Using Task Analytic Behavior Modeling, Erroneous Human Behavior Generation, and Formal Methods to Evaluate the Role of Human-automation Interaction in System Failure.

摘要

Failures in complex, safety-critical systems often arise as a result of interactions between the elements of the system, including its human operator. Two sub-disciplines, human-automation interaction (from human factors engineering) and formal methods (from computer science) have attempted to address these types of problems from two different directions. Human-automation interaction researchers use tools such as task analysis and models of erroneous human behavior to investigate the way human operators interact with automation in order to design systems that facilitate safe, human work. Formal methods researchers use well defined mathematical modeling and proof techniques to verify that system models (often with concurrent interacting processes) do or do not exhibit desired properties. Model checking is a particular type of formal verification which proves that a system does or does not exhibit a specified property by searching for a violation in a system's entire statespace. It returns a counterexample (execution trace) illustrating any violation it discovers.;This work shows that it is possible to automatically predict the contribution of both normative and automatically generated erroneous human behavior to failures in human-automation interactive systems using formal verification. We have developed a computational method which utilizes task analytic models, formal system modeling, model checking, and taxonomies of erroneous human behavior to automatically incorporate erroneous human behavior patterns into normative task models, allowing analysts to formally verify system safety properties with both normative and erroneous human behavior. To accomplish this, we developed a novel human task behavior modeling language (called the Enhanced Operator Function Model (EOFM)), two erroneous human behavior generation methods, a translator which converts instantiated EOFMs into a formal modeling language, an architectural framework for formally modeling human-automation interactive systems, and a novel counterexample visualization.;We describe the motivation, design, and testing of each element of our method. We demonstrate the different ways in which our method can be used to evaluate human-automation interactive systems with several realistic applications: a patient controlled analgesia pump, an automobile with a cruise control, a radiation therapy machine, and an aircraft on approach. We demonstrate how our method can be used to explore design interventions to discovered problems.