Wenbo Zhang,Xiangkun Meng,Jianyuan Wang,Tieshan Li,Qihe Shan,Fei Teng

DOI: https://doi.org/10.1109/iccss53909.2021.9722016

2021-12-10

Abstract:Automatic crane is a complex system affected by the external environment and the internal components of the system, information fusion, software and hardware combination, and man-machine integration. The improvement of its automation and informatization proposes various challenges in the accident model construction and safety analysis. However, the safety analysis methods based on fault types consider that the occurrence of accidents is linear and ignore the correlation among components of the system. This paper adopts the system-theoretic accident model and process (STAMP) and system-theoretic process analysis (STPA) mode is to implement safety analysis of the automatic crane trolley running system (ACTRs). The paper starts from the identification of system-level losses and hazards, clarifies the function and internal logical control relationships of the system’s components, and then finds potential unsafe control actions (UCAs) and loss scenarios during the trolley running. The results show that the control requirements for the regular operation of the trolley running system can be analyzed in detail. Therefore, the STAMP/STPA can apply to the safety investigation of automatic cranes.

Asim Abdulkhaleq,Stefan Wagner,Daniel Lammering,Hagen Boehmert,Pierre Blueher

DOI: https://doi.org/10.48550/arXiv.1703.03657

2017-03-10

Software Engineering

Abstract:Safety has become of paramount importance in the development lifecycle of the modern automobile systems. However, the current automotive safety standard ISO 26262 does not specify clearly the methods for safety analysis. Different methods are recommended for this purpose. FTA (Fault Tree Analysis) and FMEA (Failure Mode and Effects Analysis) are used in the most recent ISO 26262 applications to identify component failures, errors and faults that lead to specific hazards (in the presence of faults). However, these methods are based on reliability theory, and they are not adequate to address new hazards caused by dysfunctional component interactions, software failure or human error. A holistic approach was developed called STPA (Systems-Theoretic Process Analysis) which addresses more types of hazards and treats safety as a dynamic control problem rather than an individual component failure. STPA also addresses types of hazardous causes in the absence of failure. Accordingly, there is a need for investigating hazard analysis techniques like STPA. In this paper, we present a concept on how to use STPA to extend the safety scope of ISO 26262 and support the Hazard Analysis and Risk Assessments (HARA) process. We applied the proposed concept to a current project of a fully automated vehicle at Continental. As a result, we identified 24 system- level accidents, 176 hazards, 27 unsafe control actions, and 129 unsafe scenarios. We conclude that STPA is an effective and efficient approach to derive detailed safety constraints. STPA can support the functional safety engineers to evaluate the architectural design of fully automated vehicles and build the functional safety concept.

Liangliang Sun,Yan-Fu Li,Enrico Zio

DOI: https://doi.org/10.1115/1.4051940

2022-01-01

Abstract:As autonomous vehicle (AV) intelligence for controllability continues to develop, involving increasingly complex and interconnected systems, the maturity level of AV technology increasingly depends on the systems reliability level, also considering the interactions among them. Hazard analysis is typically used to identify potential system risks and avoid loss of AV system functionality. Conventional hazard analysis methods are commonly used for traditional standalone systems. New hazard analysis methods have been developed that may be more suitable for AV system-of-systems complexity. However, a comprehensive comparison of hazard analysis methods for AV systems is lacking. In this study, the traditional hazard analysis methods, hazard and operability (HAZOP) and failure mode and effects analysis (FMEA), as well as the most recent methods, like functional resonance analysis method (FRAM) and system-theoretic process analysis (STPA), are considered for implementation in the automatic emergency braking system. This system is designed to avoid collisions by utilizing the surrounding sensors to detect objects on the road, warning drivers with alerts about any collision risk, and actuating automatic partial/full braking through calculated adaptive braking deceleration. The objective of this work is to evaluate the methods with the unified theory of acceptance and use of technology (UTAUT) approach, in terms of their applicability to AV technologies. The advantages of HAZOP, FMEA, FRAM, and STPA, as well as the possibility of combining them to achieve systematic risk identification in practice, are discussed.

