p40 subunit (IL-12B) of IL-12 and IL-23 by cellular transduction with lentiviral vectors encoding anti-IL12B shRNAs.</p> <p>Methods</p> <p>Effective anti-IL12B shRNAs are identified among a panel of shRNAs by potency measurements in cultured cells. The efficiency and persistency of lentiviral gene delivery to xenografted human skin are investigated by bioluminescence analysis of skin treated with lentiviral vectors encoding the luciferase gene. shRNA-expressing lentiviral vectors are intradermally injected in xenografted psoriatic skin and the effects of the treatment evaluated by clinical psoriasis scoring, by measurements of epidermal thickness, and IL-12B mRNA levels.</p> <p>Results</p> <p>Potent and persistent transgene expression following a single intradermal injection of lentiviral vectors in xenografted human skin is reported. Stable IL-12B mRNA knockdown and reduced epidermal thickness are achieved three weeks after treatment of xenografted psoriatic skin with lentivirus-encoded anti-IL12B shRNAs. These findings mimick the results obtained with anti-TNFα shRNAs but, in contrast to anti-TNFα treatment, anti-IL12B shRNAs do not ameliorate the psoriatic phenotype as evaluated by semi-quantitative clinical scoring and by immunohistological examination.</p> <p>Conclusions</p> <p>Our studies consolidate the properties of lentiviral vectors as a tool for potent gene delivery and for evaluation of mRNA targets for anti-inflammatory therapy. However, in contrast to local anti-TNFα treatment, the therapeutic potential of targeting IL-12B at the RNA level in psoriasis is questioned.</p

Central CD4+ T cell tolerance: deletion versus regulatory T cell differentiation

The diversion of MHC class II-restricted thymocytes into the regulatory T (Treg) cell lineage, similarly to clonal deletion, is driven by intrathymic encounter of agonist self-antigens. Somewhat paradoxically, it thus seems that the expression of an autoreactive T cell receptor is a shared characteristic of T cells that are subject to clonal deletion and those that are diverted into the Treg cell lineage. Here, we discuss how thymocyte-intrinsic and -extrinsic determinants may specify the choice between these two fundamentally different T cell fates

Using fuzzy self-organising maps for safety critical systems

This paper defines a type of constrained artificial neural network (ANN) that enables analytical certification arguments whilst retaining valuable performance characteristics. Previous work has defined a safety lifecycle for ANNs without detailing a specific neural model. Building on this previous work, the underpinning of the devised model is based upon an existing neuro-fuzzy system called the fuzzy self-organising map (FSOM). The FSOM is type of 'hybrid' ANN which allows behaviour to be described qualitatively and quantitatively using meaningful expressions. Safety of the FSOM is argued through adherence to safety requirements-derived from hazard analysis and expressed using safety constraints. The approach enables the construction of compelling (product-based) arguments for mitigation of potential failure modes associated with the FSOM. The constrained FSOM has been termed a 'safety critical artificial neural network' (SCANN). The SCANN can be used for non-linear function approximation and allows certified learning and generalisation for high criticality roles. A discussion of benefits for real-world applications is also presented. (c) 2006 Elsevier Ltd. All rights reserved

Using Safety Critical Artificial Neural Networks in Gas Turbine Aero-Engine Control

‘Safety Critical Artificial Neural Networks’ (SCANNs) have been previously defined to perform nonlinear function approximation and learning. SCANN exploits safety constraints to ensure identified failure modes are mitigated for highly-dependable roles. It represents both qualitative and quantitative knowledge using fuzzy rules and is described as a ‘hybrid’ neural network. The ‘Safety Lifecycle for Artificial Neural Networks’ (SLANN) has also previously defined the appropriate development and safety analysis tasks for these ‘hybrid’ neural networks. This paper examines the practicalities of using the SCANN and SLANN for Gas Turbine Aero-Engine control. The solution facilitates adaptation to a changing environment such as engine degradation and offers extra cost efficiency over conventional approaches. A walkthrough of the SLANN is presented demonstrating the interrelationship of development and safety processes enabling product-based safety arguments. Results illustrating the benefits and safety of the SCANN in a Gas Turbine Engine Model are provided using the SCANN simulation tool

Using Safety Critical Artificial Neural Networks in Gas Turbine Aero-Engine Control

‘Safety Critical Artificial Neural Networks’ (SCANNs) have been previously defined to perform nonlinear function approximation and learning. SCANN exploits safety constraints to ensure identified failure modes are mitigated for highly-dependable roles. It represents both qualitative and quantitative knowledge using fuzzy rules and is described as a ‘hybrid’ neural network. The ‘Safety Lifecycle for Artificial Neural Networks’ (SLANN) has also previously defined the appropriate development and safety analysis tasks for these ‘hybrid’ neural networks. This paper examines the practicalities of using the SCANN and SLANN for Gas Turbine Aero-Engine control. The solution facilitates adaptation to a changing environment such as engine degradation and offers extra cost efficiency over conventional approaches. A walkthrough of the SLANN is presented demonstrating the interrelationship of development and safety processes enabling product-based safety arguments. Results illustrating the benefits and safety of the SCANN in a Gas Turbine Engine Model are provided using the SCANN simulation tool