Formal Modeling for Verifiable, Efficient Fault Detection and Response
|
|
- Shona Pearson
- 5 years ago
- Views:
Transcription
1 Formal Modeling for Verifiable, Efficient Fault Detection and Response Meredith Beveridge Lecocke Southwest Research Institute Flight Software Workshop Pasadena, CA 16 Dec 2014
2 Two-Fault Tolerant Systems Two-fault-tolerant avionics (a system that can survive two simultaneous faults) are required for: Manned space programs (personnel safety) Robotic spacecraft (close rendezvous could damage Space Station (ISS) or other critical assets) Reliability requirements addressed with fault detection, isolation, and response (FDIR) Identify all possible faults in system Specify detection and response methods for each 2
3 Vulnerability Points in System Multiple sources of faults Processors Sensors Actuators Radiation (SEUs) Communications links Timing problems Must withstand any two simultaneously (two-fault-tolerant) 3
4 Fault Tolerance Addressed with FMA Process Fault Mode Analysis (FMA) process: Complete view of signals and failures + prioritization of failures = whether and how they should be mitigated (results in new system requirements) Manual Process: Identify all signal outputs from all components Identify all credible ways signals can fail Determine effects and criticality of each failure mode Define coverage method for critical failure modes Inputs: FMEA, ICDs, schematics, hazard analysis Took FDIR/FMA expert and team of engineers 1.5 years 4
5 Manual Process Example FMA spreadsheet with 600+ single faults: all failure modes of all signals, with criticality, detection and response FDIR Dataflow Diagram Board 2 Board output signals analyzed 616 single faults 423 Crit 1A/1B U5 U1 U7 U6 U11 U10 U6 U5 U2 U1 U1 U2 U10 U9 Board 3 U5 U3 U4 U2 U8 U3 U3 U4 U7 U4 U9 U7 U6 U8 5
6 A L AB B D R MR M C H P FMA/FDIR Existing Manual Process Difficulties: 187 signals, 600+ single fault modes did we think of them all? 423 Crit 1A/1B detection and response algorithms must be implemented by hand 423 detection and response algorithms must be verified and validated by hand Criticality Totals 1A B N/A A and 1B Totals per Subsystem
7 A Better Approach Using Formal Modeling Specify the system and its reliability requirements at a higher level of abstraction Verify reliability of system architecture and algorithms on resource-rich desktop PC Automatically generate embedded implementation of detection and response guaranteed to match verified model 7
8 FDIR Using Formal Modeling Specify the system and its reliability requirements at a higher level of abstraction Easier (and faster) to get 30-ish items correct than 600 Knowledge representation language Answer Set Prolog (ASP) facilitates concise, accurate descriptions of: System components, interactions between them States, transitions, faults Goals: how the system should operate, in priority order (i.e. fail safe mode is a last resort) 8
9 FDIR Using Formal Modeling Verify system reliability on resource-rich desktop PC Standard ASP-based reasoning algorithms for planning and diagnosis Automatically verify fault detection and response methods satisfy completeness and rationality properties Completeness = all possible fault sets have been addressed Rationality = best possible outcome is identified for each fault set Execute model against all possible 1- and 2-fault scenarios, verify that path to highest priority goal is found Simplifies and accelerates FDIR analysis, provides confidence in fault tolerant design Model generated 576 fault modes and 161 unique responses (some fault modes use same responses) 9
10 Modeling System Components Our system is specified with following components: Flight computer (fc) 4 control boards 2 on side A (ca1, ca2) 2 on side B (cb1, cb2) 2 motor boards (ma, mb) 2 actuators (aa, ab) Wires: flight computer to all control boards betwixt all control boards control boards to motor boards motor boards to actuator 10
11 Modeling System States System state described with boolean properties: 1. presence of a command a. control board or motor board command at a control board b. motor board or actuator command at a motor board c. actuator command at an actuator 2. presence of sensor data at a control board 3. mode of a control board (inactive, generate only, generate send) 4. mode of a motor board (on, off) 5. health status of motor board (good, bad) 6. health status of the sensors on each side (good, bad) 7. fault state of every component (either faulty or not faulty) 11
