Dajiang Suo,Jinxia An,Jianmin Wu,Jihong Zhu

DOI: https://doi.org/10.1109/DASC.2012.6383072

2012-01-01

Abstract:The hierarchical framework help decision making by different stakeholders during the whole IMA development and safety assessment. STPA provide guidance when compared to traditional hazards analysis methods and take component interaction into account. Adequate for handling the complexity in IMA.

Bo WANG,Hao LU,Xiaoying BAI

DOI: https://doi.org/10.3969/j.issn.1007-5453.2015.11.013

2015-01-01

Abstract:With the increasing scale and complexity of avionics systems, Integrated Modular Avionics (IMA) has been a major trend that is widely used in modern aircrafts. IMA builds a uniifed platform for customized modules of diversiifed tasks, caled IPC (Integrated Processing Computer), to achieve centralized high-speed data processing and integration. IMA folows the principle of open system architecture and is characterized by modular and standard design. Based on the characteristics, the paper proposed a model-driven approach to facilitate IMA test automation. Models were deifned at two levels: the interface semantic model to abstract the data, functions, and behavior of each module standard interfaces, and the test model with build-in testing strategies and test plan. By transforming from interface model to test model, the research investigates the techniques of automatic test generation, deployment, scheduling, and execution. Preliminary experiments were carried on ARINC653 compliance testing of avionics systems. It shows promising improvements on testing systematicness, efifciency and quality.

Dajiang Suo,Jinxia An,Jihong Zhu

DOI: https://doi.org/10.1109/dasc.2011.6095970

2011-01-01

Abstract:Reconfiguration, a new technique to realize fault-tolerance and respond to changes in external environment, has been adopted in the design of Integrated Modular Avionics (IMA). The benefits brought to the system include: reducing the cost of hardware redundancy and improving system's ability to perform various tasks under different situations. The complexity of such reconfigurable system has made it difficult to ensure the safety of it. Traditional analysis approaches mainly focus on single component failure, suffering the potential to underestimate the influence of design flaw during system development and the interaction between components (e. g. human and automation). Furthermore, dynamic changes brought out by reconfiguration might affect not only the human operator, but also the organization in which the system developed.In this paper, an approach has been proposed to address the problem of safety of Avionics reconfiguration. System-Theoretic Process Analysis (STPA) has been used to perform hazard analysis. Focusing on the coordination between human operator and automation, we define two criteria which could be applied to decide autonomy level: 1) Failure Degree; 2) Time budget for mode change scenario. Furthermore, to identify the impact of dynamic changes to the safety of Avionics reconfiguration, System dynamics modeling has been taken to analyze and model the human factors (mental workload, situation awareness and complacency) behind the dynamic process. The analysis results could be used during system development, system operation and project revision process to ensure safety of reconfigurable Avionics system.

Ji Wu,Tao Yue,Shaukat Ali,Huihui Zhang

DOI: https://doi.org/10.1002/spe.2281

2014-01-01

Software Practice and Experience

Abstract:SummaryEnsuring that avionics software meets safety requirements at each development stage is very important to warrant the safe operation of an avionics system. Many safety requirements are imposed by various standards and industrial regulations that must be met by avionics software. One of such standards is DO‐178B/C, which provides guidelines (e.g., development process and objectives to satisfy in development activities) for meeting safety requirements. This paper presents a modeling methodology including a UML profile for specifying safety requirements on a component‐based architecture model and a set of design guidelines on avionics software. These safety requirements were identified from both standards (mainly DO‐178B/C) and current engineering practices in the domain of avionics systems. The methodology automatically enforces these safety requirements. We have applied the methodology on an industrial autopilot system, and several previously uncaught faults were revealed. Copyright © 2014 John Wiley & Sons, Ltd.

