- Aeronautics and Astronautics
Top 3 Areas of Expertise:
Dr. John Thomas is on the research staff in the department of Aeronautics and Astronautics at MIT. He recently received his Ph.D. from MIT, and he holds bachelor's and master's degrees in computer engineering. John's work involves creating structured processes for analyzing cyber-physical systems, especially systems that may behave in unanticipated, unsafe, or otherwise undesirable ways through complex interactions with each other and their environment. By using control theory and systems theory, more efficient and effective design and analysis processes can be created to prevent flaws that lead to unexpected and undesirable behaviors when integrated with other systems. More recently he has been applying these techniques to automated systems that are heavily dependent on human-computer interactions to achieve safety and security goals. These automated systems may not only be subject to human error--they may inadvertently induce human error through mode confusion, clumsy automation, and other mechanisms that can be difficult to anticipate.
John's work also includes defining a formal structure underlying a systems-theoretic process that can be used to help ensure potentially hazardous or undesirable software behaviors are systematically identified and controlled. He has also developed algorithms to automatically generate formal executable and model-based requirements for software components as well as methods to detect flaws in an existing software specification. The same process can be applied to address security and functional goals of the system, thereby permitting the automated detection of conflicts between these and other goals during early development processes.
Expected date of graduation:
Systems Theoretic Process Analysis (STPA) is a powerful new hazard analysis method designed to go beyond traditional safety techniques—such as Fault Tree Analysis (FTA)—that overlook important causes of accidents like flawed requirements, dysfunctional component interactions, and software errors. Although traditional engineering analysis techniques have been effective at analyzing and reducing accidents caused by component failures, modern complex systems have introduced new problems that can be much more difficult to anticipate, analyze, and prevent. In addition, a new class of accidents, component interaction accidents, has become increasingly prevalent in today’s complex systems and can occur even when systems operate exactly as designed and without any component failures.
Although no formal structure has yet been defined for STPA, the process is based on a control-theoretic framework that could be formalized and adapted to facilitate development of automated methods that assist in analyzing complex systems. This dissertation defines a formal mathematical structure underlying STPA and introduces a procedure for systematically performing an STPA analysis based on that structure. A method for using the results of the hazard analysis to generate formal safety-critical, model-based system and software requirements is also presented. Techniques to automate both the STPA analysis and the requirements generation are introduced, as well as a method to detect conflicts between safety requirements and other functional model-based requirements during early development of the system.