A functional failure reasoning methodology for evaluation of conceptual system architectures

In this paper, we introduce a new methodology for reasoning about the functional failures during early design of complex systems. The proposed approach is based on the notion that a failure happens when a functional element in the system does not perform its intended task. Accordingly, a functional criticality is defined depending on the role of functionality in accomplishing designed tasks. A simulation-based failure analysis tool is then used to analyze functional failures and reason about their impact on overall system functionality. The analysis results are then integrated into an early stage system architecture analysis framework that analyzes the impact of functional failures and their propagation to guide system-level architectural design decisions. With this method, a multitude of failure scenarios can be quickly analyzed to determine the effects of architectural design decisions on overall system functionality. Using this framework, design teams can systematically explore risks and vulnerabilities during the early (functional design) stage of system development prior to the selection of specific components. Application of the presented method to the design of a representative aerospace electrical power system (EPS) testbed demonstrates these capabilities.     

Microprocessor applications in disk storage systems

The implementation of a disk drive using a micro-processor has led to capabilities not previously found in such devices. This paper will give a brief overview of the architecture of the disk drive and the traditional control functions that have been assimilated by the microprocessor. It will then discuss these new capabilities which include autonomous fault diagnosis, independent servo and I/O exercising, internal error logging, automatic servo error recovery, adaptive servo features, and architectural flexibility.     

Interfacing DNA hydrogels with ceramics for biofunctional architectural materials

The development of architectural components with the capabilities of biological systems could lead to the realization of biofunctional, dynamic, interactive, and self-sustaining “living” architecture. One route to interfacing biological systems with architectural materials is functionalization with biomolecules. In particular, functionalization of surfaces with DNA incorporates both informational and active properties such as the ability to produce proteins. However, direct conjugation to surfaces can degrade biomolecule activity, reduce reaction kinetics, and limit available binding sites. Integration of DNA into a hydrogel matrix that is conjugated to the surface can overcome these limitations. Here, DNA encoding genetic information is converted into a hydrogel matrix, termed Meta P-gel. The unique mechanical properties of Meta P-gel allow it to adsorb to patterned ceramic surfaces in a spatially controlled manner. Simultaneously, Meta P-gel retains the biological ability to produce proteins, achieving spatial control over protein synthesis for potential applications in living architecture. Finally, Meta P-gel-based functionalization is applied to create stable protein gradients in situ, further exemplifying its applicability beyond architecture. These experiments are a first step toward continuous and stable protein expression from spatially controlled DNA hydrogels that would enable applications in biotechnological fields such as biosensor development and screening, and more broadly, in architectural fields such as fabrication of bioactive and bio-responsive ceramics for building façade design.     

Architectural considerations in the certification of modular systems

Modular system architectures, such as integrated modular avionics (IMA) in the aerospace sector, offer potential benefits of improved flexibility in function allocation, reduced development costs and improved maintainability. However, they require a new certification approach. The traditional approach to certification is to prepare monolithic safety cases as bespoke developments for a specific system in a fixed configuration. However, this nullifies the benefits of flexibility and reduced rework claimed of IMA-based systems and will necessitate the development of new safety cases for all possible (current and future) configurations of the architecture. This paper discusses a modular approach to safety case construction, whereby the safety case is partitioned into separable arguments of safety corresponding with the components of the system architecture. Such an approach relies upon properties of the IMA system architecture (such as segregation and location independence) having been established. The paper describes how such properties can be assessed to show that they are met and trade-offs performed during architecture definition reusing information and techniques from the safety argument process.     

