Toulouse, September 2003 Page 1 JOURNEE ALTARICA Airbus ESACS ISAAC
Toulouse, September 2003 Page 2 SYSTEM DESIGN PROCESS SAFETY PROCESS Design “View” Safety “View” Objective: to identify any potential hazard to remove the causes of the identified hazards to mitigate the effect of the hazards to maintain the hazards probability in the limits imposed by the severity class ESACS SCOPE & OBJECTIVE (REMINDER) ESACS: Enhanced Safety Assessment for Complex Systems
Toulouse, September 2003 Page 3 Applicable at different steps of system development process. Model capturing (SM or FoSaM) FM capturing Extended model (ESM) SR capturing Model analysis verification tool Safety result extraction Safety analysis tools ESACS General Methodology
Toulouse, September 2003 Page 4 Abstraction on the System Model Failure Mode Capturing Safety Requirements Capturing Safety Model Analysis –Fault Tree Generation –Sequence Generation –Model Checking Model using Safety Architecture Patterns (FoSaM) APPLICATION OF THE PRELIMINARY ESACS METHODOLOGY & TOOL-SET
Toulouse, September 2003 Page 5 Unquestionable advantages in term of formal safety modelling and interactive simulation (normal and failure behaviour) Safety assessment based on a unique view of the system improves integration of system design and safety analysis in the early phases of development Improvement of the interaction between design and Safety Engineers through a better exchange of information Both static and dynamic properties can be studied Automatic generation of FTA is a plus Moreover during cycle 2 tests, new features, required at the end of cycle 1 tests, were implemented to allow the user obtaining more useful results from the safety analyses Main advantages of ESACS approach and tools Automatic verification of the system safety requirement (use of FTA, use of safety patterns) improves the effectiveness of the validation and verification process Workload is expected to be decreased in the whole process (including modifications arising later in the system life cycle) The Design Engineers is more involved (significant points expected to be found earlier) Problems can be identified more efficiently Hazards and undesired outputs (timing aspects) are expected to be earlier identified (before simulations and test activities)
Toulouse, September 2003 Page 6 Weak points and expected improvements ESACS methodology relies on new technologies (model checkers, sequence generation). A high level of skills and training is thus required to handle them Model checker of system models using fully “real” parameters may lead to memory overflow and over computation time for complex system models Definition of a common format can be helpful for the integration of new tools, but should not be the sole answer since upgrades of new tools may lead to a loss of their interoperability with the rest of ESACS platform Interoperability between modelling tools need to be further investigated In any case it had to be said that, during cycle 2, in parallel to the activity of development of new facilities, Technology Partners done some job towards integration. Integration of ESACS safety process into a current industrial process will probably take time: –due to ESACS maturity needs for improvements –for the involved engineers to get used to this new common process At the end of cycle 2 application, the main methodological basis for an integrated and automated safety evaluation on complex systems have been built. The main improvements required by the users concern technological aspects (e.g. the optimisation of the computation algorithm and the improvement of integration among the different tools available then of the user interface) ISAAC project
Toulouse, September 2003 Page 7 Integration of methodology into the safety process inside the industrial development process
Toulouse, September 2003 Page 8 A proposal for a new project was presented to the EC in the FP6-1st Call (March 2003) : ISAAC Improvement of Safety Activities on Aeronautical Complex systems Partners: ESACS Consortium + DASSAULT AVIATION PERSPECTIVE ON THE FUTURE WORK: FP6 “ISAAC” PROPOSAL
Toulouse, September 2003 Page 9 OBJECTIVES: CONSOLIDATION OF ESACS WORK (towards mature technology), including: High Level Representation, UML, Patterns for architecture Timing and Quantitative Analysis ESACS Platform improvement NEW THEMES, including: Human errors Common Cause analysis Mission Analysis System Diagnosability COMMONALITIES, including: Process sharing: Common Points of Methodology & Analysis Integrability: Translators and Algorithms, Libraries PERSPECTIVE ON THE FUTURE WORK: FP6 “ISAAC” PROPOSAL
Toulouse, September 2003 Page 10 DETAILED OBJECTIVES: Common Cause analysis –Interfacing: »system function/failure simulations »with geometrical/topological simulations –Improving: »The safety process: Common Mode Analysis, Zonal Safety Analysis, Particular Risk Analysis »The layout/installation process: layout requirements –Airbus experimentation: »Connecting OCAS and IRIS (topological tool) »Assessing the connection requirements with CATIA »Testing on A380 system case studies PERSPECTIVE ON THE FUTURE WORK: FP6 “ISAAC” PROPOSAL
Toulouse, September 2003 Page 11 In the frame of ISAAC, to go towards a “more mature” tool-set to be applied in the Industrial Process CONCLUSION Standard Involvement