• Computer Science
• Undergraduate Study
• Postgraduate Study
• Research
  • About Our Research
  • Research Groups
  • Featured Research Projects
  • Research Seminars
  • Online Theses and Reports Library
• Professional Development and Training
• Tailored Courses for Industry
• Services for Business
• International Students
• About the Department
• Events
• Latest News
• People Finder
• Contact Details & Maps
• CS Staff Intranet
• CS Student Intranet
• Multimedia

Back to the High Integrity Systems Engineering group page

Researcher Profile: Giuseppe Montano (Napo)

Safety-Critical System (SCS)

I look at technologies to assist humans during critical decisions for the control of complex Safety-Critical Manned Systems (SCMS).

About my research

A fault or a malfunction in a Safety-Critical System (SCS) may result in death or serious injury to people. Examples of this type of systems are railway signalling mechanisms, nuclear reactor control systems, airbag systems (automotive). Industrial standards for SCS impose a failure rate lower than once every 10 billions hours of operation.

The High-Integrity Systems Engineering (HISE) group performs pioneering research in the development of systems with substantial safety, availability, reliability and robustness requirements.

Safety-Critical Manned Systems (SCMS) are a specific class of SCS in which a human is actively involved in the control of the system, e.g. manned aircraft and spacecraft, robotic surgery systems, interactive air-traffic control systems. The design of SCMS requires meeting the same, stringent safety requirements that apply to generic SCS with the addition of taking in consideration the contribution of the human operator(s) to any failure condition.

The growth of complexity of modern SCMS, the fact that they must be designed to operate in unstructured environments (it is impossible for system architects to forecast all the possible operating conditions the system will run into at run-time), and the well-documented high incidence of human errors to catastrophic accidents - e.g. researchers have found that between 70 and 80% of aviation accidents can be attributed, at least in part, to human error - are only some of the factors that make the development of SCMS particularly challenging.

Safety-Critical Decision Making Onboard Modern Aircraft and Spacecraft

At present I am investigating pilots' behaviour during critical fault management decisions on-board modern aircraft. More specifically, I am working at the development of the Safe and Interactive Reconfiguration System (SaIRS), which is designed to improve both performance and safety of pilots' decisions during real-time fault management procedures.

SaIRS is an expert system aimed at providing effective decision support information to pilots in a timely manner when the decision scenario demands performance that exceeds humans' capacity. A typical situation is during a landing manoeuvre, when a severe fault with potentially catastrophic consequences negatively affects the behaviour of the aircraft, the cockpit resonate with alarms, the stress raises dramatically - possibly leading to frustration - and the pilot must take decisions to mitigate the effects of the unexpected event in a matter of a few seconds.

In this type of situations, a number of decision biases affects the rational behaviour of pilots, potentially resulting into wrong actions with catastrophic consequences. Stress, frustration, time pressure, automation-induced complacency, loss of situation awareness, mental misrepresentation, information framing effect, perception of risk, loss aversion: these are all well-documented decision biases. The objective of SaIRS is mitigating the negative effects of these biases during real-time fault management decisions in order to preserve the safety of the crew.

I use ideas from Cognitive Psychology to generate cognitive models that allow characterising the potential deterioration of pilots' ability to make the right decision in time due to a number of decision biases. The type of support that SaIRS provides to pilots is defined in the light of these cognitive models.

By means of flight simulation technology approved by the Federal Aviation Administration (FAA), I make experiments with pilots of civil aircraft who are purposely put through heavily demanding critical decision that typically exceed their cognitive capabilities. Pilots performance are recorded with and without the support of SaIRS. During the simulations, I use eye-tracking technology to get an insight into how their perception of task complexity and stress changes under different experimental conditions.

Eye-tracking data is correlated with other measures of user experience, e.g. situation awareness assessment (using the Situation Awareness Subjective Workload Dominance – SAGAT - method), cognitive workload assessment (using the NASA Task Load Index - NASA-TLX - method), responsiveness, decision accuracy. These techniques allow having a glance at pilots' mind during critical situations.

Figure 3. Unexpected event (e.g. severe fault). For more detailed visualization of the event flow see the SaIRS Architecture Diagram (PDF , 1,130kb)

The data collected through these experiments is used to refine the decision support information generated by SaIRS and, consequently, develop and test decision support technology for next-generation aircraft. SaIRS uses novel algorithms based on both the Evidential Reasoning and the Constraint Programming paradigms to fuse the information coming from the sensors installed on the aircraft. Then, in the light of pilots' cognitive limitations, the system:

1. generates decision recommendations which are dynamically adapted to the current operating conditions,
2. generates explanations and implications of each recommendation;
3. informs pilots of how much the information generated is trustworthy on the basis of the reliability of the sensors used during the inference process.

Want to know more?

Visit Napo's Personal Page or the High Integrity Systems Engineering (HISE) research group web page.

Back to Top