isa-eunet = intensive software systems for safety applications; a high-tech software european lean...

ISA-EUNET = Intensive Software Systems for Safety Applications; a high-tech software EUropean lean NETwork of experts in Safety Applications to support directly SMEs at regional level


Lecture on

Safety and Reliability of Human-Machine Systems / Sicurezza e Affidabilità dei Sistemi Uomo-Macchina/

Adam Maria Gadomski

E-mail: [email protected]

URL: http://wwwerg.casaccia.enea.it/ing/tispi/gadomski/gadomski.html

1998/99

Lecture on Safety and Reliability of Human-Machine SystemsAdam M.Gadomski, 1998



Definitions: Reliability, Safety and Human Errors

Human-Machine Systems: Low risk systems, High risk systems

Human Errors: Operator - Designer - Organization

User Modeling for Decision support

Reduction of Human Errors: From Passive DSS to Intelligent DSSs

Some Examples

Lecture on Safety and Reliability of Human-Machine SystemsAdam M.Gadomski

Presentation outline



Reliability and Safety Reliability problem - generation of economic losses;

Characterized by different “loss of function” over a given period of time

under a given set of operational conditions. Safety problem - generation of health, environmental and cultural losses;

direct losses for humans body (harm, injury).

Safety (effects): Yes No

Reliability Yes + +

(causes) No + +

As we see Safety and Reliability are either independent (wrong design) or dependent indicators of the system utility.




Human errors Human error:

Human action or inaction that can produce unintended results (*) or system failures (**).

(*) [ISO/ ITC Information Technology Vocabulary,96]

(**) [ NUREC-1624]


Machinefailures

Human errors

Reliability problems

Safetyproblems

Complex consequences interrelations



• High risk systems ( most important: safety problems ) Human errors cause high losses: disasters (off site), accident (on site), incidents, human dead.

- Nuclear, chemical plants, public transportation systems, banks ...

• Low risk systems ( most importany: reliability problems)

Human errors cause only long term low economical losses or quality problems

- Office systems, public information systems, travel, sale systems, Internet ...


Human - Machine Systems




MIND

Organization

Machine (controlled system/processes)

Control and Measurement System

Computer Console

Physical environment

Psycho-social environment

Human operator

Causes of Human Errors

Hardware & Software




Propagation of Human Errors Consequences (Losses)

Remarks: Critical & modificable element is the Human-Computer Interface System

amg

consequences

consequences

Machine Organization

Environment

Design err.

Stress caused err.



Direct Human User Errors Sensorial Rational Emotional

• Erroneous perceptionErroneous perception + + + + + + of images and textsof images and texts

• Erroneous requestErroneous request + + + + + + of informationof information

• Erroneous manipulationErroneous manipulation + + ++ + +


Possible propagation

Mental



Sources of errors from the user perspective

Designer Errors cause Operator Errors ! Main Designer error: Adopting system interface to his own needs.

1. Neglecting human factors and cognitive importance scale on the level of human sensing and manipulation:

- too much information(images, texts) on the screen

- not clear hierarchy (criteria) of the information presentation

- mode of presentation, use of: size, structure, color, voice.

- choice of proper buttons of control (importance scale); place, abreviations, …

- lack the possibility of correction of errorneouss commands.




2. Neglecting of the necessity of the user understanding of plant/process global and particular situation - not clear User-Computer Cooperation.

- lack of hierarchical monitoring of the situation;

flat representation of the intervention domain.

- lack of explanations on the operator request.

- lack of warning.

- lack of suggestions.

User should always know what the system may offer.

System should help users to understand the ”machine”.




• Organization Errors cause Operator Errors !

1. Related to Human Decisional Problems - Not sufficiently clear duties and responsibility of the human operator/user

- the system offers forbidden or never requested functions.

- role of user is modified during “machine” exploitation.

- stress caused by individual responsibility - too high individual

risk, or too low individual responsibility.

