15,567 research outputs found
Engineering a Safer World
A new approach to safety, based on systems thinking, that is more effective, less costly, and easier to use than current techniques. Engineering has experienced a technological revolution, but the basic engineering techniques applied in safety and reliability engineering, created in a simpler, analog world, have changed very little over the years. In this groundbreaking book, Nancy Leveson proposes a new approach to safety—more suited to today's complex, sociotechnical, software-intensive world—based on modern systems thinking and systems theory. Revisiting and updating ideas pioneered by 1950s aerospace engineers in their System Safety concept, and testing her new model extensively on real-world examples, Leveson has created a new approach to safety that is more effective, less expensive, and easier to use than current techniques. Arguing that traditional models of causality are inadequate, Leveson presents a new, extended model of causation (Systems-Theoretic Accident Model and Processes, or STAMP), then shows how the new model can be used to create techniques for system safety engineering, including accident analysis, hazard analysis, system design, safety in operations, and management of safety-critical systems. She applies the new techniques to real-world events including the friendly-fire loss of a U.S. Blackhawk helicopter in the first Gulf War; the Vioxx recall; the U.S. Navy SUBSAFE program; and the bacterial contamination of a public water supply in a Canadian town. Leveson's approach is relevant even beyond safety engineering, offering techniques for “reengineering” any large sociotechnical system to improve safety and manage risk
Model-Based STPA: Enabling Safety Analysis Coverage Assessment with Formalization
Urban Air Mobility introduces safety-related challenges for future avionics systems. The associated need for increased autonomy demands novel functions based on highperformance algorithms. To provide such functionality in future air vehicles of all sizes, the trend is towards centralized and powerful computing platforms. That turns avionics into a complex, integrated, and software-intensive aircraft system. Simultaneously, this increases the need for adapted safety analyses. The System-Theoretic Process Analysis is a promising approach to analyze the safety of software-intensive systems. It enables consideration of interaction and specification issues additional to component failures. However, even when using state-of-the-art analyses such as STPA, claiming the sufficiency of the safety analysis efforts is a challenging tasks for systems with everincreasing complexity. To address this issue, this paper extends the coverage analysis concepts known from the software development to safety analyses. This is achieved with the utilization of failure graphs, i.e., formalized analysis summaries that can be automatically created during the safety analysis. Failure graphs
have two advantages: they provide the possibility for visual analysis state indication and can be used to calculate various statistical metrics. Thereby, they allow to improve the knowledge about the depth, breadth, and state of the safety analysis. Both visual and statistical consideration complement each other to enhance the safety analysis coverage assessment for future avionic systems. To show all capabilities, the analysis of a flight assistance system serves as demonstrator
A System Safety Assessment of an Unmanned, Solar-Powered Stratospheric Aircraft Using the STPA Methodology
Developed for electromechanical systems, traditional safety analysis methods can not provide sufficient guidance to handle the complexity of modern, software intensive systems. New ways of modeling complex systems and human operators in their sociotechnical environment and performing holistic, guided safety analysis based on these models have been developed by Nancy Leveson, Professor of Aeronautics and Astronautics and Professor of Engineering Systems at the Massachusetts Institute of Technology (MIT). This assignment compares the basic principles of the approach on how to achieve safety of a system proposed by the SAE ARP4754A and the approach proposed by Nancy Leveson’s Systems-Theoretic Accident Model and Processes (STAMP) causality theory, including the thereon based Systems-Theoretic Process Analysis
(STPA) hazard analysis method. General definitions and assumptions, boundaries, potential weaknesses and advantages of the approaches are estimated, compared and summarized. STPA, including an extension based on works by M. France and J. P. Thomas on how to model and
analyze human operators effectively, is further applied on exemplary parts of the High Altitude Platform (HAP) unmanned, solar-powered stratospheric aircraft of the German Aerospace Center (DLR). Applicability is shown, safety issues and causal loss scenarios in the system are identified, and design, operation and operator training recommendations are given. Identified advantages, difficulties and recommendations of practical application of STAMP/STPA are discussed. A proposal on how to include STAMP/STPA in future versions of the SAE ARP4754A is given
A controlled experiment for the empirical evaluation of safety analysis techniques for safety-critical software
Context: Today's safety critical systems are increasingly reliant on
software. Software becomes responsible for most of the critical functions of
systems. Many different safety analysis techniques have been developed to
identify hazards of systems. FTA and FMEA are most commonly used by safety
analysts. Recently, STPA has been proposed with the goal to better cope with
complex systems including software. Objective: This research aimed at comparing
quantitatively these three safety analysis techniques with regard to their
effectiveness, applicability, understandability, ease of use and efficiency in
identifying software safety requirements at the system level. Method: We
conducted a controlled experiment with 21 master and bachelor students applying
these three techniques to three safety-critical systems: train door control,
anti-lock braking and traffic collision and avoidance. Results: The results
showed that there is no statistically significant difference between these
techniques in terms of applicability, understandability and ease of use, but a
significant difference in terms of effectiveness and efficiency is obtained.
