State-based modeling of continuous human-integrated systems: An application to air traffic separation assurance

A method for modeling the safety of human-integrated systems that have continuous dynamics is introduced. The method is intended to supplement more detailed reliability-based methods. Assumptions for the model are defined such that the model is demonstrably complete, enabling it to yield a set of key agent characteristics. These key characteristics identify a sufficient set of characteristics that can be used to establish the safety of particular system configurations. The method is applied for the analysis of the safety of strategic and tactical separation assurance algorithms for the next generation air transportation system. It is shown that the key characteristics for this problem include the ability of agents (human or automated) to identify configurations that can enable intense transitions from a safe to unsafe state. However, the most technologically advanced algorithm for separation assurance does not currently attempt to identify such configurations. It is also discussed how, although the model is in a form that lends itself to quantitative evaluations, such evaluations are complicated by the difficulty of accurately quantifying human error probabilities.