A rigorous approach to combining use case modelling and accident scenarios

Nearly all serious accidents, in the past twenty years, in which software has been involved can be traced to requirements flaws. Accidents related to or involving safety-critical systems often lead to significant damage to life, property, and environment in which the systems operate. This thesis explores an extension to use case modelling that allows safety concerns to be modelled early in the systems development process. This motivation comes from interaction with systems and safety engineers who routinely rely upon use case modelling during the early stages of defining and analysing system behaviour. The approach of embedded formal methods is adopted. That is, we use one discipline of use case modelling to guide the development of a formal model. This enables a greater precision and formal assurance when reasoning about concerns identified by system and safety engineers as well as the subsequent changes made at the level of use case modelling. The chosen formal method is Event-B, which is re nement based and has consequently enabled the approach to exploit a natural abstractions found within use case modelling. This abstraction of the problem found within use cases help introduce their behaviour into the Event-B model via step-wise re nement. The central ideas underlying this thesis are implemented in, UC-B, a tool support for modelling use cases on the Rodin platform (an eclipse-based development environment for Event-B). UC-B allows the specification of the use cases to be detailed with both informal and formal notation, and supports the automatic generation of an Event-B model given a formally specified use case. Several case studies of use cases with accident cases are provided, with their formalisation in Event-B supported by UC-B tool. An examination of the translation from use cases to Event-B model is discussed, along with the subsequent verification provided by Event-B to the use case model

A dynamic HAZOP case study using the Texas City refinery explosion

© 2016 Elsevier Ltd. The catastrophic explosion that occurred at Texas City on 23 March 2005 during the start-up of the raffinate splitter resulted in an estimated 15 deaths and 180 injuries. Since the incident, several studies have investigated the root causes of the disaster. Some contributing factors to the incident include wider organisational, process safety management, and human elements. There have also been some attempts to model the sequence of events before the incident, and the consequences of the resulting fires and explosions. This study provides a dynamic model of the sequence of events leading up to the incident and replicates the reported process variables during the isomerisation unit start-up on the day of the incident. The resulting simulation model is used as the framework for a dynamic hazard and operability (HAZOP) study

Towards Social Autonomous Vehicles: Efficient Collision Avoidance Scheme Using Richardson's Arms Race Model

Background Road collisions and casualties pose a serious threat to commuters around the globe. Autonomous Vehicles (AVs) aim to make the use of technology to reduce the road accidents. However, the most of research work in the context of collision avoidance has been performed to address, separately, the rear end, front end and lateral collisions in less congested and with high inter-vehicular distances. Purpose The goal of this paper is to introduce the concept of a social agent, which interact with other AVs in social manners like humans are social having the capability of predicting intentions, i.e. mentalizing and copying the actions of each other, i.e. mirroring. The proposed social agent is based on a human-brain inspired mentalizing and mirroring capabilities and has been modelled for collision detection and avoidance under congested urban road traffic. Method We designed our social agent having the capabilities of mentalizing and mirroring and for this purpose we utilized Exploratory Agent Based Modeling (EABM) level of Cognitive Agent Based Computing (CABC) framework proposed by Niazi and Hussain. Results Our simulation and practical experiments reveal that by embedding Richardson's arms race model within AVs, collisions can be avoided while travelling on congested urban roads in a flock like topologies. The performance of the proposed social agent has been compared at two different levels.Comment: 48 pages, 21 figure

Applications of dynamic simulations in the process industries : a safety case study using Texas City refinery explosion

Although process safety performance in petroleum refineries is much better today compared to several decades ago, major accidents still occur occasionally. The explosion and fires at Texas City refinery on 23 March 2005 is regarded as one of the worst industrial accidents in US history to date. Dynamic process simulation provides an effective means to collect, collate and analyze data from previous incidents and offer recommendations of good practice to further improve process safety outcomes.A simulation of the sequence of events that led to the catastrophic explosions at Texas City refinery is presented in Aspen HYSYS. An initial steady state simulation of the operation of the raffinate splitter column at Texas City forms the basis for a subsequent dynamic simulation of the filling of the distillation column from 0213hrs until 1313hrs when the explosion occurred. A PID (proportional, integral, derivative) control scheme is implemented with appropriate tuning parameters.The dynamic simulation of the overall tower filling dynamics from 1000hrs to 1320hrs when the explosion occurred revealed that the feed to the column vaporised at approximately 1310 hrs. This happened as a result of the additional heat input into the column through the feed-product heat exchanger. Subsequently, thermal expansion of the liquid in the column led to the filling of the overhead vapour line with hydrocarbon liquids and an increase in pressure as a result of the hydrostatic liquid head. Flammable hydrocarbon vapours subsequently flowed from the overhead line through the collection headers into the blowdown drum. An alternative accident pathway is presented as the basis for a quantitative hazard and operability study, HAZOP

