Search Results

This paper presents a new methodology for the safety assessment of complex software intensive systems such as is envisioned for the coming major upgrade of the air traffic management system known as NextGen. This methodology is based on a new, more inclusive model of accident causation called Systems Theoretic Accident Model and Process (STAMP) [1]. STAMP includes not just the standard component failure mechanisms but also the new ways that software and humans contribute to accidents in complex systems. A new hazard analysis method, called Systems Theoretic Process Analysis (STPA), is built on this theoretical foundation. The STPA is based on systems theory rather than reliability theory; it treats safety as a control problem rather than a failure problem with interactive and possibly nested control loops that may include humans. In this methodology, safety is assured by closed loop control of safety parameters.

This paper reviews the relevant literature on the effects of sulfated ash, phosphorus, and sulfur on DPF, LNT, and SCR catalysts. Exhaust backpressure increase due to DPF ash accumulation, as well as the rate at which ash is consumed from the sump, were the most studied lubricant-derived DPF effects. Based on several studies, a doubling of backpressure can be estimated to occur within 270,000 to 490,000 km when using a 1.0% sulfated ash oil. Postmortem DPF analysis and exhaust gas measurements revealed that approximately 35% to 65% less ash was lost from the sump than was expected based on bulk oil consumption estimates. Despite significant effects from lubricant sulfur and phosphorus, loss of LNT NOX reduction efficiency is dominated by fuel sulfur effects. Phosphorus has been determined to have a mild poisoning effect on SCR catalysts. The extent of the effect that lubricant phosphorus and sulfur have on DOCs remains unclear, however, it appears to be minor.

A rotating spacecraft which encloses an atmospheric pressure vessel poses unique challenges for thermal control. In any given location, the artificial gravity vector is directed from the center to the periphery of the vehicle. Its local magnitude is determined by the mathematics of centripetal acceleration and is directly proportional to the radius at which the measurement is taken. Accordingly, we have a system with cylindrical symmetry, featuring microgravity at its core and increasingly strong gravity toward the periphery. The tendency for heat to move by convection toward the center of the craft is one consequence which must be addressed. In addition, fluid flow and thermal transfer is markedly different in this unique environment. Our strategy for thermal control represents a novel approach to address these constraints. We present data to theoretically and experimentally justify design decisions behind the Mars Gravity Biosatellite's proposed payload thermal control subassembly.

The aim of this study was to explore if fingernail delamination injury following EMU glove use may be caused by compression-induced blood flow occlusion in the finger. During compression tests, finger blood flow decreased more than 60%, however this occurred more rapidly for finger pad compression (4 N) than for fingertips (10 N). A pressure bulb compression test resulted in 50% and 45% decreased blood flow at 100 mmHg and 200 mmHg, respectively. These results indicate that the finger pad pressure required to articulate stiff gloves is more likely to contribute to injury than the fingertip pressure associated with tight fitting gloves.

Thin sandwich sheets hold a promise for widespread use in automotive industry due to their good crash and formability properties. In this paper, thin stainless steel sandwich sheets with low-density core materials are investigated with regard to their performance in crashworthiness applications. The total thickness of the sandwich materials is about 1.2mm: 0.2mm thick facings and a 0.8mm thick sandwich core. Throughout the crushing of prismatic sandwich profiles, the sandwich facings are bent and stretched while the sandwich core is crushed under shear loading. Thus, a high shear crushing strength of the sandwich core material is beneficial for the overall energy absorption of the sandwich profile. It is shown theoretically that the weight specific shear crushing strength of hexagonal metallic honeycombs is higher than the one of fiber cores - irrespective of their relative density or microstructural geometry.

NASA has long recognized the advantages of providing improved information interfaces to EVA astronauts and has pursued this goal through a number of development programs over the past decade. None of these activities or parallel efforts in industry and academia has so far resulted in the development of an operational system to replace or augment the current extravehicular mobility unit (EMU) Display and Controls Module (DCM) display and cuff checklist. Recent advances in display, communications, and information processing technologies offer exciting new opportunities for EVA information interfaces that can better serve the needs of a variety of NASA missions. Hamilton Sundstrand Space Systems International (HSSSI) has been collaborating with Simon Fraser University and others on the NASA Haughton Mars Project and with researchers at the Massachusetts Institute of Technology (MIT), Boeing, and Symbol Technologies in investigating these possibilities.

Special coatings are being developed and tested to contend with the effects of dust on the lunar surface. These coatings will have wide applicability ranging from prevention of dust buildup on solar arrays and radiator surfaces to protection of EVA space suit fabrics and visors. They will be required to be durable and functional based on application. We have started preparing abrasion-resistant transparent conductive coatings ∼40 nm thick were formed by co-deposition of titanium dioxide (TiO2) and titanium (Ti) on room-temperature glass and polycarbonate substrates using two RF magnetron sputtering sources. By adjusting Ti content, we obtained sheet resistivities in the range 104-1010 ohms/square. We have also started conducting a series of environmental tests that simulate the exposure of coated samples to dust under relevant conditions, beginning with abrasion tests using regolith simulant materials.