Security threats to automotive CAN networks—Practical examples and selected short-term countermeasures

The IT security of automotive systems is an evolving area of research. To analyse the current situation and the potentially growing tendency of arising threats we performed several practical tests on recent automotive technology. With a focus on automotive systems based on CAN bus technology, this article summarises the results of four selected tests performed on the control systems for the window lift, warning light and airbag control system as well as the central gateway. These results are supplemented in this article by a classification of these four attack scenarios using the established CERT taxonomy and an analysis of underlying security vulnerabilities, and especially, potential safety implications.With respect to the results of these tests, in this article we further discuss two selected countermeasures to address basic weaknesses exploited in our tests. These are adaptations of intrusion detection (discussing three exemplary detection patterns) and IT-forensic measures (proposing proactive measures based on a forensic model). This article discusses both looking at the four attack scenarios introduced before, covering their capabilities and restrictions. While these reactive approaches are short-term measures, which could already be added to today’s automotive IT architecture, long-term concepts also are shortly introduced, which are mainly preventive but will require a major redesign. Beneath a short overview on respective research approaches, we discuss their individual requirements, potential and restrictions.     

Analysis of fault tolerance and reliability in distributed real-time system architectures

Safety critical real-time systems are becoming ubiquitous in many areas of our everyday life. Failures of such systems potentially have catastrophic consequences on different scales, in the worst case even the loss of human life. Therefore, safety critical systems have to meet maximum fault tolerance and reliability requirements. As the design of such systems is far from being trivial, this article focuses on concepts to specifically support the early architectural design. In detail, a simulation based approach for the analysis of fault tolerance and reliability in distributed real-time system architectures is presented. With this approach, safety related features can be evaluated in the early development stages and thus prevent costly redesigns in later ones.     

Head-up displays and their automotive application: An overview of human factors issues affecting safety

In response to the recent innovations to use head-up displays (HUDs) in vehicles, this paper discusses the relevant human factors issues arising from this display format and the potential safety implications. A review is made of the relevant HUD literature, primarily from the aviation field. The primary issues for automotive HUDs relevant to system performance and safety in the driving task involve interference from background scene complexity, system novelty, user perceptual style, cognitive disruption, and perceptual tunnelling. Basic research is necessary to investigate the extent of these issues as well as to resolve fundamental design specifications (e.g. HUD size, shape, placement, information content). It is suggested that the introduction of HUDs into vehicles be carefully considered. This will necessitate not only the reconsideration what constitutes an in-vehicle display, but also what constitutes the information to be conveyed.     

面向空气动力学优化的电动汽车造型设计研究

从汽车造型设计的比例、容积、曲面、细节4个层级出发,逐层分析了未来具有优秀空气动力学性能的电动汽车在比例、容积、曲面、细节中应该具有的特点。提出了要设计未来具有优秀空气动力学性能的电动汽车应该打破过去的"汽车式"的比例容积安排,改变过去"大功率高能耗"的曲面语言,转而探索符合电动汽车设计理念的环保、高效、自然的曲面语言,并且在细节上辅以与电动汽车比例、容积和曲面统一的、合理体现电动汽车技术特点的细节。     

Reliability evaluation of the power supply of an electrical power net for safety-relevant applications

In this paper, we introduce a methodology for the dependability analysis of new automotive safety-relevant systems. With the introduction of safety-relevant electronic systems in cars, it is necessary to carry out a thorough dependability analysis of those systems to fully understand and quantify the failure mechanisms in order to improve the design. Several system level FMEAs are used to identify the different failure modes of the system and, a Markov model is constructed to quantify their probability of occurrence. A new power net architecture with application to new safety-relevant automotive systems, such as Steer-by-Wire or Brake-by-Wire, is used as a case study. For these safety-relevant loads, loss of electric power supply means loss of control of the vehicle. It is, therefore, necessary and critical to develop a highly dependable power net to ensure power to these loads under all circumstances.     