Craig Innes,Andrew Ireland,Yuhui Lin,Subramanian Ramamoorthy

DOI: https://doi.org/10.1145/3597512.3599698

2023-06-07

Abstract:A key goal of the System-Theoretic Process Analysis (STPA) hazard analysis technique is the identification of loss scenarios - causal factors that could potentially lead to an accident. We propose an approach that aims to assist engineers in identifying potential loss scenarios that are associated with flawed assumptions about a system's intended operational environment. Our approach combines aspects of STPA with formal modelling and simulation. Currently, we are at a proof-of-concept stage and illustrate the approach using a case study based upon a simple car door locking system. In terms of the formal modelling, we use Extended Logic Programming (ELP) and on the simulation side, we use the CARLA simulator for autonomous driving. We make use of the problem frames approach to requirements engineering to bridge between the informal aspects of STPA and our formal modelling.

Logic in Computer Science,Systems and Control

Guangshuang Ge,Liangliang Sun,Yan Fu Li

DOI: https://doi.org/10.1109/issrew55968.2022.00087

2022-01-01

Abstract:Autonomous delivery vehicles (ADVs) are derivatives of autonomous driving technology. With the rapid development of autonomous driving technology and the rapid rise in demand for terminal logistics and distribution, ADVs have gradually entered commercial operation in many cities, thus it brings higher requirements to the reliability of ADVs. Because of bill of material (BOM) cost pressure, most autopilot sensors and domain controllers of ADVs are not strictly follow passenger vehicle standards and regulations, the ADVs' reliability is very critical. The traditional methods of process hazard analysis (PHA) e.g. HAZOPs, FMEAs, FT A, etc., use a system divide approach. The to be analyzed system is breaking down into component level, and the risks or hazard of each component are analyzed separately. The two important assumptions of the traditional methods are: 1. the system's properties are not changed when it is broken down into component level; 2. the accidents are caused by component failures. However, in an ADV, the system becomes complex since the system effects may be missed, and this assumption is questionable; further, an ADV accidents can happen even there is no component failure. The system level hazard analysis cannot be fully determined only at the component level, but out of interactions of systems. Systems Theoretic Process Analysis (STP A) is a structured system level approach to analyze hazard. Based on the premise that accidents happen when the control is inadequate or lost, STPA approach decodes hazards related not only to component failures, but also to design errors, flawed controller requirements, interaction failures, human errors, and other errors. In this paper, the STPA method is used to analyze various risks and hazards of ADVs, and finally construct an abnormality monitoring system for autonomous driving sensors. Engineering practice shows that this method can effectively monitor the abnormality of sensor data links.

Qi Zhang,Yanhui Zhuang,Yuguang Wei,Hao Jiang,Hao Yang

DOI: https://doi.org/10.1155/2020/3158468

IF: 2.249

2020-02-01

Journal of Advanced Transportation

Abstract:In order to make safety risk assessment more accurately and more reasonably for high-speed railway station in China, this paper analyzes risk factors of fault tree and transfers the fault tree of risk accident into fuzzy petri net and then builds the FPN-FTA model by combining the dynamic weighting fuzzy petri net (FPN) and fault tree analysis (FTA) based on the latter. This paper simulates the FTA-FPN model with Stateflow of Matlab software. Then, it builds up a bi-objective risk control model, making the minimum safety risk level and minimum necessary cost as the objectives, and it designs discrete particle swarm optimization algorithm to solve the risk control model. Finally, this paper selects stampede accident of Shijiazhuang high-speed railway station as an example in case study for assessing stampede risk level and gets the risk control schemes for this station. The results verify the feasibility and validity of the model and algorithm.

transportation science & technology,engineering, civil

Asim Abdulkhaleq,Stefan Wagner,Nancy Leveson

DOI: https://doi.org/10.48550/arXiv.1612.03109

2016-12-09

Software Engineering

Abstract:Formal verification and testing are complementary approaches which are used in the development process to verify the functional correctness of software. However, the correctness of software cannot ensure the safe operation of safety-critical software systems. The software must be verified against its safety requirements which are identified by safety analysis, to ensure that potential hazardous causes cannot occur. The complexity of software makes defining appropriate software safety requirements with traditional safety analysis techniques difficult. STPA (Systems-Theoretic Processes Analysis) is a unique safety analysis approach that has been developed to identify system hazards, including the software-related hazards. This paper presents a comprehensive safety engineering approach based on STPA, including software testing and model checking approaches for the purpose of developing safe software. The proposed approach can be embedded within a defined software engineering process or applied to existing software systems, allow software and safety engineers integrate the analysis of software risks with their verification. The application of the proposed approach is illustrated with an automotive software controller.

