Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assistant Professor in the TELECOM Group

Published byΒερενίκη Βασιλικός Modified over 5 years ago

Similar presentations

Presentation on theme: "Assistant Professor in the TELECOM Group"— Presentation transcript:

1 Assistant Professor in the TELECOM Group
ENAC |8th March 2018 RAMS for GNSS Carl Milner– ENAC Assistant Professor in the TELECOM Group

2 Questions How to relate the Tolerable Hazard Rate per hour to the positioning function per epoch/sample/test? Correlation time impacts (Fault Free case and Faulty case) What conditions may be defined around the use of GNSS in rail? Is there a known probabilistic distribution for them?  average risk Is there reasonable means to predict?  specific risk How to measure/ensure maintainability for GNSS applications? WP1 Brainstorming Webex, 12/02/2018

3 RAMS vs GNSS SIS Positioning, Navigation and Timing (PNT)
In aviation, the active Navigation System provides the primary guidance function. Navigation System Error (NSE) is then the difference between the true position and estimated position. Signal-In-Space (SIS) performance requirements express the quality of a GNSS PNT service assuming a fault-free receiver, meaning one which is operating nominally SIS performance includes nominal errors which are local to the aircraft, namely multipath and receiver noise which have been modelled and validated by Boeing (Wozniak, 1997) and Airbus “ The combination of GNSS elements and a fault-free GNSS user receiver shall meet the signal-in-space requirements defined in Table ” (ICAO SARPS, 2010) Integrity Risk is for the period of operation …. H1 and H0 different WP1 Brainstorming Webex, 12/02/2018

4 Safety Risk from Aircraft Failure
RAMS vs GNSS SIS Safety Risk Navigation System Safety Risk Safety Risk from Aircraft Failure SIS Safety Risk RX The reason for this is responsibility. The ANSP is not legally responsible for aircraft equipment. The aircraft manufacturer nor for the navigation signals. Needs to be decided if the same kind of apportionment is made for rail. The same split of responsibility is made? WP1 Brainstorming Webex, 12/02/2018

5 Safety Risk from Aircraft Failure
RAMS vs GNSS SIS Safety Risk Navigation System Safety Risk Safety Risk from Aircraft Failure SIS Safety Risk RX The reason for this is responsibility. The ANSP is not legally responsible for aircraft equipment. The aircraft manufacturer nor for the navigation signals. Needs to be decided if the same kind of apportionment is made for rail. The same split of responsibility is made? WP1 Brainstorming Webex, 12/02/2018

6 RAMS vs GNSS SIS SIS Requirements - Accuracy
(Absolute) Accuracy The degree of conformance between the estimated position and the true position of the aircraft at a given time (95% 2𝜎) Most conservative/likely definition Predictable Accuracy: The accuracy of a PNT systems position solution with respect to the charted solution Close to absolute Accuracy (could be used in rail) Repeatable Accuracy: The accuracy which a user can return to a location whose coordinate has been measured at a previous time Not to be used Relative Accuracy: The accuracy with which a user can measure position relative to that of another user at the same time Unlikely but possible application in moving block (or more appropriately under virtual coupling) Integrity Risk is for the period of operation …. H1 and H0 different WP1 Brainstorming Webex, 12/02/2018

7 RAMS vs GNSS SIS SIS / PNT Requirements
Integrity The measure of trust that can be placed in the information provided by the PNT system, including the ability to provide timely warnings when the system should not be used Time-to-Alert Allowable time from the onset of an unsafe condition to the alarm indication Integrity Risk The allowable probability of an undetected unsafe condition Specific Risk The probability of unsafe conditions subject to the assumption that all credible unknown events that could be known occur with a probability of one “The approach integrity requirements apply in any one landing and require fail- safe design. If the specific risk on a given approach is known to exceed this requirement, the operation should not be conducted” (DeCleene 2005) Average Risk The probability of unsafe conditions based upon the convolved estimated probabilities of all unknown events e.g. 10 −6 for 1 operation Integrity Risk is for the period of operation …. H1 and H0 different e.g. < 10 −7 over many operations WP1 Brainstorming Webex, 12/02/2018

