Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automation for System Safety Analysis: Executive Briefing Jane T. Malin, Principal Investigator Project: Automated Tool and Method for System Safety Analysis.

Similar presentations


Presentation on theme: "Automation for System Safety Analysis: Executive Briefing Jane T. Malin, Principal Investigator Project: Automated Tool and Method for System Safety Analysis."— Presentation transcript:

1 Automation for System Safety Analysis: Executive Briefing Jane T. Malin, Principal Investigator Project: Automated Tool and Method for System Safety Analysis Software Assurance Symposium September, 2007 Complex systems typically fail because of the unintended consequences of their design, the things they do that were not intended to be done. - M. Griffin, System Engineering and the “Two Cultures” of Engineering, March 28, 2007

2 SAS 07 Automation for System Safety Analysis Malin 2 Problem Need early evaluation of software requirements and design –Assess test and validation plans for software- system interaction risks –Identify requirements gaps –Perform virtual system integration tests prior to software-hardware integration Benefits –Reduce software-system integration risks and requirements-induced errors early –Improve efficiency and repeatability of analysis –Reduce contention for software-hardware integration laboratory resources

3 SAS 07 Automation for System Safety Analysis Malin 3 Technical Approach Systematic semi-automated analysis for early evaluation and rapid update –Capture model of the controlled system architecture Abstract physical architecture models extracted directly from requirements and design text and data –Capture risks and hazards in model Constraints, hazards, risks from requirements and design Risk and failure libraries –Analyze model and risk data to identify relevant risks and constraints Analyze and simulate risk propagation in the system Use operational and off-nominal scenarios and configurations –Identify possible test scenarios for virtual system integration testing

4 SAS 07 Automation for System Safety Analysis Malin 4 Relevance to NASA This work leverages component tools that have been used in NASA applications Goal: Integrate and enhance these tools for software assurance early, during requirements and design phases Project test case is NASA Constellation Launch Abort System (LAS)

5 SAS 07 Automation for System Safety Analysis Malin 5 Extend and Integrate Existing Technology Requirements and Constraints Text Risks & Mitigations Physical/Functional Architecture Models Discrete Time Simulation Model Extraction Tool: Model Parts, Interfaces, Risks, Scenarios Library Components, Connections, States & Risks Functional Diagrams Aerospace Ontology Taxonomy, Thesaurus, Classes, Synonyms Modeling Tool: - Map -Connect - Visualize - Embed problems and states Analyze and Simulate: - Identify interaction-risk pairs - Estimate severity in nominal and fault scenarios - Investigate influence of timing Reports Pairs, Paths, Risky Scenarios, Test Cases for Virtual System Integration Testing Virtual System Integration Lab (VSIL) Inputs  Extraction  Modeling  Analysis  Simulation  Testing Interaction Model

6 SAS 07 Automation for System Safety Analysis Malin 6 Extraction Tool and Nomenclature Reconciler Extractor –Extract models from requirements text and threat/risk analysis –Uses semantic parsing and word/phrase classification Aerospace Systems Library and Ontology –Taxonomy of model elements –Extensive problem taxonomy and thesaurus with hazard types from Constellation HA handbook Current NASA use: Semantic text mining for trend analysis of JSC Discrepancy Reports –Mechanical, electrical, software and process discrepancies in NASA-furnished equipment

7 SAS 07 Automation for System Safety Analysis Malin 7 Model-Based Safety Analysis Case Model extraction and hazard analysis were demonstrated in 2005 –Case: Generic unmanned spacecraft; concerns about transmitter noise –Reconciler tool: Extracted from SpecTRM requirements and DDP risks –Hazard Identification Tool: Models and path analysis –CONFIG tool: Timed discrete event simulation

8 SAS 07 Automation for System Safety Analysis Malin 8 Modeler: Architecture Model and Visualization of a Set of Requirements [C.1] Telecommunication Subsystem [C.1.1] The CDHC sends the TeleSub a compressed picture. [FG.1] [TeleSub C.1.4] [C.1.2] The CDHC sends the TeleSub telemetry. [FG.2] [FR.1] [FR.5] [TeleSub C.1.5] [C.1.3] The CDHC sends In View of Ground alerts to the TeleSub. [DP.5.6] [TeleSub C.1.6] [C.1.4] The CDHC receives plan files from the TeleSub. [FR.3] [TeleSub C.1.3] [C.1.5] The CDHC receives ground commands from the TeleSub. [FR.3] [TeleSub C.1.2] [C.1.6] The CDHC receives the TeleSub operating state from the TeleSub. [DP.5.5] [TeleSub C.1.1] … [C.2] Camera Subsystem [C.2.1] The CDHC sends the Camera a "take picture" command. [FG.2] [FR.1] [FR.3] [C.2.2] The CDHC sends the Camera x, y and z gimballing coordinates. [FG.2] [FR.1] [FR.3] [C.2.3] The CDHC sends a turn on command to the Camera. [DP.5.3] [H Constraint 1.1.4] [C.2.4] The CDHC sends a turn off command to the Camera. [DP.5.3] [C.2.5] The CDHC receives a compressed picture file from the Camera. [FG.1] [FG.2] [FR.1] … [C.4] Attitude Determination Subsystem [C.4.1] The CDHC receives an In View of Ground alert from the ADS. [DP.5.6] [ADS] [C.4.2] The CDHC receives the ADS operating state from the ADS. [DP.5.5] [ADS] Physical/Functional Architecture Model

9 SAS 07 Automation for System Safety Analysis Malin 9 Path Analyzer: Find Potential Interaction Problems 1.Find matching pairs of components (hazard source-vulnerable sink) 2.Find system interaction paths with hazards 3.Estimate local and integrated system hazard impact severity

10 SAS 07 Automation for System Safety Analysis Malin 10 Simulator: CONFIG Simulation Tool to Assess Timed Scenarios NASA experience with CONFIG hybrid discrete event simulation tool: Used for software virtual validation testing for 1997 90-day manned Lunar Life Support Test Software: Intelligent control for gas storage and transfer Testing: Simulated failures and imbalances that would not be tested in hardware-software integration Too slow to develop, too expensive, too destructive Results: Identified software requirements deficiencies

11 SAS 07 Automation for System Safety Analysis Malin 11 Virtual System Integration Lab Triakis has used VSIL in >25 avionics verification projects Models and problem configurations for new tests and test suite models Models and Test Definitions

12 SAS 07 Automation for System Safety Analysis Malin 12 Accomplishments: First 9 Months Drafted Concept of Operations Enhanced tools for SA use Completed a simple integration of tool functions, inputs and outputs Selected Constellation Launch Abort System Case –Gained access to ICE materials 9/07

13 SAS 07 Automation for System Safety Analysis Malin 13 Potential Applications Visualize integrated requirements Evaluate completeness and consistency of requirements and risk Quickly reanalyze each revision of requirements and risk Validate FMEA and fault trees Validate and test early with low-fidelity simulation

14 SAS 07 Automation for System Safety Analysis Malin 14 Next Steps Complete first version of Launch Abort System case and evaluate – Text extraction from requirements and risks – Model construction and visualization – Model analysis to identify interaction risks and test configurations for virtual software integration testing Complete Concept of Operations Enhance tool suite capabilities, integration and user interfaces to reach TRL 6 and prepare for other uses for Constellation software assurance


Download ppt "Automation for System Safety Analysis: Executive Briefing Jane T. Malin, Principal Investigator Project: Automated Tool and Method for System Safety Analysis."

Similar presentations


Ads by Google