Communicating sequential processes
Communicating sequential processes
The temporal logic of reactive and concurrent systems
The temporal logic of reactive and concurrent systems
Safeware: system safety and computers
Safeware: system safety and computers
Model checking
Modelling erroneous operator behaviours for an air-traffic control task
AUIC '02 Proceedings of the Third Australasian conference on User interfaces - Volume 7
Formal Specification as a Tool for Objective Assessment of Safety-Critical Interactive Systems
INTERACT '97 Proceedings of the IFIP TC13 Interantional Conference on Human-Computer Interaction
Reasoning about Human Error and System Failure for Accident Analysis
INTERACT '97 Proceedings of the IFIP TC13 Interantional Conference on Human-Computer Interaction
Detecting Cognitive Causes of Confidentiality Leaks
Electronic Notes in Theoretical Computer Science (ENTCS)
Model-checking Driven Design of Interactive Systems
Electronic Notes in Theoretical Computer Science (ENTCS)
Formal modelling of cognitive interpretation
DSVIS'06 Proceedings of the 13th international conference on Interactive systems: Design, specification, and verification
Envisioning healthcare work: models for prospective evaluation of new systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Computational & Mathematical Organization Theory
Hi-index | 0.00 |
Experiments with simulators allow psychologists to better understand the causes of human errors and build models of cognitive processes to be used in Human Reliability Assessment (HRA). This paper investigates an approach to task failure analysis based on patterns of behaviour, by contrast to more traditional event-based approaches. It considers, as a case study, a formal model of an air traffic control (ATC) system which incorporates controller behaviour. The cognitive model is formalised in the CSP process algebra. Patterns of behaviour are expressed as temporal logic properties. Then a model-checking technique is used to verify whether the decomposition of the operator's behaviour into patterns is sound and complete with respect to the cognitive model. The decomposition is shown to be incomplete and a new behavioural pattern is identified, which appears to have been overlooked in the analysis of the data provided by the experiments with the simulator. This illustrates how formal analysis of operator models can yield fresh insights into how failures may arise in interactive systems.