Integrated Safety Envelopes Built-in Restrictions of Navigable Airspace Edward A. Lee Professor, EECS, UC Berkeley NSF / OSTP Workshop on Information Technology.

Slides:

Advertisements

Similar presentations

A PERFORMANCE BASED GLOBAL AIR NAVIGATION SYSTEM: PART II

Advertisements

Template created by Giorgio Camilleri, March 2006 June 2006 TRANSITION ICAO Air Navigation Bureau Radio Spectrum Seminar Cairo, Egypt.

Air Traffic Management

SCORT/TRB Rail Capacity Workshop - Jacksonville Florida1 1  A Primer on Capacity Principles  New Technologies  Public Sector Needs 22 September

Continuous Climb Operations (CCO) Saulo Da Silva

Flight Testing Advanced Unmanned Aircraft Michael McDaniel - AIR Naval Air Systems Command NAS Patuxent River, MD, USA DISTRIBUTION STATEMENT A:

AA278A: Supplement to Lecture Notes 10. Controller Synthesis for Hybrid Systems Claire J. Tomlin Department of Aeronautics and Astronautics Department.

Integrated information and telecommunications solutions AIRCOM Implementation VHF Digital Link Presented by Philip Clinch to ATN 2001 Conference 19 September.

ATN 2002 London September 2002 Presented by Aloke Roy Authors: Christophe Hamel Tom Judd Ketan Nguyen Bryan Rowe Kevin Wohlers ATN AIRBORNE IMPLEMENTATION.

An “optimal” controller in Soft Walls is one which always pushes away from the no-fly zone. To blend the control in gradually, we would like to increase.

Ames Research Center 1October 2006 Aviation Software Systems Workshop FACET: Future Air Traffic Management Concepts Evaluation Tool Aviation Software Systems.

Soft Walls: Algorithms to Enforce Aviation Security Adam Cataldo Prof. Edward Lee Prof. Shankar Sastry August 24, 2004 Berkeley, CA Center for Hybrid and.

An Introduction to the Soft Walls Project Adam Cataldo Prof. Edward Lee University of Pennsylvania Dec 18, 2003 Philadelphia, PA.

Control Strategies for Restricting the Navigable Airspace of Commercial Aircraft Adam Cataldo and Edward Lee NASA JUP Meeting 28 March 2003 Stanford, CA.

Berkeley, CA, March 12, 2002 Modal Models in Vehicle-Vehicle Coordination Control Xiaojun Liu The Ptolemy Group EECS Department, UC Berkeley.

Hybrid Workgroup Pam Binns Magnus Carlsson David Corman Bonnie Heck Tom Henzinger Gokhan Inalhan Gabor Karsai, co-chair Wallace Kelly Edward A. Lee, chair.

Soft Walls: Algorithms to Enforce Aviation Security Adam Cataldo Prof. Edward Lee Prof. Shankar Sastry NASA JUP January 22-23, 2004 NASA Ames, Mountain.

FEUP AsasF– Unmanned Air Vehicles Project Group Developing of a Softwall Controller to avoid No-Fly-Zones in an existing Autopilot System Christoph Bruno.

Softwalls, E. A. Lee 1 Preventing the use of Commercial Aircraft as Weapons Edward A. Lee Professor, EECS, UC Berkeley with Xiaojun Liu, Adam Cataldo Institute.

Softwalls: Preventing Aircraft from Entering Unauthorized Airspace Adam Cataldo Prof. Edward Lee Ian Mitchell Prof. Shankar Sastry CHESS Review May 8,

6th Framework Programme Thematic Priority Aeronautics and Space.

Center for Hybrid and Embedded Software Systems Restricting Navigable Airspace: The SoftWalls Approach Edward A. Lee UC Berkeley Collaborators: Adam Cataldo.

