Kossiakoff Conference Center
The Johns Hopkins University - Applied Physics Laboratory
11100 Johns Hopkins Road
Laurel, Maryland 20723-6099
September 10-12, 2002
Dr. Nancy Leveson
Professor of Aeronautics and Astronautics
Massachusetts Institute of Technology
Monday Evening, September 9, 2002. Hors D'oeuvres/Cash Bar: 6:30 pm. Talk begins at 7:15 pm
With the increasing use of software in critical systems, it is not surprising that losses related to software are increasing. What is surprising is that the causes of these accidents differ significantly from those where software is not a factor and that the techniques to prevent them also need to be different. In this talk, Prof. Leveson will look at the causes of recent aerospace accidents and suggest some changes that need to be made in our engineering techniques to prevent them.
Paper
The Role of Software in Spacecraft Accidents
Nancy G. Leveson
Aeronautics and Astronautics Department
Massachusetts Institute of TechnologyAbstract
The first and most important step in solving any problem is understanding the problem well enough to create effective solutions. To this end, several software-related spacecraft accidents were studied to determine common systemic factors. Although the details in each accident were different, very similar factors related to flaws in the safety culture, the management and organization, and technical deficiencies were identified. These factors include complacency and discounting of software risk, diffusion of responsibility and authority, limited communication channels and poor information flow, inadequate system and software engineering (poor or missing specifications, unnecessary complexity and software functionality, software reuse without appropriate safety analysis, violation of basic safety engineering practices in the digital components), inadequate review activities, ineffective system safety engineering, flawed test and simulation environments, and inadequate human factors engineering. Each of these factors is discussed along with some recommendations on how to eliminate them in future projects.
BIO
Nancy Leveson received all her degrees, in math, management, and computer science, from UCLA (Ph.D. 1980) and spent her formative years being a Computer Science professor at the University of California, Irvine. Moving to Seattle in 1993 in search of rain, she was Boeing Professor of Computer Science and Engineering at the University of Washington. She has now moved to MIT in her continual search for worse weather and new fields to conquer.
Professor Leveson started a new area of research, software safety, which is concerned with the problems of building software for real-time systems where failures can result in loss of life or property. One advantage of this topic is that nobody questions its goals, except for a few misanthropes (who don't matter anyway). She and her students produced a formal requirements specification for TCAS II, a real collision-avoidance system required on all commercial aircraft in U.S. airspace. One of the lessons she has learned from this project is never to do anything like it again. The FAA was pleased with it though and adopted it as their official specification. She claims that you should not read anything into the fact that she has been taking the train a lot lately.
Professional Activities (or what she does to keep out of trouble)
Professor Leveson is recently retired as Editor-in-Chief of IEEE Transactions on Software Engineering and the Board of Directors of the International Council on Systems Engineering (INCOSE). But she is still keeping busy as an elected member of the Board of Directors of the Computing Research Association, a member of the National Research Council Commission on Engineering and Technical Systems (and liaison to the Aeronautics and Space Engineering Board), a member of the ACM Committee on Computers and Public Policy, and a member of the NASA Langley Advisory Subcommittee on Air Frame Systems Research. She chaired a National Research Council study evaluating the Space Shuttle software process and has participated on other NRC study committees on nuclear power plants, automated highways, and Space Shuttle upgrades. Dr. Leveson is a Fellow of the ACM and was awarded the 1995 AIAA Information Systems Award for contributions in space and aeronautics computer technology and science for "developing the field of software safety and for promoting responsible software and system engineering practices where life and property are at stake." She was recently awarded the ACM 1999 Allen Newell Award and elected to the National Academy of Engineering (NAE).
Home - NASA Office of
Logic Design
Last Revised:
November 11, 2003
Digital Engineering Institute
Web Grunt: Richard
Katz
