Minghui Sun,Smitha Gautham,Quanbo Ge,Carl Elks,Cody Fleming

DOI: https://doi.org/10.1016/j.ssci.2024.106425

IF: 6.392

2024-01-15

Safety Science

Abstract:Model-based safety assessment (MBSA) has been one of the major research thrusts of the System Safety Engineering community for about three decades. It has attracted attention in many safety-critical industries, such as aviation, mining, and nuclear power. However, there is still a lack of consensus on what MBSA is. For example, how is MBSA different from the traditional safety analysis approach? How one MBSA approach is different from another? The ambiguity in the identity of MBSA poses significant challenges to the advancement of MBSA as an active research area. To answer these questions, we conducted a systematic review of the MBSA literature. Overall, 134 articles were selected for review from a total of 864 papers. We found four core activities that an MBSA approach must perform. Based on how each core activity was conducted, we were able to define (i.e., setting MBSA apart from other safety analysis approaches) and characterize (i.e., setting one MBSA approach apart from another) MBSA. As a result, an MBSA approach must at least (1) model component faults and fault propagation, (2) support the automatic computation of the desired safety analysis, (3) ensure the consistency between the design model and the safety model at the architecture level, and (4) demonstrate the safety risk due to component faults are acceptable. In addition to the insights and implications we identified for each core activity, we presented at the end of the paper a pressing issue of MBSA that multiple articles pointed out over the years: model validity. Without ensuring the validity of the safety model, it will be very challenging to utilize MBSA to its full potential for safety assurance.

engineering, industrial,operations research & management science

Lu Chen,Jian Jiao,Qianxin Wei,Tingdi Zhao

DOI: https://doi.org/10.1016/j.engfailanal.2017.06.034

IF: 4

2017-01-01

Engineering Failure Analysis

Abstract:It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system. As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Guoqiang Cai

DOI: https://doi.org/10.18293/vlss2015-052

2015-01-01

Proceedings

Abstract:Safety analysis ensuring the normal operation of an engineering system is important. The existing safety analysis methods are limited to relatively simple fact description and statistical induction level. Besides, many of them enjoy poor generality, and fail to achieve comprehensive safety evaluation given a system structure and collected information. This work describes a new safety analysis method, called a GO-Bayes algorithm. It combines structural modeling of the GO method and probabilistic reasoning of the Bayes method. It can be widely used in system analysis. The work takes a metro vehicle braking system as an example to verify its usefulness and accuracy. Visual implementation by Extendsim software shows its feasibility and advantages in comparison with the Fault Tree Analysis (FTA) method.

Minghui Sun,Cody H. Fleming

DOI: https://doi.org/10.1016/j.ifacol.2023.01.110

2023-02-04

IFAC-PapersOnLine

Abstract:With the rapid advancement of Formal Methods, Model-based Safety Analysis (MBSA) has been gaining tremendous attention for its ability to rigorously verify whether the safety-critical scenarios are adequately addressed by the design solution of a cyber-physical human system. However, there is a gap. If specific safety-critical scenarios are not included in the given design solution (i.e., the model) in the first place, the results of MBSA cannot be trusted for safety assurance. To tackle this problem, we propose a new safety-guided design methodology (called STPA+) to complement MBSA. Inspired by STPA, STPA+ treats a system as a control structure, which is particularly fit for systems with complex interactions between human, machine, and automation. Three methods are developed in STPA+ to tackle the possible omissions of safety-critical scenarios caused by incorrectly defined safety constraints, improperly constrained process model, and inadequately designed controller. In this way, STPA+ directly derives an adequately defined design solution as the input to an MBSA verification program and bridges the gap between current MBSA approaches and safety assurance.

CHAO ZHAN,Miao Yu,Yanbo Zhang,Meixiang Peng,Thomas J. Benzie

DOI: https://doi.org/10.1117/12.2635355

2022-01-01

Abstract:Function, especially the complex system function, is a key point to produce tones of troubles. The complex logic and interface make the natural language and the traditional design methodology based document can not meet the requirement of new aircraft. The MBSE is introduced. the model is a standardized, visualized and simulative. In this paper, the authors present a methodology of the function description and analysis based SysML model and validation it with simulation.