12 Modeling System Actions Actions change system state according to the following rules: 1. If the flight computer sends a controller command to a control board, then the control board has the command. 2. If a control board sends a controller command to another control board, then the other control board has the command. 3. If a control board queries its sensors and the sensors are healthy, then it has sensor data. 4. If a control board disregards sensor data, then it no longer has sensor data. 5. If a control board sends its sensor data to another control board, then the other control board has the sensor data. 6. If a control board generates a motor board command, then it has a motor board command. 7. If a control board sends a motor board command, then the motor board has the command. 8. If a control board sends the shutdown command to a motor board, then the motor board is off. 9. If a control board changes mode to inactive, generate only or generate send, then the control board is in the new mode. 10. If a control board is in inactive mode, then it may not generate or send a command. 11. If a control board is in generate only mode, then it may generate, but not send a command. 12. If a control board is in generate send mode, then it may generate and send a command. 13. Only one control board on a side can be in generate send mode. 14. A control board must have both a controller command and sensor data in order to generate a motor board command. 15. If a motor board generates an actuator command, then it has an actuator command. 16. If a motor board sends an actuator command, then the actuator has the command. 17. A motor board must be on in order to generate or send an actuator command. 18. A motor board must have a motor board command in order to generate an actuator command. 19. A component may not send information (commands or sensor data) it does not have. 12
13 Modeling System Faults Conditions that prevent an action from having its usual effect: 1. If a wire between components is faulty, then information may not pass over the wire. 2. A faulty control board will not be able to successfully generate a command, send a command, or query its sensors. 3. A faulty motor board will not be able to successfully generate or send an actuator command. 4. A faulty control board, motor board, or actuator will not be able to successfully receive any commands. 13
14 Modeling System Goals Required goals (prescribe system behavior): 1. Unhealthy motor boards must be immediately shutdown. 2. Controller boards must immediately disregard sensor data from unhealthy sensors. Prioritized goals (ordering of acceptable outcomes): 1. Move the arm with two actuators (cooperative mode). 2. Move the arm with one actuator (degraded mode). 3. Secure the system in a safe stationary position (failsafe mode). 14
15 Modeling System Outputs Output: Plans are generated for every possible fault set Example: no faults 1. flight computer sends a controller command to all control boards 2. Control boards ca1 and cb1 change mode to generate send, and ca2 and cb2 change mode to generate only. 3. All control boards query sensors and then generate a motor board command. 4. Control boards ca1 and cb1 send motor board commands. 5. Both motor boards generate and then send an actuator command. Example: faulty motor board ma 1. flight computer sends a controller command to all control boards 2. Control boards cb1 change mode to generate send, and cb2 change mode to generate only. The control boards on the A side perform no action and remain in inactive mode. 3. Control boards cb1 and cb2 query sensors and then generate a motor board command. 4. Control board cb1 sends motor board commands. 5. Motor board mb generates and then sends an actuator command. 15
16 Inpu t: A1 Inpu t: A1.A Inpu t: A1.B Inpu t: A2 Inpu t: A2.A A A activ e B B Acti ve A A Acti ve, A B Stan dby Outp ut: A1 Outp ut: A2 Outp ut: A stat e singl e chan nel Outp ut: A stat e activ e activ e stan dby Acti ve, singl e chan nel Auto-Generating Reconfiguration Table Automatically generate embedded implementation of detection and response Guaranteed to match the verified model Efficient lookup table: small memory/processing footprint No complicated if/else, case/switch, state machine structures Easily updated: update the model, regenerate the table, download to memory Input: A1 Input: A1.A Input: A1.B Input: A2 Input: A2.A Output : A1 Output : A2 Output: A state Output: A state A A active active B B Active active A A Active, single standby A B Standby Active, single 16
17 Executing Reconfiguration Table Simple boolean algorithm: Flight software matches observed state to line in Fault Detection table to determine fault source Flight software matches fault set to Fault Response table to determine required actions Simplifies development, execution, and verification Input: A1 Input: A1.A Input: A1.B Input: A2 Input: A2.A Output : A1 Output : A2 Output: A state Output: A state A A active active B B Active active A A Active, single standby A B Standby Active, single 17
