Complex Systems Design

Research Overview

Irem Y. Tumer
Associate Professor
Complex System Design Laboratory
Department of Mechanical Engineering
Oregon State University
[email protected]

Irem Y. Tumer
[email protected] 1
Challenge of Designing Aerospace Systems

QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.

Irem Y. Tumer
[email protected] 2
 Complex Aerospace Systems
Unique Design Environment

• High-risk, high-cost, low-volume missions with

significant societal and scientific impacts
• Rigid design constraints
• Extremely tight feasible design space
• Highly risk-driven systems where risk and uncertainty
cannot always be captured or understood
• Highly complex systems where subsystem
interactions and system-level impact cannot always
be modeled
• Highly software intensive systems

Irem Y. Tumer
[email protected] 3
Motivation and Research Needs

• Introducing failure & risk in early design

– Analysis of potential failures and associated risks must be done
at this earliest stage to develop robust integrated systems
• Systematic, standardized & robust treatment of failures and risks
• Enabling trade studies during early design
– Early stage design provides the greatest opportunities to explore
design alternatives and perform trade studies
• Reduce the number of design iterations and test & fix cycles
• Reduce cost, improve safety, improve reliability
• Enabling system-level design & analysis
– Subsystems must be designed as a critical part of the overall
system architecture, and not individually or as an afterthought
• Increase ROBUSTNESS of final integrated architecture
– Include all aspects of design trade space and all stakeholders
– Design and optimize as a system

Irem Y. Tumer
[email protected] 4
Complex Systems Design
Related Fields of Research

Main Research Thrusts in CoDesign Lab:

– Model-based design: Analysis and simulation tools and metrics to evaluate designs,
and to capture and analyze interactions and failures in the early conceptual design
stages
– Risk-based design: Formal process of quantifying risk and trading risk along with
cost and performance during early design, moving away from reliance on expert
elicitation
– System-level design: Multidisciplinary approach to define customer needs and
functionality early in the development cycle to proceed with design synthesis and
system validation for the entire system
Related Fields:
– Reliability engineering
– Safety engineering
– Software engineering
– Systems engineering
– Simulation based design
– Control systems design

Irem Y. Tumer
[email protected] 5
Complex System Design
Formal Methods Research
• Design Theory & Methodology Research (early design):
– Modeling techniques:
• Function-based modeling
• Bond graph modeling
– Mathematical techniques:
• Uncertainty modeling, decision theory, risk modeling, optimization,
control theory, robust design methods, etc.
– Systematic methodologies:
• Design for X (mitigation, maintainability, failure prevention, etc.),
• System engineering methods
• Axiomatic design, etc.
• Risk and Reliability Based Design Methods (later design stages):
– PRA, FTA, FMEA/FMECA, reliability block diagrams, event sequence
diagrams, safety factors, knowledge-based methods, expert elicitation
• Design for Testability Methods (middle stages):
– TEAMS, Xpress

Irem Y. Tumer
[email protected] 6
Driving Application
Integrated Systems Health Management (ISHM)
A system engineering discipline that addresses the design,
development, operation, and lifecycle management of subsystems,
vehicles, and other operational systems, with the goal of:
• maintaining nominal system behavior and function
• assuring mission safety & effectiveness under off-nominal conditions
Design of Health Real-Time Systems Health Informed Logistics &
Management Systems Management Maintenance
• Testability • Distributed sensing • Modeling of failure
• Maintainability • Fault detection, isolation, and mechanisms
• Recoverability recovery • Prognostics
• Verification and • Failure prediction and mitigation • Troubleshooting
validation of ISHM • Robust control under failure assistance
capabilities • Crew and operator interfaces • Maintenance planning
• End-of-life decisions

Irem Y. Tumer
[email protected] 7
 ISHM State-of-the-Practice
Space Shuttle
FACT: True ISHM has never been achieved! C&W System

System-level Management: mitigation & recovery

Some Examples at NASA:
– ISS/Shuttle: Caution and Warning System
– Shuttle: minimal structural monitoring
– SSME: AHMS
– EO-1 and DS-1 technology experiments
– 2GRLV, SLI: Propulsion HM testbeds and prototypes
ISHM sophistication level inversely proportional with distance from earth!
Position Vehicle Capability
Mars MER Fault Protection
LEO ISS Warning System
Ascent to Orbit SSME AHMS Redline Cutoff
Atmosphere JSF, 777 Multi-System
Diagnostics, CBM
Ground Automobile On-star, ABS, Traction
Control

