Search Results

The introduction of new safety critical features using software-intensive systems presents a growing challenge to hazard analysis and requirements development. These systems are rich in feature content and can interact with other vehicle systems in complex ways, making the early development of proper requirements critical. Catching potential problems as early as possible is essential because the cost increases exponentially the longer problems remain undetected. However, in practice these problems are often subtle and can remain undetected until integration, testing, production, or even later, when the cost of fixing them is the highest. In this paper, a new technique is demonstrated to perform a hazard analysis in parallel with system and requirements development. The proposed model-based technique begins during early development when design uncertainty is highest and is refined iteratively as development progresses to drive the requirements and necessary design features.

This paper presents a new methodology for the safety assessment of complex software intensive systems such as is envisioned for the coming major upgrade of the air traffic management system known as NextGen. This methodology is based on a new, more inclusive model of accident causation called Systems Theoretic Accident Model and Process (STAMP) [1]. STAMP includes not just the standard component failure mechanisms but also the new ways that software and humans contribute to accidents in complex systems. A new hazard analysis method, called Systems Theoretic Process Analysis (STPA), is built on this theoretical foundation. The STPA is based on systems theory rather than reliability theory; it treats safety as a control problem rather than a failure problem with interactive and possibly nested control loops that may include humans. In this methodology, safety is assured by closed loop control of safety parameters.

With the increasing complexity of automotive systems and the related increasing use of software in them, new approaches are needed to ensure safety. In these new types of automotive systems, safety and reliability are different and require different engineering approaches. Accidents are increasingly due to design errors and to dysfunctional interactions among components rather than component failure. In addition, safety must be engineered and built into the design from the beginning; it is not possible to effectively and affordably add safety devices onto a finished design. This paper describes the need for new approaches to automotive safety and describes an alternative to the traditional reliability-based approaches to safety engineering. The new approach is based on systems theory and views accidents in terms of lack of control or enforcement of the behavioral constraints required to ensure safety.

Hands-on training and operation is generally considered the primary means that a user of a complex system will use to build a mental model of how that system works. However, accidents abound where a major contributing factor was user disorientation/misorientation with respect to the automation behavior, even when the operator was a seasoned user. This paper presents a compact graphical method that can be used to describe system operation, where the system may be composed of interacting automation and/or human entities. The fundamental goal of the model is to capture and present critical interactive aspects of a complex system in an integrated, intuitive fashion. This graphical approach is applied to an actual military helicopter system, using the onboard hydraulic leak detection/isolation system as a testbed.