A Methodology for the Design and Operational Safety Assessment of Unmanned Aerial Systems

Abstract

Efforts are underway to introduce Unmanned Aerial Systems (UAS) into routine cargo operations within the National Airspace System (NAS). Such systems have the potential to increase transport system flexibility by mitigating crew scheduling constraints and extending operations to remote locations. It is expected that any large UAS operating in the transport category must comply with Federal Aviation Regulations to achieve airworthiness certification for routine operations within the NAS. Regulations on the safety of equipment, systems, and installations require all failure conditions due to malfunctions, environmental events, and inadequate corrective action to be mitigated and shown to be extremely improbable. These system safety requirements are particularly relevant for a UAS as the ability of a Remote Pilot (RP) to detect and respond to risks is dependent on a Command and Control (C2) link. Failure conditions associated with the C2 link system require autonomy onboard the aircraft to supplement the RP in order to mitigate risk. A method for assessing the performance required from automation when the RP cannot adequately mitigate risks is needed to allow routine UAS operations.

The problem of ensuring autonomous UAS safety requirements is addressed in this thesis through the development of a safety assessment methodology that can be applied during both system design and online operations. The contributions are as follows:

• Safety Regulations are formulated as a chance-constraint satisfaction problem, requiring safety on the order of 1 accident per billion operations. Rare event estimation techniques based on Importance Sampling are proposed to assess safety subject to various sources of uncertainty. • Failure conditions can be due to both discrete events, such as system failures, and continuous state uncertainties, such as navigation errors and turbulence. A stochastic hybrid system model is proposed to handle the coupling between discrete and continuous states and estimate the distribution of aircraft trajectories that may result from a given set of system parameters, operational conditions, and decision parameters. • The final approach and landing phase of flight serves as a use case for the methodology. The safety assessment is applied to determine system design parameters required to passively mitigate risks. The methodology is extended to active risk mitigation during operations, where online safety assessments using updated observations are used to ensure decision options always exist that will satisfy safety requirements.