Irem Y. Tumer
[email protected] 8
Spacecraft Health Management at NASA
Crew Launch Vehicle (“Ares”) Crew Exploration Vehicle (“CEV”)
•1/2,000 probability of loss-of-
•Short ground processing time
crew
•Long loiter capability in lunar
•Based on legacy human-rated
orbit
propulsion systems (J2X, RSRM)
•Need to asses vehicle health
•The order-of-magnitude
and status rapidly and
improvement in crew safety
accurately on the ground and
comes from crew escape
during quiescent periods
provisions!
•Design for ISHM
•ISHM focus on sensor selection
and optimization, crew escape
Robotic
logic,Space Exploration
and functional failure International Space Station
analysis. & Space Shuttle
Augment traditional fault
protection/redundancy •Prognostics for ISS
management/ FDIR with ISHM subsystems (power, GN&C)
Real-time HM of science •Augment mission control
payloads and engineering capabilities (data analysis
systems including anomaly tools, advanced caution and
detection, root cause ID, warning)
prognostics, and recovery •Retrofit sensors (e.g., Shuttle
Ground systems for real-time wing leading edge impact
and system lifecycle health detection)
Irem Y. Tumer management
[email protected] 9
Complex System Design
Summary of Research Efforts

• Methods and tools to support engineering analysis

and decision-making during early conceptual design
stages
– Functional analysis and modeling of conceptual designs for
early fault analysis
– Function based model selection for systems engineering
– Functional failure identification and propagation analysis
– Modeling, analysis, and optimization of ISHM Systems
– Function based analysis of critical events
– Quantitative risk assessment during conceptual design
– Cost-benefit analysis of ISHM systems
– Decision support and uncertainty modeling for design teams
during trade studies
– Risk assessment during early design
Irem Y. Tumer
[email protected] 10
Function-Based Modeling and Failure Analysis
Objectives Approach:
• Improve the design process through early failure analysis
based on functional models
• Produce a model-based early design tool to design
safeguards against functional failures in vehicle design

Benefits
• Reduced redesign costs through early failure identification
and avoidance
• Improved mission risk assessment through identification of Ex: Probe Cruise Stage: Star Scanner Assembly black box
“unknown unknowns” functional model is the highest level description of system:
• Effective reuse of lessons-learned and commonalities Spacecraft,
Debris Spacecraft

across systems and domains Electrical Energy, Optical Energy,

Thermal Energy, Solar Energy
Sense Star Brightness Thermal Energy

• Availability of generic and reusable function models and Threshold Command

Self-test Command
(generate two star detection and two star
magnitude signals) Star Coincidence Pulse,
Star Magnitude, +5V Monitor

failure databases
Star Scanner functional model at the
Approach secondary/tertiary level of functional detail comprises
approximately 60 identified functions:
• Build generic and reusable functional models of existing electrical
energy
from CPDU
electrical
energy
electrical
energy
electrical
energy
electrical
energy
electrical
energy
electrical
energy
electrical
energy
electrical
energy
electrical
energy to
components

subsystems using standardized function taxonomy (developed

convert elec. change convert elec.
import condition regulate condition regulate transmit
energy to elec. electrical energy to elec.
electrical electrical electrical electrical electrical electrical
energy energy energy
energy (DC) energy energy energy energy energy
(DC to AC) (step down) (AC to DC)

+5V
monitor
solar to CREU

at UMR by Prof. Rob Stone)

energy
stop solar
energy

• Generate failure lists for existing subsystems (failure reports, optical

energy
from
stars
separate
optical energy
optical
energy
import optical
energy
optical
energy
guide (reflect
& focus)
optical energy
optical
energy
condition
(focus) optical
energy
optical
energy
guide (focus)
optical energy
(into slits)
optical
energy
detect optical
energy
optical
energy
guide (reflect
& focus)
optical energy
optical
energy
convert optical
energy to
electrical
electrical
energy
increment
electrical
energy
electrical
energy 2

FMEAs) and build standardized failure taxonomy

(into slits) energy

optical
energy
stop off -axis
optical energy

• Map failures to functional models to create function-failure 2

convert
electrical
analog
signal
transmit analog
analog
signal
condition
analog
signal
increment
(amplitude of)
analog
signal
transmit analog
analog
signal 3

knowledge bases (resuable and generic)

energy to signal analog signal signal
analog signal
analog signal

• Develop software tools for use by design engineers 3

contain
(maintain
magnitude of)
analog signal
analog
signal
detect
(magnitude of)
analog signal
electrical
analog
signal
signal
export analog
signal
analog
signal
star
magnitude
to CREU