Sense & Avoid for UAV Systems

1 Collision Avoidance Systems: Computing Controllers which Prevent Collisions By Adam Cataldo Advisor: Edward Lee Committee: Shankar Sastry, Pravin Varaiya,

Softwalls: Preventing Aircraft from Entering Unauthorized Airspace Adam Cataldo Prof. Edward Lee Prof. Ian Mitchell, UBC Prof. Shankar Sastry NASA JUP.

Soft Walls, Cataldo 1 Restricting the Control of Hijackers: Soft Walls Presented By Adam Cataldo UC Berkeley NASA Ames Research Center 22 November 2002.

Air Traffic By Chris Van Horn.

Avionic S UNIT 1.

1 Introduction of new electronic systems for aviation Thor Breien, Dr. Ing Park Air Systems AS Presented by Linda Lavik.

Aerospace Engineering By Patrick Ferrell. Aerospace Engineering is the main branch of engineering concerned with the research, design, development, construction,

TCAS SSGT Hromek. TCAS = Traffic Collision Avoidance System.

NASA Self-Separation from the Air and Ground Perspective Margaret-Anne Mackintosh, Melisa Dunbar, Sandra Lozito, Patricia Cashion, Alison McGann, Victoria.

Industry Session – Mixed Criticality and Multi-Core David Corman Program Director, Cyber Physical Systems National Science Foundation 1.

Special Topics Introduction to Aeronautical Engineering

Integrated Avionics Systems

Space Indexed Flight Guidance along Air Streams Mastura Ab Wahid, Hakim Bouadi, Felix Mora-Camino MAIA/ENAC, Toulouse SITRAER20141.

IntelliDrive Policy and Institutional Issues Research Valerie Briggs Team Lead, Knowledge Transfer and Policy, ITS Joint Program Office, RITA May 4, 2010.

. Traffic Flow Management System Benefits Flexibility for Future Growth: TFMS provides a modern software architecture to meet future growth and support.

Motivation Collision Avoidance – Inefficient airspace utilization – Increased air traffic workload – Use of obsolete technologies 2.

6-1 Design of UAV Systems UAV operating environmentsc 2002 LM Corporation Lesson objective - to discuss UAV Operating Environments including … National.

DTM establishment around Nausori Airport. Siu Pouvalu, s GS 350 Projects in Geospatial Science University of the South Pacific, SOPAC & Airports.

ASAS FRA OB/T ATM Projects Lufthansa point of view.

- Session 4: Interoperation José M. Roca Air/Ground Cooperative ATS Programme Eurocontrol.

The Aircraft Dispatcher “One stop shopping” source of information for the pilot.

Advanced Speed Guidance for Merging and Sequencing Techniques Chris Sweeney Thomas Jefferson High School for Science and Technology MITRE Corporation Center.

The Sixth NASA Langley Formal Methods Workshop (LFM 2008) 1/15.

SVDM ConOps 18 May 2010 Federal Aviation Administration 0 0 Space Vehicle Debris Threat Management ConOps Presentation to COMSTAC Space Transportation.

Software Testing and Quality Assurance Software Quality Assurance 1.

Lecture 10: Traffic alert and Collision Avoidance System (TCAS)

UAV See & Avoid Employing Vision Sensors

DIRECTION TECHNIQUE CERTIFICATION Paris, April 2008 SL ASAS TN2 Workshop ppt ASAS & Business.

Air Line Pilots Association, International Shared Skies: Safe Integration of Remotely Piloted Aircraft Captain Sean Cassidy 1 st Vice President National.

Problems n The main problem is the congestion of traffic in the air. With the congestion come further problems, such as: –There are too few large airports.

Hybrid Systems Controller Synthesis Examples EE291E Tomlin/Sastry.

Guidance and Control Programs at Honeywell Sanjay Parthasarathy Honeywell Aerospace Advanced Technology October 11, 2006

Eurocontrol ACAS Programme ACTOR/wp3/SLID/D 03/08/01 - v1.0 Slide 1 ACAS II operations in the European RVSM environment ACAS II mandate in Europe (1/2)

The Analytic Blunder Risk Model (ABRM) A computer model for predicting collision risk Kenneth Geisinger Operations Research Analyst Federal Aviation Administration.

