An Approach of Failure-Analysis for the Real-Time Fire Reconnaissance Satellite-Monitoring System

In this paper, an approach failure model of Real Time Fire Reconnaissance Satellite-Monitoring System is presented. This approach is also analyzed and proposed based on the Fault Tree Analysis. The methodologies for this design are the Structured Analysis for Real Time SA-RT and the software is designed with the LACATRE formal language. This formal architecture using satellites as the input sensors was adapted from the original model that is a design pattern for Physical variation detection. The original design pattern has the mission of monitoring events such as natural disasters or to look for medical applications, and existing illnesses’ prevention such as diabetes-this is in a patent process. This satellite design will permit Real Time Fire Satellite-Monitoring, which will reduce the damage and danger caused by fire consumption of forests, tropical forests and lands in Mexico. This new proposal makes it possible to have an unused system that impacts on disaster prevention combining national and international technologies and cooperation to the benefit of humankind.


Introduction
The Risk Assessment is a discipline that searches the probability of catastrophic events that have catastrophic consequences such as the loss of human lives or irreversible economic and environmental damage (McCall, 1977).For maintaining the components of a system in a good state in order to prevent those consequences, the Analysis of Risk Assessment of a system is made by the Qualitative Analysis and the Quantitative analysis (Rausand, 1994).The Qualitative risk assessment requires calculations of two components of risk: R, the magnitude of the potential loss L, and the probability p, that the loss will occur.The Quantitative risk assessment determines the probability of the occurrence of a catastrophic event, and the weakness of a system (Andrews & Moss, 1993).The availability is the probability of the good operation of a component.The reliability is the capacity of success of a component during a period of time.The reliability study is made to ensure the success of critical systems.The Risk Assessment uses some mathematical models in order to make a Failure-Analysis and to describe the behavior of critical systems, such as the Fault Trees, the Petri Nets and the Markov Models (Rausand, 1994, Andrews & Moss, 1993).Altarica (Rauzy et al., 2000;Perrot et al., 2011) is a modeling language for safety analysis that exists for modeling critical systems and their Risk Assessment; another graphical programming language for modeling, simulating and analyzing multidomain dynamic systems is Simulink (Stürmer & Travkin, 2007).Other simulators are: Windchill (Kultyshev et al., 2013); Reliability, Availability, Maintainability, and Safety (RAMS) Software (Sikos & Klemes, 2009); and Edraw Max (Bahadori et al., 2012).This work has been analyzed and proposed based on the Fault Tree Analysis (Gondran, 1980).The methodologies used throughout this article were based on; Structured Analysis for Real Time (SART), (Yourdon, 1997) and Langage d'Aide à la Conception d'Applications Temps Réel (LACATRE) formal language (Schwarz, 1993).This paper's approach is the result of the work proposed to be created during the Mexican Space Agency (AEM) consultancy forums during 2011 and 2012, and presents an opportunity to collaborate and to create multinational technology that will benefit humankind and ecosystems by preventing disasters caused by both human beings and the global warming.The German Space Agency (DLR) had developed and launched the RapidEye satellite constellation during 2008 (DLR Space Administration, 2008) and also made a proposition to collaborate with micro satellites that had certain features (see subparagraphs and b) (Deutsches Zentrum für Luft-und Raumfahrt, 2010), with Mexico and the Mexican Space Agency.a) They had robust technology validated through special conditions with the highest technology available which would allow special missions for the next 5 years.
b) The satellite constellation would allow early detecting and preventing of fire disasters, which would start at an area of four square meters.
The collaboration and work previously done, is the beginning for creating a complete Real Time Fire Satellite-Monitoring System in the near future.This constellation will enable working on synergy with other Space Agencies that have in common the prevention of natural disasters such as; fire consumption and its consequences.The result of lacking some specialized preventing monitoring systems, has had a significant humane and economic loss, for instance; as a consequence of that, the estimated world value loss was of about 525 000 million dollars, including human and environmental losses, during 2000 (Organización de las Naciones Unidas ONU, 2011).
The purpose of this system architecture is to help preserving forests and land ecosystems that if they were to burn, would imply an important change in the ecological factors of functioning ecosystems (De las Heras et al., 2012).If this were changed, all the world and living creatures, including humans, would be affected as a whole.The Mexican Communications and Transports Secretary (SCT) in collaboration with the Mexican Space Agency and the French Guyana Space Port in Kourou launched the Bicentenary Satellite, last December 2012 (Presidencia de la República, 2012), which will supply the highest technology available which, in turn, will grant a better communication system by facilitating communication among distant communities in Mexico.However, the Mexican government is planning to develop satellites which are designed and produced in Mexico, for the next satellites generation.
New technology must be created in order to avoid fire consumption events increasing every year.The highest existent technology should be applied in favor of future generations.The future satellites to be developed must ensure their successful assessment and control.Mexico requires an appropriate technology to reduce damage from disasters, in order to avoid losing natural resources as well as human and economic loss, so it is important to discover a fire at its early stage, because they usually become very dangerous events, with catastrophic consequences (De las Heras et al., 2012).The fault model of the Real-Time System for Forest Fire Monitoring by Satellite is planned to monitor real faults using Real-Time software receiving information from space, operating from the main monitoring office in Mexico, where the complete system would be accomplished.The purpose of the Real-Time Software is to show graphically the behavior of the Real-Time System for Monitoring Forest Fire-Satellite, and fault conditions in outer space.The software faults, operates in parallel with the fire monitoring system, by combining both images and data software, the Real-Time System for Forest Fire Monitoring by Satellites, through monitored events on earth and the failure of the software system in question, found in outer space.

