Projects for 2009 with Mark Nicholson
My projects involve safety or systems engineering in some way.
There are 8 projects suggested here. My quota is 5 projects.
IMPORTANT NOTE: These are topics for discussion. The nature of the SCSE / GTC is such that a significant involvement by the student in creating the project is inevitable. So please talk to me about it as soon as you can if you are interested in producing a project along the lines discussed below.
If you have other subjects you would like to talk to talk to me about for a project instead of these also please contact me.
MN/1
SYS-ML in Safety Critical Systems [student defined project kah505]
Prerequisites: None
Aims: The aims of the project are to:
1.
Investigate use of
SYS-ML in safety critical systems
2.
Propose an extension
to SYS-ML or process incorporating use of SYS-ML
3.
Case study on
proposal.
Background, Implementation and Evaluation:
Company
processes mandate safety engineering activities throughout the life-cycle of a
product from initial conception to final delivery and subsequent support
activities. Increasingly model‑based technologies are being used by
systems engineers to specify, analyse and develop products. One such technology
is SYS-ML. SYS-ML is a super-subset of UML. It is therefore a product of the
software community and has this community’s ideas on what is system level
embedded in it. How appropriate is this for safety critical systems?
The system
engineering activities are performed by systems engineers who are not safety
specialists however they must be aware of and response to safety concerns. To
achieve these aims the following must be considered:
·
Is the approach and elements intuitive for a non
software engineer?
·
How can it be used in the mechanical, human, system
etc domains,
· Can the work products of safety engineering activities be integrated with the model in a way that makes them available to the system engineers,
· Can the content of the model be used to support the safety case argument,
· Is there a “Safety View” of the model that can be synthesized from the content of the model repository that allows for the safety characteristics of the product to be assessed during the development?
Aspects of SYS-ML and its use that can be
explored are:
·
how to deal with modes,
·
how to incorporate system of system ideas,
· how to explicitly incorporate system level safety engineering / requirements.
Evaluation of any proposed extensions to SYS-ML and or “Safety View” will involve the use of a trial project modelled in SYS-ML. This model will be developed using either an extendible commercial modelling environment or an open source extendible modelling environment such as Eclipse with SYS-ML plug-ins.
SYS-ML [2007]
http://www.omg.org/cgi-bin/apps/doc?formal/07-09-01.pdf
SYS-ML Tutorial
[2008] http://www.omgsysml.org/INCOSE-2008-OMGSysML-Tutorial-Final-revb.pdf
--------------------------------------------------------------------------------------------
MN/2
Use of a Virtual Physiological Human in Systems Engineering [SCSE, GTC]
Prerequisites: None
Aims: The aims of the project are to:
1.
Investigate the ways in which VPH can be used
within systems engineering
2.
Propose a use or a safety case pattern based on the
findings from above
3.
Case study to try out the analysis
Background, Implementation and Evaluation:
The term Virtual Physiological Human refers to a framework of technologies and methods that are making it possible to develop shared resources formed by federations of disparate but integrated computer models of the mechanical, physical, and biochemical functions of a living human body in both healthy and pathological states.
If realised how could a VPH be used as part of system safety engineering. What are the positives? What are the risks? The project will explore the use of VPH in one aspect of safety and / or the potential safety case patterns for the use of such a model.
Royal Society “The EuroPhysiome, STEP and a roadmap for the virtual
physiological human”, Phil. Trans. R. Soc. A (2008)
366, 2979–2999
MN/3
UAV Safety [SCSE]
Prerequisites: None
Aims: The aims of the project are to:
- Consider an aspect of UAV safety
- Produce a proposal that will address a shortcoming identified above
- Evaluation will take the form of UAV case studies
Background, Implementation and Evaluation:
The project “The Hazards of Unmanned Air Vehicle Integration into Unsegregated Airspace “ by Andy Evans started to look at a process of certification of a UAV for civil usage that should that it was at least as safe as current manned vehicles. The start of this process was to create risk acceptability tables for UAV hazards from an amalgamation of ARP 4754 and ESARR 3. He then looked at the FHA phase of development in some detail. Chris Hodson has taken another aspect of civil UAVs; the ground station and in particular the hand-over between ground stations as his project. However, there are a significant number of issues of UAV safety that can be addressed in depth.