Ji Wu,Tao Yue,Shaukat Ali,Huihui Zhang

DOI: https://doi.org/10.1109/QSIC.2013.41

2013-01-01

Abstract:Ensuring that avionics software meets safety requirements at each development stage is very important to warrant the safe operation of an avionics system. Many safety requirements are imposed by various standards and industrial regulations that must be met by avionics software. One of such standards is DO-178B/C, which provides guidelines (e.g. development process and the objectives to satisfy in development activities) for meeting the safety requirements. This paper presents a modeling methodology including a UML profile for specifying safety requirements on a component-based architecture model and a set of design guidelines on avionics software. These safety requirements were identified from both standards (mainly DO-178B/C) and current engineering practices in the domain of avionics system. The methodology enforces safety requirements automatically. We have applied the methodology on an industrial autopilot system and several previously uncaught faults were revealed.

Imane Bouhali,Agnese Pasquariello,Faida Mhenni,Ferdinando Vitolo,Peter Hehenberger,Stanislao Patalano,Jean‐Yves Choley

DOI: https://doi.org/10.1002/sys.21791

IF: 2.034

2024-10-30

Systems Engineering

Abstract:Mechatronic systems become ever more complex because of their increasing number of interconnected safety critical components and sophistication. MBSE (Model‐based Systems Engineering) and MBSA (Model‐Based Safety Assessment) are the most commonly adopted approaches to deal with the design and safety analysis of mechatronic systems. Unfortunately, both approaches are normally adopted separately, especially in the earlier phases of system design, thus leading to a lack of communication between system engineers and the safety team. This work aims to fill that gap at a high level, that is, through process interaction. This paper proposes an enhanced V‐model for the design of safety‐critical mechatronic systems. It relates a system development process with specific safety assessment methods. Specifically, the proposed workflow details exchange flows between the RFLP (Requirements, Functional, Logical, Physical) method, the FHA (Functional Hazard Analysis), the FMEA (Failure Mode and Effects Analysis), the MBSA and simulation, and the FTA (Fault Tree Analysis). These analyses are complemented with multiphysics modeling and simulation to observe system behavior in functional and failure scenarios, with the aim of requirements verification. The design workflow has been applied to a winged Unmanned Aerial Vehicle to apply the parallel process and the necessary interaction of MBSE and MBSA approaches. The information flows between the individual activities proved effective for designing a safe system before the verification phase. The main benefit of the proposed workflow is providing both the design and safety team with some interaction points, thus avoiding a lack of safety‐critical analysis in the early phases of system design.

engineering, industrial,operations research & management science

André Leblond,Michel Batteux,Antoine Rauzy

DOI: https://doi.org/10.1177/1748006x231206444

2024-01-06

Proceedings of the Institution of Mechanical Engineers Part O Journal of Risk and Reliability

Abstract:Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, Ahead of Print. In this article, we propose a new approach for safety assessment of safety-critical systems. This approach, so-called Synthesis, is dedicated to the Preliminary System Safety Assessment included within the process of Safety Certification of avionic systems. The central idea consists in decomposing the assessment into two parts aiming at studying respectively the functional and the physical characteristics of the system under study. The whole approach is supported by a fully operational tool chain, dedicated to probabilistic safety assessment, which includes the AltaRica 3.0 integrated modeling environment, and a tool dedicated to the synthesis of functional minimal cutsets into physical minimal cutsets, making possible their quantitative assessment. We illustrate the benefits of the approach by means of a concrete avionic case study.

engineering, industrial, multidisciplinary,operations research & management science

M. Schäfer,A. Berres,O. Bertram

DOI: https://doi.org/10.1007/s13272-022-00631-0

2022-12-20

CEAS Aeronautical Journal

Abstract:Integrating new functions into the aircraft can, for example, increase performance or reduce fuel consumption. Since the installation of such additional functions increases the overall aircraft complexity, it is crucial to adapt methods and tools that support the development and ensure traceability, consistency, and verifiability. In this context, model-based systems engineering and the associated Systems Modeling Language (SysML) have been established as a standard methodology. This paper presents an overview of a system development and modeling process with SysML at the concept design stage using a position-variable shock control bumps system as an example. In addition to the system modeling, safety and reliability analyses have to be considered during the design process. To keep both, the model and the associated safety assessment consistent, this work introduces an extension of SysML to enable the execution of a functional hazard assessment (FHA) according to the ARP4754A and ARP 4761 guidelines. This is the first step in conducting a model-based safety assessment. Furthermore, a modeling process with concepts management methods is performed. In summary, the presented modeling process consists of three main parts: the system modeling, functional hazard assessment and concept management.