Proposed System: Real Time Fire Reconnaissance Satellite-Monitoring System
The proposed system is undergoing a patent process.Furthermore, the system is intended to monitor fire disasters using the German Satellite Constellation with 2 satellites, and a third one, developed in Mexico at the National Institute of Astrophysics Optics and Electronics (INAOE) named SATEX II.The Architecture of the system permits the use of satellites, working as sensors, which provide the system with information to activate alarms in case of disaster.The methodology used in the system is the Structured Analysis for Real Time SA-RT and LACATRE formal language.The Structured Analysis for Real Time is a methodology that allows modeling Real Time complex systems adapted from the Structure Analysis Design Technics (SADT) that is a diagrammatic notation designed specifically to help people to describe and to understand complex systems (Marca & McGowan, 1988).The design of the Real Time Fire Reconnaissance Satellite-Monitoring system is based on a design pattern with input of any kind of sensors that would detect physical variables; the present design is focused on satellites as input sensors.

General System
The global system (Figure 1) describes the user case of the general system as a whole.Three satellites are used for the constellation that will send information to the system and will work as input sensors.Through the communication module, they will send data to the earth, and then this information will go through a network that will allow interfacing with the Real Time Data Transmission System (STRD).Subsequently, the information will go to the Internet as an initial requirement for the new satellites.The internet will transport the information that will go to the final user who could be authorities, engineers, experts or technicians.This model also allows working with mobile devices that arrive to the correct people at the precise moment, allowing them to take the appropriate decisions.This work is an evolution from the original system created before such as; The Real Time Volcanic Monitoring System (Niño & Colmenares, 2010).However, the most significant changes and the design pattern were created for the Real Time Fire Reconnaissance Satellite-Monitoring System and the Failure Model was created for the Risk Assessment of the whole system.

Context Diagram
The context diagram shows the context of the system and the actions to be taken for monitoring.The objective of the satellites is to wirelessly transmit data to the Global System for Mobile Communications (GSM) or transmission system, which in turn will send that wireless signal to the Real Time Satellite-Monitoring System.While the system is working, the information will be shown on the screen, and if there should be any abnormal activity registered by the critical parameters, an alarm will be triggered.All the data will be saved in a Database that will be accessed by another analysis subsystem.In addition, this DB could have a 3D graphic-generator (Figure 2).