18 Fault Response Example 1. No faults detected; executing plan for fault set zero 2. Detect a sensor mismatch 3. Consult Fault Detection table to identify potential Fault Detection Table fault sources a. faulty(wire(ca2,b1)) b. faulty(ca2) 4. Test two possible fault sources to further diagnose: a. test(wire(ca2,b1)) passes b. test(ca2) fails 5. Update fault set: ca2 faulty 6. Execute plan corresponding to new fault set Fault Response Table Av Ca1 Ca2 A2 A1 plan Norm A2!=A1 A2!=B1 A2!=B2 Wire(a2,b1) ca Fault ResponseTable Av Ca1 Ca2 A2 A1 plan Norm Use ca Use ca
19 Conclusions Both approaches susceptible to human or, but formal modeling lowers the risk by working at higher level of abstraction: Better communication between team members Better design Catch ors earlier in development process Fewer things to keep straight and get right Model-based reasoning can proceed long before hardware ready Increased confidence in specification is passed on to autogenerated implementation Verification of full coverage on resource-rich desktop much easier than ad hoc testing on target platform Easy to update when changes made 19
20 Comparison to Manual Approach Formal modeling improves reliability of analysis Auto-generation from model improves reliability of implementation Formal modeling reduces design, analysis, and testing time Formal modeling and auto-generation is sustainable throughout lifecycle (update model, validate, generate tables, download to target) 20
21 References [1] Balduccini, M., and Gelfond, M. "Model-Based Reasoning for Complex Flight Systems," Proc. (Amer. Inst. of Aeronautics and Astronautics), 2005 [2] Balduccini, M., Gelfond, M., and Nogueira, M. "Answer Set Based Design of Knowledge Systems." Annals of Mathematics and Artificial Intelligence, 2006, pp [3] Boykin, J. and Thibodeau, J. "Evolution of Shuttle Avionics Redundancy Management/Fault Tolerance," Space Shuttle Technical Conference, NASA Johnson Space Center, June 28-30, 1983 [4] Bozzano, M., et al. "The COMPASS Approach: Correctness, Modeling and Performability of Aerospace Systems," Proc. 28th Int. Conf. on Computer Safety, Reliability and Security (SAFECOMP 2009). pages Volume 5775 of LNCS. Springer, 2009 [5] Briere, D. and Traverse, P. Airbus A320/A330/A340 electrical flight controls: A family of fault tolerant systems, International Symposium on Fault-Tolerant Computing, Toulouse, France, June 1993, pp [6] Conquet, E. et al. "Formal Model Driven Engineering for Space Onboard Software," Embedded Real Time Software and Systems (ERTS2012) [7] Fraser, D.C. and Felleman, P.G. "Digital Fly-by-Wire: Computer Lead the Way," Astronaut. Aeronaut., 12, (July-August 1974) [8] Gelfond, M., and Lifshitz, V., Classical Negation in Logic Programs and Disjunctive Databases. New Generation Computing, vol. 9, pp ,
22 Thanks for your attention! Any questions?
23 Southwest Research Institute Mission Statement Benefiting government, industry and the public through innovative science and technology Founded in 1947 as an Independent, Nonprofit, Applied Engineering and Physical Sciences Research and Development Institution Broad Technological & Scientific Base 1200 Acre Campus in San Antonio, Texas Over $500M in annual revenue (FY12) roughly 50:50 government and industrial ~$7M in Internal Research (FY12) Over 3000 employees Over 990 patents and 35 R&D 100 awards 2.2 million ft 2 of Laboratory & Office Space 23
An Immune System Paradigm for the Assurance of Dependability of Collaborative Self-organizing Systems
An Immune System Paradigm for the Assurance of Dependability of Collaborative Self-organizing Systems Algirdas Avižienis Vytautas Magnus University, Kaunas, Lithuania and University of California, Los
More informationSensors & Transducers 2015 by IFSA Publishing, S. L.
Sensors & Transducers 205 by IFSA Publishing, S. L. http://www.sensorsportal.com The Development of Synchronization Function for Triple Redundancy System Based on SCADE Moupeng, 2 Duan Xiaojun AVIC Chengdu
More informationSafety and Reliability of Software-Controlled Systems Part 14: Fault mitigation
Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation Prof. Dr.-Ing. Stefan Kowalewski Chair Informatik 11, Embedded Software Laboratory RWTH Aachen University Summer Semester
More informationComputer-Based Control System Safety Requirements
Computer-Based Control System Safety Requirements International Space Station Program Revision B November 17, 1995 National Aeronautics and Space Administration International Space Station Program Johnson
More informationENSURING SAFETY AND SECURITY FOR AVIONICS: A CASE STUDY
ENSURING SAFETY AND SECURITY FOR AVIONICS: A CASE STUDY Youssef Laarouchi 1,2, Yves Deswarte 1,2, David Powell 1,2, Jean Arlat 1,2, Eric De Nadai 3 1 CNRS ; LAAS ; 7 avenue du colonel Roche, F-31077 Toulouse,
More informationAdvanced On-board Control Procedure
1 Overview The Advanced On-Board Control Procedure (AOBCP) product is one of a set of technologies that allows to implement cost effective operation and control of a spacecraft. Together these technologies
