Software Safety (MIT) -- Research

CURRENT RESEARCH TOPICS

The long-term goal of our research is to provide techniques and tools that integrate system, software, and cognitive engineering. We want to provide a new generation of technology to enhance the management of complexity in specification, analysis, design, implementation, and verification of complex, safety-critical systems and allow us to build safer systems. This technology should allow us to stretch the limits of intellectual manageability so that more complexity and functionality can be built into future systems while still allowing acceptable levels of assurance.
The following topics are currently being pursued. Research opportunities exist at the undergrad (UROP), masters's, and doctoral level.
Model-Based System Engineering: Models provide a means for understanding complex phenomena and recording that understanding in a way that can be communicated to others. As complexity grows, the use of prototyping to evaluate designs becomes increasingly impractical. The alternative is to use behavioral and structural models, essentially executable specifications, along with advanced analysis tools and simulation environments to evaluate the system design before construction begins. We are investigating the design of executable specification languages that can form the basis for advanced engineering environments. Usability is a large component of this research: The executable specification languages must be reviewable and usable with minimal training by a large variety of domain experts if model-based system engineering is to become a practical reality. At the same time, to allow for automated analysis tools, the languages must have a formal (mathematical) model as their foundation.

Domain-Specific, Reusable, Component-Based System Architectures: Modern, complex control systems for specific application domains often display common system architectural features, making them suitable for representation by a reusable, component-based architecture. The similarities and commonalities can be exploited to create model-driven system development environments. For example, we have shown how to create such a generic spacecraft architecture in which reusable specifications and models can be tailored for the specific spacecraft design, executed and validated in a simulation environment, and then either manually or automatically transformed into software or hardware. Such reuse, however, is dependent on the ability to record design rationale and underlying assumptions so that the changes necessary for particular applications of the architecture can be determined. We do that by using what we call intent specifications.

Interactive Visualization: We hypothesize that the use of multiple views and interactive visualizations of system designs and specifications, based on the task being performed and the expertise of the user, can enhance the intellectual manageability of complex system engineering. Research on interactive visualization should not only be useful in system design but also in training and operations, where the complexity of the automation we are designing is confusing operators and those performing sustainment activities. Interactive visualization could be used as a tool both for training operators and for providing real-time information about the operation of the automation to assist with operational decision making and monitoring activities. The goal of our research is to provide a theoretical foundation for designing interactive visualizations of complex system design and behavior for use by system designers, operators, and maintainers.
New Accident Models for Complex Systems: At the foundation of the current limitations in engineering for safety and mission assurance is the almost exclusive use of a model of accidents that assumes they arise from a chain of failure events and human errors. While satisfactory for the relatively simple electromechanical and industrial systems for which the model was developed, it does not explain system accidents (arising from interactions among system components rather than individual component failures) and is inadequate for today's complex, software-intensive, human-machine systems. We are developing accident models based on systems theory that can serve as the foundation for new and improved approaches to accident investigation and analysis, hazard analysis and accident (loss) prevention, risk assessment and risk management, and performance monitoring. Such models need to include organizational and management factors and well as technical if they are to prevent losses in complex systems.
Human-Centered System Design: Complex systems in the future will be composed of teams of humans and computers, working together to achieve system goals. Humans have not been eliminated from most high-tech systems, but their role has changed significantly-often they are monitors or high-level managers of the automation, which directly (autonomously) controls the system. Our research goals include learning how to design automation to eliminate or reduce human errors such as mode confusion, to optimize allocation of tasks among humans and automation, to enhance learnability, and to improve the training of humans to interact with automation.
Comprehensive Risk Management in Complex Engineered Systems: By integrating the results of our research on model-based system engineering, reusable architectures, human-centered system design, and accident models, we hope to create a risk-driven, model-based methodology for designing complex systems. The methodology will include methods and tools that assist in making informed risk-related decisions from the early stages of project conceptualization through development, deployment, operations, and eventual decommissioning. Emphasis is on providing the ability to make tradeoffs and decisions as early as possible in the process so that the need for rework or unnecessary work and the tradeoffs necessary to provide high confidence in the resulting system behavior are minimized. All aspects of risk, including organizational and human aspects, are integrated into the methodology. The environment will include generic component models to support the development of reusable architectures and component models; fault detection, diagnosis, and protection techniques; design for safety and mission assurance; and support for risk control in maintenance, operations, and systems health monitoring.
Cultural and Organizational Factors in the Engineering of Complex Systems: The Columbia accident and other major technological losses have amply demonstrated the need for understanding the relationships among organizational culture, management, and engineering. We are examining the potential for using systems theory and modeling to understand and "engineer" the safety culture and other organizational and cultural factors in project management, development, and operations.