Data Flow Diagram
The Data Flow Diagram (DFD) is shown (Figure 3), along with all the system processes and events that enter and come out of the control bar.Those events are synchronized with the three satellites and they transfer data into the system.It is possible that all the information be shared by all of them; part of that information could be transmitted by each one of them.The data flow interacts with the whole system and can be compared with the Critical Parameters in order to balance and better understand the abnormal behavior from digital images that might suggest a fire.In case of fire, the information will be transmitted to the specialist and authorities, who will make critical decisions in order to activate the fire consumption mobilization.

State Transition Diagram
The State Transition Diagram (Figure 4), is derived from the DFD (Figure 3), and shows each state within the system while functioning.The three satellites will transfer data, and they will change the state within the system such as the transmission state, the reception state from the Earth systems, and then the state of monitoring, which will be able to monitor the Earth environment, and depending on the events, will change the state such as transmission, reception, real time monitoring, critical monitoring, normal monitoring, storage in a DB graphic-screen monitoring, and when danger be detected, the state within the system will change to critical warning.While monitoring, there is also the possibility of showing 2D and 3D graphics.This screen envisioned from the Earth systems, will allow the specialists to visualize the monitoring.

Architecture Context Diagram
The architecture context diagram integrates the functionality as an abstract model of the architecture elements within the system.This includes the input from the signals, the bits transferred through the transmission data system, which also transfer bits to the Real Time Satellite-Monitoring System on Earth.The Real Time system has users, operators, a screen, and an Interface Human Machine to interact within the system (Figure 5).

Interconnectivity Diagram
The Interconnectivity Diagram allows understanding the abstraction of the interconnection between the elements within the system.The Sensors of the system will be the three satellites: two satellites from the Germany Space Center (DLR) and one from Mexico; SATEX-II.The Satellite constellation will transmit data in the Data Transmission system that will allow receiving wireless information and sending it through the Internet.This connection will allow data to arrive in the Real Time Satellite-Monitoring System that -through software-will process the information of the three satellites and at the same time will monitor the environment (Figure 6).

LACATRE (LA4) Real Time Software Model
The new software design, based on the previous Real Time Volcanic Monitoring System (Niño et al., 2008), is represented by the LACATRE (Schwarz, 1993) real time systems methodology (Figure 7).The main program is divided into several modules.The main () function will work with the following threads:  The threads are synchronized by semaphores to ensure that all the processes have the correct data.The signals from the satellites are obtained with a communication data protocol and transmitted by the data resource (R.S.) to the threads P1, P2 and P3 that show the satellite monitoring activity; this should include numerical data from the images captured by the satellites, as well as the complete Image Analysis from the digital pictures obtained from the satellites.All this information will be received by the MsgA structure that will access the monitoring system.Furthermore, all the procedures will show numerical data on the screen, for example: coordinates pixel information, histogram information, etc.
All the data are saved in a database, and the messages from each satellite are sent independently to one FIFO data structure (MsgA), and the P5 thread receives them to process the information and data received by the functions included in the code of the P2, P3, P4 threads, (P5..N in case of more than 3 threads); whenever an abnormal activity exists, the function code sends a message to another FIFO structure (MsgB) to register the abnormality, and those messages are transmitted to the P6 thread, which writes down the abnormal data into the database, and activates an alarm.Meanwhile, the function shows all the abnormal activity on the screen.The P7 thread, has a 3D graphics engine, in order to monitor Forest or land Behavior in 3D.This will allow the specialists to have a visual monitoring of the information received by the satellites.
The system has another P8 thread, with the NEURAL_NETWORK function ().This function makes a prediction from the Satellite-Monitoring behavior activity utilizing Artificial Neural Networks algorithms by evolution (Niño & Colmenares, 2012).That could suggest a prediction, based on the human activity near lands or forests, (images obtained by the satellites), and the digital information obtained from the monitored images, and this will suggest the image analysis from satellites when monitoring.This information could also be visualized as a prediction to the possible fire to be prevented.The training of Neural Networks is assisted by an algorithm of evolution, which improves such a prediction.