• Validate utility in actual design scenario 7

analog
signal
decrease
(magnitude of)
analog signal
(by 50%)
analog
signal
process analog
signals
analog
signal
convert analog
signal to
discrete signal
discrete
electrical
signal
signal

transmit
discrete signal
discrete
signal 4

discrete
separate analog signal
3 signal and
discrete signal
(separate
grounds)

Irem Y. Tumer threshold

command
from CSID
discrete
signal
discrete
signal
discrete
signal
process analog
analog
signal
discrete
signal 5

11
convert analog
import discrete sense discrete transmit signals (compare

[email protected]
signal to
signal signal discrete signal signal magnitude to
discrete signal
threshold)

self test
command separate analog
from CSID signal and
discrete signal
(separate
grounds)
Function-Based Model Selection
Systems Engineering
Objectives Ex: Hydraulic Braking System
• Develop a function-based framework for the mathematical Status
Export (Pressure)
modeling process during the early stages of design Status

Benefits
Therm. E.
• Provides a framework for identifying and associating Export
Thermal (Mount,Air)
various mathematical models of a system throughout the Energy

design process
Convert Mech. E.
• Enables quantitative evaluation of concepts very early in Hyd. E. Import
Hydraulic Hydraulic Energy Export
Mechanical (Mount)
Energy to Translational Energy
design process Energy
• Promotes storage and re-use of mathematical models Trans. E. Mech. E.

• Represents the effect of assumptions and design choices Rot. E. Import

Rotational
Decrease
Rotational
Export
Rotational Rot. E.
Energy Energy Energy
on the functionality of a system
Methods Convert Export Therm. E.
Rotational Thermal (Air,Hub)
• During System Planning: Energy to
Thermal Energy
•Modeling Desired Functionality
•Generating System-level Requirements Export
Status
(Speed)
Status
•Modeling for Requirements Generation
• During Conceptual Design: Function Input Output Model Type
•Refining Functionality Import
Hydraulic
Flow,
Pressure
Flow, Pressure Closed-form
Eqs.
Energy Flow Requirement
•Modeling for Component Selection Convert Flow, Displacement, Closed-form Rot. E. Based on a 1500kg mass stopping from
30m/s, the braking system shall be able
Hyd. E. to Pressure Force Eqs.
•Component Selection Trans. E.
Decrease Force, Angular ODE
to handle a 675kJ energy input. The
system shall be designed to stand a 180
Rot. E. Angular Acceleration rad/s max rotational speed and a
• During Embodiment Design: Speed, maximum input moment of 13.5kN-m.
Moment Hyd. E. The maximum pressure input to the
•Auxiliary Function Identification Convert
Rot. E. to
Angular
Speed,
Energy
Magnitude
Closed-form
Eqs. Rot. E.
system shall be 10MPa.
The output rotational energy output of
Therm. E. Moment
•Sub-system Functional Modeling Therm. E.
the system shall be 0kJ.
Based on a 2s stopping distance, the heat
dissipation of the system shall be at least
•Sub-system Level Requirements Identification 337.5kW. The maximum temperature
the system should reach is 150C.
•Detailed System Modeling and Validation

Irem Y. Tumer
[email protected] 12
Simulation-Based Functional Failure Identification
and Propagation Analysis
Objectives Example: Reaction Control System (RCS) Conceptual Design
• Develop a formal framework for design teams to evaluate Objective: Explore what -if scenarios:
The FFIP framework identifies potential
and assess functional failures of complex systems during What are the effects of component functional failures and their
failures on overall system propagation under off -nominal
conceptual design functionality? conditions using behavioral analysis.

T T

GHe
GHe

Benefits P P

• Systematic exploration of what-if scenarios to identify risks P

P P

and vulnerabilities of spacecraft systems early in the design P

P P
P

process
T
T
T T
MMH
MMH NTO

• Analysis of functional failures and fault propagation at a

highly abstract system configuration level before any
P
P
P
Pc
T P Pc T

potentially high-cost design commitments are made Pc T

Pc
T

• Support of decision making through functional failure T

Pc
T

Pc

analysis to guide designers to design out failure through the System Function:
System Configuration:
exploration of design alternatives Conceptual Schematic
Functional Model