Yi Qi,Yi Dong,Siddartha Khastgir,Paul Jennings,Xingyu Zhao,Xiaowei Huang

2023-07-17

Abstract:Systems Theoretic Process Analysis (STPA) is a systematic approach for hazard analysis that has been used across many industrial sectors including transportation, energy, and defense. The unstoppable trend of using Machine Learning (ML) in safety-critical systems has led to the pressing need of extending STPA to Learning-Enabled Systems (LESs). Although works have been carried out on various example LESs, without a systematic review, it is unclear how effective and generalisable the extended STPA methods are, and whether further improvements can be made. To this end, we present a systematic survey of 31 papers, summarising them from five perspectives (attributes of concern, objects under study, modifications, derivatives and processes being modelled). Furthermore, we identify room for improvement and accordingly introduce DeepSTPA, which enhances STPA from two aspects that are missing from the state-of-the-practice: (i) Control loop structures are explicitly extended to identify hazards from the data-driven development process spanning the ML lifecycle; (ii) Fine-grained functionalities are modelled at the layer-wise levels of ML models to detect root causes. We demonstrate and compare DeepSTPA and STPA through a case study on an autonomous emergency braking system.

Software Engineering

Ke Niu,Wenbo Liu,Jia Zhang,Mengxuan Liang,Huimin Li,Yaqiong Zhang,Yihang Du

DOI: https://doi.org/10.3390/ijerph20032314

2023-01-28

Abstract:System upgrades and team members interactions lead to changes in task structure. Therefore, in order to handle emergencies efficiently and safely, a comprehensive method of the traffic dispatching team task complexity (TDTTC) is proposed based on team cognitive work analysis (Team-CWA) and network feature analysis. The method comes from the perspective of the socio-technical system. Two stages were included in this method. In the first stage, four phases of Team-CWA, i.e., team work domain analysis, team control task analysis, team strategies analysis, and team worker competencies analysis, were applied in the qualitative analysis of TDTTC. Then in the second stage, a mapping process was established based on events and information cues. After the team task network was established, the characteristic indexes of node degree/average degree, average shortest path length, agglomeration coefficient, and overall network performance for TDTTC were extracted to analyze TDTTC quantitatively. The cases of tasks for screen door fault under grade of automation GOA1-GOA4 were compared. The results revealed that the more nodes and communication between nodes, the larger the network scale was, which would lead to the TDTTC being more complicated no matter what level of automation system it was under. This method is not only the exploration of cognitive engineering theory in the field of task complexity, but also the innovation of team task complexity in the development of automatic metro operation.

Asim Abdulkhaleq,Stefan Wagner

DOI: https://doi.org/10.48550/arXiv.1612.00330

2016-12-01

Software Engineering

Abstract:Context: Today's safety critical systems are increasingly reliant on software. Software becomes responsible for most of the critical functions of systems. Many different safety analysis techniques have been developed to identify hazards of systems. FTA and FMEA are most commonly used by safety analysts. Recently, STPA has been proposed with the goal to better cope with complex systems including software. Objective: This research aimed at comparing quantitatively these three safety analysis techniques with regard to their effectiveness, applicability, understandability, ease of use and efficiency in identifying software safety requirements at the system level. Method: We conducted a controlled experiment with 21 master and bachelor students applying these three techniques to three safety-critical systems: train door control, anti-lock braking and traffic collision and avoidance. Results: The results showed that there is no statistically significant difference between these techniques in terms of applicability, understandability and ease of use, but a significant difference in terms of effectiveness and efficiency is obtained. Conclusion: We conclude that STPA seems to be an effective method to identify software safety requirements at the system level. In particular, STPA addresses more different software safety requirements than the traditional techniques FTA and FMEA, but STPA needs more time to carry out by safety analysts with little or no prior experience.

