Search Results

This paper presents a new methodology for the safety assessment of complex software intensive systems such as is envisioned for the coming major upgrade of the air traffic management system known as NextGen. This methodology is based on a new, more inclusive model of accident causation called Systems Theoretic Accident Model and Process (STAMP) [1]. STAMP includes not just the standard component failure mechanisms but also the new ways that software and humans contribute to accidents in complex systems. A new hazard analysis method, called Systems Theoretic Process Analysis (STPA), is built on this theoretical foundation. The STPA is based on systems theory rather than reliability theory; it treats safety as a control problem rather than a failure problem with interactive and possibly nested control loops that may include humans. In this methodology, safety is assured by closed loop control of safety parameters.

This paper reviews the relevant literature on the effects of sulfated ash, phosphorus, and sulfur on DPF, LNT, and SCR catalysts. Exhaust backpressure increase due to DPF ash accumulation, as well as the rate at which ash is consumed from the sump, were the most studied lubricant-derived DPF effects. Based on several studies, a doubling of backpressure can be estimated to occur within 270,000 to 490,000 km when using a 1.0% sulfated ash oil. Postmortem DPF analysis and exhaust gas measurements revealed that approximately 35% to 65% less ash was lost from the sump than was expected based on bulk oil consumption estimates. Despite significant effects from lubricant sulfur and phosphorus, loss of LNT NOX reduction efficiency is dominated by fuel sulfur effects. Phosphorus has been determined to have a mild poisoning effect on SCR catalysts. The extent of the effect that lubricant phosphorus and sulfur have on DOCs remains unclear, however, it appears to be minor.

When designing any human-system interface, it is critical to provide realistic anthropometry to properly represent how a person fits within a given space. This study aimed to identify a minimum number of ‘boundary manikins’ or representative models of subjects' anthropometry from a target population, which would realistically represent the population. The boundary manikin anthropometry was derived using, Principal Component Analysis (PCA). PCA is a statistical approach to reduce a multi-dimensional dataset using eigenvectors and eigenvalues. The measurements used in the PCA were identified as those measurements critical for space suit and cockpit design. The PCA yielded a total of 26 manikins per gender, as well as their anthropometry from the target population. Reduction techniques were implemented to reduce this number further with a final result of 20 female and 22 male subjects.

The International Space Station (ISS) Node 1 Environmental Control and Life Support (ECLS) System is comprised of five subsystems: Atmosphere Control and Supply (ACS), Atmosphere Revitalization (AR), Fire Detection and Suppression (FDS), Temperature and Humidity Control (THC), and Water Recovery and Management (WRM). This paper provides a summary of the Node 1 Emergency Response capability, which includes nominal and off-nominal FDS operation, off-nominal ACS operation, and off-nominal THC operation. These subsystems provide the capability to help aid the crew members during an emergency cabin depressurization, a toxic spill, or a fire. The paper will also provide a discussion of the detailed Node 1 ECLS Element Verification methodologies for operation of the Node 1 Emergency Response hardware utilized during the Node 1 Element Qualification phase.

The aim of this study was to explore if fingernail delamination injury following EMU glove use may be caused by compression-induced blood flow occlusion in the finger. During compression tests, finger blood flow decreased more than 60%, however this occurred more rapidly for finger pad compression (4 N) than for fingertips (10 N). A pressure bulb compression test resulted in 50% and 45% decreased blood flow at 100 mmHg and 200 mmHg, respectively. These results indicate that the finger pad pressure required to articulate stiff gloves is more likely to contribute to injury than the fingertip pressure associated with tight fitting gloves.

A work envelope has been defined for weightless Extravehicular Activity (EVA) based on the Space Shuttle Extravehicular Mobility Unit (EMU), but there is no equivalent for planetary operations. The weightless work envelope is essential for planning all EVA tasks because it determines the location of removable parts, making sure they are within reach and visibility of the suited crew member. In addition, using the envelope positions the structural hard points for foot restraints that allow placing both hands on the job and provides a load path for reacting forces. EVA operations are always constrained by time. Tasks are carefully planned to ensure the crew has enough breathing oxygen, cooling water, and battery power. Planning first involves computers using a virtual work envelope to model tasks, next suited crew members in a simulated environment refine the tasks.