8 RAMS vs GNSS SIS SIS / PNT Requirements
Continuity Continuity of a system is the ability of the system to perform its function without interruption during the intended operation i.e. the probability that the specified performance will be maintained for the duration of a phase of operation “The continuity requirement should be applied as applying the average risk of loss of service” Availability The percentage of time that the services of a system are available (accuracy and integrity are met, in some interpretations also continuity) Reliability The probability that a system will perform its function within defined performance limits for a specified period of time (not the operation duration) Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

9 RAMS vs GNSS SIS Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

10 RAMS vs GNSS SIS RAMS Reliability The probability that a system can perform a required function under given conditions for a given time interval 𝑅= 𝑒 −𝜆𝑇 for an interval 𝑇 if failure rate 𝜆 is constant MTTF Mean Time To Failure (MTTF) which for a constant rate is equal to 1/𝜆 Maintainability The probability that a given active maintenance action, for an item under given conditions of use can be carried out within a stated time interval when maintenance is performed under stated conditions and using stated procedures 𝑀=1− 𝑒 −𝜇𝑇 =1− 𝑒 − 𝑇 𝑀𝑇𝑇𝑅 Mean Time To Repair 𝑀𝑇𝑇𝑅= 1 𝜇 Availability The ability of a product to be in a state to perform a required function under given conditions at a given instant of time or over a given time interval 𝐴= 𝑀𝑇𝑇𝐹 𝑀𝑇𝑇𝐹+𝑀𝑇𝑇𝑅 = 𝜇 𝜆+𝜇 (if constant rates) Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

11 RAMS vs GNSS SIS RAMS Safety Freedom from unacceptable risk of harm
Risk The probable rate of occurance of a hazard causing harm and the degree of severity of harm 𝑅𝑖𝑠𝑘=𝑝𝑟𝑜𝑏𝑎𝑏𝑖𝑙𝑖𝑡𝑦 𝑜𝑓 𝑟𝑎𝑡𝑒 𝑜𝑓 𝑜𝑐𝑐𝑢𝑟𝑒𝑛𝑐𝑒 × 𝑠𝑒𝑣𝑒𝑟𝑖𝑡𝑦 𝑜𝑓 ℎ𝑎𝑟𝑚 Safety Integrity Likelihood of a system satisfactorily performing the required safety functions under all the stated conditions within a stated period of time Dependability Collective term used to describe the availability performance and its influencing factors Quality of Service Eg Percentage of trains arriving with delay less than X minutes as a result of the PNT function Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

12 RAMS vs GNSS SIS Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

13 RAMS vs GNSS SIS What influences dependability/quality of service…?
Reliability Maintainability Time duration of operations High 𝜆 High 𝜇 Many trains with small-medium delay Low 𝜆 Low 𝜇 Few trains with long delays and cancellations Similar availability Averaging instantaneous availability gives availability but loses information regarding reliability Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

14 RAMS vs GNSS SIS System States Available + Safe ‘Failed’/
Failure Rate 𝜆 <THR Repair Rate 𝜇 Available + Unsafe ‘Failed’/ Unavailable/ Outage ? Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

15 RAMS vs GNSS SIS First Mapping
Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

16 RAMS vs GNSS SIS RAMS Safety Integrity vs PNT Integrity
SIL expressed by Tolerable Hazard Rate Hazard Rate may be averaged over the time interval? i.e. Over 1 hour? Over all time? Over the Time-To-Alert period? Or must be met for any interval however small? Requirements at the algorithmic level are needed for each epoch Aviation integrity, the high-level requirement is for within the defined period of operation e.g. for SBAS when converted to a single epoch a number of independent samples is used 𝐼𝑅= 0.5×10 −7 /ℎ𝑜𝑢𝑟 (operational level) Correlation time of 360s (ionosphere driven) 𝐼𝑅= 5×10 −9 360𝑠 = 5×10 −9 /𝑒𝑝𝑜𝑐ℎ (receiver level) Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

