Development and Validation of Functional Model of a Cruise Control System

Modern automobiles can be considered as a collection of many subsystems working with each other to realize safe transportation of the occupants. Innovative technologies that make transportation easier are increasingly incorporated into the automobile in the form of functionalities. These new functionalities in turn increase the complexity of the system framework present and traceability is lost or becomes very tricky in the process. This hugely impacts the development phase of an automobile, in which, the safety and reliability of the automobile design should be ensured. Hence, there is a need to ensure operational safety of the vehicles while adding new functionalities to the vehicle. To address this issue, functional models of such systems are created and analysed. The main purpose of developing a functional model is to improve the traceability and reusability of a system which reduces development time and cost. Operational safety of the system is ensured by analysing the system with respect to random and systematic failures and including safety mechanism to prevent such failures. This paper discusses the development and validation of a functional model of a conventional cruise control system in a passenger vehicle based on the ISO 26262 Road Vehicles - Functional Safety standard. A methodology for creating functional architectures and an architecture of a cruise control system developed using the methodology are presented.Comment: In Proceedings FESCA 2016, arXiv:1603.0837

New safety model for the commercial human spaceflight industry

The aviation and space domains have safety guidelines and recommended practices for Design Organisations (DOs) and Operators alike. In terms of Aerospace DOs there are certification criteria to meet and to demonstrate compliance there are Advisory Circulars or Acceptable Means of Compliance to follow. Additionally there are guidelines such as Aerospace Recommended Practices (ARP), Military Standards (MIL-STD 882 series) and System Safety Handbooks to follow in order to identify and manage failure conditions. In terms of Operators there are FAA guidelines and a useful ARP that details many tools and techniques in understanding Operator Safety Risks. However there is currently no methodology for linking the DO and Operator safety efforts. In the space domain NASA have provided safety standards and guidelines to follow and also within Europe there are European Co-operation of Space Standardization (ECSS) to follow. Within the emerging Commercial Human Spaceflight Industry, the FAA’s Office of Commercial Space Transportation has provided hazard analysis guidelines. However all of these space domain safety documents are based on the existing aerospace methodology and once again, there is no link between the DO and Operator’s safety effort. This paper addresses the problematic issue and presents a coherent methodology of joining up the System Safety effort of the DOs to the Operator Safety Risk Management such that a ‘Total System’ approach is adopted. Part of the rationale is that the correct mitigation (control) can be applied within the correct place in the accident sequence. Also this contiguous approach ensures that the Operator is fully aware of the safety risks (at the accident level) and therefore has an appreciation of the Total System Risk. The authors of this paper contend that it is better practice to have a fully integrated safety model as opposed to disparate requirements or guidelines. Our methodology is firstly to review ‘best practice’ approaches from the aviation and space industries, and then to integrate these approaches into a contiguous safety model for the commercial human spaceflight industry

Integrating model checking with HiP-HOPS in model-based safety analysis

The ability to perform an effective and robust safety analysis on the design of modern safety–critical systems is crucial. Model-based safety analysis (MBSA) has been introduced in recent years to support the assessment of complex system design by focusing on the system model as the central artefact, and by automating the synthesis and analysis of failure-extended models. Model checking and failure logic synthesis and analysis (FLSA) are two prominent MBSA paradigms. Extensive research has placed emphasis on the development of these techniques, but discussion on their integration remains limited. In this paper, we propose a technique in which model checking and Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) – an advanced FLSA technique – can be applied synergistically with benefit for the MBSA process. The application of the technique is illustrated through an example of a brake-by-wire system

Transportation of hazardous materials via pipeline. A historical overview

The transportation of hazardous materials via pipelines is often considered a safer alternative to other transportation modalities such as railway, road and ship. However, pipelines often cross industrial and highly populated areas, so that their failure can pose a significant risk to the surrounding environment and the exposed population: the possible release of flammable and/or toxic materials in such areas can generate catastrophic events with very severe consequences. A number of accidents have actually occurred in the past years, and even when no deaths or injured are reported, significant damages to the surrounding environment often occur. This suggests that, given the extremely wide extension of the network worldwide, and the very high amounts of transported materials, a careful analysis is still required. In addition, the construction of pipelines also involves the contribution of expertise from a range of technical areas. As a consequence, the occurrence of accidents and the impact of their consequences, depend on the combination of a large number of parameters. In the present paper, an analysis of data relative to pipelines transporting hazardous materials has been carried out, and the influence of specific issues connected with their type and operation, has been assessed