Proposed Model: Real Time Fire Reconnaissance Satellite-Monitoring System Failure Model
The Failure-Analysis is done with the Fault Tree mathematical modeling method and it describes the Real Time Fire Reconnaissance Satellite-Monitoring System failure behavior.The Fault Tree method construct a logic connected diagram by AND & OR gates that have the objective to find the combinations of failures of the components and the minimal cut set that describe the combinations of component failures that cause the TOP catastrophic event to occur.This method is deductive and it has the top event, intermediate event and the base event which is the beginning of the failure of the system (Andrews & Moss, 1993).The proposed fault Tree (Figure 8) has the TOP Fire Event Prevention failure as the highest hazardous event.This is produced due to the lack of prevention if the complete system fails.The tree includes partial failures of subsystems such as the Earth Satellite-Monitoring System that includes all the Earth's possible failure events listed as follows: Alarm System, DB system, Display and Graphics and Prediction System.The Communication System has other events such as the Data Reception event and the Data Transmission event with their respective initial failures event represented as A, B, C, D, E, F. The Real Time Satellite-Monitoring System has the 3 Satellites with their respective failure events represented as G, H, I , J, K, L, M, N, O, P, Q, R, based on the earth observation satellites general Architecture such as SPOT4 (Centre National D'Études Spatiales CNES, 2009).The satellite's items (could be changed depending on the specific satellite design) to be monitored, in order to have the correct behavior are the following: Altitude Control, Heat Control, Electric Control and Pyrotechnic Device Control.All of them should be working without any failure state.The mathematical Boolean expression (Rausand, 1994;Andrews & Moss, 1993) of the Real Time Fire Reconnaissance Satellite-Monitoring System Fault Tree in order to express the TOP event is like follows:

Proposed Software: Real Time Fire Reconnaissance Satellite-Monitoring System Failure Software
The system should interact between the Hardware sensors and the Software Real Time Threads, as a whole.Bearing this in mind, for the Real Time Satellite-Monitoring System, a section of monitoring software should be included, ready to show -in Real Time-call the states the system could present.In the event of a change of state, the software should be able to graphically show that state of the system to the controllers and the authorities, who must then, make the correct decisions for repairing the system in order to avoid any more failures, economical losses, and any possible danger to human danger to human beings in case the system is not working correctly while transmitting data or digital images that might suggest the existence of a fire.
Figure 8. Real time fire reconnaissance satellite-monitoring system fault tree

Software Simulation
The Real Time Fire Reconnaissance Satellite-Monitoring System Fault Tree model was simulated with the Windchill Quality Solutions Software (Kultishev et al., 2013).The proposed simulation, divides by two the Real-Time System for Forest Fire Detection through Satellites; the events on Earth and those in Outer Space.
Each proposed event has a 50% probability of occurrence.This means that the Earth system has a probability of P (Earth) = 0.5 and the Space system has a probability of P (Space) = 0.5.The final probability is calculated as follows: p (ground) + p (space) = 1 where the probability of failure is between 0 and 1.The System reliability is calculated with the following mathematical expression: Where U (s) is the probability of failure of each component in the system and the cut sets are the combination of basic events resulting the top event (Vesley et al., 2002).The Fault Tree within the Earth System (Figure 9) is divided by two, then, we obtain a near probability of occurrence for each sub-tree p(x) = ~0.25, and for every initial event of the monitoring system on Earth, e.g., A, B, C, D, E, F; a probability distribution was made.Such a distribution was applied as follows: the initial event A (Alarm System) is +20% more probable.The event C (Display and Graphics) has a -20% probability of occurrence.The other events (B, C, D, E, and F) have the same probability of occurrence, as they have the same risk.The results of the terrestrial system simulation, have a probability of occurrence of p (x) = 0.52157 (Figure 10).
The Space Fault Tree (Figure 11) is divided by the initial events (G, H, I, J, K, L, M, N, O, P, Q, R) with the same probability of occurrence.This distribution was made by dividing, first, by the three satellites and then, by the four initial events of each satellite subsystem.Initial events can be adapted, depending on the particular architecture of each of the satellites in question.The probability of occurrence of each initial event is p (x) = 0.04166.The simulation result of the Space System's fault tree has a probability p (x) = 9.03643e-6 (Figure 12).The Real-Time fault tree System for Forest Fire Detection through Satellites (RTFT) has a final probability by multiplying the Earth System' probabilities by those of the Space System P (RTFT) = p (Earth) * p (Space).