Imane Bouhali,Agnese Pasquariello,Faida Mhenni,Ferdinando Vitolo,Peter Hehenberger,Stanislao Patalano,Jean‐Yves Choley

DOI: https://doi.org/10.1002/sys.21791

IF: 2.034

2024-10-30

Systems Engineering

Abstract:Mechatronic systems become ever more complex because of their increasing number of interconnected safety critical components and sophistication. MBSE (Model‐based Systems Engineering) and MBSA (Model‐Based Safety Assessment) are the most commonly adopted approaches to deal with the design and safety analysis of mechatronic systems. Unfortunately, both approaches are normally adopted separately, especially in the earlier phases of system design, thus leading to a lack of communication between system engineers and the safety team. This work aims to fill that gap at a high level, that is, through process interaction. This paper proposes an enhanced V‐model for the design of safety‐critical mechatronic systems. It relates a system development process with specific safety assessment methods. Specifically, the proposed workflow details exchange flows between the RFLP (Requirements, Functional, Logical, Physical) method, the FHA (Functional Hazard Analysis), the FMEA (Failure Mode and Effects Analysis), the MBSA and simulation, and the FTA (Fault Tree Analysis). These analyses are complemented with multiphysics modeling and simulation to observe system behavior in functional and failure scenarios, with the aim of requirements verification. The design workflow has been applied to a winged Unmanned Aerial Vehicle to apply the parallel process and the necessary interaction of MBSE and MBSA approaches. The information flows between the individual activities proved effective for designing a safe system before the verification phase. The main benefit of the proposed workflow is providing both the design and safety team with some interaction points, thus avoiding a lack of safety‐critical analysis in the early phases of system design.

engineering, industrial,operations research & management science

Yuan Yuan,Jian Jiao,Xiao-Lei Li,Ting-Di Zhao

DOI: https://doi.org/10.1155/2022/6971652

IF: 1.43

2022-02-11

Mathematical Problems in Engineering

Abstract:The large-scale system’s mission process and the interaction within the system are becoming more complex with the improvement of the integration and intelligence, and the complex interactions among multiple factors, such as the unsafe behavior of personnel, equipment failures, and environmental interference, make safety analysis a greater challenge. Aimed at the safety of carrier aircraft, an integrated system modeling and safety analysis method for aircraft landing process were proposed based on System Modeling Language (SysML) and Simulink. First, the SysML models were built according to the analysis of the mission process, including system structure and behavior process, using multiple diagrams. Second, the SysML models were transformed into and integrated with the Simulink platform to build entity models with continuous dynamic characteristics and to perform safety analysis through simulation. Finally, an example of aircraft attitude control during landing was given to demonstrate the proposed method, and the safety states were analyzed and assessed under different disturbance conditions.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Baoping Cai,Wenchao Li,Yiliu Liu,Xiaoyan Shao,Yanping Zhang,Yi Zhao,Zengkai Liu,Renjie Ji,Yonghong Liu

DOI: https://doi.org/10.1016/j.ress.2021.107823

2021-11-01

Abstract:<p>A novel methodology for evaluation of safety instrumented systems (SISs) with heterogeneous components based on multi-stage dynamic Bayesian networks (MDBNs) is proposed. The unified evaluation model for <em>M</em>-out-of-<em>N</em> architectures based on MDBNs is constructed. An automatic modeling method of conditional probability tables for time-slice and inter-slice transitions is established. Average probability of failure on demand (<em>PFD_avg</em>) and probability of failing safety (<em>PFS</em>) of the structure can be calculated by the established model. A method for calculating the life-cycle cost of SISs is presented by using the results of system evaluation and specific cost details. A high-integrity pressure protection system (HIPPS) is adopted to demonstrate the application of the proposed approach. A MDBNs-based evaluation and cost analysis software of heterogeneous redundant structure is developed by using MATLAB graphical user interface. The analysis of system evaluation results and life-cycle cost can help the designer determine the configuration of the heterogeneous redundant structure.</p>

engineering, industrial,operations research & management science

Kai Hoefig,Andreas Joanni,Marc Zeller,Francesco Montrone,Martin Rothfelder,Rakshith Amarnath,Peter Munk,Arne Nordmann

DOI: https://doi.org/10.48550/arXiv.2105.15015

2021-05-31

Software Engineering

Abstract:The importance of mission or safety critical software systems in many application domains of embedded systems is continuously growing, and so is the effort and complexity for reliability and safety analysis. Model driven development is currently one of the key approaches to cope with increasing development complexity, in general. Applying similar concepts to reliability, availability, maintainability and safety (RAMS) analysis activities is a promising approach to extend the advantages of model driven development to safety engineering activities aiming at a reduction of development costs, a higher product quality and a shorter time-to-market. Nevertheless, many model-based safety or reliability engineering approaches aim at reducing the analysis complexity but applications or case studies are rare. Therefore we present here a large scale industrial case study which shows the benefits of the application of component fault trees when it comes to complex safety mechanisms. We compare the methodology of component fault trees against classic fault trees and summarize benefits and drawbacks of both modeling methodologies.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Yue Cao,Yusheng Liu,Christiaan J. J. Paredis