Thin sandwich sheets hold a promise for widespread use in automotive industry due to their good crash and formability properties. In this paper, thin stainless steel sandwich sheets with low-density core materials are investigated with regard to their performance in crashworthiness applications. The total thickness of the sandwich materials is about 1.2mm: 0.2mm thick facings and a 0.8mm thick sandwich core. Throughout the crushing of prismatic sandwich profiles, the sandwich facings are bent and stretched while the sandwich core is crushed under shear loading. Thus, a high shear crushing strength of the sandwich core material is beneficial for the overall energy absorption of the sandwich profile. It is shown theoretically that the weight specific shear crushing strength of hexagonal metallic honeycombs is higher than the one of fiber cores - irrespective of their relative density or microstructural geometry.

NASA has long recognized the advantages of providing improved information interfaces to EVA astronauts and has pursued this goal through a number of development programs over the past decade. None of these activities or parallel efforts in industry and academia has so far resulted in the development of an operational system to replace or augment the current extravehicular mobility unit (EMU) Display and Controls Module (DCM) display and cuff checklist. Recent advances in display, communications, and information processing technologies offer exciting new opportunities for EVA information interfaces that can better serve the needs of a variety of NASA missions. Hamilton Sundstrand Space Systems International (HSSSI) has been collaborating with Simon Fraser University and others on the NASA Haughton Mars Project and with researchers at the Massachusetts Institute of Technology (MIT), Boeing, and Symbol Technologies in investigating these possibilities.

In order to estimate the exposure to a crew in space, there are three essential steps to be performed: first, the ambient radiation environment at the vehicle must be characterized; second, the mass distribution properties of the vehicle, including the crewmembers themselves must be developed, and third a model of the interactions of space radiations with matter must be employed in order to characterize the radiation field at the dose point of interest. The Space Radiation Analysis Group (SRAG) at the NASA, Johnson Space Center carries the primary responsibility for the operational radiation protection support function associated with manned space flight. In order to provide support during the various planning, execution, and analysis/recording phase activities associated with a given mission, tools have been developed to allow rapid, repeatable calculations of exposure on orbit.

Currently, states that are out of compliance with the National Ambient Air Quality Standards must, according to the Clean Air Act Amendments of 1990 (CAAA), develop and implement control strategies that demonstrate specific degrees of reduction in emissions-with the degree of reduction depending upon the severity of the problem. One tool that has been developed to aid regulators in both deciding an appropriate course of action and to demonstrate the desired reductions in mobile emissions is EPA's Mobile 5a emission estimation model. In our study, Mobile 5a has been used to examine the effects of regulatory strategies, as applied to the Northeast United States, on vehicle emissions under worst-case ozone-forming conditions.

A technique has been developed to measure the desorption and subsequent oxidation of fuel in the oil layer by spiking the oil with liquid fuel and firing the engine on gaseous fuel or motoring with air. Experiments suggest that fuel desorption is not diffusion limited above 50 °C and indicated that approximately two to four percent of the cylinder oil layer is fresh oil from the sump. The increase in hydrocarbon emissions is of the order of 100 ppmC1 per 1% liquid fuel introduced into the fresh oil in a methane fired engine at mid-speed and light load conditions. Calculations indicate that fuel desorbing from oil is much more likely to produce hydrocarbon emissions than fuel emerging from crevices.