1.
Evans, “The Hazards of Unmanned Air Vehicle
Integration into Unsegregated Airspace”, Department of Computer Science,
2.
Hodson, “Handover of Control Between Ground
Stations”, Department of Computer Science,
MN/4
What is the True
Significance of CCF in Accidents? [SCSE, GTC]
Prerequisites: None
Aims: The aims of the project are to:
· Look at the literature on common cause failures (CCF)
· Classify the CCF in accidents and propose a method to improve collection of such information that would be helpful in SCSE
· Evaluation will be via questionnaire and / in-depth interviews / case study.
Background, Implementation and Evaluation:
It is commonly cited that CCF lead to a high proportion of accidents in complex safety critical systems. Where is the evidence for this? Can the types of errors be classified? Can the collection of such information be improved? Could a check-list be drawn up? How can the results be incorporated back into SCSE? At what level should CCF be studied in accident reports: component, system, enterprise?
1. OECD/NEA ICDE Project [2008] at
http://www.nea.fr/html/jointproj/icde.html
2. T.R. Moss, J.D Andrews [1995] “Common Cause Failure Analysis”,
http://magpie.lboro.ac.uk:8080/dspace-jspui/handle/2134/3832
3. AAIB [2008] Report on the
serious incident to Bombardier CL600-2B16 Challenger 604, VP-BJM 8 nm west of Midhurst
VOR,
MN/5
Data Mining for Safety [SCSE, GTC]
Prerequisites: None
Aims: The aims of the project are to:
·
Literature survey on data collection and data mining
·
Improve one aspect of use of data mining
·
Undertake a case study on this aspect
Background, Implementation and Evaluation:
More and more data can be gathered on the performance of a system. In
fact there is so much data that extracting the information from this plethora
can be difficult. Data mining typically incorporates classification, association, sequence and clustering activities. In this project we look at how to produce helpful information for a
systems / systems safety engineering process via the discipline of data mining.
1.
JIN-ZHUANG
XIAO, HONG-RUI WANG [2007] “FAULT DATA MINING ON THE ENCODERS IN NUMERIC
CONTROL SYSTEM BASED ON THE INFORMATION REDUNDANCY OF VELOCITY”, Proceedings of
the Sixth International Conference on Machine Learning and Cybernetics, Hong
Kong, 19-22 August 2007
2.
A.
Montgomery, Data Mining: computer Support for discovering and deploying best
practice in business and public service”, www.comp.rgu.ac.uk/staff/nw/ExpertUpdate/clementine.ps
3.
Z.
Nazeri [2003] “Application of Aviation Safety Data Mining Workbench at American
Airlines” MITRE Corporation.
MN/6
“Grease” Between Trade-off Studies and
Architectures [SCSE]
Prerequisites: None
Aims: The aims of the project are to:
· Literature survey on trade-off studies, architectures and links between them
· Proposal of process of one aspect of how to support move into architectures
· Case study on the above.
Background, Implementation and Evaluation:
Significant amounts of work have gone into producing architectures and architectural patterns for systems over the last few years. At a level above this significant work has also been undertaken into trade-off studies for customer requirements against organisational capabilities. How to join these two pieces of work is currently not well understood. The project would look at ONE aspect of how to bridge this gap. Could a checklist be produced? From a safety perspective how can we identify the safety trade-offs implied and how challenging these will be with respect to making a safety case argument?
1.
Engineering Trade-off Studies [1996]
http://www.sc.doe.gov/sc-31/pdf_file/gpg03.pdf
2.
D. Kalinsky [2005] “Architecture of safety-critical
systems”, Embedded Systems
Design at
www.embedded.com/columns/technicalinsights/169600396?_requestid=50705
3.
Weihang Wu and T.