面向客户的产品规模定制设计及其应用

讨论产品设计过程中的基本模块，并提出规模定制设计的概念。面向客户的产品设计的核心是开发面向规模定制的产品族结构，实现与统一的产品开发和送货机制的后期集成。介绍了产品族结构的特点，以及明确产品族结构的步骤。同时给出了一个规模定制设计的研究实例。     

A branching search approach to safety system design optimisation

Safety systems are designed to prevent or mitigate the consequences of potentially hazardous events. In many industries the failure of such systems can result in fatalities. Current design practice is usually to produce a safety system which meets a target level of performance that is deemed acceptable by the regulators. However, when the system failure will result in fatalities it is desirable for the system to achieve an optimal rather than adequate level of performance given the limitations placed on available resources.The unavailability of safety systems can be predicted using fault tree analysis methods. Formulating an optimisation problem for the system design has features which make standard mathematical optimisation techniques inappropriate. The form of the objective function is itself a function of the design variables, the design variables are mainly integers and the constraint forms can be implicit or non-linear.This paper presents a Branching Search algorithm which exploits characteristics common to many safety systems to explore the potential design space and deliver an optimal design. Efficiency in the method is maintained by performing the system unavailability evaluations using the Binary Decision Diagram method of fault tree solution. Limitations are placed on resources such as cost, maintenance down-time and spurious trip frequency. Its application is demonstrated on a High Integrity Protection System.     

Towards an aggregate architecture: designed granular systems as programmable matter in architecture

Aggregate architectures are full-scale spatial formations made from loose granular matter. Especially if the individual grain is custom-designed, the range of behaviours can be calibrated to match a wide range of architectural and structural performance criteria. The aggregate becomes programmable matter. The relevance of loose granular systems for architecture is on the one hand their rapid re-configurability, allowing for a system not to be destroyed but rather to be recycled. On the other hand aggregates per se can be functionally graded either within one and the same particle type or through mixing different particle geometries. This enables the variation of architectural properties throughout one and the same material system, which is one of the core postulates of current architectural design research. However, very few examples of designed granular matter in architecture exist. The results presented here are thus one of the first coherent bodies of comprehensive research in this field compiled over a period of five years. Methodologically aggregate systems challenge conventional architectural design principles: whereas an architect generally precisely defines local and global geometry of a structure, in a designed granular system he can only calibrate the particle geometry in order to tune the overall behaviour of the aggregate formation. Thus new design methods have been developed throughout the research projects, which are informed by the related fields of granular physics and behaviour-based robotics. In this context the article provides an introduction to both designed particle systems and suitable fabrication approaches in an architectural context. Case study projects serve to verify the applicability of the concepts introduced. The research findings are discussed with regards to their practical, methodological and design theoretical contributions. To conclude, further directions of research are highlighted.     

Characteristics affecting management of design information in the production system design process

Although it has been argued that the design of production systems is crucial, there is a general lack of empirical studies analysing and identifying resources and capabilities required for an efficient production system design process. One of these resources is the critical role attributed to design information and one such capability is how the design information is managed. To address this research gap, this paper reports the results from two in-depth case studies in the automotive industry focusing on the management of design information in the production system design process. Our results show that design information management needs to be understood as a multidimensional concept having three dimensions: acquiring, sharing and using design information. By focusing on the three dimensions, six characteristics affecting the management of design information when designing the production system are identified. The characteristics are information type, source of information, communication medium, formalisation, information quality and pragmatic information.     

Supporting design via the System Operational Dependency Analysis methodology

In this paper, we introduce the system operational dependency analysis methodology. Its purpose is to assess the effect of dependencies between components in a monolithic complex system, or between systems in a system-of-systems, and to support design decision making. We propose a parametric model of the behavior of the system. This approach results in a simple, intuitive model, whose parameters give a direct insight into the causes of observed, and possibly emergent, behavior. Using the proposed method, designers, and decision makers can quickly analyze and explore the behavior of complex systems and evaluate different architecture under various working conditions. Thus, the system operational dependency analysis method supports educated decision making both in the design and in the update process of systems architecture, without the need to execute extensive simulations. In particular, in the phase of concept generation and selection, the information given by the method can be used to identify promising architectures to be further tested and improved, while discarding architectures that do not show the required level of global features. Application of the proposed method to a small example is used to demonstrate both the validation of the parametric model, and the capabilities of the method for system analysis, design and architecture.     