More informationUAS Operation in National Air Space (NAS) Secure UAS Command and Control
UAS Operation in National Air Space (NAS) Secure UAS Command and Control Dr. Randal Sylvester Division Chief Technologist L3 CSW 26 October 2015 This information consists of L-3 Communications Corporation,
More informationID 020C: Hardware-in-Loop: System Testing Without the System
ID 020C: Hardware-in-Loop: System Testing Without the System Applied Dynamics International Marcella Haghgooie Sr. Field Applications Engineer 13 October 2010 Version: 1.2 Marcella Haghgooie Sr. Field
More informationFailure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010
Failure Diagnosis and Prognosis for Automotive Systems Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010 Automotive Challenges and Goals Driver Challenges Goals Energy Rising cost of petroleum
More informationULTRA LONG-LIFE AVIONICS ARCHITECTURE
ULTRA LONG-LIFE AVIONICS ARCHITECTURE Savio Chau, Abhijit Sengupta, Tuan Tran, Alireza Bakhshi and Tooraj Kia Jet Propulsion Laboratory California Institute of Technology Pasadena, California, USA ABSTRACT
More informationSE Engineering, PC strives to be a leader in the power system engineering field by providing our customers with the highest level of quality,
SE Engineering, PC strives to be a leader in the power system engineering field by providing our customers with the highest level of quality, integrity, and innovation. Our mission is to offer the safest,
More informationTrust Harris for LTE. Critical Conditions Require Critical Response
Trust Harris for LTE Critical Conditions Require Critical Response Harris LTE Solution Harris LTE Solution Harris LTE Networks Critical Conditions Require Critical Response. Trust Harris for LTE. Public
More informationCODE / CONFIGURATION COVERAGE
CODE / CONFIGURATION COVERAGE In all affairs it's a healthy thing now and then to hang a question mark on the things you have long taken for granted. - Bertrand Russell, 1872-1970 NASA Technical Fellow
More informationUsing Cost Effective Distributed HIL for Rapid Prototyping
Using Cost Effective Distributed HIL for Rapid Prototyping Renesas Electronics America Inc. Enabling Smart Solutions Embedded Control Systems need Hardware-in-Loop Simulation 2 Innovation using HIL Simulation
More informationTesting for the Unexpected Using PXI
Testing for the Unexpected Using PXI An Automated Method of Injecting Faults for Engine Management Development By Shaun Fuller Pickering Interfaces Ltd. What will happen if a fault occurs in an automotive
More informationSustainable Networks: Challenges and Opportunities. Anne Meltzer
Sustainable Networks: Challenges and Opportunities Anne Meltzer NSF workshop in conjunction with 2008 AAAS meeting on transitioning networks of earthquake monitoring stations into fully sustainable networks
More informationIntroduction to Assurance
Introduction to Assurance Overview Why assurance? Trust and assurance Life cycle and assurance April 1, 2015 Slide #1 Overview Trust Problems from lack of assurance Types of assurance Life cycle and assurance
More informationAUTOMATED GENERATION OF FDIR FOR THE COMPASS INTEGRATED TOOLSET (AUTOGEF)
AUTOMATED GENERATION OF FDIR FOR THE COMPASS INTEGRATED TOOLSET (AUTOGEF) (1) Elena Alaña, Héctor Naranjo, (2) Yuri Yushtein, (3) Marco Bozzano, Alessandro Cimatti, Marco Gario, (4) Régis de Ferluc, Gérard
More informationCybersecurity for IoT to Nuclear
Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of Schneider Electric Who Am I? Program Director, Schneider Electric Product Security Office Cybersecurity Strategy
More informationReaching for the sky with certified and safe solutions for the aerospace market
www.tttech.com/aerospace Reaching for the sky with certified and safe solutions for the aerospace market More about our certified and safe products inside Advancing safe technologies, improving human lives
More informationBy Jason Ghidella, PhD, and Pieter J. Mosterman, PhD. Left Elevator. actuator. hydraulic system 1 left outer. left inner
Applying Model-Based Design to a Fault Detection, Isolation, and Recovery system By Jason Ghidella, PhD, and Pieter J. Mosterman, PhD Model-Based Design facilitates verification and validation of an executable
More informationINFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst II
Adopted: July 2000 Revised : April 2004; August 2009; June 2014; February 2018 INFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst
More informationData-Centric Architecture for Space Systems
Data-Centric Architecture for Space Systems 3 rd Annual Workshop on Flight Software, Nov 5, 2009 The Real-Time Middleware Experts Rajive Joshi, Ph.D. Real-Time Innovations Our goals are the same but not
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationPAGE - 16 PAGE - 1. Sometimes, the solution is just a benchmark away..