P. Kelly [2006] “ Managing Architectural Design Decisions for Safety-Critical Software
Systems”, LNCS 4124
MN/7
Verification of software via Model Based
Development techniques [SCSE, GTC]
Prerequisites: None
Aims: The aims of the project are to:
1.
Investigate model based development for safety
critical systems
2.
Propose method for undertaking one aspect of
verification
3.
Case study on the introduction of an approach
Background, Implementation and Evaluation:
Historically
software houses have been handed textual requirements for safety critical and
safety related systems. Translation into a software specification has occurred,
with traceability to the higher level. Then verification of each of the textual
requirements has been undertaken on the code. MBD is different, requirements
from the system level are being placed on development houses in the form of a
diagram within which the requirements are encoded. In the future this will be
extended to a set of related diagrams (possibly in the form of a simulation).
How is the software house to undertake verification of the produced code
against such a diagram / sets of diagrams? How can the traceability
requirements be maintained? How can the integrity of the system be maintained?
Initially the scope of this project shall be looking at techniques and tools to ensure that the produced auto-code is a correct implementation of the design as given in model form. Other phases of the life-cycle shall then be considered, such as means of ensuring or confirming that a design in model form meets the requirements, also specified in model form. Emphasis will be placed on verification of safety requirements.
Dr G. Frost, “Automatic Code Generation for Safety Critical Systems” at
http://www.ricardo.com/download/pdf/pros_cons_ac.pdf
MN/8
Safety Monitoring as
part of Safety Management Systems [SCSE, GTC]
[partially taken 26/2/09]
Prerequisites: None
Aims: The aims of the project are to:
·
Literature survey on monitoring to inform safety management systems
·
Improve one aspect of monitoring
·
Undertake a case study on this aspect
Background, Implementation and Evaluation:
SMS typically relate to ongoing activities, such as operating a airline,
that are ongoing. A means of managing the safety characteristics of the
operations are proposed. Monitoring is required to verify the expected results
and to indicate when changes have occurred that may undermine safety. In this
project the student will take an overview of monitoring and then focus on
monitoring requirements elicitation, or roles and responsibilities for safe
monitoring or key performance indicators for monitoring, or some other specific
aspect of safety monitoring that is amenable to a proposal and evaluation via
case study.
A current student is now undertaking one aspect of this. He is looking
at an operational safety case fragment for UAVs and trying to identify
monitoring requirements against this.
There remain other aspects we may explore.
1. ICAO, “Doc 9859: Safety Management Manual”, 2006
2. ARP 5150, “Safety Assessment of Transport Airplanes in Commercial
Service”, SAE 2003
MN/9 Re-use of the concept of Safety Case Patterns to
Particularise Principle 5 (Assess competence) of the Competence Management
System for a Modification Safety Practitioner [student defined smc 510]
Background: The question of how to assess competence in safety practitioners is one for which the Health and Safety Executive (HSE), Institution of Engineering Technology (IET) and British Computer Society (BCS) have all tried to provide guidance. In 1999 the IET published “Safety Competency and Commitment – Competency Guidance for Safety-Related System Practitioners”. This proposed a competency assessment model and the criteria required to perform certain safety critical functions. This was subsequently updated in 2007 with the publication of “Competence Criteria for Safety Related System Practitioners”.
The HSE in conjunction with the BCS and IET published in 2007 “Managing competence for safety-related systems”. This document is intended to provide guidance for organisations in the development of a Competence Management System (CMS). This is achieved by applying a number of principles. Principle 5 covers assessing competence and requires that the means of assessment for each competence criteria be defined. From this it could be proposed that competency profiles require developing but in what format and how should these be constructed such that they can be re-used to support a Safety Management System (SMS)? This is particularly relevant when it is considered that the role of the safety practitioner varies depending on the context in which they work.
