A safety shell for UML-RT projects structure and methods of the corresponding UML pattern

A safety shell pattern was defined based on a re-configuration management pattern and inspired by the architectural specifications in Specification PEARL. It is meant to be used for real-time applications to be developed with UML-RT as described. The implementation of the safety shell features as defined in Kornecki and Zalewski (Software Development for Real-Time Safety—Critical Applications. Software Engineering Workshop—Tutorial Notes, 29th Annual IEEE/NASA 03, pp 1–95, 2005), namely, its timing and state guards as well as I/O protection and exception handling mechanisms, is explained. The pattern is parameterised by defining the properties of its components as well as by defining the mapping between software and hardware architectures. Initial and alternative execution scenarios as well as the method for switching between them are defined. The goal pursued with the safety shell is to obtain clearly specified operation scenarios with well-defined transitions between them. To achieve safe and timely operation, the pattern must provide safety shell mechanisms for an application designed, i.e., enable its predictable deterministic and temporally predictable operation now and in the future.     

Productivity optimization of an industrial semi-batch polymerization reactor under safety constraints

In this work the operation of an industrial semi-batch reactor is optimized. In the reactor a strongly exothermic polymerization reaction takes place and the objective is to minimize the duration of the batch time. Various operational as well as quality and safety related constraints have to be met during the batch and at its final time. In particular, a cooling system failure is taken into account explicitly since the temperature rise in this case must not exceed a corresponding limit. The optimization is based on a detailed process model derived from first principles. A reduced model is developed for optimization and trajectories for the operational variables feed flowrate and reactor temperature are calculated. The results show that significant reductions of the batch time are possible and that their extent depend on the formulated safety constraints. For a selected case the obtained optimal trajectories are verified experimentally in laboratory and production scale.     

Human and organizational error in large scale systems

We are rarely interested in organizations that can do catastrophic harm until something happens in them to attract public attention. Yet when that event occurs we usually find the cause is not simply human error. More often, human error is embedded in organizational and societal processes that ultimately result in the error. The thesis of this essay is that we cannot fully understand the complex social processes that underlie either the reliable or unreliable operations of complex social and technical systems without examining such systems in their totality. The purpose of this paper is to identify some determinants of behavior most important in understanding the operation of large scale systems in highly turbulent environments, and to suggest research that needs to be done to reduce error in these systems. We consider both active and latent failures. We propose that by effectively managing these determinants, potentially unsafe organizations can view and navigate the “safety space” more effectively, moving along the safety continuum toward more safe, rather than less safe, systems     

A systems approach to organizational error

Abstract

The past two decades have seen a significant number of large-scale disasters in a wide range of hazardous, well-defended technologies. Despite their differences, the root causes of these accidents have been traced to latent failures and organizational errors arising in the upper echelons of the system in question. A model of the aetiology of these organizational accidents is outlined. The model describes two interrelated causal sequences: (a) an active failure pathway that originates in top-level decisions and proceeds via error-producing and violation-promoting conditions in the various workplaces to unsafe acts committed by those at the immediate human-system interface and (b) a latent failure pathway that runs directly from the organizational processes to deficiencies in the system's defences. The paper goes on to identify two sets of dependencies associated with latent failures and violations. Organizational errors increase the likelihood of operator error through the active failure pathway and, at the same time, enhance the possibility of adverse outcomes through defensive weaknesses. Violations have a narrower range of consequences. Non-compliance with safe operating procedures increases the likelihood of error by taking perpetrators into regions of operation in which neither the physical regime nor the hazards are well understood. Violations, by definition, also take perpetrators ‘closer to the edge,’ and thus increase the chance that subsequent errors will have damaging outcomes. The paper concludes by indicating two ways in which the model has been applied in industrial settings: (a) through the development of proactive measures for diagnosing and remedying organizational processes known to be implicated in accident causation, and (b) an accident investigation technique that guides investigators and analysts to the organizational root causes of past accidents.     