Wide-angle camera technology for automotive applications: a review

The development of electronic vision systems for the automotive market is a strongly growing field, driven in particular by customer demand to increase the safety of vehicles both for drivers and for other road users, including vulnerable road users (VRUs), such as pedestrians. Customer demand is matched by legislative developments in a number of key automotive markets; for example Europe, Japan and the US are in the process of introducing legislation to aid in the prevention of fatalities to VRUs, with emphasis on the use of vision systems. The authors discuss some of the factors that motivate the use of wide-angle and fish-eye camera technologies in vehicles. The authors describe the benefits of using wide-angle lens camera systems to display areas of a vehicle?s surroundings that the driver would, otherwise, be unaware of (i.e. a vehicle?s blind-zones). However, although wideangle optics provide greater fields of view, they also introduce undesirable effects, such as radial distortion, tangential distortion and uneven illumination. These distortions have the potential tomake objects difficult for the vehicle driver to recognise and, thus, potentially have a greater risk of accident. The authors describe some of the methods that can be employed to remove these unwanted effects, and digitally convert the distorted image to the ideal and intuitive rectilinear pin-hole model.     

Reliability approach for vehicle safety components

Owing to ‘producer's liability for defective products’ the safety-related components of vehicles have to be designed, tested and manufactured in an appropriate way. Some considerations are presented about useful procedures in design and testing of safety parts which may help to reach the required high reliability and minimize risks. Problem areas are indicated which need more research. In future the reliability approach in automotive industries will come closer to the standards in aeronautics. This trend is accelerated by the rapid use of electronics in automobiles.     

Middleware to enhance mobile communications for road safety and traffic mobility applications

Middleware has emerged as an important architectural component in supporting distributed applications. The role of middleware is to present a unified programming model to application writers and to mask out problems of heterogeneity and distribution. It is motivated by the convergence of the embedded sensor and mobile communication revolutions in the automobile industry. The vehicle fleet is morphing into a vast mobile sensor fleet. The authors provide a middleware architecture and implementation that addresses the needs of a distributed system of mobile sensors comprised of vehicles and intersections producing trafficrelated data for traffic safety and operations. The authors discuss the technical challenges that the middleware addresses and describe a prototype implementation. Traffic management, intersection safety and vehicle-to-vehicle safety applications are three applications described and implemented on the middleware. The authors conclude their paper with conducting performance measures that relate to the cost of overhead incurred from using the middleware. The measurements show the middleware is efficient enough for the road safety and congestion relief applications presented.     

Materials and technologies for multifunctional,flexible or integrated supercapacitors and batteries

Electrochemical energy storage has become a key part of portable medical and electronic devices, as well as ground and aerial vehicles. Unfortunately, conventionally produced supercapacitors and batteries often cannot be easily integrated into many emerging technologies such as smart textiles, smart jewelry, paper magazines or books, and packages with data-collection or other unique capabilities, electrical cables, flexible wearable electronics and displays, flexible solar cells, epidermal sensors, and others in order to enhance their design aesthetics, convenience, system simplicity, and reliability. In addition, conventional energy storage devices that cannot conform to various shapes, are typically limited to a single function, and cannot additionally provide, for example, load bearing functionality or impact/ballistic protection to reduce the system weight or volume. Commercial devices cannot be activated by various stimuli, be able to self-destroy or biodegrade over time, trigger drug release, operate as sensors, antennas, or actuators. However, a growing number of future technologies will demand batteries and hybrid devices with the abilities to seamlessly integrate into systems and adapt to various shapes, forms, and design functions. Here we summarize recent progress and challenges made in the development of mostly nanostructured and nanoengineered materials as well as fabrication routes for energy storage devices that offer (i) multifunctionality, (ii) mechanical resiliency and flexibility and (iii) integration for more elegant, lighter, smaller and smarter designs. The geometries of device structures and materials are considered to critically define their roles in mechanics and functionality. With these understandings, we outline a future roadmap for the development, scaleup, and manufacturing of such materials and devices.