Cyber-Physical Perceptional Disruption Maximizing the Added Value
advertisement
Disruption-Oriented Systems Engineering with Object-Process Methodology: Cyber-Physical Perceptional Disruption Maximizing the Added Value of Conceptual Models Yaniv Mordecai1 & Dov Dori1,2 1. Technion – Israel Institute of Technology, Haifa, Israel 2. Massachusetts Institute of Technology, Cambridge MA, USA 1 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Malaysia Airlines Flight 370 Reported missing less than an hour after takeoff. The search and rescue effort is considered the largest in history, and first focused (?) on: – The Gulf of Thailand, South China Sea – Strait of Malacca, Andaman Sea Based on communication control signals, it was concluded that the aircraft had headed west and then continued for 7 hours either – Northwards, towards Central-Aisa (Kazakhstan, Mongolia) – Southwards, towards Southeast Indian Ocean. 2 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Malaysia Airlines Flight 370 The airplane was thought to be – Hijacked and ο§ landed for a terror attack ο§ kamikazed into the ocean – Crashed into the ocean due to ο§ a critical technical failure ο§ Becoming a derelict vessel due to consciousness loss. A part of the wing was found near Reunion Island in July 2015, 4,000 Km from the search area. To date, the aircraft has not been found. Search is scheduled to continue in 2016. 3 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology The Search Area 4 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Could the flight be saved or discovered earlier if… its location had been monitored, extracted from all valid sources, and compared with the planned route and location, in real-time? its technical status indicators had been transmitted to the central control? all the information on and from the aircraft from all stakeholders had been available to all of them? 5 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Systems, Risks, and Models Systems Models Risks 6 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Risk Modeling Evolution Conceptual models Analytical models Database List No model 7 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Risk Modeling Approaches Dedicated Integrated – Specific ontology and semantics for risk management – Capitalizing on existing system modeling ontology and semantics – Risk-centric approach – System-centric approach – Optimized for risk – Optimized for system performance – Disconnected from system model – Overloads system model Hybrid – Interoperable models reflect each other and rely on each. – Core focus is maintained for each model. 8 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Systems, Risks, and Models Systems Engineering 9 Oct. 2015 Conceptual Modeling Risk Management Disruption-Oriented Systems Engineering with Object-Process Methodology Systems, Risks, and Models Systems Engineering Risk Management 10 Oct. 2015 Conceptual Modeling Disruption-Oriented Systems Engineering with Object-Process Methodology Model-Based Systems Engineering Complex Systems Engineering Paradigm Shift. The model underlies the entire SE process and its deliverables. The model enhances consistency, reduces complexity, and preserves knowledge. The modeling is based on a formal modeling semantic mechanism. Problem: not intended for non-functional aspects. 11 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Disruption – an abstraction of Risk A radical or critical change in the state of a system, process, business, industry, ecosystem, or environment, due to the introduction of a new factor System disruption is any introduction of deviation from nominalism applied to, in, or by a system. deviation, of, in, differentiation, or by variation, extension, alteration, alternation, or complication 12 Oct. 2015 An ecosystem, system, subsystem, Process, environment Of or from the trivial, obvious, straightforward, baseline, core, or expected role, purpose, essence, behavior, function, or structure Disruption-Oriented Systems Engineering with Object-Process Methodology Disruption can be… Negative 13 Oct. 2015 Both Positive Disruption-Oriented Systems Engineering with Object-Process Methodology Disruptive Factors and Impacts Advantageous / Mostly Positive Adverse / Mostly Negative Evolution Complexity Emergence Uncertainty Autonomous Decision Making Risk Self Regulation Perceptional Discrepancy Robustness Diversity Resilience Systematic Irregularity / Anomaly Interoperability/ Connectivity Exceptions 14 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Counter-Disruptive = Robust! Robustness: System ability to adapt to changing conditions. Robust systems are capable of coping with disruption. Robust models are capable of capturing and underlying the analysis of disruptions. 15 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Model Based Robust Systems Engineering (MBROSE) A structured MBSE approach to handle various kinds and forms of disruption and disruption management using system models based on a disruption-accommodating modeling language Oct. 2015 . Disruption-Oriented Systems Engineering with Object-Process Methodology 16 Object-Process Methodology Dov Dori, Object-Process Methodology - A Holistic Systems Paradigm, Springer Verlag, Berlin, Heidelberg, New York, 2002 Dov Dori, Model-Based Systems Engineering with OPM and SysML, Springer Verlag, 2015 – to appear 17 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Object Process Methodology (OPM) (Dori, 2002) Conceptual modelling language and paradigm Based on the minimal universal ontology principle Has one diagram kind that expresses structural, functional, and procedural aspects Diagrams are organized hierarchically Bimodal: the model is both graphical and textual. Standard: chartered as ISO 19450 18 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology The Building Blocks: Objects, Processes, and States 19 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Binding the Building Blocks: Structural and Procedural Links System exhibits Functionality. System consists of Subsystems. Scenario consists of Functions. Subsystem exhibits Functions. Function consumes Input. Function requires Resource Set. Function yields Output. 