Miaosen Wang,Yuan Xue,Kang Wang

DOI: https://doi.org/10.1155/2022/6424057

2022-05-27

Abstract:Throughout the world, the reliability-based approach to safety design of aircraft systems is quite mature and widely used. However, there are still shortcomings in the reliability-based aircraft system safety analysis method. It cannot dynamically analyze the accident evolution process and lack consideration of the complex situation of multifactor coupling. On the basis of the original aircraft system safety analysis method, this paper innovatively proposes a functional hazard analysis (FHA) method based on the analytic hierarchy process (AHP) and multifactor fuzzy comprehensive assessment (FCA). The purpose is to improve the objectivity and quantification of the FHA method in the safety design of aircraft systems. At the same time, in the terminal airworthiness verification, this paper proposes a repeatable and controllable virtual test flight verification method, which aims to reduce the cost and cycle of the terminal airworthiness verification and expand the coverage of the envelope verification. Finally, combined with the clauses in MIL-HDBK-516B, a case calculation is carried out to verify the feasibility of the proposed method.

Xi Chen,Quan Zou,Jie Bai,Lei Dong

DOI: https://doi.org/10.3390/aerospace11060459

IF: 2.66

2024-06-06

Aerospace

Abstract:With the significant expansion of civil aviation, particularly in the low-altitude economy, there is a significant gap between the escalating demand for airworthiness certification of novel aircraft designs, such as electric vertical take-off and landing (eVTOL) vehicles, and the inefficiency of the current safety assessment process. This gap is partially attributed to safety assessors' limited exposure to these innovative aircraft models in the safety assessment process, necessitating extensive efforts in identifying precedents and their handling strategies. Complicating matters further, pertinent case studies are scattered across diverse, unstandardized digital formats, obliging assessors to navigate voluminous electronic records while concurrently establishing links among fragmented information scattered across multiple files. This study introduces an advanced information integration methodology, comprising a multi-level path-based architecture and a self-updating algorithm. The proposed method not only furnishes safety assessors with pertinent knowledge featuring explicative interconnectedness automatically, but also dynamically enriches this knowledge corpus through operational usage. Additionally, we devise a suite of evaluative criteria to validate the capacity of our method in processing and consolidating relevant safety datasets. Experimental analyses affirm the efficacy of our proposed approach in streamlining and refreshing safety assessment data. The automation of the retrieval of analogous cases, which relieves the reliance on expert knowledge, enhances the efficiency of the overall safety appraisal procedure. Consequently, this research contributes a solution to enhancing the velocity and accuracy of aircraft certification processes.

engineering, aerospace

Wan Jianxiong,Xiang Xudong,Bai Xiaoying,Lin Chuang,Kong Xiangzhen,Li Jianxiang

DOI: https://doi.org/10.1016/j.cja.2013.02.014

IF: 5.7

2013-01-01

Chinese Journal of Aeronautics

Abstract:The integrated modular avionics (IMA) architecture is an open standard in avionics industry, in which the number of functionalities implemented by software is greater than ever before. In the IMA architecture, the reliability of the avionics system is highly affected by the software applications. In order to enhance the fault tolerance feature with regard to software application failures, many industrial standards propose a layered health monitoring/fault management (HM/FM) scheme to periodically check the health status of software application processes and recover the malfunctioning software process whenever an error is located. In this paper, we make an analytical study of the HM/FM system for avionics application software. We use the stochastic Petri nets (SPN) to build a formal model of each component and present a method to combine the components together to form a complete system model with respect to three interlayer query strategies. We further investigate the effectiveness of these strategies in an illustrative system.