Mathematical Simulation
The main Fault Tree qualitative results are the minimal cut sets (MCSs) of the TOP event.The MCSs are the smallest combination of basic events resulting from the top event (Vesley et al., 2002).The Real-Time System for Forest Fire Recognition via Satellite possesses the TOP event Equation (1) However, this expression can be simplified to Equations ( 3) and (4).Since the top event is expressed as the union of the minimal cut sets, the probability of the TOP event can be approximated as the sum of the cut sets individual probabilities, provided, these probabilities are small (Vesley et al., 2002).
The original simplified Equation ( 1) is presented below and is described using logical distributive law (Hedman, 2004): Each product represents a minimal cut set as follows:

Conclusions and Ongoing Research
The Real Time Fire Reconnaissance Satellite-Monitoring System Failure Model and the Failure Software were created in order to implement a real system, as Mexico has recently joined the international space community.The designing and conceptualization phase was successfully simulated by Real Time software applications written on C#, the Real Time Specification for Java (RTSJ).
The failure model was successfully simulated with the Windchill Quality Solutions software showing the Risk Assessment simulation.One of the main benefits of having the real system functioning with the proposed satellite constellation is to have a complete Real Time Fire Satellite-Monitoring System in Mexico based on the architecture, designs, and simulations proposed as contribution on this work.Another important benefit of the Real Time Fire Reconnaissance Satellite-Monitoring System is to prevent lands and forest fire in Mexico, which, year after year, represent a huge impact on economical cost, damage to the ecosystem, as well as human and animal lives' losses.Another benefit of the accomplished system, including the Failure Software, is about the cost saving of acquiring external technology or external satellites from other companies whereas this technology is developed in Mexico.Furthermore, the cost of obtaining satellite images from external satellites is high, so having its own satellite constellation will reduce the costs.The inclusion of Mexico in the space technology, creating satellites which allow Mexico to get introduced into this industrial production area, and which will also permit it to provide other countries with this technology -as a product-no doubt will increase Mexico's economy, providing a lot of benefits, including collaborating with other nations that may be interested in following the advances made by Mexico.This project was developed by the authors of this work since February 2008, with the most important design on this work.
The next step is to construct this design's software simulators and physical simulators including physical and external sensors, and not only with software developed by authors, and existent simulators of Risk Assessment.This new approach will simulate the satellite behavior when sending signals to the Real Time Satellite-Monitoring System Simulator, and having the results in a single computer with the correct Hardware Interfaces.In the future, once the recent satellites acquired by Mexico's government such as the Bicentenary Satellite come to an end of their lives span, the new satellites developed in Mexico will be able to utilize the complete system as well as the Complete Real Time Fire Reconnaissance Satellite-Monitoring System, as well as the Real Failure Monitoring Software.The Natural Disaster Monitoring was the first focus of this project.

Figure
Figure 1.Global system

Figure
Figure 2. Context diagram

Figure 9 .
Figure 9. Earth system simulation fault tree