TY - GEN
T1 - Automated framework for formal operator task analysis
AU - Yasmeen, Ayesha
AU - Gunter, Elsa L.
PY - 2011
Y1 - 2011
N2 - Aberrant behavior of human operators in safety critical systems can lead to severe or even fatal consequences. Human operators are unique in their decision making capability, judgment and nondeterminism. There is a need for a generalized framework that can allow capturing, modeling and analyzing the interactions between computer systems and human operators where the operators are allowed to deviate from their prescribed behaviors for executing a task. This will provide a formal understanding of the robustness of a computer system against possible aberrant behaviors by its human operators. We provide a framework for (i) modeling the human operators and the computer systems; (ii) formulating tolerable human operator action variations(protection envelope); (iii) determining whether the computer system can maintain its guarantees if the human operators operate within their protection envelopes; and finally, (iv) determining robustness of the computer system under weakening of the protection envelopes. We present Tutela, a tool that assists in accomplishing the first and second step, automates the third step and modestly assists in accomplishing the fourth step.
AB - Aberrant behavior of human operators in safety critical systems can lead to severe or even fatal consequences. Human operators are unique in their decision making capability, judgment and nondeterminism. There is a need for a generalized framework that can allow capturing, modeling and analyzing the interactions between computer systems and human operators where the operators are allowed to deviate from their prescribed behaviors for executing a task. This will provide a formal understanding of the robustness of a computer system against possible aberrant behaviors by its human operators. We provide a framework for (i) modeling the human operators and the computer systems; (ii) formulating tolerable human operator action variations(protection envelope); (iii) determining whether the computer system can maintain its guarantees if the human operators operate within their protection envelopes; and finally, (iv) determining robustness of the computer system under weakening of the protection envelopes. We present Tutela, a tool that assists in accomplishing the first and second step, automates the third step and modestly assists in accomplishing the fourth step.
KW - human operator
KW - model generation
KW - property satisfaction
KW - protected task execution
KW - system robustness
KW - task analysis
KW - verification framework
UR - http://www.scopus.com/inward/record.url?scp=80051933160&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80051933160&partnerID=8YFLogxK
U2 - 10.1145/2001420.2001430
DO - 10.1145/2001420.2001430
M3 - Conference contribution
AN - SCOPUS:80051933160
SN - 9781450305624
T3 - 2011 International Symposium on Software Testing and Analysis, ISSTA 2011 - Proceedings
SP - 78
EP - 88
BT - 2011 International Symposium on Software Testing and Analysis, ISSTA 2011 - Proceedings
T2 - 20th International Symposium on Software Testing and Analysis, ISSTA 2011
Y2 - 17 July 2011 through 21 July 2011
ER -