XSTAMPP: An eXtensible STAMP Platform As Tool Support for Safety Engineering (original) (raw)

A-STPA: An Open Tool Support for System-Theoretic Process Analysis

STPA (System-Theoretic Process Analysis) is a new hazard analysis technique which builds on STAMP, a process and accident model using concepts of system and control theory. In this paper, we present A-STPA an open tool to help transform STPA to an executable STPA which automates the activities of STPA. We develop the A-STPA tool to assist safety analysts in performing STPA. Moreover, it will give the safety analysts different views on the STPA hazard analysis process. We discuss the design of the tool and illustrate its usage. So far, it is still an early version but it can already help the safety analysts in avoiding consistency defects. We are confident that A-STPA will become a powerful tool support for STPA.

The xSAP Safety Analysis Platform

This paper describes the xSAP safety analysis platform. xSAP provides several model-based safety analysis features for finite- and infinite-state synchronous transition systems. In particular, it supports library-based definition of fault modes, an automatic model extension facility, generation of safety analysis artifacts such as Dynamic Fault Trees (DFTs) and Failure Mode and Effects Analysis (FMEA) tables. Moreover, it supports probabilistic evaluation of Fault Trees, failure propagation analysis using Timed Failure Propagation Graphs (TFPGs), and Common Cause Analysis (CCA). xSAP has been used in several industrial projects as verification back-end, and is currently being evaluated in a joint R&D Project involving FBK and The Boeing Company.

Active STPA : integration of hazard analysis into a Safety Management System Framework

Massachusetts Institute of Technology, 2019

This dissertation describes a new approach to integrate a hazard analysis into Safety Management Systems (SMS). This new engineering process guides safety managers and analysts in the identification of a migration toward states of higher risk. The solution is the use of an active version of STPA (Systems-Theoretic Process Analysis), a hazard analysis tool based on Systems-Theoretic Accident Model and Processes (STAMP). The Active STPA uses data collected during operations, such as Flight Data Monitoring events and voluntary reporting, to identify leading indicators of increasing risk. The events are compared with the STPA. The discrepancies lead to a reasoning about previous assumptions on human behavior and the environment in which the system operates. New defenses are identified and implemented. The output of the process is a set of new defenses for prevention and mitigation that will enforce the requirements and constraints generated by the STPA, allowing the generation of cumulative knowledge on system behavior over time. The feedback on SMS activities allows targeted safety improvement activities and provides qualitative information for hazard management integrating Active STPA into an SMS. Most of the indicators currently in use in the aviation industry are reactive because they measure only parameter exceedances. Active STPA allows a proactive identification of the potential cause of future accidents.

A Hazard Analysis Method for Embedded Control Software with STPA

Trends in Computer Science and Information Technology, 2020

Recently, industrial products, such as cars, medical apparatuses, and aerospace apparatuses, are developed as the systems that are combined the hardware and software, and their confi guration of the apparatuses and controls become complex. As a result, unintended accidents occur when using the industrial products. Those accidents occur when hazards that are occurred by interactions between hardware and software when using an apparatus and some negative conditions that cause the accident are satisfi ed. This accident model is called as Systems-Theoretic Accident Model and Process (STAMP) model. Additionally, based on the STAMP model, the safety analysis method that clarifi es hazards and hazard scenarios is called STAMP based Process Analysis (STPA) [1]. This paper proposes a method that clarifi es the hazards and proposes safety countermeasures after completing the development of the functional specifi cations for Embedded Control Software (ECSW). In the proposed method, STPA is conducted by inputting the ECSW system specifi cations that are consisted use-case diagrams and class diagrams that are written in Unifi ed Modeling Language (UML). As a result of conducting STPA, hazards are clarifi ed, and hazard scenarios are developed. Sequence diagrams corresponding to the hazard-scenarios are developed and the Hazard Causal Factors (HCFs) are clarifi ed. In this case, the reasons of the HCFs are the execution of methods and/or the non-execution of methods in the class. Based on the STAMP model, the safety analysis method that clarifi es the hazards and the hazard scenarios is called a System-Theoretic Process Analysis (STPA). The organization of this paper is explained below. Section 2 describes the related works. Section 3 describes the outline of the proposed method. Section 4 describes the applications and evaluations of the proposed method. And section 5 describes future works.

