Search Results

This paper presents a new methodology for the safety assessment of complex software intensive systems such as is envisioned for the coming major upgrade of the air traffic management system known as NextGen. This methodology is based on a new, more inclusive model of accident causation called Systems Theoretic Accident Model and Process (STAMP) [1]. STAMP includes not just the standard component failure mechanisms but also the new ways that software and humans contribute to accidents in complex systems. A new hazard analysis method, called Systems Theoretic Process Analysis (STPA), is built on this theoretical foundation. The STPA is based on systems theory rather than reliability theory; it treats safety as a control problem rather than a failure problem with interactive and possibly nested control loops that may include humans. In this methodology, safety is assured by closed loop control of safety parameters.

Three phases of crew-centered design evolution at Lockheed Martin Tactical Aircraft Systems are described in which organizational, technology, and process influences are considered. Lessons learned in each phase are highlighted. The first phase focuses on the crew-centered design process for the F-16A tactical fighter prior to 1985. During this period a sizable human factors group tackled crew-centered issues in design. In the second phase, spanning a period from 1986 to 1996, the Pilot-Vehicle Interface group refined the aircrew-centered design process for product improvements. The third phase of crew-centered design focuses on the development of formalized processes and tools which can be applied to the design of present and future advanced fighter systems. In this phase, from 1997 and beyond, crew-centered design processes address operation, maintenance, and manufacturing interests across several engineering design disciplines.

This paper reviews the relevant literature on the effects of sulfated ash, phosphorus, and sulfur on DPF, LNT, and SCR catalysts. Exhaust backpressure increase due to DPF ash accumulation, as well as the rate at which ash is consumed from the sump, were the most studied lubricant-derived DPF effects. Based on several studies, a doubling of backpressure can be estimated to occur within 270,000 to 490,000 km when using a 1.0% sulfated ash oil. Postmortem DPF analysis and exhaust gas measurements revealed that approximately 35% to 65% less ash was lost from the sump than was expected based on bulk oil consumption estimates. Despite significant effects from lubricant sulfur and phosphorus, loss of LNT NOX reduction efficiency is dominated by fuel sulfur effects. Phosphorus has been determined to have a mild poisoning effect on SCR catalysts. The extent of the effect that lubricant phosphorus and sulfur have on DOCs remains unclear, however, it appears to be minor.

The primary objective of design is to achieve the target value of its function. While principles and techniques of Robust Design address the issue of achieving target values in the presence of different types of variations and disturbances, there exists a unique challenge in achieving design targets when multiple response functions are interrelated. In order to overcome the challenge, we must avoid functional couplings and obtain the interrelationship structure as flexible as possible. In the Axiomatic Design process, such interrelationships are represented by coupling terms in a design matrix. From the targeting aspect of design, it is important to achieve a desirable design matrix structure to, first, avoid any functional coupling in a design matrix and, secondly, maximize allowable sequences of adjusting DPs.

The aim of this study was to explore if fingernail delamination injury following EMU glove use may be caused by compression-induced blood flow occlusion in the finger. During compression tests, finger blood flow decreased more than 60%, however this occurred more rapidly for finger pad compression (4 N) than for fingertips (10 N). A pressure bulb compression test resulted in 50% and 45% decreased blood flow at 100 mmHg and 200 mmHg, respectively. These results indicate that the finger pad pressure required to articulate stiff gloves is more likely to contribute to injury than the fingertip pressure associated with tight fitting gloves.

Thin sandwich sheets hold a promise for widespread use in automotive industry due to their good crash and formability properties. In this paper, thin stainless steel sandwich sheets with low-density core materials are investigated with regard to their performance in crashworthiness applications. The total thickness of the sandwich materials is about 1.2mm: 0.2mm thick facings and a 0.8mm thick sandwich core. Throughout the crushing of prismatic sandwich profiles, the sandwich facings are bent and stretched while the sandwich core is crushed under shear loading. Thus, a high shear crushing strength of the sandwich core material is beneficial for the overall energy absorption of the sandwich profile. It is shown theoretically that the weight specific shear crushing strength of hexagonal metallic honeycombs is higher than the one of fiber cores - irrespective of their relative density or microstructural geometry.