Longlong He,Ruiyu Pan,Yafei Wang,Jiani Gao,Tianze Xu,Naqi Zhang,Yue Wu,Xuhui Zhang

DOI: https://doi.org/10.3390/math12071109

IF: 2.4

2024-04-08

Mathematics

Abstract:In the face of the increasing complexity of risk factors in the coal mining transportation system (CMTS) during the process of intelligent transformation, this study proposes a method for analyzing accidents in CMTS based on fault tree analysis (FTA) combined with Bayesian networks (BN) and preliminary hazard analysis (PHA). Firstly, the fault tree model of CMTS was transformed into a risk Bayesian network, and the inference results of the fault tree and Bayesian network were integrated to identify the key risk factors in the transportation system. Subsequently, based on the preliminary hazard analysis of these key risk factors, corresponding rectification measures and a risk control system construction plan are proposed. Finally, a case study was carried out on the X coal mine as a pilot mine to verify the feasibility of the method. The application of this method effectively identifies and evaluates potential risk factors in CMTS, providing a scientific basis for accident prevention. This research holds significant importance for the safety management and decision making of coal mine enterprises during the process of intelligent transformation and is expected to provide strong support for enhancing the safety and reliability of CMTS.

mathematics

Alojz Gomola,Ingrid Bouwer Utne

DOI: https://doi.org/10.1016/j.heliyon.2024.e31483

IF: 3.776

2024-05-21

Heliyon

Abstract:With higher autonomy in maritime systems, tasks and responsibilities are moved from the human operator to software, increasing the complexity and the importance of safe and reliable functionality. Software failures, however, may be introduced from the early life cycle phases intentionally or unintentionally, and these must therefore be mitigated by safe and secure design approaches. A challenge is that existing methods are not particularly well-suited for analyzing software risks. Thus, the objective of this paper is to propose a systematic and efficient software failure identification approach by extending the Systems-Theoretic Process Analysis (STPA) with a software failure taxonomy and the System Modeling Language (SysML). This enables the control structure in STPA to cover both the dynamic and static aspects of the software functions. Combined with an implementation platform independent questionnaire, this gives a more systematic and guided search for potential software failures than existing approaches. To demonstrate the proposed approach, a case study on a ferry's navigation system that operates in manual control or semi-autonomous mode is performed. In the case study, the focus is on creating an avoidance map data structure, including both moving and static obstacles to be avoided by the ferry, and the subsequent process of collision risk warning calculation. Software failures are identified and evaluated in collision scenarios where the ferry operates under foggy conditions. The paper shows that the proposed systematic approach provides an improved process for identifying and analyzing critical software failures. This facilitates enhanced risk mitigation in the design and testing phases contributing to autonomous systems' safety and security.

Ning Tang,Hao Hu,Feng Xu,Fengfeng Zhu

DOI: https://doi.org/10.1109/IESM45758.2019.8948101

2019-01-01

Abstract:Human-related errors, which are usually unpredictable, are one of the major causes of most incidents and accidents on construction sites. By taking the advantages of context-aware technology, the personalized safety management, an effective method to avoid human-related errors, becomes possible. The CA-HFACS model is promoted to manage such human errors, combing the Context-aware technology (CA) and Human Factors Analysis and Classification System (HFACS). First, the personalized factors influencing construction safety performance are summarized from related literatures. These personalized factors incorporate 20 risk factors that are categorized into 5 levels: L1: Health condition, L2: Mental state, L3: Weather, L4: Act properly, and L5: History state. Subsequently, the relationship between these factors and project safety performance is showed in the CA-HFACS model. These factors are then validated by data collected with questionnaires, and the process of data collection is also demonstrated. Finally, the proposed model is applied to a high-speed railway project with PSIM system, a software developed by the authors. The application demonstrates the models abilities to systematically collect safety data of on-site workers, thus largely improving safety assessment capabilities and effectively creating a safer environment for the workers concerned.

Xiang-Yu Zhou,Zheng-Jiang Liu,Feng-Wu Wang,Zhao-Lin Wu

DOI: https://doi.org/10.1016/j.oceaneng.2021.108569

IF: 5

2021-02-01

Ocean Engineering

Abstract:<p>The autonomous ship carrying valuable cargoes and passengers in a more effective and cost-saving manner will soon be state of the art technology, which most likely shall be introduced into the public horizon as the remote control mode within the foreseeable future. The highly connected intelligent systems though come at the cost of the increased system vulnerability to cyber-attacks. To smooth this innovative system can be released into actual context of operation, a novel STPA-based methodology is proposed that synthesizes safety and security, namely STPA-SynSS. In the novel method, a comprehensive process to identifying hazards and revealing causal factors is provided, hazard elimination/mitigation strategies are implemented into system design via system safety and security requirements, so that hazards can be continually tracked and closed-loop managed. The insight regards the operations of the method was demonstrated in a remotely-controlled ship with seafarers onboard, the analysis process focused on encountering ship-ship collision accidents and related security incidents. Results indicate that generated inadvertent/intentional causal factors and developed elimination/mitigation strategies can assist the processes of design and operational planning of the autonomous ships and its shore control centre. Further, the proposed method of this paper also has general relevance for other intelligent systems.</p>

