Model Based Mission Assurance in a Model Based Systems Engineering (MBSE) Framework: State-of-the-Art Assessment

This report explores the current state of the art of Safety and Mission Assurance (S&MA) in projects that have shifted towards Model Based Systems Engineering (MBSE). Its goal is to provide insight into how NASA's Office of Safety and Mission Assurance (OSMA) should respond to this shift. In MBSE, systems engineering information is organized and represented in models: rigorous computer-based representations, which collectively make many activities easier to perform, less error prone, and scalable. S&MA practices must shift accordingly. The "Objective Structure Hierarchies" recently developed by OSMA provide the framework for understanding this shift. Although the objectives themselves will remain constant, S&MA practices (activities, processes, tools) to achieve them are subject to change. This report presents insights derived from literature studies and interviews. The literature studies gleaned assurance implications from reports of space-related applications of MBSE. The interviews with knowledgeable S&MA and MBSE personnel discovered concerns and ideas for how assurance may adapt. Preliminary findings and observations are presented on the state of practice of S&MA with respect to MBSE, how it is already changing, and how it is likely to change further. Finally, recommendations are provided on how to foster the evolution of S&MA to best fit with MBSE

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt

Cascade Distillation System Design for Safety and Mission Assurance

Per the NASA Human Health, Life Support and Habitation System Technology Area 06 report "crewed missions venturing beyond Low-Earth Orbit (LEO) will require technologies with improved reliability, reduced mass, self-sufficiency, and minimal logistical needs as an emergency or quick-return option will not be feasible".1 To meet this need, the development team of the second generation Cascade Distillation System (CDS 2.0) chose a development approach that explicitly incorporate consideration of safety, mission assurance, and autonomy. The CDS 2.0 preliminary design focused on establishing a functional baseline that meets the CDS core capabilities and performance. The critical design phase is now focused on incorporating features through a deliberative process of establishing the systems failure modes and effects, identifying mitigation strategies, and evaluating the merit of the proposed actions through analysis and test. This paper details results of this effort on the CDS 2.0 design

Review and comparison of the modeling approaches and risk analysis methods for complex ship system.

Marine industry is leaning towards autonomous vessels with companies such as Rolls-Royce and Kongsberg leading the development. However, this rapid technological change invites greater risks and responsibilities for marine professionals. Ship systems are getting more complex with time as the interactions between components are increasing and software are getting embedded. As a result, the nature of risks in modern systems can be different than in the traditional systems, where the risks were mostly limited to human errors and component failures. However, for identifying risks in modern complex systems, it is first important to understand the structural composition of the system, and the component’s behavior, functions and interactions. Although, modern systems are quite different than traditional systems, traditional system-safety engineering techniques developed are still widely used. This thesis aims to review a modern modeling approach known as Systems Modeling Language (SysML) and a risk analysis method known as Systems-Theoretical Process Analysis (STPA); and compare them against widely used traditional methods known as the Tree structure method and Fault Tree Analysis (FTA). SysML, developed in 2006, is a graphical modeling language which presents structural composition, component functions, behavior, constraints and requirements of a system. SysML aims to support the analysis, specification, design, verification and validation of complex systems. STPA, developed in 2011, is a risk analysis method which aims to identify and mitigate risks in a complex system. Unlike traditional methods such as Fault Tree analysis (FTA), STPA focuses on risks due to the unsafe control actions and component interactions. Furthermore, STPA can be also used during the early phases of the system development process to generate safety constraints and requirements for a safer design of the system. This thesis also includes a workshop with Rolls-Royce where FTA, STPA, SysML and the Tree structure method were applied to a sample complex ship system. The results and feedback received from the workshop are presented and analyzed. The results suggest that the modern methods such as SysML and STPA are more suitable than traditional methods for modeling and identifying risks in a complex ship system if the results of the method’s implementation are considered. SysML presents several aspects of systems in a model which are missing in the Tree structure method, such as the requirements of a system, and behavior and interaction of components. Furthermore, it also provides a model that can be used as a tool for conducting an analysis of a system. Similarly, STPA succeeds on identifying higher number of risks related to component interactions and human errors in comparison to FTA, as STPA analyzes all possible control actions in a system, whereas FTA only analyzes the risks that are known to the analysts. However, some drawbacks of SysML and STPA have also been identified. Although the methods are suitable for complex ship systems, the methods have higher degree of complexity and require more time for an analysis in comparison to traditional methods. Furthermore, some solutions to improve the identified drawbacks of SysML and STPA are proposed in this thesis. Finally, some viable future research topics to improve the research results are presented

Digital Twin: towards the integration between System Design and RAMS assessment through the Model–Based Systems Engineering

The design of a safety-critical system requires an effective prediction of its reliability, availability, maintainability and safety (RAMS). Anticipating the RAMS analysis at the concept design helps the designer in the trade-off of the system architecture and technologies, reduces cost of product development and the time to market. This action is rather difficult, because the RAMS analysis deals with the hazard assessment of system components, whose abstraction at concept level is never simple. Therefore, to integrate the system design and RAMS assessment, a clear path to follow is required. The paper investigates how the Model Based Systems Engineering (MBSE) supports this task and drives the system reliability allocation, through the functional and dysfunctional analyses. The implementation of the proposed approach needs to set up the tool chain. In the industrial context it must be compatible with practices, standards and tools currently used in product development. Defining a suitable process of integration of tools used for the System Design and the Safety Engineering is a need of industry. Therefore, this task is also discussed, in this paper, dealing with some examples of industrial test case