NASA has long recognized the advantages of providing improved information interfaces to EVA astronauts and has pursued this goal through a number of development programs over the past decade. None of these activities or parallel efforts in industry and academia has so far resulted in the development of an operational system to replace or augment the current extravehicular mobility unit (EMU) Display and Controls Module (DCM) display and cuff checklist. Recent advances in display, communications, and information processing technologies offer exciting new opportunities for EVA information interfaces that can better serve the needs of a variety of NASA missions. Hamilton Sundstrand Space Systems International (HSSSI) has been collaborating with Simon Fraser University and others on the NASA Haughton Mars Project and with researchers at the Massachusetts Institute of Technology (MIT), Boeing, and Symbol Technologies in investigating these possibilities.

To manage the function of a vehicle's engine, transmission, and related subsystems, almost all modern vehicles make use of one or more electronic controllers running embedded software, henceforth referred to as a Powertrain Controller System or PCS. Fully validating this PCS is a necessary step of vehicle development, and the validation process requires extensive amounts of testing. Within the automotive industry, more and more of this validation testing is being performed using Hardware-in-the-Loop (HIL) simulators to automate the extensive test sequences. A HIL simulation typically mates the physical PCS to a closed-loop real time computer simulation of a powertrain. Interfacing the physical PCS hardware to a powertrain simulation requires the HIL simulator to have extensive signal input/output (I/O) electronics and simulated actuator electrical loading.

Two critical milestones that must be achieved during concept design are 1) definition of a product architecture that meets performance, producibility, and strategic objectives, and 2) estimation of the integration risk in each candidate concept. This paper addresses these issues by describing the role played by the producibility members of an Integrated Product Team (IPT) during concept design. Our focus is on the execution of the what we call the “chain method”, which illustrates the structure of function delivery in a concept in a simple pictorial way and helps the IPT to understand the advantages or disadvantages of using a modular or an integral product architecture. The producibility members play a central role in capturing and evaluating the chains for different candidate concepts and decompositions.

Currently, states that are out of compliance with the National Ambient Air Quality Standards must, according to the Clean Air Act Amendments of 1990 (CAAA), develop and implement control strategies that demonstrate specific degrees of reduction in emissions-with the degree of reduction depending upon the severity of the problem. One tool that has been developed to aid regulators in both deciding an appropriate course of action and to demonstrate the desired reductions in mobile emissions is EPA's Mobile 5a emission estimation model. In our study, Mobile 5a has been used to examine the effects of regulatory strategies, as applied to the Northeast United States, on vehicle emissions under worst-case ozone-forming conditions.

A technique has been developed to measure the desorption and subsequent oxidation of fuel in the oil layer by spiking the oil with liquid fuel and firing the engine on gaseous fuel or motoring with air. Experiments suggest that fuel desorption is not diffusion limited above 50 °C and indicated that approximately two to four percent of the cylinder oil layer is fresh oil from the sump. The increase in hydrocarbon emissions is of the order of 100 ppmC1 per 1% liquid fuel introduced into the fresh oil in a methane fired engine at mid-speed and light load conditions. Calculations indicate that fuel desorbing from oil is much more likely to produce hydrocarbon emissions than fuel emerging from crevices.

The MIT-based Mars Gravity Biosatellite payload engineering team has been engaged in designing and prototyping sensor and control systems for deployment within the rodent housing zone of the satellite, including novel video processing and atmospheric management tools. The video module will be a fully autonomous real-time analysis system that takes raw video footage of the specimen mice as input and distills those parameters which are of primary physiological importance from a scientific research perspective. Such signals include activity level, average velocity and rearing behavior, all of which will serve as indicators of animal health and vestibular function within the artificial gravity environment. Unlike raw video, these parameters require minimal storage space and can be readily transmitted to earth over a radio link of very low bandwidth.

A human-centered systems analysis was applied to the adverse aircraft weather encounter problem in order to identify desirable functions of weather and icing information. The importance of contingency planning was identified as emerging from a system safety design methodology as well as from results of other aviation decision-making studies. The relationship between contingency planning support and information on regions clear of adverse weather was investigated in a scenario-based analysis. A rapid prototype example of the key elements in the depiction of icing conditions was developed in a case study, and the implications for the components of the icing information system were articulated.