2. Lack of proper instructions and training (competencies) creates gap between possible interventions and tasks received from superiors.

3. Knowledge support: Lack of an easy access to organisation experts.

4. Co-operation: Not sufficiently precise define co-operations conditions

5. Ergonomy: Improper organisation of workplace.




Integrated Solution: To design Active/Intelligent Decision Support Systems

- Reduction of operator functions, it requires a function allocation and

the design of new cooperation functions

- Active support structured on the levels of:

1. Data presentation/manual manipulations - goal-oriented

2. Data processing: Selected data processing/calculations -

task- oriented

3. Mechanical Reasoning (qualitative); implementation of

decision- making components.




- Flexible Interaction Strategy of human-computer interface,

- Control of the role of the operator (operator's competencies, responsibilities, access to information),

- Understanding support; textual and graphical languages, information density,

- Decision support related to: information, preferences, knowledge management

- Active intervention support; suggested solutions, explanations.

An integrated role-dependent An integrated role-dependent user/operator modeling is necessaryuser/operator modeling is necessary..

Lecture on Safety and Reliability of Human-Machine SystemsAdam M.Gadomski, 1998



User Modeling Frameworks - Artificial Intelligence

• IPK (Information, Preference, Knowledge) framework [Gadomski, 1989]

• BDI (Beliefs, Desires, Intentions) framework [Anand Rao at al. 1991] strong

human subjective metaphor.

• CKI - Communication, Know-How, Intentions Model [M.Sing,94]


Current tendency: Active DSS designed by the application of human metaphor.



Basic concepts of IPK


• Information : how a particular situation looks (before, now, in the future) ?

- facts , measurements, observations

• Knowledge: how situation may be classified and modeled, and what is

possible to do in” this type of situation “? - descriptive frames, rules, procedures, methods

• Preferences : what is more important? what is more efficient?

• Goal : : what should be achieved ?



Application of the IPK to

Abstract Intelligent Agent construction


0.43

Tuesday, 22 September, 1998

Page 0

CHART1

intervention goalAbstract d-o-a

Knowledge system

information

information

Preferences system

Possible domain-independent reasoning mechanisms:

-deductive, inductive, abductive, case based ... + different logics




Abstract Intelligent Agent (AIA)

• abstract because such model of intelligent agent is

independent from its application-domain, specific

role of the decision-maker, and independent from its

software implementation environment

• AIA is dependent on its architecture constrains



Basic architecture element of AIA

[ Gadomski,93]


DS

Domain System:Representation ofAgent physicalDomain of Activity

PS Agent PreferenceSystem

KS Agent KnowledgeSystem

GoalKS

Action

Decision

Data Acquisition

DS

Physical Domainof Activity

NewInformation

PS




AGENTE SEMPLICE CONSIGLIERE DIRETTO

SISTEMA DOMINIO

SISTEMAPREFERENZE

SISTEMACONOSCENZA

MONDO O SIMULATORE ESTERNO

S. RAPRESENTAZIONEDELLE PREFERENZE

S. META-PREFERENZE

STRATEGIECAMBIOPREFERENZE

AGENTESEMPLICEGESTOREPREFERENZE

S. RAPRESENTAZIONEDELLA COMOSCENZA

CRITERICOSTRUZIONEPIANI

S. META-CONOSCENZAMETODI DI PIANIFICAZIONE

AGENTESEMPLICE PIANIFICATORE

Multi-Agent Structure of

Abstract Intelligent

Agent



Abstract Intelligent

Agent:

Knowledge

Preferences

Information


Role model

Competencies

Responsibilities, Duties

Access to information

Decisional Errors

Out of competencies

Wrong choice criteria

Not proper or insufficient information



Routine software engineers task is

To design software systems which satisfy user’s production goal (user requirements).

What more is needed?

To satisfy also safety & economic goals.