Conclusion: We conclude that STPA seems to be an effective method to identify
software safety requirements at the system level. In particular, STPA addresses
more different software safety requirements than the traditional techniques FTA
and FMEA, but STPA needs more time to carry out by safety analysts with little
or no prior experience.Comment: 10 pages, 1 figure in Proceedings of the 19th International
Conference on Evaluation and Assessment in Software Engineering (EASE '15).
ACM, 201
CORBYS cognitive control architecture for robotic follower
In this paper the novel generic cognitive robot control architecture CORBYS is presented. The objective of the CORBYS architecture is the integration of high-level cognitive modules to support robot functioning in dynamic environments including interacting with humans. This paper presents the preliminary integration of the CORBYS architecture to support a robotic follower. Experimental results on high-level empowerment-based trajectory planning have demonstrated the effectiveness of ROS-based communication between distributed modules developed in a multi-site research environment as typical for distributed collaborative projects such as CORBYS
Grand Challenges of Traceability: The Next Ten Years
In 2007, the software and systems traceability community met at the first
Natural Bridge symposium on the Grand Challenges of Traceability to establish
and address research goals for achieving effective, trustworthy, and ubiquitous
traceability. Ten years later, in 2017, the community came together to evaluate
a decade of progress towards achieving these goals. These proceedings document
some of that progress. They include a series of short position papers,
representing current work in the community organized across four process axes
of traceability practice. The sessions covered topics from Trace Strategizing,
Trace Link Creation and Evolution, Trace Link Usage, real-world applications of
Traceability, and Traceability Datasets and benchmarks. Two breakout groups
focused on the importance of creating and sharing traceability datasets within
the research community, and discussed challenges related to the adoption of
tracing techniques in industrial practice. Members of the research community
are engaged in many active, ongoing, and impactful research projects. Our hope
is that ten years from now we will be able to look back at a productive decade
of research and claim that we have achieved the overarching Grand Challenge of
Traceability, which seeks for traceability to be always present, built into the
engineering process, and for it to have "effectively disappeared without a
trace". We hope that others will see the potential that traceability has for
empowering software and systems engineers to develop higher-quality products at
increasing levels of complexity and scale, and that they will join the active
community of Software and Systems traceability researchers as we move forward
into the next decade of research
Grand Challenges of Traceability: The Next Ten Years
In 2007, the software and systems traceability community met at the first
Natural Bridge symposium on the Grand Challenges of Traceability to establish
and address research goals for achieving effective, trustworthy, and ubiquitous
traceability. Ten years later, in 2017, the community came together to evaluate
a decade of progress towards achieving these goals. These proceedings document
some of that progress. They include a series of short position papers,
representing current work in the community organized across four process axes
of traceability practice. The sessions covered topics from Trace Strategizing,
Trace Link Creation and Evolution, Trace Link Usage, real-world applications of
Traceability, and Traceability Datasets and benchmarks. Two breakout groups
focused on the importance of creating and sharing traceability datasets within
the research community, and discussed challenges related to the adoption of
tracing techniques in industrial practice. Members of the research community
are engaged in many active, ongoing, and impactful research projects. Our hope
is that ten years from now we will be able to look back at a productive decade
of research and claim that we have achieved the overarching Grand Challenge of
Traceability, which seeks for traceability to be always present, built into the
engineering process, and for it to have "effectively disappeared without a
trace". We hope that others will see the potential that traceability has for
empowering software and systems engineers to develop higher-quality products at
increasing levels of complexity and scale, and that they will join the active
community of Software and Systems traceability researchers as we move forward
into the next decade of research
An Assurance Framework for Independent Co-assurance of Safety and Security
Integrated safety and security assurance for complex systems is difficult for
many technical and socio-technical reasons such as mismatched processes,
inadequate information, differing use of language and philosophies, etc.. Many
co-assurance techniques rely on disregarding some of these challenges in order
to present a unified methodology. Even with this simplification, no methodology
has been widely adopted primarily because this approach is unrealistic when met
with the complexity of real-world system development.
This paper presents an alternate approach by providing a Safety-Security
Assurance Framework (SSAF) based on a core set of assurance principles. This is
done so that safety and security can be co-assured independently, as opposed to
unified co-assurance which has been shown to have significant drawbacks. This
also allows for separate processes and expertise from practitioners in each
domain. With this structure, the focus is shifted from simplified unification
to integration through exchanging the correct information at the right time
using synchronisation activities
- …