20 Oct. 2015 Functionality consists of Functions. Disruption-Oriented Systems Engineering with Object-Process Methodology OPL: The Textual Modality System consists of subsystems. System exhibits functionalities. Functionality consists of functions. Subsystem exhibits functions. Function – Receives input – Requires resource set – Returns output Scenario consists of ordered functions. 21 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology The Nominal Model The nominal model has very significant value in capturing and explaining the nominal state of the system – The common structure – The “sunny day” scenario – The conventional states Nominalism is the anchor for disruption: if nothing is in-order – there’s nothing to disrupt. Nominal models are the anchor for disruption modeling. 22 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology The Nominal Model 23 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Cyber-Physical Perceptional Disruption 24 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Levels of Systemic Perception of External Entities Awareness Level Definition Class Existence Conception the conception and definition of a Carwash system awareness of the distinguished kind of entity possible existence of trucks, in addition to cars. Instance Existence Awareness the awareness of existence of a specific instance of a known kind of entity Carwash system detects presence of new car in carwash tunnel Property Existence Conception the existence of a part, an attribute or operation of the entity that is critical for interacting with it the set or range of possible states that the entity or any of its properties can assume Carwash system knows brand, length, width, height, trunk configuration, and GPS antenna presence Carwash knows all potential trunk configurations: hutchback, sedane, station, cabriolet, etc. the specific state of the entity or propoerty Carwash knows specific car in tunnel is a cabriolet. State-Space Existence Conception State Existence Awareness 25 Oct. 2015 Example Disruption-Oriented Systems Engineering with Object-Process Methodology Cyber-Physical Duality The existence of an entity as – the original-physical embodiment of the entity, and – the (set of) representational-informatical manifestation(s) of the entity, as held by agent(s) and sub-system(s) interacting with it. Person X Name = Alex 26 Oct. 2015 Person X Name = Sasha Disruption-Oriented Systems Engineering with Object-Process Methodology Cyber-Physical Discrepancy Mismatch between the state of the original entity and the state that is recorded for the representing entity by its owning agent. Types of CP discrepancy: – Incorrect instrument reading causes agents to create a different world view than what is really out there. – Agent’s misconception or incorrect assumption possibly triggered or supported by incorrect measurement reading. CPM poses a major risk to cyber-physical systems and processes. 27 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology CPPD-Aware System Modeling Process … CPD-Awareness External Entity Internal Representation … 28 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology CPPD-Aware Principles Entity Acquisition & Identification Representation Generating & Maintenance Entity-Representation Coherence Verification Representation-Based Interaction Interaction Outcome Analysis 29 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology CPPD-Aware Modelling Challenges Acknowledge it! Adopt system perspective Capture systemenvironment mutual effects Define knowledge base Integrate into system decisions, actions, reactions, and interactions Capture implications of incoherent conceptions 30 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology The System’s Knowledge Base Knowledge = ability to use information Knowledge Base is a set of knowledge items, encoded as data items, which define: – What the system knows – What information it needs – How it uses the information Representation generating and maintaining depend on the system’s KB Hence: Cyber-physical interactions depend on system’s KB. 31 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology CPPD-Aware System Architecture 32 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology CPPD-Aware Modeling 33 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Model-Based Informative Value Analysis 34 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Explanatory Power The model’s added value = Explanatory Power = ability to explain the system it describes EP is based on a host of Information-Inducing Factors (IIFs), such as: – Model reliability (“are you sure about this?”) – Discovery (“tell me something I don’t know”) – Complexity reduction (“it’s too complicated”) – Integrity (“is this the whole process?”) – Lifecycle Support (“what about system installation?”) – Rich Specification of elements and entities. – Metadata management (rationale, originators, priorities, requirement lifecycle, etc.) 35 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology The Synergistic Explanatory Power of a Disruption-Informed Model A disruption-informed model has greater explanatory power than a nominal model. The synergetic explanatory