Chao Zhang,Xiaomu Shi,Dong Chen

DOI: https://doi.org/10.1109/dasc.2014.6979613

2014-01-01

Abstract:Traditional safety analysis of the avionics systems covers two aspects, i.e., the safety of the process and the safety of the current state. The mandatory analysis methodologies are the process safety analysis and Fault Tree Analysis (FTA), which meets the requirement of the Function Hazard Analysis (FHA). However, in the Integrated Modular Avionics (IMA) and Distributed Integrated Modular Avionics (DIMA), especially the networked IMA, the safety analysis method evolves into the Zachman framework analysis. Due to the increased complexity of the IMA and DIMA, the optimization algorithms should be developed. In this paper, based on the Cyber-Physical System (CPS), two optimization algorithms are revealed. One is the utility optimization algorithm subject to the safety requirement, another one is the direct optimization algorithm with the objective function of the safety. The proposed optimization schemes consolidate the methodology of the safety analysis and design of the avionics systems, especially in the IMA, DIMA, and the networked IMA.

Bingfeng XU,Zhiqiu HUANG,Jun HU,Xiaofeng YU

DOI: https://doi.org/CNKI:11-1929/V.20120201.0941.002

2012-01-01

Abstract:Current research of airborne software focuses on providing airworthiness certification evidence in software development process. As modern complex airborne software architecture is component-based and distributed, this paper considers the issue of checking the safety dependence relationship of software components against objectives that the airworthiness certification standard stipulates, which is one of the key problems of airborne software development in the design phase. Firstly, the static structure of a system is specified by a systems modeling language (SysML) block definition diagram with the description of safety properties. Secondly, the SysML block definition diagram is transformed to a block dependence graph for precise formal description. Thirdly, a method for checking the consistency between the safety dependence relationship in the static system structure and objectives of the airworthiness certification standard is proposed. Finally, an example of an aircraft navigation system is provided to illustrate how to use the method in the airborne software development process. The integrated safety level of a system is promoted by applying this method, and it can be used to provide airworthiness certification evidence.

Ran Wei,Simon Foster,Haitao Mei,Fang Yan,Ruizhe Yang,Ibrahim Habli,Colin O’Halloran,Nick Tudor,Tim Kelly

DOI: https://doi.org/10.1016/j.jss.2024.112034

IF: 3.5

2024-03-26

Journal of Systems and Software

Abstract:Assurance cases are used to communicate and assess confidence in critical system properties such as safety and security. Historically, assurance cases have been manually created documents, which are evaluated by system stakeholders through lengthy and complicated processes. In recent years, model-based system assurance approaches have gained popularity to improve the efficiency and quality of system assurance activities. This becomes increasingly important, as systems becomes more complex, it is a challenge to manage their development life-cycles, including coordination of development, verification and validation activities, and change impact analysis in inter-connected system assurance artifacts. Moreover, there is a need for assurance cases that support evolution during the operational life of the system, to enable continuous assurance in the face of an uncertain environment, as Robotics and Autonomous Systems (RAS) are adopted into society. In this paper, we contribute ACCESS - Assurance Case Centric Engineering of Safety-critical Systems, an engineering methodology, together with its tool support, for the development of safety critical systems around evolving model-based assurance cases. We show how model-based system assurance cases can trace to heterogeneous engineering artifacts (e.g. system architectural models, system safety analysis, system behaviour models, etc.), and how formal methods can be integrated during the development process. We demonstrate how assurance cases can be automatically evaluated both at development and runtime. We apply our approach to a case study based on an Autonomous Underwater Vehicle (AUV).

computer science, theory & methods, software engineering

X. Yang,T. Zhou,X.Y. Zhou,W.J. Zhang,C.R. Mu,S. Xu

DOI: https://doi.org/10.1016/j.ocecoaman.2023.107003

IF: 4.295

2024-01-13

Ocean & Coastal Management

Abstract:The dynamic autonomy resulting from control mode transitions in the Maritime Autonomous Surface Ships (MASS) poses a significant risk to its navigation safety. While Systems-Theoretic Process Analysis (STPA) has proven effective in the hazard identification of autonomous ships, the safety challenges inherent in the dynamic autonomy of MASS with seafarers onboard controlled by three possible controllers have not been addressed much. This study proposes a three-phase framework that combines STPA, state machines and Sequentially Timed Events Plotting (STEP) diagram aiming at identifying failure scenarios in the transition process. Findings from a case study highlight the need for such a framework to understand the triggering events for mode transition, the transition process, how transition failure may occur, and refine safety constraints to ensure smooth and safe transitions. The results lay the groundwork for future research into test case generation methods that focus on these identified transition failure scenarios, intending to ensure safe and secure navigation for the progressive introduction of MASS.