PAGE - 16 PAGE - 1 Sometimes, the solution is just a benchmark away.. Post Box 301532, Riyadh 11372, Kingdom Of Saudi Arabia. Tel: +966 1 229 1819 Fax: +966 1 229 1801 PAGE - 2 PAGE - 3 The base of automation
More informationStatic Analysis of Embedded Systems
Static Analysis of Embedded Systems Xavier RIVAL rival@di.ens.fr Outline Case study Certification of embedded softwares Demo Static Analysisof Embedded Systems p.2/12 Ariane 5 Flight 501 Ariane 5: sattelite
More informationFunctional Safety and Safety Standards: Challenges and Comparison of Solutions AA309
June 25th, 2007 Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309 Christopher Temple Automotive Systems Technology Manager Overview Functional Safety Basics Functional
More informationImplementation of Reconfiguration Management in Fault-Adaptive Control Systems
IEEE Instrumentation and Measurement Technology Conference Anchorage, AK, USA, 21-23 May 2002 Implementation of Reconfiguration Management in Fault-Adaptive Control Systems Gyula Simon *#, Tamás Kovácsházy
More informationMulti-Band (Ku, C, Wideband - Satcom, Narrowband Satcom) Telemetry Test System for UAV Application
Multi-Band (Ku, C, Wideband - Satcom, Narrowband Satcom) Telemetry Test System for UAV Application Murat IMAY Turkish Aerospace Ind, Inc. Ankara, Turkey mimay@tai.com.tr, muratimay@gmail.com ABSTRACT "This
More informationDual Redundant Flight Control System Design for Microminiature UAV Xiao-Lin ZHANG 1,a, Hai-Sheng Li 2,b, Dan-Dan YUAN 2,c
2nd International Conference on Electrical, Computer Engineering and Electronics (ICECEE 2015) Dual Redundant Flight Control System Design for Microminiature UAV Xiao-Lin ZHANG 1,a, Hai-Sheng Li 2,b, Dan-Dan
More informationDevelopment of Formation Flight and Docking Algorithms Using the SPHERES Testbed
Development of Formation Flight and Docking Algorithms Using the Testbed Prof. David W. Miller MIT Allen Chen, Alvar Saenz-Otero, Mark Hilstad, David W. Miller Introduction : Synchronized Position Hold
More informationThe Architecture of a Resilience Infrastructure for Computing and Communication Systems
The Architecture of a Resilience Infrastructure for Computing and Communication Systems Algirdas Avižienis University of California, Los Angeles, USA, and Vytautas Magnus University, Kaunas, Lithuania
More informationNew developments about PL and SIL. Present harmonised versions, background and changes.
Safety evevt 2017 Functional safety New developments about PL and SIL. Present harmonised versions, background and changes. siemens.com ISO/ TC 199 and IEC/ TC 44 joint working group 1 - Merging project
More informationComputer aided verification
Computer aided verification lecture 10 Model-checking success stories Sławomir Lasota University of Warsaw 1 LITERATURE G. J. Holzman, Mars Code. Commun. ACM 57(2):64-73, 2014. D.L. Detlefs, C.H. Flood,
More informationKeywords: Fault Tolerance System, Safety Critical System
1371-1375 Integration Analysis Of Safety Critical Systems In Technology 1 Ganesh Panatula, 2 Nagabhushan S.V, 3 Dr. T. V. Suresh Kumar 1( Associate Professor, Dept. of MCA,BMSIT) 2(Assistant Professor,
More informationFAULT DETECTION AND ISOLATION USING SPECTRAL ANALYSIS. Eugen Iancu
FAULT DETECTION AND ISOLATION USING SPECTRAL ANALYSIS Eugen Iancu Automation and Mechatronics Department University of Craiova Eugen.Iancu@automation.ucv.ro Abstract: In this work, spectral signal analyses
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationSTRATEGY STATEMENT OF QUALIFICATIONS
STRATEGY STATEMENT OF QUALIFICATIONS STOK IS YOUR VALUES- ALIGNED PARTNER IN THE DISCOVERY, CO-CREATION, AND DELIVERY OF HIGH- PERFORMANCE SPACES Salesforce Tower San Francisco, CA SERVICES LEED Platinum
More informationHigh Performance Tension Controller HPTC Electrical Connection Manual
High Performance Tension Controller HPTC Electrical Connection Manual TTS Systems Limited 14, Highpoint Business Village, Henwood, Ashford, Kent, TN24 8DH Contents Electrical Overview... 3 Power Supply
More informationAdding Formal Requirements Modeling to SysML
Adding Formal Requirements Modeling to SysML Mark R. Blackburn www.markblackburn.com Abstract. This paper seeks to raise awareness on the SCR extensions derived from industry use, and discusses how an
More informationInformation Technology (CCHIT): Report on Activities and Progress
Certification Commission for Healthcare Information Technology Certification Commission for Healthcare Information Technology (CCHIT): Report on Activities and Progress Mark Leavitt, MD, PhD Chair, CCHIT
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior
More informationZC Series Zone Monitoring Controllers
ZC Series Zone Monitoring Controllers Installation Instructions MANUAL Reset Controllers Model Description Part Number ZC-1 1 Zone Controller 0421 ZC-2 2 Zone Controller 0422 ZC-3 3 Zone Controller 0423
More informationModel-Based Safety Approach for Early Validation of Integrated and Modular Avionics Architectures
Model-Based Safety Approach for Early Validation of Integrated and Modular Avionics Architectures Marion Morel THALES AVIONICS S.A.S., 31036 Toulouse, France marion.morel@fr.thalesgroup.com Abstract. Increasing
More informationSystem-Software Co-Engineering: Dependability and Safety Perspective