power of a unified nominal & disruption-informed model comes from: – Nominal description – Disruption description – Nominalism-disruption interaction – Disruption-disruption interaction and cumulative effect 36 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Informative Value due to Specification Pattern Model-Fact Pattern Class Model-Fact Pattern Distinctive Keywords Information Value Thing Definition Object Definition Process Definition State Set Definition State Description Aggregration-Participation Exhibition-Characterization Generalization-Specification Classification-Instantiation Unidirectional Tagged Relation Bidirectional Tagged Relation Agent Link Resource Link Result Link Consumption Link Effect Link Transformation Instrument Event Condition Link Invocation Link Exception Link In-zooming object process can be initial,final consists of exhibits is a, is an instance relates to are handles requires yields consumes affects changes triggers occurs if invokes when it lasts zooms into 0.0 0.0 0.25 0.50 0.50 0.50 0.25 0.25 0.50 0.50 0.50 0.75 1.00 0.75 0.50 1.00 0.75 1.00 1.00 0.50 1.00 Structural Link Procedural Link Precedence Link 37 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Informative value due to reliability 1 πΌππ πππππππ ππ = 1 + 0.9 ptrue (ππ ) β ln(pr(ππ ) + 1 − ptrue (ππ )) β ln(1 − ptrue (ππ ) ln 2 0.8 Information Value 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 Correctness Probability 38 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology 1 Informative value due to discovery πΈπΌππππ€π πi ≡ − pknown ππ β ln(pknown ππ 1.00 0.90 πΈπΌππππ€π ππ , πππππ€π ππ ≤ 0.5 ln 2 πΌπππππ€π ′(ππ ) ≡ πΈπΌππππ€π ππ − 1, πππππ€π ππ > 0.5 ln 2 πΌπππππ€π ππ = 0.5 πΌπππππ€π ′ ππ + 1 0.80 1+ infformation value 0.70 0.60 0.50 0.40 0.30 0.20 0.10 0.00 0.00 0.10 0.20 0.30 0.40 0.50 0.60 0.70 0.80 0.90 previous knowledge probability 39 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology 1.00 Informative value due to complexity reduction 1.00 0.90 0.80 0.70 0.60 0.50 information value 0.40 0.30 0.20 0.10 0.00 0.00 -0.10 0.10 0.20 0.30 0.40 0.50 0.60 0.70 0.80 0.90 -0.20 -0.30 πΈπΌπΆπ ππ ≡ − pπΆπ (ππ ) β ln(pπΆπ (ππ ) + 1 − pπΆπ (ππ )) β ln(1 − pπΆπ (ππ ) -0.40 -0.50 πΌππΆπ ′ ππ ≡ 1 − -0.60 -0.70 -0.80 πΌππΆπ ππ ≡ πΈπΌπΆπ ππ ln 2 −πΌππΆπ ′ ππ , ππΆπ ππ ≤ 0.5 πΌππΆπ ′ ππ , ππΆπ ππ > 0.5 -0.90 -1.00 40 Oct. 2015 complexity reduction probability Disruption-Oriented Systems Engineering with Object-Process Methodology 1.00 Three Mile Island 2 Accident March 28, 1979 http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/3mile-isle.html 41 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Course of Events Event Effect On March 28, 1979, ~04:00, failure in secondary, nonnuclear section of plant, prevented the main feedwater pumps from providing water to the steam generators. The turbine-generator and the reactor automatically shut down. Pilot-operated relief valve opened. Pilot-operated relief valve closed. The steam generators could not help cool the reactor core. Instruments in the control room indicated that the valve was closed. Instruments in the control room did not indicate how much water was covering the core. The alarm rang due to loss of coolant and core exposure and overheating. Water escaping through the stuck-open valve reduced pressure too much Operators reduced emergency cooling water input to the primary unit. Without sufficient cooling water, the nuclear fuel overheated At some point, someone noticed on another indicator that the valve was stuck-open and closed an emergency valve to compensate for the main relief valve’s failure 42 Oct. 2015 Pressure in the primary, nuclear unit, began to increase. Pressure dropped. Pilot-operated relief valve became stuck open. Operators were unaware that cooling water was pouring out of the stuck-open valve. Operators assumed that as long as the pressurizer water level was high, the core was properly covered with water. Operators did not realize the a loss-of-coolant accident has happened. The core could start going through dangerous vibrations. The reactor core was starved of coolant and overheated. Nuclear fuel pellet cladding ruptured and nuclear fuel pellets began to melt. Cooling water stopped pouring out of the reactor, and the reactor gradually stabilized. Disruption-Oriented Systems Engineering with Object-Process Methodology Nominal Model 43 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Disruption-Informed Model 44 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Informative Value Comparative Analysis: Nominal vs Disruption-Informed Measure Nominal Version Number of MFs Removed MFs New MFs Structural MFs Behavioral MFs Model Informative Power (MIP) MF Pattern IV (unweighted) 61 9 Disruption-Informed Version 141 27 34 18.526 89 56 (+33,-4) 86 (+56,-4) 38.539 (+108%) 24 63.25 (+164%) Reliability IV (unweighted) 20 17.33 (-13%) Discovery IV (unweighted) 30.7 70.5 (+130%) Complexity Reduction IV (unweighted) -0.56 3.1 (+548%) 45 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Summary The paradigm shift to disruption-informed, robust modeling. MBROSE – Model Based Robust Systems Engineering – A disruption-accommodating approach. Cyber Physical Perceptional Disruption The explanatory power of conceptual models 46 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Takeaway Think disruptively Merge conventional and disruptive thinking Robust is counter-disruptive MBROSE, OPM are your buddies 47 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology Thanks! For more information: Yaniv Mordecai: yanivmor@Technion.ac.il Dov Dori: dori@mit.edu 48 Oct. 2015 Disruption-Oriented Systems Engineering with Object-Process Methodology
