Establishing a Framework for Dynamic Risk Management in ‘Intelligent’ Aero-Engine Control

  • Zeshan Kurd
  • Tim Kelly
  • John McDermid
  • Radu Calinescu
  • Marta Kwiatkowska
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5775)


The behaviour of control functions in safety critical software systems is typically bounded to prevent the occurrence of known system level hazards. These bounds are typically derived through safety analyses and can be implemented through the use of necessary design features. However, the unpredictability of real world problems can result in changes in the operating context that may invalidate the behavioural bounds themselves, for example, unexpected hazardous operating contexts as a result of failures or degradation. For highly complex problems it may be infeasible to determine the precise desired behavioural bounds of a function that addresses or minimises risk for hazardous operation cases prior to deployment. This paper presents an overview of the safety challenges associated with such a problem and how such problems might be addressed. A self-management framework is proposed that performs on-line risk management. The features of the framework are shown in context of employing intelligent adaptive controllers operating within complex and highly dynamic problem domains such as Gas-Turbine Aero Engine control. Safety assurance arguments enabled by the framework necessary for certification are also outlined.


Multiagent System Adaptive Controller Operating Context Actuator Fault Safety Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    IEC, 61508: Fundamental Safety of Electrical / Electronic / Programmable Electronic Safety Related Systems, International Electrotechnical Commission (1999) Google Scholar
  2. 2.
    Heo, J.S., Lee, K.Y.: A multi-agent system-based intelligent control system for a power plant. In: IEEE Power Engineering Society General Meeting, vol. 2, pp. 1050–1055 (2005)Google Scholar
  3. 3.
    Calinescu, R., Kwiatkowska, M.: Using quantitative analysis to implement autonomic IT systems. In: Proceedings of the 31st International Conference on Software Engineering (ICSE 2009), Vancouver, British Columbia, Canada (2009)Google Scholar
  4. 4.
    Kurd, Z.: Artificial Neural Networks in Safety Critical Applications, PhD Thesis, Department of Computer Science, University of York, York (2005)Google Scholar
  5. 5.
    Kurd, Z., Kelly, T.P.: Using Safety Critical Artificial Neural Networks in Gas Turbine Aero-Engine Control. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 136–150. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Kurd, Z., Kelly, T.: Using Fuzzy Self-Organising Maps for Safety Critical Applications. Reliability Engineering & System Safety 92(11), 1563–1583 (2007)CrossRefGoogle Scholar
  7. 7.
    Chipperfield, A.J., Bica, B., Fleming, P.J.: Fuzzy Scheduling Control of a Gas Turbine Aero-Engine: A Multiobjective Approach. IEEE Trans. on Indus. Elec. 49(3) (2002)Google Scholar
  8. 8.
    Sugeno, M., Takagi, H.: Derivation of Fuzzy Control Rules from Human Operator’s Control Actions. In: Proc. of the IFAC Symp. on Fuzzy Information, Knowledge Representation and Decision Analysis (1983)Google Scholar
  9. 9.
    Kurd, Z., Kelly, T.P.: Safety Lifecycle for Developing Safety-critical Artificial Neural Networks. In: Anderson, S., Felici, M., Littlewood, B. (eds.) SAFECOMP 2003. LNCS, vol. 2788, pp. 77–91. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Hollnagel, E.: Accidents and Barriers. In: Proceedings of Lex Valenciennes, Presses Universitaires de Valenciennes, pp. 175–182 (1999)Google Scholar
  11. 11.
    MoD, Defence Standard 00-56 Issue 3: Safety Management Requirements for Defence Systems, Issue 3, Part 2, UK Ministry of Defence (2004)Google Scholar
  12. 12.
    Austin, J.: A Grid Based Diagnostics and Prognosis System for Rolls Royce Aero Engines: The DAME Project. In: 2nd International Workshop on Challenges of Large Applications in Distributed Environments (CLADE 2004), Honolulu, Hawaii, USA. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  13. 13.
    Stranjak, A., et al.: A multi-agent simulation system for prediction and scheduling of aero engine overhaul. In: Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems, International Foundation for Autonomous Agents and Multiagent Systems: Estoril, Portugal, pp. 81–88 (2008)Google Scholar
  14. 14.
    Wardzinski, A.: Safety Assurance Strategies for Autonomous Vehicle. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 277–290. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Subramanian, H., et al.: Designing safe, profitable automated stock trading agents using evolutionary algorithms. In: Proceedings of the 8th annual conference on Genetic and evolutionary computation, pp. 1777–1784. ACM, Seattle (2006)Google Scholar
  16. 16.
    Torrellas, G.A.S.: A Framework for Multi-Agent System Engineering using Ontology Domain Modelling for Security Architecture Risk Assessment in E-Commerce Security Services. In: Proceedings of 3rd IEEE International Symposium on Network Computing and Applications (NCA 2004), pp. 409–412. IEEE Computer Society, Cambridge (2004)Google Scholar
  17. 17.
    Kelly, T.P.: Arguing Safety – A Systematic Approach to Managing Safety Cases, Ph.D. Thesis, Department of Computer Science, University of York, York, UK (1998)Google Scholar
  18. 18.
    Andoga, R., Madarasz, L., Fozo, L.: Digital Electronic Control of a Small Turbojet Engine - MPM 20. In: Proceedings of International Conference on Intelligent Engineering Systems (INES 2008). IEEE, Miami (2008)Google Scholar
  19. 19.
    Bishop, P., et al.: Justification of smart sensors for nuclear applications. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 194–207. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Magee, J., Kramer, J.: Self-Managed Systems: an Architectural Challenge. In: International Conference on Software Engineering 2007 Future of Software Engineering, Washington, DC, USA, pp. 259–268. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  21. 21.
    Hall-May, M., Kelly, T.P.: Towards Conflict Detection and Resolution of Safety Policies. In: Proceedings of 24th International System Safety Conference, System Safety Society, Albuquerque, USA (2006)Google Scholar
  22. 22.
    Deb, K.: Non-linear Goal Programming Using Multi-Objective Genetic Algorithms, in Computational Intelligence, Universität Dortmund (2004)Google Scholar
  23. 23.
    Hall-May, M., Kelly, T.P.: Using Agent-based Modelling Approaches to Support the Development of Safety Policy for Systems of Systems. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 330–343. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Alexander, R.: Using Simulation for Systems of Systems Hazard Analysis, PhD Thesis, Department of Computer Science, University of York, York (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Zeshan Kurd
    • 1
  • Tim Kelly
    • 1
  • John McDermid
    • 1
  • Radu Calinescu
    • 2
  • Marta Kwiatkowska
    • 2
  1. 1.High Integrity Systems Engineering Group Department of Computer ScienceUniversity of YorkYorkUK
  2. 2.University of OxfordComputing LaboratoryOxfordUK

Personalised recommendations