| dc.description.abstract | Human teams collaborate by establishing roles, changing functional authorities, maintaining team cognition, coordinating, and helping one another close control loops. These complex interactions are inspiring novel system concepts to improve human-machine and multi-machine collaboration. However, these new systems challenge existing methods to model, analyze, design, and assure their safety. As such, few have been fielded in safety-critical domains like aerospace.
To address this gap, this work develops a rigorous and systematic approach to analyze safety and enable safety-guided design of systems that exhibit collaborative control. It introduces a system-theoretic framework to describe multi-controller interactions. This includes a taxonomy of seven structural dimensions that influence such interactions and nine dynamics observed in collaborative control that are defined using System-Theoretic Accident Model and Processes (STAMP). An analyzed set of controller interactions in aerospace systems demonstrates the framework and highlights how designers are trying to create more sophisticated systems.
The framework provides the necessary foundation to extend the state-of-the-art in hazard analysis, System Theoretic Process Analysis (STPA), to systematically address collaboration. First, a mechanism is developed to incorporate the nine collaborative control dynamics into STAMP control structure models so that they are explicitly considered in hazard analysis. Second, a process is derived from STPA to identify unsafe combinations of control actions between multiple controllers. The procedure systematically considers potential issues involving gaps, overlaps, transfers, and mismatches in authority that are found in teams. It is executed using an abstraction-based algorithm that manages combinatorial complexity and provides automation support. Third, a method is introduced to identify causal factors from these unsafe control combinations that relate to the collaborative dynamics. The new technique, STPATeaming, is applied to a manned-unmanned aircraft teaming case study, and it finds new causal factors not previously found in a past hazard analysis of the same system.
Finally, a structure is derived from Intent Specification to (1) integrate design and assurance processes, (2) support system modeling and analysis at different levels of abstraction, and (3) trace engineering activities using a means-end hierarchy. The framework integrates STPATeaming into a broader systems engineering approach. It also leverages the analytical structure of STPA-Teaming to provide novel traceability of its results directly to architectural design decisions. The safety-guided approach is illustrated using the same case study as above. | |