17 RAMS vs GNSS SIS Alert Limit – no agreement:
2.5m for track discrimination/station operations 20-25m for along-track positioning or might also be expressed as a function of speed Time-to-alert – values between 1s and 5s Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

18 RAMS vs GNSS SIS What would be the response of the rail network to a ‘Predictable’ outage? Continuity in aviation is a safety issue vs. Reliability in RAMS is not Reliability and Availability are directly linked in RAMS The PNT service is available in civil aviation even if an aircraft experiences a loss of continuity (standard interpretation) Predictable outages are not continuity risks (not universal agreement on interpretation, depends upon system development Navigation systems may be sole/primary/supplemental means Mitigations for loss of service Since global availability and probability of a down state switch depend upon many factors (including the solution proposed), the requirement used for detection thresholds (continuity) should be set late Predictable outages usually handled as availability issues in civil aviation but no obvious way to consider them differently in rail RAMS. No reasonable way of scheduling trains for geometry. But could handle both predictable and some unpredictable outages by reduced speed and relaxed alert limits Baseline performance prediction WP1 Brainstorming Webex, 12/02/2018

19 RAMS vs GNSS SIS Loss of Reliability (Failures) Immobilising Service
Minor Predictable outages usually handled as availability issues in civil aviation but no obvious way to consider them differently in rail RAMS. No reasonable way of scheduling trains for geometry. But could handle both predictable and some unpredictable outages by reduced speed and relaxed alert limits Baseline performance prediction WP1 Brainstorming Webex, 12/02/2018

20 RAMS vs GNSS SIS Predictable outages usually handled as availability issues in civil aviation but no obvious way to consider them differently in rail RAMS. No reasonable way of scheduling trains for geometry. But could handle both predictable and some unpredictable outages by reduced speed and relaxed alert limits Baseline performance prediction WP1 Brainstorming Webex, 12/02/2018

21 RAMS vs GNSS SIS Loss of Availability/Continuity
Predictable Slow geometry change  increased protection level (or real time integrity risk)  unavailable  time  repair Satellite loss passing horizon  increased protection level  unavailable  time  repair Satellite loss due to planned manoeuvre/maintenance (NANU warning)  increased protection level  unavailable  time  control  repair Masking  loss of tracking  geometry change  increased protection level  unavailable  location  user  repair Unpredictable False alarm  failed exclusion  unavailable  time  repair Satellite failure  correct detection  failed exclusion  unavailable  time  control  repair Ionosphere gradient  correct detection  failed exclusion  unavailable  time  repair Extreme multipath  correct detection  failed exclusion  unavailable  time  repair Interference  loss of tracking  geometry change  increased protection level  unavailable  time  repair Jamming  loss of tracking  geometry change  increased protection level  unavailable  time  security  repair Scintillation  loss of tracking  geometry change  increased protection level  unavailable  time  repair Shadowing  loss of tracking  geometry change  increased protection level  unavailable  time  user  repair Change in error models (i.e. from DGNSS)  increased protection level  unavailable  time  user  repair Predictable outages usually handled as availability issues in civil aviation but no obvious way to consider them differently in rail RAMS. No reasonable way of scheduling trains for geometry. But could handle both predictable and some unpredictable outages by reduced speed and relaxed alert limits Baseline performance prediction WP1 Brainstorming Webex, 12/02/2018