The Impact of Human Error in the Use of Agricultural Tractors: A Case Study Research in Vineyard Cultivation in Italy

Recently, standards and regulations concerning occupational safety have become more and more rigorous. Nevertheless, the number of accidents and victims has not decreased significantly, as reported by official statistics. In Italy, the agricultural sector is certainly one of the most affected by this situation, especially taking into account the occurrence of serious injuries and fatalities related to the use of tractors. The main reasons for such a situation can be ascribed to the peculiarities of agricultural operations. Therefore, when analyzing the root causes of agricultural accidents, a user-centered approach is needed in order to make the development of health and safety interventions easier and more effective. Based on this, the present paper proposes a practical case study research focused on integrating the factor of human error into the risk assessment procedures of agricultural activities in vineyard cultivation. Such an approach allowed us to consider the impact of human errorwhile performing work activities (e.g., the use of a tractor)on hazards and related hazardous events in a thorough manner. The proposed approach represents a novelty in the sector of the safety assessment of agricultural activities, providing a first valuable basis for further analysis and implementation by researchers and practitioners

Estimating rate of occurrence of rare events with empirical Bayes : a railway application

Classical approaches to estimating the rate of occurrence of events perform poorly when data are few. Maximum likelihood estimators result in overly optimistic point estimates of zero for situations where there have been no events. Alternative empirical-based approaches have been proposed based on median estimators or non-informative prior distributions. While these alternatives offer an improvement over point estimates of zero, they can be overly conservative. Empirical Bayes procedures offer an unbiased approach through pooling data across different hazards to support stronger statistical inference. This paper considers the application of Empirical Bayes to high consequence low-frequency events, where estimates are required for risk mitigation decision support such as as low as reasonably possible. A summary of empirical Bayes methods is given and the choices of estimation procedures to obtain interval estimates are discussed. The approaches illustrated within the case study are based on the estimation of the rate of occurrence of train derailments within the UK. The usefulness of empirical Bayes within this context is discusse

An Approach to Using Non Safety-Assured Programmable Components in Modest Integrity Systems

Programmable components (like personal computers or smart devices) can offer considerable benefits in terms of usability and functionality in a safety-related system. However there is a problem in justifying the use of programmable components if the components have not been safety justified to an appropriate integrity (e.g. to SIL 1 of IEC 61508). This paper outlines an approach (called LowSIL) developed in the UK CINIF nuclear industry research programme to justify the use of non safety-assured programmable components in modest integrity systems. This is a seven step approach that can be applied to new systems from an early design stage, or retrospectively to existing systems. The stages comprise: system characterisation, component suitability assessment, failure analysis, failure mitigation, identification of additional defences, identification of safety evidence requirements, and collation and evaluation of evidence. In the case of personal computers, there is supporting guidance on usage constraints, claim limits on reliability, and advice on “locking down” the component to maximise reliability. The approach is demonstrated for an example system. The approach has been applied successfully to a range of safety-related systems used in the nuclear industry

Improving Aircraft Engines Prognostics and Health Management via Anticipated Model-Based Validation of Health Indicators

The aircraft engines manufacturing industry is subjected to many dependability constraints from certification authorities and economic background. In particular, the costs induced by unscheduled maintenance and delays and cancellations impose to ensure a minimum level of availability. For this purpose, Prognostics and Health Management (PHM) is used as a means to perform online periodic assessment of the engines’ health status. The whole PHM methodology is based on the processing of some variables reflecting the system’s health status named Health Indicators. The collecting of HI is an on-board embedded task which has to be specified before the entry into service for matters of retrofit costs. However, the current development methodology of PHM systems is considered as a marginal task in the industry and it is observed that most of the time, the set of HI is defined too late and only in a qualitative way. In this paper, the authors propose a novel development methodology for PHM systems centered on an anticipated model-based validation of HI. This validation is based on the use of uncertainties propagation to simulate the distributions of HI including the randomness of parameters. The paper defines also some performance metrics and criteria for the validation of the HI set. Eventually, the methodology is applied to the development of a PHM solution for an aircraft engine actuation loop. It reveals a lack of performance of the original set of HI and allows defining new ones in order to meet the specifications before the entry into service

Building safe software

Murphy is a set of techniques and tools under investigation for their potential in enhancing the safety of software. This paper describes some of the work which has been done and some which is planned