Proposed Project Implementation
Looking beyond the competency based publications the concept of re-usability has been addressed in other aspects of safety. In “Arguing Safety –A Systematic Approach to Managing Safety Cases” Tim Kelly introduced Safety Case Patterns. This provided a means of representing generalised safety arguments such that they could be re-used. Taking this concept and applying it to competency assessment raised the question “could the approach applied to safety cases be developed, such that a competency assessment pattern could be produced to represent a generalised competency assessment?” Such a pattern would be produced with a view to developing a library of patterns for the various criteria that a safety practitioner must satisfy, depending on the context in which they work.
The project will examine if the work undertaken on Safety Case Patterns can be developed to particularise Principle 5 of the CMS for the context of a Modification Safety Practitioner.
The expected project outcomes are as follows:
- Developing the work undertaken for Safety Case Patterns to apply the idea of re-usability to competency assessment.
- Defining a pattern notation/structure that meets the requirements of Principle 5 of the CMS outline.
- Application of the notation/structure to define a pattern for the context of a Modification Safety Practitioner
Method of Evaluation
The proposed means of evaluation would be via a questionnaire to Modification Safety Practitioners to determine if the developed pattern was a suitable and effective means of assessing their competencies.
- T Kelly “Arguing Safety
–A Systematic Approach to Managing Safety Cases”, Thesis,
- IET “Safety Competency and Commitment – Competency Guidance for Safety-related System Practitioners”, 1999.
- IET “Competence Criteria for Safety Related Systems Practioners”, 2007.
- HSE “Managing competence for safety-related systems Part 1:Key Guidance”, 2007.
MN/10 “Integrating Safety Management Systems within complex organisations”
[student defined project jp575]
Background
Complex
organisations contain many departments/projects dealing with different stages
of the through life management of safety critical systems. Each
department/project may have its own safety management system. Whilst the
individual SMS work in isolation, problems arise when interfaces are not
managed robustly and gaps occur.
Aims: The aims of the
project are:
·
Literature survey on best practice of integrating
safety management systems within complex organisations. (I intend to look at air/rail/UK and foreign
military organisation/nuclear)
·
Identify cross cutting risk control elements of
safety management systems ensuring correct levels of communication and feedback
loops to create a fully integrated overarching SMS
·
Propose elements for cross-cutting risk
elements of an SMS
Method of Evaluation
Undertake a case study on a selection of risk control elements
within the Maritime domain of the MoD; from procurement to in-service to assess
approach in a military Maritime environment.
MN/11 Title:
Higher Order Channel Computer Based Safety Critical Control System Design -
Interface and Actuator Design Considerations Robust to Single Failures
Supervised by Haydn Thompson in Sheffield
Aims: To investigate feasibility of and solutions for a higher order channel
control architecture that are robust to single component failures. That is that normal or safe control can be
maintained in the presence of such faults. The study will particularly
concentrate on the designs for voting implementation and actuator
interface. The actuator resilience to
single failures will also be considered. The latest certification requirements
require that ‘CS-E50 (c) (3): ‘The Engine
Control System must be designed and constructed so that… Single Failures of
Engine Control System components do not result in a Hazardous Engine Effect.’
Modern control
systems utilise redundancy so that aircraft can be dispatched with know faults
for a limited period so that maintenance can be planned. The control system impact where dispatch with
faults is permitted, shall be considered.
This is particular interest where a system has not static safe state. In
this case the control system must maintain control to avoid a hazardous
condition.
Background
High order control
systems are used in other industries and in aircraft systems. Previously it has not been necessary to use
higher order control systems for gas turbine control. However due to new engine solutions and
certification considerations it may be necessary to adopt such an architecture
in order to meet these requirements. Solutions and concepts used in Aircraft
systems and other industries (e.g. nuclear) will be examined for deployment in
gas turbine control.
Reading
- Sadeghi,
T. et al. “Fault-Tolerant, Flight-Critical Control Systems”, General
Electric Company, Aircraft Control Systems Dept.
- Mr
A.D.Hills, Engineering Manager, Flight Control Division, GEC Avionics,
Ltd, Airport Works,
- Funk
& Jeppson Honeywell Systems ‘Integrated Diagnostics for Fault-Tolerant
Systems’