Currently, states that are out of compliance with the National Ambient Air Quality Standards must, according to the Clean Air Act Amendments of 1990 (CAAA), develop and implement control strategies that demonstrate specific degrees of reduction in emissions-with the degree of reduction depending upon the severity of the problem. One tool that has been developed to aid regulators in both deciding an appropriate course of action and to demonstrate the desired reductions in mobile emissions is EPA's Mobile 5a emission estimation model. In our study, Mobile 5a has been used to examine the effects of regulatory strategies, as applied to the Northeast United States, on vehicle emissions under worst-case ozone-forming conditions.

A technique has been developed to measure the desorption and subsequent oxidation of fuel in the oil layer by spiking the oil with liquid fuel and firing the engine on gaseous fuel or motoring with air. Experiments suggest that fuel desorption is not diffusion limited above 50 °C and indicated that approximately two to four percent of the cylinder oil layer is fresh oil from the sump. The increase in hydrocarbon emissions is of the order of 100 ppmC1 per 1% liquid fuel introduced into the fresh oil in a methane fired engine at mid-speed and light load conditions. Calculations indicate that fuel desorbing from oil is much more likely to produce hydrocarbon emissions than fuel emerging from crevices.

The effect of engine operating parameters (speed, spark timing, and fuel-air equivalence ratio [Φ]) on hydrocarbon (HC) oxidation within the cylinder and exhaust system is examined using propane or isooctane fuel. Quench gas (CO2) is introduced at two locations in the exhaust system (exhaust valve or port exit) to stop the oxidation process. Increasing the speed from 1500 to 2500 RPM at MBT spark timing decreases the total, cylinder-exit HC emissions by ∼50% while oxidation in the exhaust system remains at 40% for both fuels. For propane fuel at 1500 rpm, increasing Φ from 0.9 (fuel lean) to 1.1 (fuel rich) reduces oxidation in the exhaust system from 42% to 26%; at 2500 RPM, exhaust system oxidation decreases from 40% to approximately 0% for Φ = 0.9 and 1.1, respectively. Retarded spark increases oxidation in the cylinder and exhaust system for both fuels. Decreases in total HC emissions are accompanied by increased olefinic content and atmospheric reactivity.

A model has been developed which predicts engine-out hydrocarbon (HC) emissions for spark-ignition engines. The model consists of a set of scaling laws that describe the individual processes that contribute to HC emissions. The model inputs are the critical engine design and operating variables. This set of individual process scaling relations was then calibrated using production spark-ignition engine data at a fixed light-load operating point. The data base consisted of engine-out HC emissions from two-valve and four-valve engine designs with variations in spark timing, valve timing, coolant temperature, crevice volume, and EGR, for five different engines. The model was calibrated separately for the three different engines to accommodate differences in engine design details and to determine the relative magnitudes of each of the major sources. A good fit to this database was obtained.

A human-centered systems analysis was applied to the adverse aircraft weather encounter problem in order to identify desirable functions of weather and icing information. The importance of contingency planning was identified as emerging from a system safety design methodology as well as from results of other aviation decision-making studies. The relationship between contingency planning support and information on regions clear of adverse weather was investigated in a scenario-based analysis. A rapid prototype example of the key elements in the depiction of icing conditions was developed in a case study, and the implications for the components of the icing information system were articulated.

MIT Lincoln Laboratory is tasked by the U.S. Federal Aviation Administration to investigate the use of the NEXRAD polarimetric radars* for the remote sensing of icing conditions hazardous to aircraft. A critical aspect of the investigation concerns validation that has relied upon commercial airline icing pilot reports and a dedicated campaign of in situ flights in winter storms. During the month of February in 2012 and 2013, the Convair-580 aircraft operated by the National Research Council of Canada was used for in situ validation of snowstorm characteristics under simultaneous observation by NEXRAD radars in Cleveland, Ohio and Buffalo, New York. The most anisotropic and easily distinguished winter targets to dual pol radar are ice crystals.

With the increasing complexity of automotive systems and the related increasing use of software in them, new approaches are needed to ensure safety. In these new types of automotive systems, safety and reliability are different and require different engineering approaches. Accidents are increasingly due to design errors and to dysfunctional interactions among components rather than component failure. In addition, safety must be engineered and built into the design from the beginning; it is not possible to effectively and affordably add safety devices onto a finished design. This paper describes the need for new approaches to automotive safety and describes an alternative to the traditional reliability-based approaches to safety engineering. The new approach is based on systems theory and views accidents in terms of lack of control or enforcement of the behavioral constraints required to ensure safety.

The introduction of new safety critical features using software-intensive systems presents a growing challenge to hazard analysis and requirements development. These systems are rich in feature content and can interact with other vehicle systems in complex ways, making the early development of proper requirements critical. Catching potential problems as early as possible is essential because the cost increases exponentially the longer problems remain undetected. However, in practice these problems are often subtle and can remain undetected until integration, testing, production, or even later, when the cost of fixing them is the highest. In this paper, a new technique is demonstrated to perform a hazard analysis in parallel with system and requirements development. The proposed model-based technique begins during early development when design uncertainty is highest and is refined iteratively as development progresses to drive the requirements and necessary design features.