Why Cryptosystems Fail R. Anderson, Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993 Reviewed by Yunkyu Sung

4 th Workshop, Amsterdam, 23 rd -25 th April 2007 ASAS-SEP Applications Airborne Implementation Overall Architectural Considerations.

High Fidelity Simulation as a Route to Certification Autonomous Systems: Legal / Regulatory Aspects and V&V Workshop 22 nd February 2016 Dr. M. Jump.

Larry Ley | Digital Aviation | Boeing Commercial Airplanes

Drones, RPAS, UAV’s, UAS Unmanned aircraft.

Spectrum issues and challenges, not on the specific agenda for WRC-19

Continuous Climb Operations (CCO) Saulo Da Silva

FAA Building Blocks Leading to UAS Integration Emerging Trends

Continuous Climb Operations (CCO) Saulo Da Silva

RR-TAG Liaison Report September 2008 IEEE

ICAO Air Navigation Bureau

The Golden Age Of Aircraft Design AVIONICS from Early Days till Now

Presentation transcript:

Integrated Safety Envelopes Built-in Restrictions of Navigable Airspace Edward A. Lee Professor, EECS, UC Berkeley NSF / OSTP Workshop on Information Technology Research for Critical Infrastructure Protection Sept , 2002 With thanks to: Adam Cataldo (Berkeley) David Corman (Boeing) Peter Huber (Forbes Magazine) Xiaojun Liu (Berkeley) Per Peterson (Berkeley) Shankar Sastry (Berkeley) Claire Thomlin (Stanford) Don Winter (Boeing)

ISE, Edward A. Lee 2 The General Principle Networked systems can impose safety envelopes –This is the intent of the air traffic control system Networks fail –E.g. Malicious pilots can ignore air traffic control directives Components can locally impose safety envelopes –Tighter envelopes may be required when networks fail Software-driven control systems enable imposition of safety envelopes at all levels of the network hierarchy –Air traffic control –Individual aircraft –Individual engine –Individual part Principle: Integrated Safety Envelopes

ISE, Edward A. Lee 3 Flexible Networked Systems with Rich Functionality Principle: Integrated Safety Envelopes Networked embedded system… with a rich set of safe behaviors

ISE, Edward A. Lee 4 Compromised Networked Systems Falls back to Less Functionality Principle: Integrated Safety Envelopes Compromised system… has fewer safe behaviors

ISE, Edward A. Lee 5 Hierarchical Networked Systems With Locally Defined Safety Envelopes Principle: Integrated Safety Envelopes Compromised subsystem… behavior within locally defined safety envelopes

ISE, Edward A. Lee 6 Illustration of the Principle: Softwalls Enforce no-fly zones in the on-board avionics. Carry on-board a 3-D database with “no-fly-zones”. Localization technology identifies aircraft position. –GPS + inertial navigation system Principle: Maximize pilot authority Subject to the no-fly zone constraint Maintain aircraft responsivity System is not networked and not hackable. Improves aircraft safety –prevents controlled flight into terrain.

ISE, Edward A. Lee 7 No-Fly Zone with Harsher Enforcement There are already regions of space into which aircraft can’t fly. The idea is to make some of these virtual.

ISE, Edward A. Lee 8 Trajectory with Maximally Uncooperative Pilot Assumptions: speed: 0.1 miles/sec = 360 miles/hour Max rate of turn: M = 2  /20 radians/sec min turning radius: speed/M = 0.32 miles pilot turns towards the wall the wall bias starts, pilot counteracts pilot controls saturate pilot regains steerage towards wall nautical miles

ISE, Edward A. Lee 9 Aircraft is Diverted by a Blending Controller, which Combines a Bias with Pilot Directives force of the wind on the sails turned rudder keeps the trajectory straight with straight rudder with turned rudder Even with weather helm, the craft responds to fine-grain control as expected. Sailing analogy: weather helm

ISE, Edward A. Lee 10 Related Methods Ground proximity warning systems Automatic ground avoidance systems TCAS & ACAS – collision avoidance Potential field methods for air-traffic control Honeywell TCAS Rockwell conflict resolution These all share one feature: localization of safety envelopes.