It means

User Modeling is a new paradigm in the software life cycle





• New Life Cycle: Production, Safety and Economic Goals [M.Lind,92]

ProductionGoal

Design of Physical Processes

Safety &Economics

Goal

Design of ComputerSupport Processes

Safety &Economics

Goal

Design of Human& Decision-making Process

Modeling & Testing Production and Control

Modeling & Testing of H/S processes (structural modeling)

Modeling & Testing human factors and cognitive reasoning processes

Integration/modifications Integration/modifications

constrains constrains



• Identification of possible causes and mechanisms of human errors and possible consequences;

- Cause-Consequence analysis.• Ideal Users/Operator functional modeling.• Allocation of functions and the definition of new interface

functions.• Design of additional cooperation functions.• User training in new conditions.

They requiresThey requires

New Systems & TechnologiesNew Systems & Technologies


New components in the Software Life-Cycle required



Active/Intelligent Decision Support Systems

Can be viewed as computerized interfaces for fitting passive DSS functions to the requirements, properties and preferences of man.

Eliminates redundancy of not actual in this moment alternatives

Suggests choices determined by criteria defined on higher abstraction levels

Is based on goal-driven paradigm


Passive Decision Support Systems

Passive Decision Support Systems (Information Systems) have been the first attempt to the computer aid for plant operators and emergency managers

Unfortunately, their application requires from their users continuous learning and training to which typical emergency managers are not enough motivated

Large part of the user decisions relies on the choice of the concrete button from menubars or menu tools being parts of a visualized hierarchical menu structures (menu-driven paradigm)



Human-Computer Cooperation

[Gadomski at al,1995]


IDSSIDSS

ActiveDECISIONSUPPORTSYSTEM

EMERGENCY MANAGER

Cooperation

Human Organization Intranet/Internet

Interventiondecisions Continuous

monitoring

(Intelligent Agent)

Informationem. domain current dataKnowledgerules, models, plans,strategiesPreferencesrisk, roles and resourcescriteria

EMERGENCY DOMAIN

dialoguesuggestionsexplanations

cooperation dataacquisition

Images,MeasuredData

Experts



Mental errors reduction: IPK Architecture.


Domain-Representation Module

Suggested Interventionsamg

Cause of

emergency-eventModification of DomainModel

Preferences System

Possible

consequences

Assessment max.negative consequences

Generation ofIntervention-goal

Knowledge System

Action planning

Decision-Making

Availableprocedures

information

goal



• .


1 - Requirement specification phase 2 - Modeling phase 3 - Prototyping phase

Generic Emergency Management ScenarioN-th Decomposition levels:

Model 1 Model 2 Model 3 Model n

Sub-Model 1

. . . .

Sub-Model 2

. . . . Sub-Model m

Prototype 1 Prototype mPrototype 2 . . . Architecture of IDSS kernel

Architectureof ideal emergencymanager

Verification

Validation

. . .

modification

modification

integration

integration

selection

. . .1

2

3

Definition of new user functions

EXAMPLE




Examples of different ADSSs and IDSSs

• FITFIT, the Institute for Applied Information Technology,, Germany's national research center for information technology.

FABEL Distributed AI-based support system for complex architectural design tasks; integrates case-based and rule-based methods GeoMed Distributed open geographical information systems - implemented as extensions to the World-Wide Web - which support urban and regional planning as multi-party / multi-goal processes KIKon Knowledge-based system for the configuration of telecommunication services andcustomer premise installationsZENO develops and evaluates AI-based tools for Mediation in real-world cooperative planning and design tasks.




1990 -- Passive DSS ; Information Support with Large Data Bases. ISEM: Information Technology Support for Emergency Management; Multi-actors, Large territorial emergency.

1993 - CAT (Computer Aided Tutoring); Recognition of human errors. MUSTER: Multi-Users System for Training and Evaluating Environmental Emergency Response. Genoa Oil Port. Goal: Training support in emergency managers cooperation.

1995 - Active DSS; Implementation of some mental functions + GIS; CIPRODS : Civil Italian PRotection Overview and Decision Support; Supervision of territorial emergency on the national level.