One of the goals of designing engineering systems is to maximize the system's reliability. A reliable system must satisfy its functional requirements without failure throughout its intended lifecycle. The typical means to achieve a desirable level of reliability is through preventive maintenance of a system; however, this involves cost. A more fundamental approach to the problem is to maximize the system's reliability by preventing failures from occurring. A key question is to find mechanisms (and the means to implement them into a system) that will prevent its system range from going out of the design range. Functional periodicity is a means to achieve this goal. Three examples are discussed to illustrate the concept. In the new electrical connector design, it is the geometric functional periodicity provided by the woven wire structure. In the case of integrated manufacturing systems, it is the periodicity in scheduling of the robot motion.

A design framework based on the principles of lean manufacturing and axiomatic design was used as a guideline for designing an automotive component manufacturing system. A brief overview of this design decomposition is given to review its structure and usefulness. Examples are examined to demonstrate how this design framework was applied to the design of a gear manufacturing system. These examples demonstrate the impact that low-level design decisions can have on high-level system objectives and the need for a systems-thinking approach in manufacturing system design. Results are presented to show the estimated performance improvements resulting from the new system design.

This session keynote paper presents a framework for designing and deploying production systems. The framework enables the communication and determination of objectives and design solutions from the highest level to the lowest level of a manufacturing enterprise. The design methodology ensures that the physical implementation, called Design Parameters (DPs), meets the objectives or Functional Requirements (FRs) of the production system design. This paper presents a revolutionary approach to determine the objectives and the implementation of a “lean” production system design for a manufacturing business as guided by the design axiom of independence.

Design and manufacturing engineers engaged in the conceptual and detail design stages of an aircraft have an ever increases number of tools and resources. However, these tools deal mainly with the physical structure and properties of the aircraft. Recently an increased effort has been made to take into account the producibil-ity and cost of an aircraft during the design phase. One of the tools being used by Lockheed Martin Tactical Aircraft Systems to accomplish this is Discrete Event Simulation. This form of simulation models dynamic production, information, and material flows. It enables an engineer to have greater visibility into the effects that he/ she makes on the overall aircraft production system. Machines and processes with different cost, speed, quality, and maintenance properties can be analyzed with respect to the system to justify their inclusion.

With the recent advancement in sensing and controller technologies architecture design of an autonomous driving system becomes an important issue. Researchers have been developing different sensors and data processing technologies to solve the issues associated with fast processing, diverse weather, reliability, long distance recognition performance, etc. Necessary considerations of diverse traffic situations and safety factors of autonomous driving have also increased the complexity of embedded software as well as architecture of autonomous driving. In these circumstances, there are almost countless numbers of possible architecture designs. However, these design considerations have significant impacts on cost, controllability, and system reliability. Thus, it is crucial for the designers to make a challenging and critical design decision under several uncertainties during the conceptual design phase.

MIT Lincoln Laboratory is tasked by the U.S. Federal Aviation Administration to investigate the use of the NEXRAD polarimetric radars* for the remote sensing of icing conditions hazardous to aircraft. A critical aspect of the investigation concerns validation that has relied upon commercial airline icing pilot reports and a dedicated campaign of in situ flights in winter storms. During the month of February in 2012 and 2013, the Convair-580 aircraft operated by the National Research Council of Canada was used for in situ validation of snowstorm characteristics under simultaneous observation by NEXRAD radars in Cleveland, Ohio and Buffalo, New York. The most anisotropic and easily distinguished winter targets to dual pol radar are ice crystals.

With the increasing complexity of automotive systems and the related increasing use of software in them, new approaches are needed to ensure safety. In these new types of automotive systems, safety and reliability are different and require different engineering approaches. Accidents are increasingly due to design errors and to dysfunctional interactions among components rather than component failure. In addition, safety must be engineered and built into the design from the beginning; it is not possible to effectively and affordably add safety devices onto a finished design. This paper describes the need for new approaches to automotive safety and describes an alternative to the traditional reliability-based approaches to safety engineering. The new approach is based on systems theory and views accidents in terms of lack of control or enforcement of the behavioral constraints required to ensure safety.