DOI: https://doi.org/10.1115/detc2010-28213

2010-01-01

Abstract:Model Based Systems Engineering (MBSE) provides a new method for the design of mechatronic systems with increasing complexity. However, different from other complex systems, the behavior of mechatronic systems is characterized best in terms of continuous dynamics and therefore it is not easy for the designer to evaluate it based on static design models. In this study, a method for integrating system-level design and analysis models of mechatronic system behavior is presented. A set of stereotypes is defined based on the Simscape modeling language to support explicit modeling of continuous dynamics in SysML. Simulation models are then introduced into SysML to support analyzing the system dynamics behavior with the help of simulation in Simscape. Finally, the system dynamics model and simulation model in SysML are integrated with the analysis model in Simscape through a bidirectional model transformation based on a triple graph grammar (TGG). The model transformation facilitates automatic model consistency and traceability. Also, the system dynamics behavior can be simulated automatically for verification and validation. The proposed method is implemented and illustrated with a simple example.

王丹华,卢威,潘金贵,陈斌

DOI: https://doi.org/10.16182/j.cnki.joss.2013.05.034

2013-01-01

Abstract:Most medical processes are safety critical and therefore could benefit from proactive safety analysis techniques that attempt to detect hazards and weaknesses of such processes before they are put into use. A framework was proposed to produce simulation models with improved safety. Automatic algorithms were introduced into this framework to generate both effects trees and fault trees for these medical processes. With the approach, recommended changes would be made to the simulation models which would then be reevaluated to assure that the problem had been effectively addressed. © Copyright.

Stefano M. Nicoletti,Marijn Peppelman,Christina Kolb,Mariëlle Stoelinga

DOI: https://doi.org/10.48550/arXiv.2106.06272

2023-10-23

Abstract:We survey the state-of-the-art on model-based formalisms for safety and security joint analysis, where safety refers to the absence of unintended failures, and security to absence of malicious attacks. We conduct a thorough literature review and - as a result - we consider fourteen model-based formalisms and compare them with respect to several criteria: (1) Modelling capabilities and Expressiveness: which phenomena can be expressed in these formalisms? To which extent can they capture safety-security interactions? (2) Analytical capabilities: which analysis types are supported? (3) Practical applicability: to what extent have the formalisms been used to analyze small or larger case studies? Furthermore, (1) we present more precise definitions for safety-security dependencies in tree-like formalisms; (2) we showcase the potential of each formalism by modelling the same toy example from the literature and (3) we present our findings and reflect on possible ways to narrow highlighted gaps. In summary, our key findings are the following: (1) the majority of approaches combine tree-like formal models; (2) the exact nature of safety-security interaction is still ill-understood and (3) diverse formalisms can capture different interactions; (4) analyzed formalisms merge modelling constructs from existing safety- and security-specific formalisms, without introducing ad hoc constructs to model safety-security interactions, or (5) metrics to analyze trade offs. Moreover, (6) large case studies representing safety-security interactions are still missing.

Cryptography and Security

Wei Yang,Chaofan Fu,Xiaoguang Yan,Zhuoning Chen

DOI: https://doi.org/10.1007/s10845-020-01535-8

IF: 8.3

2020-01-24

Journal of Intelligent Manufacturing

Abstract:The quality of model-based definition (MBD) models is one of the significant challenges to achieving model-based enterprise (MBE). Different stakeholders in MBE put forward different quality requirements for MBD models, while any quality defect may hinder the production. Therefore, it is essential to analyze the quality of MBD models adequately before the usage. However, existing quality tools are difficult to apply in MBE. A knowledge-based quality analysis system for MBD part models is presented in this paper. The system utilizes model quality knowledge to analyze model quality from the perspective of various stakeholders in MBE. And it can be extended by adding new MBD part model quality knowledge. In order to judge model quality, a concept of the model definition unit is introduced for converting model information into the description towards model semantics quality, and a quality analysis method based on this description is proposed. For the ease of model quality knowledge representation and maintenance, a knowledge representation framework based on the object chain and parameter table is developed. Finally, a prototype system is implemented to verify the effectiveness and practicality. With 46 knowledge items derived from eight model-used stages, in total 24 potential quality defects are found in two case models. And additional two defects are discovered by extending the system with new model quality knowledge. In this way, the model quality is improved from the perspective of corresponding users.

engineering, manufacturing,computer science, artificial intelligence

Peter Munk,Arne Nordmann

DOI: https://doi.org/10.1007/s10270-020-00782-w

2020-02-26

Abstract:Mastering the complexity of safety assurance for modern, software-intensive systems is challenging in several domains, such as automotive, robotics, and avionics. Model-based safety analysis techniques show promising results to handle this challenge by automating the generation of required artifacts for an assurance case. In this work, we adapt prominent approaches and propose to augment of SysML models with component fault trees (CFTs) to support the fault tree analysis and the failure mode and effects analysis. While most existing approaches based on CFTs are only targeting the system topology, e. g., UML class diagrams, we propose an integration of CFTs with SysML internal block diagrams as well as SysML activity diagrams. We realized our approach in a prototypical tool. We conclude with best practices and lessons learned that emerged from our case studies with an electronic power steering system and a boost recuperation system.