engineering, civil, ocean, marine,oceanography

Jie Liu,Liting Wan,Wanqing Wang,Guanding Yang,Qian Ma,Haowen Zhou,Huyun Zhao,Feng Lu

DOI: https://doi.org/10.3390/su15075898

IF: 3.9

2023-03-29

Sustainability

Abstract:In order to effectively reduce the probability of subway operation accidents and explore the key risk factors and multi-factor risk coupling mechanism during the subway operation period, this paper classifies the risk factors affecting subway operation safety into four categories of primary risk factors, personnel, equipment and facilities, environment and safety management, introduces the emergency management concept to identify 18 secondary risk factors, combines the improved fuzzy decision making test and evaluation laboratory (DEMATEL) and Explanatory Structure Model (ISM) to visualize the risk factor action relationship, construct a six-order hierarchical recursive structure model for subway operation accidents, explore the coupling relationship and effect between risk factors from the perspective of single factor, double factor and multiple factors, establish a coupling effect metric model based on Natural Killing Model (N-K), carry out coupling information interaction scenario combination and coupling effect quantification calculation, and finally integrate fuzzy DEMATEL-ISM-NK model to correct the centrality, determine the key risk factors in subway operation accidents from the perspective of macro and micro analysis, qualitative and quantitative research, and propose safety prevention and control strategies accordingly. The results show that six factors, such as emergency management and social environment, are key risk factors to be prevented in the metro operation system. Multi-factor risk coupling leads to a higher probability of subway operation accidents, and controlling multi-factor involvement in coupling is an effective means to reduce the occurrence of subway operation accidents.

environmental sciences,environmental studies,green & sustainable science & technology

Camila Correa-Jullian,Marilia Ramos,Ali Mosleh,Jiaqi Ma

DOI: https://doi.org/10.1177/1748006x241233863

2024-02-28

Proceedings of the Institution of Mechanical Engineers Part O Journal of Risk and Reliability

Abstract:Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, Ahead of Print. The safety of Automated Driving Systems (ADS) operating as Mobility as a Service (MaaS) depends on multiple factors in addition to the vehicle's functionality, reliability, and performance. Currently, no comprehensive approach has been formally developed to identify operational safety hazards and define the operational safety responsibilities of the key agents involved in Level 4 (L4) ADS MaaS operations. This work develops and applies a structured hazard identification methodology for this operation. The methodology leverages and complements the strengths of various hazard identification and modeling methods, including Event Sequence Diagram (ESD), Concurrent Task Analysis (CoTA), System-Theoretic Process Analysis (STPA), and Fault Tree Analysis (FTA). The methodology is applied to analyze the operation of a fleet of L4 ADS vehicle fleets without a safety driver, monitored and supervised by remote operators. The results highlight the fleet operator's role in ensuring the correct vehicle operation and preventing and mitigating incidents. The analysis demonstrates the developed methodology's strengths and suitability for operational safety analysis of complex systems' operations, considering the inherent complexity of the interactions between multiple human and machine agents.

engineering, industrial, multidisciplinary,operations research & management science

Xin CHEN,Peng JIANG,Yi-Fan ZHANG,Chao HUANG,Yan ZHOU

DOI: https://doi.org/10.13328/j.cnki.jos.004780

2015-01-01

Abstract:The train control system is a safety-critical system. To assure its safety, it requires the testing process to cover all possible runs in its safety-critical scenarios. Existing methods of scenario modeling and test case generation cannot completely satisfy the requirement. The paper focuses on the methods of modeling safety-critical scenarios in train control system and the tools for automatically generating test cases for the system. UML activity diagram is extended with event-driven and time characteristic description mechanism to satisfy the requirement of modeling safety-critical scenarios. A simple path coverage criterion is also proposed to define the coverage of all possible runs in a scenario and a method is provided for automatic test case generation. The experiment on ground train control system shows the effectiveness and limitation of the proposed method.