Cascade Distillation System Design for Safety and Mission Assurance

Per the NASA Human Health, Life Support and Habitation System Technology Area 06 report "crewed missions venturing beyond Low-Earth Orbit (LEO) will require technologies with improved reliability, reduced mass, self-sufficiency, and minimal logistical needs as an emergency or quick-return option will not be feasible". 1 To meet this need, the development team of the second generation Cascade Distillation System (CDS 2.0) chose a development approach that explicitly incorporate consideration of safety, mission assurance, and autonomy. The CDS 2.0 preliminary design focused on establishing a functional baseline that meets the CDS core capabilities and performance. The critical design phase is now focused on incorporating features through a deliberative process of establishing the systems failure modes and effects, identifying mitigation strategies, and evaluating the merit of the proposed actions through analysis and test. This paper details results of this effort on the CDS 2.0 design. Nomenclature AES = Advanced Exploration System

An overview of safety and security analysis frameworks for the Internet of Things

YesThe rapid progress of the Internet of Things (IoT) has continued to offer humanity numerous benefits, including many security and safety-critical applications. However, unlocking the full potential of IoT applications, especially in high-consequence domains, requires the assurance that IoT devices will not constitute risk hazards to the users or the environment. To design safe, secure, and reliable IoT systems, numerous frameworks have been proposed to analyse the safety and security, among other properties. This paper reviews some of the prominent classical and model-based system engineering (MBSE) approaches for IoT systems’ safety and security analysis. The review established that most analysis frameworks are based on classical manual approaches, which independently evaluate the two properties. The manual frameworks tend to inherit the natural limitations of informal system modelling, such as human error, a cumbersome processes, time consumption, and a lack of support for reusability. Model-based approaches have been incorporated into the safety and security analysis process to simplify the analysis process and improve the system design’s efficiency and manageability. Conversely, the existing MBSE safety and security analysis approaches in the IoT environment are still in their infancy. The limited number of proposed MBSE approaches have only considered limited and simple scenarios, which are yet to adequately evaluate the complex interactions between the two properties in the IoT domain. The findings of this survey are that the existing methods have not adequately addressed the analysis of safety/security interdependencies, detailed cyber security quantification analysis, and the unified treatment of safety and security properties. The existing classical and MBSE frameworks’ limitations obviously create gaps for a meaningful assessment of IoT dependability. To address some of the gaps, we proposed a possible research direction for developing a novel MBSE approach for the IoT domain’s safety and security coanalysis framework

Provision and Collection of Safety Evidence: A Systematic Literature Review

Safety-Critical Systems (SCS) are becoming more and more present in modern societies’ daily lives, increasing people’s dependence on them. Current SCS are firmly based on computational technology; possible failures in the operation of these systems can lead to accidents and endanger human life, as well as damage the environment and property. SCS are present in many areas such as avionics, automotive systems, industrial plants (chemical, oil & gas, and nuclear), medical devices, railroad control, defense, and aerospace systems. Companies that develop SCS must present evidence of their safety to obtain certification and authorization. This paper presents a Systematic Literature Review (SLR) to investigate processes, tools, and techniques for collecting and managing safety evidence in SCS. The authors conducted this SLR according to the guidelines proposed by Kitchenham and Charters. The SLR comprises seven (7) research questions that investigate essential aspects of collecting and managing safety evidence. The primary studies analyzed in this SLR were selected based on a search string applied into four data sources: ACM, IEEE Xplore, SpringerLink, and ScienceDirect. Data extraction considered (fifty-one) 51 primary studies. The authors identified eleven (11) different approaches covering processes, tools, and techniques for collecting and managing safety evidence. Despite other SLR works conducted about safety evidence, none of them focused on the details related to safety evidence collection. We found that very few approaches focused specifically on the process of collecting safety evidence

A Model based Safety Assessment for Multirotors

Unmanned Aerial Vehicles (UAVs) must be safe and reliable to prevent fatal accidents in densely populated areas. This research makes the first steps to create a framework which can integrate safety and reliability considerations in the design process. The conceptual design process should consider creating design models coupling sizing with system architecture. Additionally, the multirotor has safety challenges from the propulsor configuration. They lose flight control and show erroneous flight behaviour when propulsors fail. Hence, the design models of multirotor should also incorporate a controllability assessment method to identify and isolate uncontrollable events. For this matter, an appropriate tool should be considered to create such design models. A combination of OpenAltarica, System Analyst and Python is used to create design models of multirotor in a model-based safety assessment framework. These models are developed by integrating system architecture and controllability assessment following the etiquettes of the process. A case study is used to validate the framework and to demonstrate its ability to explore innovative designs. The reliability analysis confirms that the multirotors are fault-tolerant except quadrotor and some configurations are potentially highly reliable. The results demonstrate the feasibility of the multirotor system modelling methods in terms of reliability and pave the way to further develop the model-based safety assessment framework with sizing methodologies. The models can also be further enhanced with the addition of a component fault library, additional failure modes and implementation of diagnosability analysis, fault detection and identification analysis. Fault libraries and failure modes can help in foreseeing uncontrollable cases. In contrast, diagnosability analysis, fault detection and identification analysis can integrate detect, isolate and recover mechanisms, and ensure redundancy optimization effectively. Additionally, the framework should also be combined with multidisciplinary design optimization for sizing. Such design models can contribute to the emergence of UAVs for safety-critical applications