System-Software Co-Engineering: Dependability and Safety Perspective Y. Yushtein, M. Bozzano, A. Cimatti, J.-P. Katoen, V.Y. Nguyen, Th. Noll, X. Olive, M. Roveri Systems, Software & Technology Department,
More informationNext Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration
Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration EPIC Workshop Fresno California November 09, 2018 Southern California Edison Background (Innovation
More informationFSO Webnair FSO Safety Functions Module. ABB Group February 11, 2015 Slide 1
FSO Webnair FSO Safety Functions Module February 11, 2015 Slide 1 Competence Requirements for ABB Commissioner / Service Engineer of ACS880 Drives with FSO The integrated Safety Function Module (FSO; option
More informationCisco Digital Media System: Simply Compelling Communications
Cisco Digital Media System: Simply Compelling Communications Executive Summary The Cisco Digital Media System enables organizations to use high-quality digital media to easily connect customers, employees,
More informationA C H I E V E B O T H W I T H K E Y S I G H T. Company Profile
A C H I E V E B O T H W I T H K E Y S I G H T 1 W E H E L P Y O U C R E AT E. I N N O VAT E. A N D D E L I V E R W H AT S N E X T. The innovation leader in electronic design and test for over 75 years
More informationFederal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan
Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan June 04, 2010 FDCCI Workshop I Agenda for June 4, 2010 1. Welcome Katie Lewin GSA Director Cloud
More informationDesign Benefits. Teo Puay Yong Pepperl+Fuchs. On Behalf of FF Marketing Society. The Future is Digital. 1 The Future is Digital
Design Benefits The Future is Digital Teo Puay Yong Pepperl+Fuchs On Behalf of FF Marketing Society 1 The Future is Digital Design Benefits from Applying Foundation Fieldbus Bus structure and Wiring Loop
More informationVibration analysis goes mainstream
Vibration analysis goes mainstream With advances in sensor, recording, and analysis technology, vibration analysis is now within the reach of even small organizations Fast Forward Measuring the vibrations
More informationA Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface
A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just
More informationOrganizational Privacy Transformation: A case study from Critical Issues to Award Winning Success
Organizational Privacy Transformation: A case study from Critical Issues to Award Winning Success Norine Primeau-Menzies VP Customer Services, Chief Privacy Officer May 2012 Agenda Overview of OTN Setting
More informationLA-UR- Title: Author(s): Intended for: Approved for public release; distribution is unlimited.
LA-UR- Approved for public release; distribution is unlimited. Title: Author(s): Intended for: Los Alamos National Laboratory, an affirmative action/equal opportunity employer, is operated by the Los Alamos
More informationModel-based Programming: From Embedded Systems To Robotic Space Explorers
Model-based Programming: From Embedded Systems To Robotic Space Explorers Brian C. Williams CSAIL Massachusetts Institute of Technology Failures Highlight The Challenge of Robustness Clementine Mars Climate
More informationACARE WG 4 Security Overview
ACARE WG 4 Security Overview ART WS ATM Security and Cybersecurity Kristof Lamont ATM & Cyber Security Expert 23 March 2016 ACARE Advisory Council for Aviation Research and Innovation in Europe http://www.acare4europe.com/
More informationA Pigeon Agents based Analytical Model to Optimize Communication in Delay Tolerant Network
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.1029
More informationBuilding Safer UGVs with Run-time Safety Invariants
Building Safer UGVs with Run-time Safety Invariants Michael Wagner, Phil Koopman, John Bares, and Chris Ostrowski mwagner@cmu.edu October 28, 2009 UNCLASSIFIED: Distribution A. Approved for Public Release
More informationAutonomous Driving From Fail-Safe to Fail-Operational Systems
Autonomous Driving From Fail-Safe to Fail-Operational Systems Rudolf Grave December 3, 2015 Agenda About EB Automotive Autonomous Driving Requirements for a future car infrastructure Concepts for fail-operational
More informationEUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE
EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile
More informationSecond Quarter 2006 Revenues. Paris, July 27, 2006
Second Quarter 2006 Revenues Paris, July 27, 2006 Capgemini has gained market share Growth acceleration in Q2 Q1 2006 Q2 2006 Outsourcing 8.8% +6.5 pt 15.3% Projects & Consulting 10.4% 8.2% Projects &
More informationHIGH PERFORMANCE STORAGE SOLUTION PRESENTATION All rights reserved RAIDIX
HIGH PERFORMANCE STORAGE SOLUTION PRESENTATION 2017 All rights reserved RAIDIX ABOUT COMPANY RAIDIX is a innovative solution provider and developer of high-performance storage systems. Patented erasure
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationImproving FPGA Design Robustness with Partial TMR
Improving FPGA Design Robustness with Partial TMR Brian Pratt, Michael Caffrey, Paul Graham, Keith Morgan, Michael Wirthlin Abstract This paper describes an efficient approach of applying mitigation to
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationA HOLISTIC APPROACH DRIVING BETTER OUTCOMES.
