As the complexity and influence of engineering systems in modern society increases, so too does their potential to create counterintuitive and catastrophic accidents. Increasingly, the accidents encountered in these systems are defying the linearized notions of accident causality that-though developed for the simpler engineered systems of the past-are prevalently used for accident prevention today. In this dissertation, an alternative approach to accident prevention based on systems theory-the Systems-Theoretic Accident Model and Processes (STAMP) and STAMP-based hazard analysis (STPA)-is augmented with the notion of using phase space attractors to evaluate how well STAMP safety control structures enforce system safety constraints. Phase space attractors are mathematical results that emerge from the behavior of systems with dynamic structures that draw or constrain these systems to specific regions of their phase space in spite of a range of conditions. Accordingly, the goal in using this notion for the evaluation of safety constraint enforcement is to identify and analyze the attractors produced by a safety control structure to determine if it will adequately "attract" the system to safe states in spite of a range of unforeseeable conditions. Support for this approach to evaluating STAMP safety control structures is provided through the study of a safety control structure in an existing complex, socio-technical system. This case study is focused on a safety control process-referred to as Procedure Rework-used in Space Shuttle Mission Control to update procedures during in-flight operations as they are invalidated by changes in the state of the Space Shuttle and its environment.(cont.) Simulation models of procedure rework are developed through physical and human factors principles and calibrated with data from five Space Shuttle missions; producing simulation results with deviations from the historical data that are-as characterized by Theil Inequality Statistics-small and primarily due to cycles and noise that are not relevant to the models' purpose. The models are used to analyze the attractor produced by the Procedure Rework Process across varied conditions, including a notional crewed spacecraft mission to a distant celestial body. A detrimental effect in the process is identified-and shown to be potentially far more severe than light delay on a mission to a distant celestial body-and approaches to mitigating the effect are explored. Finally, the analysis conducted is described as a generalizeable process for using phase space attractors to evaluate system safety constraint enforcement in engineering systems.

Thesis (Ph. D.)--Massachusetts Institute of Technology, Engineering Systems Division, 2009.Vita. Cataloged from PDF version of thesis.Includes bibliographical references (p. 390-409).