Approach Functional Failure Identification and Propagation (FFIP) Architecture

• Build generic and reusable system models using an SYSTEM MODEL
interrelated set of graphs representing function, configuration, Functional Model

and behavior.
• Model behavior using a component-based approach using Configuration Model

high-level, qualitative models of system components at various Component Behavioural Models

discrete nominal and faulty modes

• Develop a graph-based environment to capture and simulate
overall system behavior under critical conditions Function Failure Logic
Qualitative Behaviour Simulation

• Build a reasoner that translates the physical state of the

system into functional failures FFIP INPUT FFIP OUTPUT

• Validate the framework in an actual design scenario Critical Functional Failure Estimates
Event Functional Failure Propagation Paths
Scenarios

Irem Y. Tumer
[email protected] 13
Function-Based Analysis of Critical Events
Approach:
Objectives
• Establish a standard framework for identifying and Ex: Mars Polar Lander Landing Leg: Event Model During
modeling critical mission events Landing Leg Deployment
Release Landing
• Establish a method for identifying the information required Structure, Signal Signal Structure,
to ensure that these critical events occur as planned Landing Leg, Landing Leg,
Release Nut Begin Trigger Deploy End Release Nut
Release Latch Leg
• Provide a means to determine Health Management needs, Deployment Nut Leg Deployment

sensor locations, etc. during early design phase

• Assist the identification of requirements for critical events
during the design of space flight systems
Functional Model During Landing Leg Deployment
Benefits Rot. E. Convert Convert Rot. E.
Import Store Supply Export
• Standardized function-based modeling framework Rot. E. Rot. E. to
Mech. E. Mech. E. Mech. E. Mech E. to
Rot. E. Rot. E.
• Development of event models and functional models very Release Release
early in the design of systems Nut Import
Solid
Position
Solid
Secure
Solid
Stop
Mech. E.
Separate
Solid
Export
Solid
Nut
• Identification of critical events and important functionality
from these models Release
Signal Import
Control
• Requirements identification based on functional and event Signal
models
Methods
Requirements Identified from Functional and Event Models
• Event Models for Systems
•Black Box Flow Type Flow Requiremen t
Solid Input Release Nut The r e le a se nut must be p rope r ly po s itioned and
•Detailed secured b e fore th e rel e ase e vent c an occ u r
Contro l Sig n al Input Release Sig n al The Rel e ase Sig n al wi ll in itiate the Tr igger rel e ase
• Functional Models During Events Nut event
Solid Output Release Nut At the completio n of the e vent, the Rel e ase Nut w ill
•Black Box be sep a rated fr o m the l an d ing leg

•Detailed Sign a l Output Sepa r ation After com p letion of the e vent, the subs e quent event
wi ll be init iated w ithout a fo r m a l sig na l
• Function-based Requirements Identification

Irem Y. Tumer
[email protected] 14
Model-Based Design & Analysis of ISHM Systems

Objectives ISHM
• Concurrent design of ISHM systems with vehicle systems
Risk lists, Failure Modes
to ensure reliable operation and robust ISHM Reliability Models
• Model-based optimization of ISHM design and technology Functional Requirements
Sensor selection
Maintainability
PRA/QRA
selection to reduce risks and increase robustness FUNCTIONAL Qualitative Analysis
Risk Analysis
FTA/ETA Feature selection
FMEA Testability
MODELS
Benefits Functional FMEA

• Identification of issues, costs, and constraints for ISHM

design to reduce cost and increase reliability of ISHM and Advanced
Studies
Preliminary
Analysis
Definition Design Development Operations

optimize mitigation strategies

• Streamlining the design process to decide when and how
Feasible Feasible Functional
to incorporate ISHM into system design, and how to Concepts Concepts Baseline
Build Deploy

balance between cost, performance, safety and reliability

• Provide subsystem designers with insight into system level
effects of design changes.
Main-Problem Level

Main Design Solution Set

Approach
Top-level Optimization
Max FOM’s
Design: {xsh, x1, … , xJ} s.t. top-level constraints
• Formulate ISHM design as optimization problem
• Leverage research & tools for function-based design
Sub-Problem Level
methods, risk analysis, and design optimization to
Sub-Problem 1 Sub-Problem J Down-selection
incorporate ISHM design into system design practices … Max H metric
Design: {xsh, x1} Design: {xsh, xJ} Min S metric
• Develop ISHM software design environment using ISHM
optimization algorithms
• Implement and validate inclusion of ISHM chair in
concurrent design teams (e.g., Team-X)