Bently Nevada Condition Monitoring Product Line A HOLISTIC APPROACH DRIVING BETTER OUTCOMES. bhge.com IT S NOT JUST A SOLUTION, IT S A PARTNERSHIP Baker Hughes, a GE company, is committed to helping you
More informationCOMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING
COMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING Viet Yen Nguyen Lehrstuhl für Informatik 2, RWTH Aachen University nguyen@cs.rwth-aachen.de Technology Innovation Days, ESA/ESTEC, 2011 ABOUT
More informationSymantec Enterprise Support Services Manage IT Risk. Maximize IT Performance.
Symantec Enterprise Support Services Manage IT Risk. Maximize IT Performance. Symantec Global Services Confidence in a connected world. The demands on your IT environment continue to reach new levels.
More informationCyber Security Update Recent Events in the Wild and How Can We Prepare?
Cyber Security Update Recent Events in the Wild and How Can We Prepare? Bob Cowles August, 2011 DOE Labs Hacked! ORNL off the Internet for nearly 2 weeks extensive remediation efforts put into place JLab
More informationSpace Robotics. Lecture #23 November 15, 2016 Robotic systems Docking and berthing interfaces Attachment mechanisms MARYLAND U N I V E R S I T Y O F
Lecture #23 November 15, 2016 Robotic systems Docking and berthing interfaces Attachment mechanisms 1 2016 David L. Akin - All rights reserved http://spacecraft.ssl.umd.edu Shuttle Remote Manipulator System
More informationNASA Next Generation Flight Computing:
Jet ropulsion Laboratory California Institute of Technology NAA Next Generation Flight Computing: Mission Use Case cenario Fault Tolerance Considerations Raphael (Rafi) ome Dave Rennels Autonomous ystems
More informationO&M Service for Sustainable Social Infrastructure
O&M Service for Sustainable Social Infrastructure Hitachi Review Vol. 62 (2013), No. 7 370 Toshiyuki Moritsu, Ph. D. Takahiro Fujishiro, Ph. D. Katsuya Koda Tatsuya Kutsuna OVERVIEW: Hitachi is developing
More informationDO-254 Implementation of CAN for Mil-Aero/ Safety Critical Applications
DO-254 Implementation of CAN for Mil-Aero/ Safety Critical Applications Reshma N 1, Dr. Srividya P 2, Kumaraswamy K V 3 P.G. Student (VLSI Design and Embedded Systems), Dept. of E.C.E, SJBIT, Bengaluru,
More informationOntology Engineering for Product Development
Ontology Engineering for Product Development Henson Graves Lockheed Martin Aeronautics Company Fort Worth Texas, USA henson.graves@lmco.com Abstract. This analysis is to identify requirements for a Description
More informationFault Detection of Reachability Testing with Game Theoretic Approach
Fault Detection of Reachability Testing with Game Theoretic Approach S. Preetha Dr.M. Punithavalli Research Scholar, Karpagam University, Coimbatore. Director, Sri Ramakrishna Engineering College, Coimbatore.