Barrier-Certified Learning-Enabled Safe Control Design for Systems Operating in Uncertain Environments

This paper presents learning-enabled barriercertified safe controllers for systems that operate in a shared environment for which multiple systems with uncertain dynamics and behaviors interact.That is,safety constraints are imposed by not only the ego system’s own physical limitations but also other systems operating nearby.Since the model of the external agent is required to impose control barrier functions(CBFs)as safety constraints,a safety-aware loss function is defined and minimized to learn the uncertain and unknown behavior of external agents.More specifically,the loss function is defined based on barrier function error,instead of the system model error,and is minimized for both current samples as well as past samples stored in the memory to assure a fast and generalizable learning algorithm for approximating the safe set.The proposed model learning and CBF are then integrated together to form a learning-enabled zeroing CBF(L-ZCBF),which employs the approximated trajectory information of the external agents provided by the learned model but shrinks the safety boundary in case of an imminent safety violation using instantaneous sensory observations.It is shown that the proposed L-ZCBF assures the safety guarantees during learning and even in the face of inaccurate or simplified approximation of external agents,which is crucial in safety-critical applications in highly interactive environments.The efficacy of the proposed method is examined in a simulation of safe maneuver control of a vehicle in an urban area.     

A comprehensive decision-making model for risk management of supply chain

Risk management of a supply chain (SC) has a great influence on the stability of dynamic cooperation among SC partners and hence very important for the performance of the SC operations as a whole. A suitable decision-making model is the cornerstone for the efficiency of SC risk management. We propose in this paper a decision-making model based on the internal triggering and interactive mechanisms in an SC risk system, which takes into account dual cycles, the operational process cycle (OPC) and the product life cycle (PLC). We explore the inter-relationship among the two cycles, SC organizational performance factors (OPF) and available risk operational practice (ROP), as well as the risk managerial elements in OPC and PLC. In particular, three types of relationship, bilateral, unilateral and inter-circulative ones, are analyzed and verified. We build this dynamic relation into SC risk managerial logic and design a corresponding decision-making path. Based on the analytic network process (ANP), a methodology is designed for an optimal selection of risk management methods and tools. A numerical example is provided as an operational guideline for how to apply it to tailor operational tactics in SC risk management. The results verify that this strategic decision model is a feasible access to the suitable risk operational tactics for practitioners.     

基于动态建模与重构的列车轴承故障检测和定位

列车运行时轴承故障的检测与定位对于列车运行安全与健康维护至关重要. 现有的轴承故障报警系统主要是基于单一轴温变量的规则诊断, 报警不及时. 针对上述问题, 本文结合运行于相似环境和速度的同车多轴轴温的相关性及轴温动态性, 提出了一种数据驱动的基于多轴轴温动态潜结构的列车轴承故障检测与定位方法. 首先, 提出基于动态内在典型相关分析(Dynamic-inner canonical correlation analysis, DiCCA)的列车多轴轴温动态潜结构建模方法; 其次, 利用所建立的模型, 提出基于DiCCA综合指标的列车轴承故障检测方法; 在此基础上, 提出基于DiCCA多向重构的列车轴承故障定位方法. 利用某列车实际运行时的轴温数据进行验证, 结果表明了所提方法的有效性.     

A knowledge-based approach to safety evaluation for plant start-up

To improve the safety of plant start-up operation, a safety evaluation system has been developed. As a key component in an operational design support system, the evaluation system examines any potential hazards during start-up operation simulation. The evaluation system is integrated into an operational design methodology which designs operable processes by proposing alternatives, examining process safety and operability, and modifying operating procedures or plant structures. Issues for both methodology and implementation of a G2-based expert system are discussed. Finally, the system is applied to an industrial hydrodesulphurization process.     

基于贝叶斯网络构建RoboSim模型的自动驾驶行为决策

为汽车自动驾驶提供安全高效的自动驾驶行为决策,是汽车自动驾驶领域面临的挑战性问题之一.目前,随着自动驾驶行业的蓬勃发展,工业界与学术界提出了诸多自动驾驶行为决策方法,但由于汽车自动驾驶行为决策受环境不确定因素的影响,决策本身也要求实效性及高安全性,现有的行为决策方法难以完全支撑这些要素.针对以上问题,提出了一种基于贝叶斯网络构建RoboSim模型的自动驾驶行为决策方法.首先,基于领域本体分析自动驾驶场景元素之间的语义关系,并结合LSTM模型预测场景中动态实体的意图,进而为构建贝叶斯网络提供驾驶场景理解信息;然后,通过贝叶斯网络推理特定场景的自动驾驶行为决策,并使用RoboSim模型的状态迁移承载行为决策的动态执行过程,以减少贝叶斯网络推理的冗余操作,提高了决策生成的效率. RoboSim模型具有平台无关、能模拟仿真执行周期的特点,并支持多种形式化的验证技术.为确保行为决策的安全性,使用模型检测工具UPPAAL对RoboSim模型进行验证分析.最后,结合变道超车场景案例,进一步证实所提方法的可行性,为设计安全、高效的自动驾驶行为决策提供了一种可行的途径.     