Irem Y. Tumer
[email protected] 15
 Risk Quantification During Concurrent Design

Objectives
• Enable rapid system level risk trade studies for concurrent
engineering design
• Develop a quantitative risk-analysis methodology that can
be used in the concurrent design environment
• Provide a real-time (dynamic) resource allocation vector
that guides the design process to minimize risks and
uncertainty based on both failure data and designers’
inputs

Benefits
• Improved resource management and reduced design
Feasible Space of Allocation V ectors
costs through early identification of risks & uncertainties σ (TB)
• Use common basis for trading risk with other system and
programmatic resources
• Increased reliability and effectiveness of mission systems Inferior D esign Process

Approach
• Develop functional model
• Collect failure rates and pairwise correlations
• Model design as a stochastic process
Risk -Efficient D esign Process
• Formulate as a 2-objective optimization problem (RED -P)
• Obtain the optimal resource allocation vector in real-time,
as the design evolves Expected total risk benefit , E(TB)

Irem Y. Tumer
[email protected] 16
Cost-Benefit Analysis for ISHM Design

Objective:
• Create a cost-benefit analysis framework for ISHM that enables:
– Optimal design of ISHM (sensor placements etc.)
– Tradeoff analysis (does the benefit justify the cost?)

Approach:
• Maximize “Profit”!
N +M N
Π = A ⋅R −C = ∏ Ai ⋅R −∑(CR + CD )i
i =1 i =1

where:
– P is Profit
– A is Availability, a function of System Reliability, Inspection Interval, and Repair Rate.
– N is number of System Functions.
– M is the number of ISHM Sensor Functions utilized.
– R is Revenue/Unit of Availability in USD.
– Cost of Risk: quantifies financial risk in USD.
– Cost of Detection: quantifies cost of detection of a fault in USD.

Irem Y. Tumer
[email protected] 17
Cost-Benefit Analysis Process
Approach: Determine the “merits” of adding IVHM to a baseline system

1. Develop models to measure the impact What is the “merit” Function? Captures interaction of IVHM cost, benefit,
of various IVHM architectures (i.e. sensor risk

placements, data fusion algorithms, fault
detection and isolation methodologies) on
the safety, reliability, and availability of the
vehicle.
2. Once the impact of various IVHM
architectures on the vehicle are measured,
tradeoffs are formulated as a multiobjective
multidisciplinary optimization problem.
3. We can then create a decision support
system for the designers to handle IVHM
tradeoffs at the early stages of designing a
system.
Since the Profit function is impacted by
Use Optimization to Maximize “merit” through optimal allocation of
IVHM to the conceptual system
What is the Design Space?
•Sensor allocations, Detection
Decision, Inspection Interval
Enable Optimal IVHM Design Decisions
$110
$100
$90
Dominated Region

a combination of revenue and cost of $80 Maximum Profit

(Equal Weights)
risk, a Pareto Frontier can be created. $70
The frontier demonstrates the solution
for different trade-offs. $60
Increasing Revenue
$50
$930 $940 $950 $960 $970 $980 $990 $1,000 $1,010
Revenue (Thousands USD)

Irem Y. Tumer
[email protected] 18
Decision Support for Engineering Design Teams
Uncertainty capture, modeling, & management
Objectives Design Operations

• Facilitate collaborative decision-making and concept

evaluation in concurrent engineering design teams Design
Uncertainty
• Characterize uncertainty and risk in decisions from
initial design stages
• Develop decision management tool for integration Variation
Environmental Uncertainty
into collaborative design and concurrent engineering Internal Uncertainty
environments
Time

Benefits
• More robust designs starting from conceptual design
stage
• Reduced design costs
• Modeling important decisions points in highly-
concurrent engineering design teams
• Incorporating tools and methods into fluid and
dynamic design environment

Approach
• Understand uncertain decision-making in real design
teams
• Develop framework to map design decision-making
to decision-theoretic models
• Validate method and tool with a real engineering
teams

Irem Y. Tumer
[email protected] 19
Risk in Early Design (RED) Methodology

Objectives
– Identify and assess risks during conceptual
product design
– Effectively communicate risks
Benefits
– Improved Reliability
– Decreased cost associated with design
changes
Methods
– FMEA
• RED can id system functions failure modes, occurrence, and
severity
– Fault Tree Analysis
• RED can id at risk functions and potential failure paths from
functional models
– Event Tree Analysis
• RED can id sequences of functions and subsystems at risk
from initiating events

Irem Y. Tumer
[email protected] 20