Brandon D. Owens scite author profile

Rios

et al. 2018

The Unmanned Aircraft System (UAS) Traffic Management (UTM) effort at NASA aims to enable access to low-altitude airspace for small UAS. This goal is being pursued partly through partnerships that NASA has developed with the UAS stakeholder community, the FAA, other government agencies, and the designated FAA UAS Test Sites. By partnering with the FAA UAS Test Sites, NASA's UTM project has performed a geographically diverse, simultaneous set of UAS operations at locations in six states. The demonstrations used an architecture that was developed by NASA in partnership with the FAA to safely coordinate such operations. These demonstrations-the second or "Technical Capability Level (TCL 2)" National Campaign of UTM testing-was performed from May 15 through June 9, 2017. Multiple UAS operations occurred during the testing at sites located in Alaska, Nevada, Texas, North Dakota, Virginia, and New York with multiple organizations serving as UAS Service Suppliers and/or UAS Operators per the specifications provided by NASA. By engaging various members of the UAS community in development and operational roles, this campaign provided initial validation of different aspects of the UTM concept including: UAS Service Supplier technologies and procedures; geofencing technologies/conformance monitoring; groundbased surveillance/sense and avoid; airborne sense and avoid; communication, navigation, surveillance; and human factors related to UTM data creation and display. Additionally, measures of performance were defined and calculated from the flight data to establish quantitative bases for comparing flight test activities and to provide potential metrics that might be routinely monitored in future operational UTM systems.

Safety-Driven Design for Software-Intensive Aerospace and Automotive Systems

Stringfellow¹,

Leveson²,

2010

Proc. IEEE

Application of a Safety-Driven Design Methodology to an Outer Planet Exploration Mission

Herring

Dulac

et al. 2008

Abstract-Traditional requirements specification and hazard analysis techniques have not kept pace with the increasing complexity and constraints of modern space systems development. These techniques are incomplete and often consider safety late in the development cycle when the most significant design decisions have already been made. The lack of an integrated approach to perform safety-driven system development from the beginning of the system lifecycle hinders the ability to create safe space systems on time and within budget. To address this need, the authors have created an integrated methodology for safety-driven system development that combines four state-of-the-art techniques: 1) Intent Specification, a framework for organizing system development and operational information in a hierarchical structure; 2) the STAMP model of accident causation, a system-theoretic framework upon which to base more powerful safety engineering techniques; 3) STAMPbased Hazard Analysis (STPA); and 4) State Analysis, a model-based systems engineering approach. The iterative approach specified in the methodology employs State Analysis in the modeling of system behavior. STPA is used to identify system hazards and the constraints that must be enforced to mitigate these hazards.Finally, Intent Specification is used to document traceability of behavioral requirements and subject them to formal analysis using the SpecTRM-RL software package. In this paper, 1,2 the application of this methodology is demonstrated through the specification of a spacecraft high gain antenna pointing mechanism for a hypothetical outer planet exploration mission.

Navigating THEMIS to the ARTEMIS Low-Energy Lunar Transfer Trajectory

Cosgrove

Frey

Marchese

et al. 2010

Procedure rework: a dynamic process with implications for the “rework cycle” and “disaster dynamics”

Leveson

Hoffman

2011

System Dynamics Review

Archetypal dynamic structures link the behaviors of the diverse systems of interest to system dynamics modelers. In this article, dynamic behaviors of Procedure Rework processes-used in system operations to update procedures as they are invalidated by changes in the system state and its environment-are linked to two archetypal structures: the "rework cycle" and "disaster dynamics". A case study focused on procedure rework in Space Shuttle Mission Control and involving the development of simulation models of procedure rework calibrated with data from five Space Shuttle missions is presented. A detrimental effect in the process-the rework propagation end-of-mission effect-is identified and linked to three general aspects of rework (rework time horizons, propagation of rework beyond the time horizons, and events forcing timely completion of all remaining rework) that may be improved upon in this and other rework processes. Furthermore, the effect's causes are characterized as examples of endogenous causal mechanisms for disaster dynamics.