water resources,oceanography

Pujie Han,Zhengjun Zhai,Brian Nielsen,Ulrik Nyman

DOI: https://doi.org/10.4204/EPTCS.268.5

2018-03-28

Abstract:This paper presents a modeling framework for schedulability analysis of distributed integrated modular avionics (DIMA) systems that consist of spatially distributed ARINC-653 modules connected by a unified AFDX network. We model a DIMA system as a set of stopwatch automata (SWA) in UPPAAL to analyze its schedulability by classical model checking (MC) and statistical model checking (SMC). The framework has been designed to enable three types of analysis: global SMC, global MC, and compositional MC. This allows an effective methodology including (1) quick schedulability falsification using global SMC analysis, (2) direct schedulability proofs using global MC analysis in simple cases, and (3) strict schedulability proofs using compositional MC analysis for larger state space. The framework is applied to the analysis of a concrete DIMA system.

Software Engineering,Distributed, Parallel, and Cluster Computing

Ahlbrecht, Alexander,Sprockhoff, Jasper,Durak, Umut

DOI: https://doi.org/10.1007/s10270-024-01209-6

2024-09-13

Software & Systems Modeling

Abstract:The complexity of safety-critical systems is continuously increasing. To create safe systems despite the complexity, the system development requires a strong integration of system design and safety activities. A promising choice for integrating system design and safety activities are model-based approaches. They can help to handle complexity through abstraction, automation, and reuse and are applied to design, analyze, and assure systems. In practice, however, there is often a disconnect between the model-based design and safety activities. At the same time, there is often a delay until recent approaches are available in model-based frameworks. As a result, the advantages of the models are often not fully utilized. Therefore, this article proposes a framework that integrates recent approaches for system design (model-based systems engineering), safety analysis (system-theoretic process analysis), and safety assurance (goal structuring notation). The framework is implemented in the systems modeling language (SysML), and the focus is placed on the connection between the safety analysis and safety assurance activities. It is shown how the model-based integration enables tool assistance for the systematic creation, analysis, and maintenance of safety artifacts. The framework is demonstrated with the system design, safety analysis, and safety assurance of a collision avoidance system for aircraft. The model-based nature of the design and safety activities is utilized to support the systematic generation, analysis, and maintenance of safety artifacts.

computer science, software engineering

Minghui Sun,Cody H. Fleming

DOI: https://doi.org/10.1016/j.ifacol.2023.01.110

2023-02-04

IFAC-PapersOnLine

Abstract:With the rapid advancement of Formal Methods, Model-based Safety Analysis (MBSA) has been gaining tremendous attention for its ability to rigorously verify whether the safety-critical scenarios are adequately addressed by the design solution of a cyber-physical human system. However, there is a gap. If specific safety-critical scenarios are not included in the given design solution (i.e., the model) in the first place, the results of MBSA cannot be trusted for safety assurance. To tackle this problem, we propose a new safety-guided design methodology (called STPA+) to complement MBSA. Inspired by STPA, STPA+ treats a system as a control structure, which is particularly fit for systems with complex interactions between human, machine, and automation. Three methods are developed in STPA+ to tackle the possible omissions of safety-critical scenarios caused by incorrectly defined safety constraints, improperly constrained process model, and inadequately designed controller. In this way, STPA+ directly derives an adequately defined design solution as the input to an MBSA verification program and bridges the gap between current MBSA approaches and safety assurance.

Dajiang Suo,Jinxia An,Jihong Zhu

DOI: https://doi.org/10.1109/apsec.2011.27

2011-01-01

Abstract:This paper seeks to model the Integrated Modular Avionics (IMA) using Architectural Analysis and Design Language (AADL). In particular, the mechanism to describe the dynamic reconfiguration of multimodal system is presented. By translating the AADL model into Time Petri Net (TPN), some real-time and logical properties (deadlock, reach ability, missed deadline) of reconfiguration could be checked. The analysis results could then be used to adjust the design of software at the early stage of system development and ensure that the reconfiguration of IMA meets the real-time constraints.