A risk-aware architecture for resilient spacecraft operations

In this paper we discuss a resilient, risk-aware software architecture for onboard, real-time autonomous operations that is intended to robustly handle uncertainty in space-craft behavior within hazardous and unconstrained environments, without unnecessarily increasing complexity. This architecture, the Resilient Spacecraft Executive (RSE), serves three main functions: (1) adapting to component failures to allow graceful degradation, (2) accommodating environments, science observations, and spacecraft capabilities that are not fully known in advance, and (3) making risk-aware decisions without waiting for slow ground-based reactions. This RSE is made up of four main parts: deliberative, habitual, and reflexive layers, and a state estimator that interfaces with all three. We use a risk-aware goal-directed executive within the deliberative layer to perform risk-informed planning, to satisfy the mission goals (specified by mission control) within the specified priorities and constraints. Other state-of-the-art algorithms to be integrated into the RSE include correct-by-construction control synthesis and model-based estimation and diagnosis. We demonstrate the feasibility of the architecture in a simple implementation of the RSE for a simulated Mars rover scenario.