TY - CHAP
T1 - Towards establishing a self-management architecture for dynamic risk management in 'intelligent' aero-engine control
AU - Kurd, Zeshan
AU - Kelly, Tim
AU - McDermid, John Alexander
AU - Calinescu, Radu
AU - Kwiatkowska, Marta Z.
PY - 2009/1
Y1 - 2009/1
N2 - In the past, intelligent adaptive controllers have been proposed and shown to achieve performance and safely objectives when operating within complex and highly dynamic problem domains such as Gas-Turbine Aero Engine control. The behaviour of control functions in safety critical software systems is typically bounded to prevent the occurrence of known system level hazards. These bounds are typically derived through safely analyses and can be implemented through the use of necessary design features. However, the unpredictability of real world problems can result in changes in the operating context that may invalidate the behavioural bounds themselves, for example, unexpected hazardous operating contexts as a result of failures or degradation. For highly complex problems it may be infeasible to determine the precise desired behavioural bounds of a function that addresses or minimises risk for hazardous operation cases prior to deployment. This paper presents an overview of the safety challenges associated with such a problem and how such problems might be addressed using self-* systems. The safely assurance goals can be used to influence the design of a self-management architecture that performs on-line risk management.
AB - In the past, intelligent adaptive controllers have been proposed and shown to achieve performance and safely objectives when operating within complex and highly dynamic problem domains such as Gas-Turbine Aero Engine control. The behaviour of control functions in safety critical software systems is typically bounded to prevent the occurrence of known system level hazards. These bounds are typically derived through safely analyses and can be implemented through the use of necessary design features. However, the unpredictability of real world problems can result in changes in the operating context that may invalidate the behavioural bounds themselves, for example, unexpected hazardous operating contexts as a result of failures or degradation. For highly complex problems it may be infeasible to determine the precise desired behavioural bounds of a function that addresses or minimises risk for hazardous operation cases prior to deployment. This paper presents an overview of the safety challenges associated with such a problem and how such problems might be addressed using self-* systems. The safely assurance goals can be used to influence the design of a self-management architecture that performs on-line risk management.
UR - http://www.scopus.com/inward/record.url?scp=77955928366&partnerID=8YFLogxK
U2 - 10.1049/cp.2009.1551
DO - 10.1049/cp.2009.1551
M3 - Chapter
SN - 978 1 84919 195 1
VL - 2009
SP - 33
EP - 40
BT - IET System Safety 2009
PB - IET and SaRS
CY - London
ER -