An Integrated Model-Based Approach to System Safety and Aircraft System Architecture Development Eric Villhauer – Systems Engineer Brian Jenkins – System.

Slides:



Advertisements
Similar presentations
Building a Cradle-to-Grave Approach with Your Design Documentation and Data Denise D. Dion, EduQuest, Inc. and Gina To, Breathe Technologies, Inc.
Advertisements

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
Module N° 3 – ICAO SARPs related to safety management
Medical Device Software Development
RTCA DO-178C “Software Considerations in Airborne Systems and Equipment Certification” Brock Greenhow March 21, 2013 The main idea of DO-178 is to design.
Define & Compare Flowcharts of Each Method Tom Delong.
Software Quality Assurance (SQA). Recap SQA goal, attributes and metrics SQA plan Formal Technical Review (FTR) Statistical SQA – Six Sigma – Identifying.
Integrated Messaging and Process Analysis Control Techniques  SEA Inc. Proprietary Data – Please Protect Accordingly 6100 Uptown Blvd., NE, Suite 700,
® IBM Software Group © 2014 IBM Corporation Innovation for a smarter planet Agile Model-Based Systems Engineering (aMBSE) Bruce Powel Douglass, Ph.D. Chief.
® IBM Software Group © 2014 IBM Corporation Innovation for a smarter planet MBSE for Complex Systems Development Dr. Bruce Powel Douglass, Ph.D. Chief.
Stepan Potiyenko ISS Sr.SW Developer.
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
Pratt & Whitney National Workshop on Aviation Software Systems for the Second Century of Flight: Design for Certifiably Dependable Systems October 5-6,
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Quality Risk Management ICH Q9 Annex I: Methods & Tools
Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.
Engineering Systems of.
Chapter 3 Software Processes.
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
Effective Methods for Software and Systems Integration
QUALITY MANAGEMENT SYSTEM ACCORDING TO ISO
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.
Introduction to Software Quality Assurance (SQA)
Software Engineering Term Paper
Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Chapter 7 Software Supporting Processes and Software Reuse.
-Nikhil Bhatia 28 th October What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 3 Slide 1 Software Processes l Coherent sets of activities for specifying, designing,
Wednesday, 24 September 2008 P. David, V. Idasiak & F. Kratz PRISME Institute Team-project MCDS Reliability in Design: FMEA Derived from UML/SysML models.
Views from different perspectives
Intent Specification Intent Specification is used in SpecTRM
Safety Critical Systems ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University.
1 FRENCH PROPOSAL FOR ESARR6 1 - BACKGROUND - 15/02/00 : Kick-off meeting, Presentation of the CAA/SRG input (SW01), Request from the chairman to comment.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
Safety-Critical Systems T Ilkka Herttua. Safety Context Diagram HUMANPROCESS SYSTEM - Hardware - Software - Operating Rules.
Software Testing and Quality Assurance Software Quality Assurance 1.
Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.
Unified Modeling Language* Keng Siau University of Nebraska-Lincoln *Adapted from “Software Architecture and the UML” by Grady Booch.
1 Reducing the Software Impact to System Safety Paul Mayo – SafeEng Limited.
Rational Unified Process Fundamentals Module 3: Disciplines I.
Safety-Critical Systems 7 Summary T V - Lifecycle model System Acceptance System Integration & Test Module Integration & Test Requirements Analysis.
Software Safety Case Why, what and how… Jon Arvid Børretzen.
Over View of CENELC Standards for Signalling Applications
RLV Reliability Analysis Guidelines Terry Hardy AST-300/Systems Engineering and Training Division October 26, 2004.
Smart Home Technologies
SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.
Toward a New ATM Software Safety Assessment Methodology dott. Francesca Matarese.
Software Engineering Process - II 7.1 Unit 7: Quality Management Software Engineering Process - II.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Medical Device Software Development
Introduction for the Implementation of Software Configuration Management I thought I knew it all !
Analysis of Current Maturity Models and Standards
Safety Instrumented Systems
CEA LIST Expression of interest: dt-fof
Software and Systems Integration
SYSTEM ANALYSIS AND DESIGN
Uncontrolled variation is the enemy of quality
Safety Instrumented Systems
Software Requirements
Concepts used for Analysis and Design
Software Processes.
HSE Case: Risk Based Approach.
Quality Management Systems – Requirements
Certification of Rotorcraft and FHA Process
יוסי שדמתי רק איכות מניהול סיכונים לאימות ותיקוף תהליכי הרכבה From Risk Management to Processes Validation יוסי.
How S-18 processes help make systems trustworthy
Submitted by the experts of OICA
PSS verification and validation
Standards.
UML Design for an Automated Registration System
Presentation transcript:

An Integrated Model-Based Approach to System Safety and Aircraft System Architecture Development Eric Villhauer – Systems Engineer Brian Jenkins – System Safety Engineer General Atomics Aeronautical Systems

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Introduction Standards Dependencies Safety View Functional Hazard Assessment (FHA) Example –Logical behavior – “Control Aircraft Pitch” activity –“Control Aircraft Pitch” FHA –“Control Aircraft Pitch” Fault Tree Analysis (FTA) Questions References Outline

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts History –Industry standards for aircraft development require consideration of System Safety objectives during all phases of System Architecture development and implementation –Tools available to Systems Engineers and Software Engineers to model architecture currently don’t address concerns of the System Safety Engineering discipline Objectives –Ensure that safety objectives are considered during system architecture model development –Maintain required organizational independence between System Safety and the domains with which they interface Approach –Use OMG SysML™ to integrate the system safety analysis methods defined in SAE ARP 4761 “Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment” into a System Architecture model in accordance with SAE ARP4754 “Certification Considerations for Highly-Integrated or Complex Aircraft Systems” Introduction

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts STANDARDS DEPENDENCIES

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Architecture Development, System Safety, and Design Assurance Dependencies SAE ARP 4754A FIGURE 1 GUIDELINE DOCUMENTS COVERING DEVELOPMENT AND IN-SERVICE/OPERATIONAL PHASES

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts SAFETY VIEW

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Objectives –Identify, classify, and mitigate safety hazard risks during system life-cycle –Provide Safety Requirements to control hazard risk –Integrate into Model-Based Systems Engineering (MBSE) process Concerns –Safety hazard risk identification, classification, and reduction through mitigation –Validation and verification of safety hazard risk mitigations –Safety hazard risk acceptance Analysis Methods –Functional Hazard Assessment (FHA) –Fault Tree Analysis (FTA) –Failure Modes and Effects Analysis (FMEA) Model-Based Safety Analysis (MBSA)

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Provide safety requirements for system and subsystem specifications Monitor safety throughout product life cycle Use safety assessment to justify safety risk characterization Safety Viewpoint Purpose

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Safety View conforms to Safety Viewpoint Safety Viewpoint

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts The Safety Profile must –Be suitable for use within a UML or SysML model –Conform to an SAE ARP 4761 approach with provision for MIL-STD-882 Safety Profile Requirements

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts > Indicates the element has a hazard severity consequence due to one or more associated Functional Failure Modes determined by FHA Safety UML Profile > The inability of a function to perform as it is intended Has one or more failure effects on the system in which a hazard severity classification is determined > A relation to associate a > functional element to its > elements

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts FHA EXAMPLE

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Aircraft level Use Case is first assessed for top-level Failure Conditions Use Case View

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Top level safety requirements tend to be difficult to measure Use cases can provide context to system conformance to top level safety requirements Top Level Safety Requirements >

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Aircraft Use Case is decomposed into Logical Views for each system function (MBSE process) Example shown is a conceptual aircraft pitch controller that does not reflect actual design Safety criticality of each activity will determine overall Level of Rigor / Functional Development Assurance Level (FDAL) for the “Control Aircraft Pitch” function Control Aircraft Pitch – Logical Behavior

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Functional Failure Modes –Safety analysis is performed to determine effects, severity and likelihood of each failure mode Manifests Failure –Directed association that provides safety attributes –Drives development assurance activities to be executed IAW ARP4754 (System Level) and DO-178 / DO-254 (SW / HW Item Level) Control Aircraft Pitch – Aircraft Functional Hazard Assessment

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Safety requirements derived from severity classification of functional failure modes Safety Requirement Derivation

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Fault Tree Analysis –Functional Failure modes become events (top level causal factors) in Fault Tree Analysis –Shows context and causal chain to top-level system hazards –Fully traceable to architecture model (“safety view”) –Mitigations identified from FMEA once full causal tree built Control Aircraft Pitch – Aircraft Fault Tree Analysis

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Questions

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts REFERENCES

July Approved for Public Release. This presentation does not contain technical data per ITAR 22 CFR parts Non-Government Standards Documents References Document Number Reference Document TitleDateSource SAE ARP 4761Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment 12/01/1996SAE SAE ARP 4754ACertification Considerations for Highly-Integrated or Complex Aircraft Systems 12/21/2010SAE OMG SysML™OMG Systems Modeling Language, Version 1.26/01/2010OMG RTCA DO-178CSoftware Considerations in Airborne Systems and Equipment Certification 12/13/2011RTCA RTCA DO-254ADesign Assurance Guidance for Airborne Electronic Hardware4/19/2000RTCA OMG UML™OMG Unified Modeling Language Superstructure8/06/2011OMG