Introducing the STAMP method in road tunnel safety assessment

After the tremendous accidents in European road tunnels over the past decade, many risk assessment methods have been proposed worldwide, most of them based on Quantitative Risk Assessment (QRA). Although QRAs are helpful to address physical aspects and facilities of tunnels, current approaches in the road tunnel field have limitations to model organizational aspects, software behavior and the adaptation of the tunnel system over time. This paper reviews the aforementioned limitations and highlights the need to enhance the safety assessment process of these critical infrastructures with a complementary approach that links the organizational factors to the operational and technical issues, analyze software behavior and models the dynamics of the tunnel system. To achieve this objective, this paper examines the scope for introducing a safety assessment method which is based on the systems thinking paradigm and draws upon the STAMP model. The method proposed is demonstrated through a case study of a tunnel ventilation system and the results show that it has the potential to identify scenarios that encompass both the technical system and the organizational structure. However, since the method does not provide quantitative estimations of risk, it is recommended to be used as a complementary approach to the traditional risk assessments rather than as an alternative. (C) 2012 Elsevier Ltd. All rights reserved

Modelling Social Structures and Hierarchies in Language Evolution

Language evolution might have preferred certain prior social configurations over others. Experiments conducted with models of different social structures (varying subgroup interactions and the role of a dominant interlocutor) suggest that having isolated agent groups rather than an interconnected agent is more advantageous for the emergence of a social communication system. Distinctive groups that are closely connected by communication yield systems less like natural language than fully isolated groups inhabiting the same world. Furthermore, the addition of a dominant male who is asymmetrically favoured as a hearer, and equally likely to be a speaker has no positive influence on the disjoint groups.Comment: 14 pages, 3 figures, 1 table. In proceedings of AI-2010, The Thirtieth SGAI International Conference on Innovative Techniques and Applications of Artificial Intelligence, Cambridge, England, UK, 14-16 December 201

Should the advanced measurement approach be replaced with the standardized measurement approach for operational risk?

Recently, Basel Committee for Banking Supervision proposed to replace all approaches, including Advanced Measurement Approach (AMA), for operational risk capital with a simple formula referred to as the Standardised Measurement Approach (SMA). This paper discusses and studies the weaknesses and pitfalls of SMA such as instability, risk insensitivity, super-additivity and the implicit relationship between SMA capital model and systemic risk in the banking sector. We also discuss the issues with closely related operational risk Capital-at-Risk (OpCar) Basel Committee proposed model which is the precursor to the SMA. In conclusion, we advocate to maintain the AMA internal model framework and suggest as an alternative a number of standardization recommendations that could be considered to unify internal modelling of operational risk. The findings and views presented in this paper have been discussed with and supported by many OpRisk practitioners and academics in Australia, Europe, UK and USA, and recently at OpRisk Europe 2016 conference in London

Exploring alternative routes to realising the benefits of simulation in healthcare

Discrete event simulation should offer numerous benefits in designing healthcare systems but the reality is often problematic. Healthcare modelling faces particular challenges: genuine, fundamental variations in practice and an opposition to any suggestion of standardisation from some professional groups. This paper compares the experiences of developing a new simulation in an Accident and Emergency (A&E) Department, a subsequent adaptation for modelling an outpatient clinic and applications of a generic A&E simulation. These studies provide examples of three distinct approaches to realising the potential benefits of simulation: the bespoke, the reuse and the generic route. Reuse has many advantages: it is relatively efficient in exploiting previous modelling experience, delivering timely results while providing scope for adaptations to local practice. Explicitly demonstrating this willingness to adapt to local conditions and engaging with stakeholders is particularly important in healthcare simulation