Nordic Safety Climate Questionnaire (NOSACQ-50): A new tool for diagnosing occupational safety climate

Although there is a plethora of questionnaire instruments for measuring safety climate or culture, very few have proven able to present a factor structure that is consistent in different contexts, and many have a vague theoretical grounding. The Nordic Safety Climate Questionnaire (NOSACQ-50) was developed by a team of Nordic occupational safety researchers based on organizational and safety climate theory, psychological theory, previous empirical research, empirical results acquired through international studies, and a continuous development process. Safety climate is defined as workgroup members’ shared perceptions of management and workgroup safety related policies, procedures and practices. NOSACQ-50 consists of 50 items across seven dimensions, i.e. shared perceptions of: 1) management safety priority, commitment and competence; 2) management safety empowerment; and 3) management safety justice; as well as shared perceptions of 4) workers’ safety commitment; 5) workers’ safety priority and risk non-acceptance; 6) safety communication, learning, and trust in co-workers’ safety competence; and 7) workers’ trust in the efficacy of safety systems. Initial versions of the instrument were tested for validity and reliability in four separate Nordic studies using native language versions in each respective Nordic country. NOSACQ-50 was found to be a reliable instrument for measuring safety climate, and valid for predicting safety motivation, perceived safety level, and self-rated safety behavior. The validity of NOSACQ-50 was further confirmed by its ability to distinguish between organizational units through detecting significant differences in safety climate.

Relevance to industry

NOSACQ-50 will enable comparative studies of safety climate between and within companies, industries and countries. It is suitable for research purposes as well as for practical use in evaluating safety climate status, as a diagnostic tool, and in evaluating the effect of safety climate interventions.     

IT一体化运维管控技术与管理研究

在分析了当前电力行业中IT运维操作面临的内部和外部安全风险与需求的基础上,以IT运维安全审计系统、动态口令认证系统、防火墙等运维安全系统为研究对象,对IT运维安全的技术手段与管理手段进行探讨,并提出相应的技术方案和安全管理要求,对内部人员和第三方人员实现一体化运维管控。经实践表明,该技术方案和管理要求是可行有效的,既满足IT运维审计的实际需要,又符合IT内控管理中的合规性要求。     

Integrated Optimization Models and Problems of Gas Production,Distribution, and Storage

The authors consider the mathematical modeling of flow distribution in gas transmission networks, which take into account the possibility of establishing reserves in underground storage resources and different operation strategies of gas companies. Taking into account the basic technical and economic prerequisites, the problem of determining the optimal production rates for gas fields is analyzed. The proposed mathematical tools are aimed at solving problems of long-term planning, but it can also be applied to the cases of operational control of gas transmission systems.     

An interpretive model of occupational safety performance for Small- and Medium-sized Enterprises

Several conceptual models of Occupational Safety and Health and (OSH) performance have been proposed by researchers. However, these models are not fully exploitable by Small- and Medium-sized Enterprises' (SME) managers and entrepreneurs because they do not take into account the particular factors and the particular structure of the cause-to-effect chain of interactions characterizing all the relevant OSH factors and the safety performance of an SME, in an intervention-oriented way through a complete view of the issue. In the light of the above, this paper proposes a systemic, intervention-oriented model of safety performance specifically designed for the SMEs. The design of the model required the identification of all the OSH factors relevant for SMEs. Using a Focus group approach, these factors have been detailed into sub-factors and grouped into affinity areas. The sub-factors provide an operational definition of the factors, useful to assess the characteristics of the company and to identify possible single interventions, while the affinity areas allow an understanding of the main dimensions that a decision maker should consider in an intervention policy. Finally, using the Interpretive Structural Modeling technique, the affinity areas have been worked into a hierarchical structure, representing the cause-to-effect chain characterizing the safety performance of an SME.     

An approach to solve contradiction problems for the safety integration in innovative design process

Improving product behavioral performance in design process needs an innovative approach to integrate simultaneously most of the trades (safety, reliability, maintainability, etc.). Currently, safety integration is done in the latest phase of design process, to respect safety directives. This late integration causes some contradictions between productivity and safety. These contradictions could be related to technical and organizational problems. This paper proposes an innovative approach that aims to eliminate these contradictions in order to improve product performance in the use situations. This approach is based on 4 steps: systemic safety integration using Working situation model, taking into account the requirements of safety directives and standards; identifying the contradiction resulting from designer's choices and finally resolving these contradictions using adapted methods like TRIZ. An application case is outlined in off-set industry, to show the applicability and usefulness of our approach.     