An advanced development helmet mounted display (HMD) was designed and fabricated under NASA-Johnson Space Center (NASA/JSC) contract, NAS 9-17543, by Hamilton Standard Division of United Technologies, Windsor Locks, CT. The work was initiated in December 1985 and culminated in June 1988 with the delivery of an extravehicular mobility unit (EMU) HMD demonstration unit as an alternative to the current low-resolution, chest-mounted display and cuff-mounted checklists. Important design goals achieved with this HMD include the use of transmissive liquid crystal display (LCD) image sources with fairly high resolution (i.e., text, graphics, and video compatible), binocular viewing with total image overlap, virtual image projection, low profile packaging, low power design, and demonstration of voice control of the HMD data.

A human-centered systems analysis was applied to the adverse aircraft weather encounter problem in order to identify desirable functions of weather and icing information. The importance of contingency planning was identified as emerging from a system safety design methodology as well as from results of other aviation decision-making studies. The relationship between contingency planning support and information on regions clear of adverse weather was investigated in a scenario-based analysis. A rapid prototype example of the key elements in the depiction of icing conditions was developed in a case study, and the implications for the components of the icing information system were articulated.

Typical calculations of radiation exposures in space approximate the composition of the human body by a single material, typically Aluminum or water. A further approximation is made with regard to body size by using a single anatomical model to represent people of all sizes. A comparison of calculations of organ dose and dose-equivalent is presented. Calculations are first performed approximating body materials by water equivalent thickness', and then using a more accurate representation of materials present in the body. In each case of material representation, a further comparison is presented of calculations performed modeling people of different sizes.

Micrometeoroid and orbital debris (MMOD) penetration hazards have been a concern for the large number of EVA’s (Extravehicular Activities) expected during the assembly and operation of the International Space Station (ISS). Earlier studies have shown large uncertainties in estimated spacesuit penetration risks. This paper reports the results of recent tests and analyses that have significantly expanded the Shuttle EMU (Extravehicular Mobility Unit) hypervelocity penetration database and clarified our understanding of the associated risks. The results of testing have been used to develop improved estimates of the cumulative risk of penetration during EVA's through the first ten years after the beginning of ISS construction. These analyses have shown that the risks of MMOD penetration during EVA will be somewhat less than the risk of a critical penetration of the ISS itself over the same ten-year period.

MIT Lincoln Laboratory is tasked by the U.S. Federal Aviation Administration to investigate the use of the NEXRAD polarimetric radars* for the remote sensing of icing conditions hazardous to aircraft. A critical aspect of the investigation concerns validation that has relied upon commercial airline icing pilot reports and a dedicated campaign of in situ flights in winter storms. During the month of February in 2012 and 2013, the Convair-580 aircraft operated by the National Research Council of Canada was used for in situ validation of snowstorm characteristics under simultaneous observation by NEXRAD radars in Cleveland, Ohio and Buffalo, New York. The most anisotropic and easily distinguished winter targets to dual pol radar are ice crystals.

With the increasing complexity of automotive systems and the related increasing use of software in them, new approaches are needed to ensure safety. In these new types of automotive systems, safety and reliability are different and require different engineering approaches. Accidents are increasingly due to design errors and to dysfunctional interactions among components rather than component failure. In addition, safety must be engineered and built into the design from the beginning; it is not possible to effectively and affordably add safety devices onto a finished design. This paper describes the need for new approaches to automotive safety and describes an alternative to the traditional reliability-based approaches to safety engineering. The new approach is based on systems theory and views accidents in terms of lack of control or enforcement of the behavioral constraints required to ensure safety.

The introduction of new safety critical features using software-intensive systems presents a growing challenge to hazard analysis and requirements development. These systems are rich in feature content and can interact with other vehicle systems in complex ways, making the early development of proper requirements critical. Catching potential problems as early as possible is essential because the cost increases exponentially the longer problems remain undetected. However, in practice these problems are often subtle and can remain undetected until integration, testing, production, or even later, when the cost of fixing them is the highest. In this paper, a new technique is demonstrated to perform a hazard analysis in parallel with system and requirements development. The proposed model-based technique begins during early development when design uncertainty is highest and is refined iteratively as development progresses to drive the requirements and necessary design features.