More informationWELCOME TO TE CONNECTIVITY
WELCOME TO TE CONNECTIVITY With a 50-plus year history of leadership, TE Connectivity is a global, $12.1 billion company that designs and manufactures over 500,000 products that connect and protect the
More informationJEM Internal Ball Camera (Int-Ball)
JEM Internal Ball Camera (Int-Ball) July 14, 2017 Japan Aerospace Exploration Agency 1 Objective of Project Currently, when working in the Japanese Experiment Module ( Kibo ), the crew (astronaut) often
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationAbout Schneider Electric
About Schneider Electric Global Company $30 billion USD revenue in 2013 41% of sales in new economies 150,000+ people in 100+ countries 175 year history World Class Brands Built or Acquired Strong US Presence
More informationOn-Orbit Testing of Target-less TriDAR 3D Rendezvous and Docking Sensor
On-Orbit Testing of Target-less TriDAR 3D Rendezvous and Docking Sensor Stephane Ruel, Tim Luu, Andrew Berube* *Neptec Design Group, Canada e-mail: sruel@neptec.com Abstract TriDAR is a vision system developed
More informationPROBABILISTIC ANALYSIS OF REAL-TIME SCHEDULING OF SYSTEMS TOLERATING MULTIPLE TRANSIENT FAULTS
PROBABILISTIC ANALYSIS OF REAL-TIME SCHEDULING OF SYSTEMS TOLERATING MULTIPLE TRANSIENT FAULTS Risat Mahmud Pathan Department of Computer Science and Engineering, BRAC University, Dhaka, Bangladesh. Abstract
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationGE Intelligent Platforms PAC8000 RTU
GE Intelligent Platforms PAC8000 RTU A ruggedized, reliable RTU PAC8000 Remote Terminal Unit (RTU) thrives in the desert heat of the Arabian Peninsula and the arctic cold of Siberian oil fields delivering
More informationWeapon System Fault Detection, Isolation, and Analysis using Stateflow
Weapon System Fault Detection, Isolation, and Analysis using Stateflow Rosa Donat Senior Controls Engineer MathWorks Aerospace and Defense Conference June 2007 Manhattan Beach, CA Approved for Public Release,
More informationMixed Critical Architecture Requirements (MCAR)
Superior Products Through Innovation Approved for Public Release; distribution is unlimited. (PIRA AER200905019) Mixed Critical Architecture Requirements (MCAR) Copyright 2009 Lockheed Martin Corporation
More informationMultiChipSat: an Innovative Spacecraft Bus Architecture. Alvar Saenz-Otero
MultiChipSat: an Innovative Spacecraft Bus Architecture Alvar Saenz-Otero 29-11-6 Motivation Objectives Architecture Overview Other architectures Hardware architecture Software architecture Challenges
More informationStrato and Strato OS. Justin Zhang Senior Applications Engineering Manager. Your new weapon for verification challenge. Nov 2017
Strato and Strato OS Your new weapon for verification challenge Justin Zhang Senior Applications Engineering Manager Nov 2017 Emulation Market Evolution Emulation moved to Virtualization with Veloce2 Data
More informationDesigning Fault Management in Spaceflight Architectures
Designing Fault Management in Spaceflight Architectures Chris J. Walter cwalter@wwtechnology.com (410) 418-4353 Challenges NASA architectures affected by trends in current computing architectures Network
More informationDesign and Synthesis for Test
TDTS 80 Lecture 6 Design and Synthesis for Test Zebo Peng Embedded Systems Laboratory IDA, Linköping University Testing and its Current Practice To meet user s quality requirements. Testing aims at the
More informationL17: Assurance. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L17: Assurance Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 11/06/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from or are revised
More informationSubject: Audit Report 18-84, IT Disaster Recovery, California State University, Sacramento
Larry Mandel Vice Chancellor and Chief Audit Officer Audit and Advisory Services 401 Golden Shore, 4th Floor Long Beach, CA 90802-4210 562-951-4430 562-951-4955 (Fax) lmandel@calstate.edu October 23, 2018
More informationThe Texas A&M University System. Internal Audit Department. Fiscal Year 2014 Audit Plan
Introduction The purpose of the Audit Plan is to outline audits and other activities the System Internal Audit Department will conduct during fiscal year 2014. The plan is developed to satisfy responsibilities
More informationThe Mission of the Abu Dhabi Smart Solutions and Services Authority. Leading ADSSSA. By Michael J. Keegan
Perspective on Digital Transformation in Government with Her Excellency Dr. Rauda Al Saadi, Director General, Abu Dhabi Smart Solutions and Services Authority By Michael J. Keegan Today s digital economy
More informationProcess Safety Management in R&D
Safety Management in R&D Jeff Hedges Division Manager Integrated Laboratory Technologies Richmond CA August 21, 2013 ETC Laboratory Safety/Operational Excellence Overview 2 Facility Design & Construction
More informationRemoval of Hardware ESD, Independent of Safety Logic Solver
Removal of Hardware ESD, Independent of Safety Logic Solver by Sam Roy Executive summary This is a discussion to remove independent hardware based Emergency Shutdown for Logic Solver as identified in ANSI/ISA-84.00.01-2004,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationModel-Based Systems Engineering Backbone of the Thales Engineering Manifesto
www.thalesgroup.com Model-Based Systems Engineering Backbone of the Thales Engineering Manifesto MBSE Symposium, Canberra Oct. 28 th, 2014 Olivier Flous, VP Engineering 2 / Thales: Company Profile Collective
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationSubsystem Hazard Analysis (SSHA)
Subsystem Hazard Analysis (SSHA) c "!$#%! Examine subsystems to determine how their Normal performance Operational degradation Functional failure Unintended function Inadvertent function (proper function
More information