Trust in MDE Components: the DOMINO Experiment

International audienceA large number of modeling activities can be automatic or computer assisted. This automation ensures a more rapid and robust software development. However, engineers must ensure that the models have the properties required for the application. In order to tend towards this requirement, the DOMINO project (DOMaINs and methodological prOcess) proposes to use the socalled trustworthy Model-Driven Engineering (MDE) components and aims to provide a methodology for the validation and qualification of such components

An operator-centered, model-based framework for ground segment design, supporting training and operations

International audienc

A Model-Based Approach Centred on Operational Procedures for the Development of Reliable and Usable Ground Segment Systems

International audienceThis paper deals with technologies, methods and tools for improving space operations. The work presented here builds upon previous research and development activities carried out on multimodal interaction techniques for ground segment systems. Within this project we defined and exploited formal description techniques for both the interactive part of the ground segment system (GSS) and the functional part. We report here an extension to the approach which encompasses two additional elements: operational procedures and operator training

Formal Modelling of Incidents and Accidents as a Means for Enriching Training Material for Satellite Control Operations

International audiencePreventing incidents and accidents from recurring is a way of improving safety and reliability of safetycritical systems. When iterations of the development process can be rapid (as for instance for most web applications), the system can be easily modified and redeployed integrating behavioural changes that would prevent the same incident or accident from recurring. When the development process is more resource consuming by, for instance, the addition of certification phases and the need to abide by standards, the design and implementation of barriers (Hollnagel 2004) is considered. Previous research (Basnyat et al. 2007) proposes the specification and integration of barriers to existing systems in order to prevent undesired consequences. Such barriers are designed so that they can be considered as patches over an already existing and deployed system. These two aforementioned approaches are potentially complementary (typically, one would be preferred to the other depending on the severity of the failures or incidents that occurred), putting the system at the centre of the preoccupations of the devel

UX for Some and Usability for Others: Issues of Blending Multi-user and Multi-property in Control Centers

International audienceWhen designing an interactive system, considering usability is important in order to ensure that users can perform their tasks with the interactive system and that each information or function they need to perform their tasks is available at most relevant time. Consideration of the user experience is also important in order to take into account how users feel about using the interactive system. In case where users belong to different user profiles, design of the interactive system may have to consider conflicts between target usability and user experience. From study of the documentation and users’ knowledge, we present a multi-user and multi-property control center: Jupiter 2 Control Center at Guiana Space Center of French space studies center (CNES). As public audience and press are allowed to assist to launch in the Jupiter 2 Control Center, they can see operators’ work and information displayed in the control center. Then, specificity of this control center compared to others is that different user profiles with different goals use it at the same time. Some users use it to perform their work, whereas others use it to enjoy the launch. We use the Jupiter 2 Control Center as an example to find potential design issues for a future control center with similar characteristics. Conflicts between the different users’ goals and the related properties are discussed in this paper

Systematic Approaches to Training Encompassing Operators’ mission and Interaction Techniques

International audienc

A Systematic Approach to Training for Ground Segment using Tasks and Scenarios: Application to PICARD satellite

International audienceUsability has been identified as one of the most critical and most difficult nonfunctional requirement for software systems as reported in 18. Without adequate account for user needs, user requirements and lack of input overall cost of software development might exceed 100% as demonstrated by a detailed study over 8000 project in 382 companies. However, beyond the classical 3 factors of usability (as defined in 12) namely efficiency, effectiveness and satisfaction, their integration within the development process of software systems remains a research question not answered by standards or regulation authorities. This paper presents such a development process and its application to the development of large scale interactive systems such as satellite ground segments. It integrates critical characteristics such as iteration, forma l description techniques, operators tasks description, prototyping and training design to support in a systematic way the fundamental principles of User Centered Design (UCD)14

Model-Based Training: An Approach Supporting Operability of Critical Interactive Systems: Application to Satellite Ground Segments

International audienceOperation of safety critical systems requires qualified operators that have detailed knowledge about the system they are using and how it should be used. Instructional Design and Technology intends to analyze, design, implement, evaluate, maintain and manage training programs. Among the many methods and processes that are currently in use, the first one to be widely exploited was Instructional Systems Development (ISD) which has been further developed in many ramifications and is part of the Systematic Approach to Training (SAT) instructional design family. One of the key features of these processes (at least when they are refined) is the importance of Instructional Task Analysis, particularly the decomposition of a job in its tasks and sub-tasks in order to decide what knowledge and skills must be acquired by the trainee. This paper proposes to leverage this systematic approach using model-based approaches currently used for interactive systems engineering in order to design such training programs and thus to improve human reliability. The paper explains how task and interactive systems modeling can be bound to job analysis to ensure that each trainee meets the performance goals required. Such training ensures proper learning at the three levels of the Skills Rule Knowledge (SRK) levels of Rasmussen's. In the case study we describe the process for building a training program for operators of satellite ground segments, which is based on and compatible with the Ground Systems and Operations ECSS standard. Then, we propose to enhance this process with a) the application of a Systematic Approach to Training and b) the use of both a System Model and an Operator Task Model. The system model is build using the ICO notation while operators' goals and tasks are described using HAMSTERS notation

Task Models for Supporting Function Allocation between Operators and Autonomous Systems: Application to Collision Avoidance Operations for Spacecraft

International audienceThis position paper advocates that enhanced tasks description techniques can support the design of collaborative systems by supporting function allocation. This support can be useful for allocating functions between operators but also for migrating functions from operators to automation. Designing systems in such a way that as much functions as possible are automated has been the driving direction of research and engineering in aviation, space and more generally in computer science for many years. In the 90's many studies (e.g. (Palmer 1995) related to the notion of mode confusion) have demonstrated that fully automated systems are out of the grasp of current technologies and that additionally migrating functions (Boy 1998) from the operator to the system might have disastrous impact on operations both in terms of safety and usability. In order to be able to design automation with a hedonic view of the involved factors (safety, usability, reliability , …) a complete understanding of operator's tasks is required prior to considering migrating them to the system side or distributing them between a group of operators. This paper proposes a contribution for reasoning about multiuser (in-cluding automation)designs using a model-based approach exploiting refined collaborative task models. These models describe operations with enough details in order to reason about automation, function allocation and to rationalize the related designs. In this paper we present how such representations can support the assessment of alternative design options including automation. These contributions are exemplified in a multinational context of Spacecraft Collision Avoidance Systems