safety

    avatar
    Created by
    DisagreeableHippopotamus43605

    Cards (154)

    • System safety analysis techniques are well established and are used extensively during the design of safety-critical systems
      View source
    • Most of the techniques are highly subjective and dependent on the skill of the practitioner
      View source
    • Since these analyses are usually based on an informal system model, it is unlikely that they will be complete, consistent, and error free
      View source
    • Model-Based Safety Analysis

      An approach in which the system and safety engineers share a common system model created using a model-based development process
      View source
    • Model-Based Safety Analysis

      • By extending the system model with a fault model as well as relevant portions of the physical system to be controlled, automated support can be provided for much of the safety analysis
      • Reduces the cost and improves the quality of the safety analysis
      View source
    • Model-Based Safety Analysis Process

      1. Nominal System Modeling
      2. Formalizing Derived Safety Requirements
      3. Fault Modeling
      4. Model Extension
      5. Safety Analysis
      View source
    • Faults, Errors, and Failures
      • Faults are the adjudged or hypothesized cause of an error
      • Errors are that part of the system state which is liable to lead to failure
      • Failures are the transition from correct service to incorrect service
      View source
    • Traditional Safety Analysis Process

      • Functional Hazard Analysis
      • Preliminary System Safety Analysis
      • System Safety Assessment
      View source
    • The lack of precise models of the system architecture and its failure modes often forces the safety analysts to devote much of their effort to gathering architectural details about the system behavior from several sources and embedding this information in the safety artifacts such as the fault trees
      View source
    • In the related areas of reliability and safety, there is no firm consensus on the terminology for even some of the basic terms used
      View source
    • Dependability
      A generic concept that includes reliability, maintainability, availability, safety, with the view that all of the above are distinct perceptions of the same attribute of a system: its dependability
      View source
    • There was an effort to come up with a consistent set of concepts and terminology with the formation of IEEE-CS Technical Committee on Fault-Tolerant Computing in 1970 and of IFIP WG 10.4 Dependable Computing and Fault Tolerance in 1980
      View source
    • A recent paper by Avizienis, Laprie, Randell, and Landwehr consolidates the basic concepts and taxonomy in dependability
      View source
    • Service delivered by a system

      Its behavior as it is perceived by its users
      View source
    • Correct service

      The service implements the system function
      View source
    • Service interface

      The part of the provider's boundary, where service delivery takes place
      View source
    • External state

      The part of the provider's total state that is perceivable at the service interface
      View source
    • Internal state

      The remaining part of the provider's total state
      View source
    • Delivered service

      A sequence of the provider's external state
      View source
    • Failure
      An event that occurs when the delivered service deviates from correct service
      View source
    • Service failure mode
      The different forms that a deviation from correct service may assume
      View source
    • Error
      The deviation from correct service
      View source
    • Fault
      The adjudged or hypothesized cause of an error
      View source
    • Active fault

      A fault that causes an error
      View source
    • Dormant fault

      A fault that is not causing an error
      View source
    • Fault activation
      The application of an input (the activation pattern) to a component that causes a dormant fault to become active
      View source
    • Error propagation

      1. Internal propagation: An error is successively transformed into other errors
      2. External propagation: An error reaches the service interface of a component and propagates the error into another component via its use interface
      View source
    • Service failure

      Occurs when an error is propagated to the service interface and causes the service delivered by the system to deviate from correct service
      View source
    • The failure of a component causes a permanent or transient fault in the system that contains the component
      View source
    • Service failure of a system causes a permanent or transient external fault for the other system(s) that receive service from the given system
      View source
    • Propagated fault

      Activation of the external fault due to error propagation from another component
      View source
    • Dependent fault

      A fault that is dependent on other faults (e.g. a power failure causing the failure of a number of components it supplies power to)
      View source
    • The safety assessment process is an inherent part of the system development process
      View source
    • The safety assessment process includes safety requirements identification (on the left side of the "V" diagram) and verification (on the right side of the "V" diagram) supporting the aircraft development activities
      View source
    • Functional Hazard Analysis (FHA)

      1. Identifies and classifies the failure conditions associated with aircraft functions (and combinations of aircraft functions) at the appropriate level, considering both loss of function and malfunctions
      2. Establishes derived safety requirements needed to limit function failure effects, such as design constraints, annunciation of failure conditions, etc.
      View source
    • Preliminary System Safety Analysis (PSSA)

      1. Completes the failure conditions list and the corresponding safety requirements
      2. Demonstrates how the system will meet the qualitative and quantitative requirements for the various hazards identified
      3. Identifies protective strategies, taking into account fail-safe concepts and architectural attributes which may be needed to meet the safety objectives
      4. Is iterative and continuous throughout the design process and identifies and captures all the derived system safety requirements
      View source
    • System Safety Assessment (SSA)
      1. A systematic, comprehensive evaluation of the implemented system, along with its architecture and installation, to show that the relevant safety requirements are met
      2. Verifies that the design safety requirements and objectives have been met through upward hierarchical verification levels
      3. Performs an item-level Failure Modes and Effects Analysis (FMEA) and summarizes it into the Failure Modes and Effects Summary (FMES) to support the failure rates of the failure modes considered in the item FTA
      4. Reviews the system via FTA to identify the failure modes and probabilities used in the aircraft FTA
      5. Compares the failure effects as items are integrated into systems and systems into aircraft with the failure conditions identified in the FHA (integration cross-check)
      View source
    • In model-based development, the development effort is centered on a formal specification (model) of the digital control system
      View source
    • Model-based development tools often include automatic code generators that can derive implementations directly from models
      View source
    • To perform system-level safety analysis, we must consider the environment in which the system runs, which usually involves mechanical components
      View source
    See similar decks