Bulut Ozan Ceylan,Çağlar Karatuğ,Emre Akyuz,Yasin Arslanoğlu,Georgios Boustras

DOI: https://doi.org/10.1016/j.ssci.2023.106232

IF: 6.392

2023-06-29

Safety Science

Abstract:This paper is aimed to propose a hybrid accident analysis framework for complex engineering systems based on methods of the systems theoretic accident model and process (STAMP), failure modes and effects analysis (FMEA), and analytic hierarchy process (AHP). Within the scope of the proposed model, initially, an accident is qualitatively analyzed by identifying safety constraints, constructing a hierarchical control process, and specifying links between unsafe activities. As a second step, failure modes, their causes, and their consequences are determined. Lastly, the risk scores of each failure mode are calculated by analysis of obtained expert judgments. In this step, as different from the conventional FMEA, results are calculated based on the weight scores that are found according to the AHP approach of each accident factor. For the demonstration stage, a real case study is performed to present the effectiveness of the strategy. It is observed that the proposed approach allows analyzing the accident more specifically by defining each relationship between factors and root causes corresponding to the accident and prioritizing them based on the weights, which are assigned according to the accident's nature. In addition, it may be adapted for different complex engineering systems as well as it is a suitable and useful model for the accident analysis associated with smart ship concepts.

engineering, industrial,operations research & management science

Xinhai Zhang,Jianbo Tao,Kaige Tan,Muhammad Rusyadi Ramli,Xin Tao,Magnus Gyllenhammar,Franz Wotawa,Naveen Mohan,Mihai Nica,Hermann Felbinger,Martin Torngren,Jose Manuel Gaspar Sanchez

DOI: https://doi.org/10.1109/tse.2022.3170122

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Scenario-based approaches have been receiving a huge amount of attention in research and engineering of automated driving systems. Due to the complexity and uncertainty of the driving environment, and the complexity of the driving task itself, the number of possible driving scenarios that an Automated Driving System or Advanced Driving-Assistance System may encounter is virtually infinite. Therefore it is essential to be able to reason about the identification of scenarios and in particular critical ones that may impose unacceptable risk if not considered. Critical scenarios are particularly important to support design, verification and validation efforts, and as a basis for a safety case. In this paper, we present the results of a systematic mapping study in the context of autonomous driving. The main contributions are: (i) introducing a comprehensive taxonomy for critical scenario identification methods; (ii) giving an overview of the state-of-the-art research based on the taxonomy encompassing 86 papers between 2017 and 2020; and (iii) identifying open issues and directions for further research. The provided taxonomy comprises three main perspectives encompassing the problem definition (the why), the solution (the methods to derive scenarios), and the assessment of the established scenarios. In addition, we discuss open research issues considering the perspectives of coverage, practicability, and scenario space explosion.

engineering, electrical & electronic,computer science, software engineering

Yongliang Deng,Ying Zhang,Zhenmin Yuan,Rita Yi Man Li,Tiantian Gu

DOI: https://doi.org/10.3390/ijerph20043386

IF: 4.614

2023-02-15

International Journal of Environmental Research and Public Health

Abstract:Subway operation safety management has become increasingly important due to the severe consequences of accidents and interruptions. As the causative factors and accidents exhibit a complex and dynamic interrelationship, the proposed subway operation accident causation network (SOACN) could represent the actual scenario in a better way. This study used the SOACN to explore subway operation safety risks and provide suggestions for promoting safety management. The SOACN model was built under 13 accident types, 29 causations and their 84 relationships based on the literature review, grounded theory and association rule analysis, respectively. Based on the network theory, topological features were obtained to showcase different roles of an accident or causation in the SOACN, including degree distribution, betweenness centrality, clustering coefficient, network diameter, and average path length. The SOACN exhibits both small-world network and scale-free features, implying that propagation in the SOACN is fast. Vulnerability evaluation was conducted under network efficiency, and its results indicated that safety management should focus more on fire accident and passenger falling off the rail. This study is beneficial for capturing the complex accident safety-risk–causation relationship in subway operations. It offers suggestions regarding safety-related decision optimization and measures for causation reduction and accident control with high efficiency.

public, environmental & occupational health,environmental sciences