computer science, software engineering

M. Schäfer,A. Berres,O. Bertram

DOI: https://doi.org/10.1007/s13272-022-00631-0

2022-12-20

CEAS Aeronautical Journal

Abstract:Integrating new functions into the aircraft can, for example, increase performance or reduce fuel consumption. Since the installation of such additional functions increases the overall aircraft complexity, it is crucial to adapt methods and tools that support the development and ensure traceability, consistency, and verifiability. In this context, model-based systems engineering and the associated Systems Modeling Language (SysML) have been established as a standard methodology. This paper presents an overview of a system development and modeling process with SysML at the concept design stage using a position-variable shock control bumps system as an example. In addition to the system modeling, safety and reliability analyses have to be considered during the design process. To keep both, the model and the associated safety assessment consistent, this work introduces an extension of SysML to enable the execution of a functional hazard assessment (FHA) according to the ARP4754A and ARP 4761 guidelines. This is the first step in conducting a model-based safety assessment. Furthermore, a modeling process with concepts management methods is performed. In summary, the presented modeling process consists of three main parts: the system modeling, functional hazard assessment and concept management.

Yuan Yuan,Jian Jiao,Mengwei Wei

DOI: https://doi.org/10.1088/1742-6596/1624/4/042060

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract The integration and interaction of multiple factors in large-scale system such as aircraft is the main reason of safety problem. For example, the aircraft can be affected by a variety of interactive factors due to changes in pilot conditions, avionics equipment and environmental state during flight. Aiming at the process of carrier aircraft landing, this paper proposes a formal modeling method based on System Modeling Language (SysML) to describe and analyze the safety of system. Firstly, the method based on SysML is detailed to model the structural and behavioural aspects, relying on the analysis of mission and/or behavior process. Then, the integrated method of SysML and Simulink, using the TGG method, is adopted to facilitate the analysis of the behavior processes. Finally, the attitude control during the aircraft landing process is taken as an example to assess the deviation and the dangerous time variation of the system in different disturbance degrees, which will help to make a better safety strategy.

Hassan Raza,Esha Deol,Sanjana Hedge,Hassan Tanvir

DOI: https://doi.org/10.60087/jklst.v3.n4.p188

2024-12-25

Abstract:Model Based System Engineering (MBSE), introduced in the 2000s, has become a cornerstone for automobile companies like BMW, Toyota, and others prominently involved in the development of autonomous vehicles. MBSE is a unique systematic approach that uses designs and architecture instead of traditional document-centric methods. While the integration of MBSE in autonomous systems shows great promise for system development, there are still drawbacks due to the process of its complex integration. Currently, the engineering community is shifting its approach in systems engineering from document-based system engineering to MBSE. The shift has provided numerous advantages, one example being the enhancement of safety and security using Systems Modeling Language (SysML). Additionally, the continuous verification and validation of the system allowed by MBSE ensures that communication protocols meet real-time constraints. This study aims to address how MBSE can be used in autonomous vehicle development to improve functionality, secure connectivity, vehicle certification and enhance trust/confidence. Additionally, exploring how to overcome challenges such as streamlining existing requirements, test identification, navigating multi-perspective simulation, and improving vehicle-to-vehicle (V2V) communication. By using practical and multi-dimensional methods, formalisms, and applications, the future of MBSE shows great potential as a fundamental component to support effective, collaborative, and successful autonomous development environments.

Bingfeng XU,Zhiqiu HUANG,Jun HU,Xiaofeng YU

DOI: https://doi.org/CNKI:11-1929/V.20120201.0941.002

2012-01-01

Abstract:Current research of airborne software focuses on providing airworthiness certification evidence in software development process. As modern complex airborne software architecture is component-based and distributed, this paper considers the issue of checking the safety dependence relationship of software components against objectives that the airworthiness certification standard stipulates, which is one of the key problems of airborne software development in the design phase. Firstly, the static structure of a system is specified by a systems modeling language (SysML) block definition diagram with the description of safety properties. Secondly, the SysML block definition diagram is transformed to a block dependence graph for precise formal description. Thirdly, a method for checking the consistency between the safety dependence relationship in the static system structure and objectives of the airworthiness certification standard is proposed. Finally, an example of an aircraft navigation system is provided to illustrate how to use the method in the airborne software development process. The integrated safety level of a system is promoted by applying this method, and it can be used to provide airworthiness certification evidence.