A Knowledge-based Approach for Safety Analysis Using System Interactions

2006

Safety analysis methods for safety-critical systems face new challenges as systems evolve more frequently and the interactions within systems rise in numbers and complexity. Two such challenges are: (1) the need to formally examine the impact of system interactions on safety and (2) the need to extract and readily integrate knowledge from past accidents into new systems. We propose an approach which exploits knowledge from past accidents to conduct quantitative safety analysis using interactions between system components. A case study is presented that shows how our approach provides a support mechanism to safety and design experts. Further, it shows how we identify critical interactions and their contributions to accidents. This is especially important when components have not failed but instead undesirable interactions have contributed to an accident.

A proposal for model-based safety analysis

2005

System safety analysis techniques are well established and are used extensively during the design of safety-critical systems. Despite this, most of the techniques are highly subjective and dependent on the skill of the practitioner. Since these analyses are usually based on an informal system model, it is unlikely that they will be complete, consistent, and error free. In fact, the lack of precise models of the system architecture and its failure modes often forces the safety analysts to devote much of their effort to finding undocumented details of the system behavior and embedding this information in the safety artifacts such as the fault trees.

Experiences with Applying STPA to Software-Intensive Systems in the Automotive Domain

Hazard analysis is one of the most important elements in developing safe-critical systems. STPA (Systems-Theoretic Process Analysis) is a modern technique based on the new accident causation model STAMP (System-Theoretic Accident Model and Process) for analyzing hazard and safety issues, which can be applied early in the design process of a system to achieve an acceptable risk level. We have applied STPA to a well-known example of safety-critical systems in the automotive industries: Adaptive Cruise Control (ACC). The results of the application of STPA to our case study and the limitations and difficulties of applying STPA are presented.

Model-based Hazard and Impact Analysis

Hazard and impact analysis is an indispensable task during the specification and development of safety-critical technical systems, and particularly of their software-intensive control parts. There is a lack of methods supporting an effective (reusable, automated) and integrated (cross-disciplinary) way to carry out such analyses. This report was motivated by an industrial project whose goal was to survey and propose methods and models for documentation and analysis of a system and its environment to support hazard and impact analysis as an important task of safety engineering and system development. We present and investigate three perspectives of how to properly encode safety-relevant domain knowledge for better reuse and automation, identify and assess all relevant hazards, as well as pre-process this information and make it easily accessible for reuse in other safety and systems engineering activities and, moreover, in similar engineering projects.

Model-Based Safety Analysis Final Report

System safety analysis techniques are well established and are used extensively during the design of safety-critical systems. Despite this, most of the techniques are highly subjective and dependent on the skill of the practitioner. Since these analyses are usually based on an informal system model, it is unlikely that they will be complete, consistent, and error free. In fact, the lack of precise models of the system architecture and its failure modes often forces the safety analysts to devote much of their effort to gathering architectural details about the system behavior from several sources and embedding this information in the safety artifacts such as the fault trees.

Supporting Design and Development of Safety Critical Applications

2007

Application of computer based systems in safety critical areas like automotive on-board equipments, railway control etc. poses high dependability requirements against software artifacts. This paper outlines a coherent tool-chain providing formally well-established support for the key phases of developing dependable software involving simulation, static model checking, automatic code generation, test case synthesis and runtime error detection. Our approach focuses on modeling behavioral aspects of event triggered state-based systems using UML 2.0 statecharts as specification formalism. The application example analyzed in the paper was taken from the railway control domain.