22 RAMS vs GNSS SIS 𝑝 𝑑;𝒔 = 𝑘=0 𝐾 𝑝 𝑘 𝑉 𝑘 ;𝒔 𝛿 𝑉 𝑘 ,𝒔,… where:
Instantaneous Availability (Up-State vs. Down-State) 𝑝 𝑑;𝒔 = 𝑘=0 𝐾 𝑝 𝑘 𝑉 𝑘 ;𝒔 𝛿 𝑉 𝑘 ,𝒔,… where: 𝒔=(𝒙,𝑡) is the true train location 𝒙 and 𝑡 is the time (and constellation phasing state) 𝑉 𝑘 is the set of satellites (all sets are numerated by 𝑘 up to 𝐾) 𝛿 is the availability function given the geometry defined by 𝑉 𝑘 and 𝐬 and other parameters which may modify the requirement such as speed 𝑝 𝑘 𝑉 𝑘 ;𝒔 = 𝑙=0 𝐿 𝑝 𝑘𝑙 𝑉 𝑘 ;𝒔,𝑙 𝑝 𝑘𝑙 𝑉 𝑘 ;𝒔,𝑙 is the state probability of satellite set 𝑉 𝑘 being available for positioning as a result of phenomena indexed by 𝑙 depending upon the assessment methodology (probabilistic simulation of the environment?) 𝑝 𝑘𝑙 may be influenced by deterministic changes of 𝑉 𝑘 (e.g. predictable masking) Under this approach WP1 Brainstorming Webex, 12/02/2018

23 WP1 RAMS vs SIS/PNT The 𝑝 𝑘𝑙 𝑉 𝑘 ;𝑥,𝑡,𝑙 are for most 𝑙 not under the control of the (rail PNT system) designer In the case of false alarm/correct detection and failed exclusion events, the probabilities are. However, under this formulation, the thresholds are set in order to meet availability targets Given values for each sub-condition event probabilities (i.e. probability of ionosphere gradient etc) the availability function is well-defined To assess through simulation Under this approach WP1 Brainstorming Webex, 12/02/2018

24 WP1 RAMS vs SIS/PNT ( 𝒙 𝑎 , 𝑡 𝑎 ) 𝑆 (𝒙 𝑏 , 𝑡 𝑏 ) 𝑎 𝑏
(Operational/Signal Environment) Reliability and Maintainability would then be products of the Availability function and not the reverse. For example, given either a route for an operation: 𝑅 𝑎𝑏 = 𝑠 𝑒 −𝑝 𝑈;𝒔 𝑡 𝑑𝒔 𝑀 𝑎𝑏 = 𝑠 𝑘=0 𝐾 𝑙=0 𝐿 𝑗=1 𝐽 𝑝 𝑉 𝑘𝑙 ;𝒔 𝛿 𝑉 𝑘 ,𝒔 1−𝛿 𝑉 𝑗 ,𝒔 1 𝜇 𝑘𝑗𝑙 𝑑𝒔 Where: 𝜇 𝑘𝑗𝑙 is the repair rate from 𝑉 𝑘 to 𝑉 𝑗 for outage reason 𝑙 Also may be assessed through simulation either over an ‘average’ 1 hour period and track or more locally Must loop over constellation ( 𝒙 𝑎 , 𝑡 𝑎 ) 𝑆 (𝒙 𝑏 , 𝑡 𝑏 ) 𝑎 𝑏 Under this approach WP1 Brainstorming Webex, 12/02/2018

25 WP1 RAMS vs SIS/PNT Reliability (defined this way) may learn from aviation’s Continuity however. Continuity allocated amongst cases by considering impact upon number of aircraft i.e. 𝐶 𝑡 = 𝑛 𝑎𝑐 . 𝑝 𝑓𝑎𝑖𝑙 . 𝑝 𝑓𝑒 With an allocation of 𝐶 𝑡 = 10 −7 and a maximum of 100 aircraft impacted then if 𝑝 𝑓𝑎𝑖𝑙 = 10 −4 the user receiver requirement would be 𝑝 𝑓𝑒 = 10 −5 rather than 𝑝 𝑓𝑒 = 10 −3 if only a single aircraft be impacted Domino effect for a rail GNSS outage under moving block – should reliability account for this? Does reliability already consider differently failures which impact the multiple vehicles and those that Impact just a single one? Opposing requirements exist so must give scope / reference too…. WP1 Brainstorming Webex, 12/02/2018

26 This project has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No Call identifier: H2020-S2RJU-2017 Topic: S2R-OC-IP – Operational conditions of the signalling and automation systems; signalling system hazard analysis and GNSS SIS characterization along with Formal Method application in railway field

Download ppt "Assistant Professor in the TELECOM Group"

Similar presentations

GPS and EGNOS in the EUR-SAM CORRIDOR

GPS and EGNOS in the EUR-SAM CORRIDOR
Flight Validation Process of RNP APCH Procedures: Thailand Case Study ICAO Asia-Pacific GNSS Seminar Bangkok, Thailand 26 March 2012 Flight Validation.