基于模型驱动的航电系统安全性分析技术研究

针对综合化航空电子系统安全性分析存在的失效模式完备性和动态失效问题以及数据一致性问题,将航电系统分为3个层次:应用操作层、功能层和资源层,采用形式化方法分别对每个层次进行建模,利用模型转换技术实现3个层次之间的语义转换,确保语义的一致性。利用Event-B语言对系统应用操作和功能层建模,实现对应用操作模式完备性的检查,利用AltaRica语言能够对系统的异常行为建模,实现对系统动态失效问题的分析。以飞机自动飞行控制系统为例,利用Event-B建模工具Rodin实现对应用操作模式的分析,借助基于AltaRica语言的SimFia工具对其安全性进行分析,结果验证了所提方法的有效性和实用性。     

Product safety in Great Britain and the Consumer Protection Act 1987

The Consumer Protection Act 1987 imposes new demands on manufacturers regarding the safety of their products. They can be sued directly by any person injured by their defective goods and prosecuted if they fail to meet the new comprehensive general safety requirement and any other safety provision. Product designers and ergonomists need a sound understanding of and involvement in the legal aspects of product safety. It is now essential to take into account what may reasonably be done with goods, or foreseeable conditions of use, in order to satisfy the test of what is "reasonably safe" and meet the level of safety which "persons generally are entitled to expect" under the law. Any significant progress in product safety will now come through developments in technical standards which will be harmonised throughout the European Community. It is essential that ergonomics considerations be taken into account during the drafting of product specifications if users' interests are to be safeguarded more effectively. Ergonomists will be required to make an even greater contribution in the field of product safety, therefore, by assisting in the determination of the new statutory safety criteria. They are uniquely qualified to ensure that the product user is fully considered at the design and assessment stages which can now be looked upon as an essential pre-requisite of the law and not just sound engineering policy.     

小波多分辨率算法在电力谐波检测中的应用

在电力系统中,由于非线性负载广泛应用,电网被注入了大量谐波电流,给电力系统中的设备带来很大的危害;为了防止谐波危害系统安全运行,就必须确切掌握电力系统中畸变波形含有的谐波情况,并采取相应措施对其进行抑制或补偿;文中基于多分辨率小波分析法,利用Daubechies小波db24进行7级重构将电流信号分解为基波信号和高次谐波信号;通过Matlab7.0仿真和误差分析,分离出的基波误差不超过1%,实现了谐波变化趋势的有效跟踪,并利用总畸变分量对其进行了有效补偿。     

Facilitating construction of safety cases from formal models in Event-B

ContextCertification of safety–critical software systems requires submission of safety assurance documents, e.g., in the form of safety cases. A safety case is a justification argument used to show that a system is safe for a particular application in a particular environment. Different argumentation strategies (informal and formal) are applied to determine the evidence for a safety case. For critical software systems, application of formal methods is often highly recommended for their safety assurance.ObjectiveThe objective of this paper is to propose a methodology that combines two activities: formalisation of system safety requirements of critical software systems for their further verification as well as derivation of structured safety cases from the associated formal specifications.MethodWe propose a classification of system safety requirements in order to facilitate the mapping of informally defined requirements into a formal model. Moreover, we propose a set of argument patterns that aim at enabling the construction of (a part of) a safety case from a formal model in Event-B.ResultsThe results reveal that the proposed classification-based mapping of safety requirements into formal models facilitates requirements traceability. Moreover, the provided detailed guidelines on construction of safety cases aim to simplify the task of the argument pattern instantiation for different classes of system safety requirements. The proposed methodology is illustrated by numerous case studies.ConclusionFirstly, the proposed methodology allows us to map the given system safety requirements into elements of the formal model to be constructed, which is then used for verification of these requirements. Secondly, it guides the construction of a safety case, aiming to demonstrate that the safety requirements are indeed met. Consequently, the argumentation used in such a constructed safety case allows us to support it with formal proofs and model checking results used as the safety evidence.     

Call for Papers 2007 IEEE International Conference on Networking, Sensing and Control

Conference Theme - Anti-Crime Networking and Systems The 2007 IEEE International Conference on Networking, Sensing and Control will be held in London. The main theme of the conference is anti-crime networking and critical infrastructure. The area of anticrime networking and critical infrastructure is a fusion of a number of research areas in networking, sensing, human factors, artificial intelligence, operational research, and systems control theory. However, the real challenge is to design anti-crime networking and systems from a holistic perspective; taking into account technical, organizational as well as contextual complexity. A system engineering approach is required to address new problems of this challenging and promising area.