ISE, Edward A. Lee 11 Issues Reducing pilot authority is dangerous –reduces ability to respond to emergencies

ISE, Edward A. Lee 12 Is There Any Aircraft Emergency Severe Enough to Justify Trying to Land on Fifth Ave?

ISE, Edward A. Lee 13 Issues Reducing pilot authority is dangerous –reduces ability to respond to emergencies There is no override –switch in the cockpit

ISE, Edward A. Lee 14 No-Fly Zone with Harsher Enforcement There is no override in the cockpit that allows pilots to fly through this.

ISE, Edward A. Lee 15 Issues Reducing pilot authority is dangerous –reduces ability to respond to emergencies There is no override –switch in the cockpit Localization technology could fail –GPS can be jammed

ISE, Edward A. Lee 16 Localization Issues GPS falls back to Inertial navigation “Localization” is the technology for reliably and accurately knowing the location of an object. Accurate, robust localization technology is an essential technology.

ISE, Edward A. Lee 17 Issues Reducing pilot authority is dangerous –reduces ability to respond to emergencies There is no override –switch in the cockpit Localization technology could fail –GPS can be jammed Deployment could be costly –how to retrofit older aircraft?

ISE, Edward A. Lee 18 Deployment Fly-by-wire aircraft –a software change Older aircraft –autopilot level? Phase in –prioritize airports

ISE, Edward A. Lee 19 Issues Reducing pilot authority is dangerous –reduces ability to respond to emergencies There is no override –switch in the cockpit Localization technology could fail –GPS can be jammed Deployment could be costly –how to retrofit older aircraft? Deployment could take too long –software certification

ISE, Edward A. Lee 20 Softwalls Works When Air Traffic Control Fails This seems largely orthogonal of air traffic control, and could complement safety methods deployed there. It is self-contained on a single aircraft. Improves robustness of any air traffic control system.

ISE, Edward A. Lee 21 Issues Reducing pilot authority is dangerous –reduces ability to respond to emergencies There is no override –switch in the cockpit Localization technology could fail –GPS can be jammed Deployment could be costly –how to retrofit older aircraft? Deployment could take too long –software certification Fully automatic flight control is possible –throw a switch on the ground, take over plane

ISE, Edward A. Lee 22 UAV Technology (Unoccupied Air Vehicle) e.g. Global Hawk (Northrop Grumman) Technology Support Working Group (TSWG), office of the Secretary of Defense, recommends against any partial control approach. Their feeling is that there is only one feasible strategy: a single trigger, either on-board or remote control, that would assume complete control and take the plane to a safe base. Northrop Grumman has such a system in the Global Hawk UAV that some believe can be dropped-in to passenger airliners.

ISE, Edward A. Lee 23 Potential Problems with Switching to Ground Control When Threat is Detected Human-in-the-loop delay on the ground –authorization for takeover –delay recognizing the threat Security problem on the ground –hijacking from the ground? –takeover of entire fleet at once? Requires radio communication –hackable –jammable This does not follow the principle ofIntegrated Safety Envelopes

ISE, Edward A. Lee 24 Integrated Safety Envelopes Research Agenda Defining hierarchical safety envelopes –Model-based design Fault and threat detection –On-line models Fault and threat isolation –Mode changes to impose safety envelopes Predictable mode transitions –Avoid emergent behavior, propagating effects Adapting existing systems –Models must include the phase-in transition Policy issues –Limiting authority

ISE, Edward A. Lee 25 Conclusions Don’t have to choose between large, centralized control, and decentralized, semi-autonomous actors. –Use both –Failures or threats  tighter safety envelopes Need control algorithms that maintain safe operating parameters and maximize local authority subject to the safety constraints.