Flight Validation Process of RNP APCH Procedures: Thailand Case Study ICAO Asia-Pacific GNSS Seminar Bangkok, Thailand 26 March 2012 Flight Validation.
Prognostics-Informed Diagnostic Analysis DSI International June, 2011.

Prognostics-Informed Diagnostic Analysis DSI International June, 2011.
International Civil Aviation Organization

International Civil Aviation Organization
Uncertainty in Engineering The presence of uncertainty in engineering is unavoidable. Incomplete or insufficient data Design must rely on predictions or.

Uncertainty in Engineering The presence of uncertainty in engineering is unavoidable. Incomplete or insufficient data Design must rely on predictions or.
Software Quality Assurance (SQA). Recap SQA goal, attributes and metrics SQA plan Formal Technical Review (FTR) Statistical SQA – Six Sigma – Identifying.

Software Quality Assurance (SQA). Recap SQA goal, attributes and metrics SQA plan Formal Technical Review (FTR) Statistical SQA – Six Sigma – Identifying.
AP Statistics – Chapter 9 Test Review

AP Statistics – Chapter 9 Test Review
1 Statistical Inference H Plan: –Discuss statistical methods in simulations –Define concepts and terminology –Traditional approaches: u Hypothesis testing.

1 Statistical Inference H Plan: –Discuss statistical methods in simulations –Define concepts and terminology –Traditional approaches: u Hypothesis testing.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Control Charts for Variables

Control Charts for Variables
Absolute Receiver Autonomous Integrity Monitoring (ARAIM)

Absolute Receiver Autonomous Integrity Monitoring (ARAIM)
GTECH 201 Session 08 GPS.

GTECH 201 Session 08 GPS.
©Ian Sommerville 2004Software Engineering, 7th edition. Insulin Pump Slide 1 An automated insulin pump.

©Ian Sommerville 2004Software Engineering, 7th edition. Insulin Pump Slide 1 An automated insulin pump.
Satellite-Based Augmentation Systems (SBAS) Combined Performance

Satellite-Based Augmentation Systems (SBAS) Combined Performance
Aviation Considerations for Multi-Constellation GNSS Leo Eldredge, GNSS Group Federal Aviation Administration (FAA) December 2008 Federal Aviation Administration.

Aviation Considerations for Multi-Constellation GNSS Leo Eldredge, GNSS Group Federal Aviation Administration (FAA) December 2008 Federal Aviation Administration.
Statistics 11 Hypothesis Testing Discover the relationships that exist between events/things Accomplished by: Asking questions Getting answers In accord.

Statistics 11 Hypothesis Testing Discover the relationships that exist between events/things Accomplished by: Asking questions Getting answers In accord.
GNSS Service Performance Commitments...initial thoughts for consideration ICG Workshop on GNSS Interoperability, Munich, Germany March 2-3, 2009 Mr. David.

GNSS Service Performance Commitments...initial thoughts for consideration ICG Workshop on GNSS Interoperability, Munich, Germany March 2-3, 2009 Mr. David.
Proposed revision of ITU-R Recommendation providing EESS (active) Performance and Interference Criteria May 13, 2015 Committee On Radio Frequencies Thomas.

Proposed revision of ITU-R Recommendation providing EESS (active) Performance and Interference Criteria May 13, 2015 Committee On Radio Frequencies Thomas.
Software Reliability SEG3202 N. El Kadri.

Software Reliability SEG3202 N. El Kadri.
Modeling and Simulation CS 313

Modeling and Simulation CS 313

Similar presentations

Ads by Google