1996 - Active DSS; Some mental functions inserted as autonomous software tools with graphical interface. GEO: Emergency Management on Oil Transport Devices (Lines and Deposits)

1997/8 - Intelligent DSS; User role modeling; User must know - What? System must know - How? IDA - Intelligent Decision Advisor;

Multipurpose agent- based system

Evolution of DSSs - ENEA’s Example




GEOGRAPHICAL DATABASES

EVENT CONSEQUENCES

DecisionalModule

Predictive Module

DiagnosticModule

ActionsSymptoms

Toxic substances and risk industries Data

Base

Algorithms for consequences

analysis

Plans and Emergency Procedures

EDSS (Emergency Decision Support System)

CIPRODS General Architecture

Example 1: A Cognitive Functional Architecture of ADSS

- The system suggests possible actions in a concrete application domain

[Di Costanzo et al.,1995] What

happens?What will happenor could Happen?

What to do ?




Choice ofa procedure

Event

Symptom Information

Activeprocedure Phase tree Tasks list

Activeselected

tool

Commandproduction

Eventmodification

Commands

Computationalcalculations

visualization activation

Variable Interface 1numeric-graphic- textual

information for the user

Interface2:

Tools menu(icons)

Choice ofaction

Choice oftool

Composition of one action

Example 2 :

Schema of functions allocation among Active DSS and its user [Balducelli,Gadomski,97].




Example 3: Dynamic Humans Modeling - Cooperation Training

Trainee 1

Trainee 2

Trainee 3

Tutor (Training Supervisor)

SimulatedIntervention

Domain

D

K

P

D

CP

D

K

P

D

K P

D

K

P

[Balducelli at al.1994]



Some References

• Human Reliability and Safety Analysis Data Handbook

David I. Gertman and Harold S. Blackman

Published by John Wiley & Sons, ISBN 0-471-59110-6 .• NASA SAFETY POLICY AND REQUIREMENTS

DOCUMENT: NASA Handbook NHB 1700.1 (V1-B) June 1,1993. Most advanced: Nuclear power industry and associated Government regulatory

agencies - it does little to broaden the analysis of human reliability in other applications, such as air traffic control and other human-in-the-loop situations .

• IAEA instruction, manuals.

• US Nuclear Regulatory Commission Reports• Stress and Operator Decision Making in Coping with Emergencies

T.Kontogiannis, Int.J. Human-Computer Studies (1996) v.45.




ENEA• A.M. Gadomski, V.Nanni, Intelligent Computer Aid for Operators: TOGA Based

Conceptual Framework. Proceedings of "Second International Conference on Automation,

Robotics, and Computer Vision", Singapore, Sept.1992. • A.M. Gadomski , S. Bologna, G. Di Costanzo. Intelligent Decision Support for

Cooperating Emergency Managers: the TOGA based Conceptualization Framework. The Proceedings of "TIEMEC 1995: The International Emergency Management and Engineering Conference", J.D. Sullivan, J.L. Wybo, L. Buisson (Eds), Nice, May, 1995.

• C. Balducelli, S. Bologna, G. Di Costanzo, A. M. Gadomski, G. Vicoli. Computer Aided Training for Cooperating Emergency Managers: Some Results of Muster Project. Proceedings. of The MemBrain Conference. Oslo’95, 1995.

• A. M. Gadomski, C. Balducelli, S. Bologna, G. DiCostanzo. Integrated Parallel Bottom-up and Top-down Approach to the Development of Agent-based Intelligent DSSs for Emergency Management. Proceedings of the International Emergency Management Society

Conference. TIEMS’98: Disaster and Emergency Management. Washington, May 1998.


isa-eunet = intensive software systems for safety applications; a high-tech software european lean...

Documents

safety applications

reliability of human

safety problems human

intensive software systems

safety effects

machine systems adam

sale systems

high risk systems human