1 / 14

Automation for System Safety Analysis: Executive Briefing

Learn about systematic semi-automated analysis for early evaluation and rapid update of software system safety. Leveraging NASA tools, this project enhances software assurance through risk identification and simulation. Improve your system's efficiency and repeatability.

allanmoore
Download Presentation

Automation for System Safety Analysis: Executive Briefing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Automation for System Safety Analysis: Executive Briefing Jane T. Malin, Principal Investigator Project: Automated Tool and Method for System Safety Analysis Software Assurance Symposium September, 2007 Complex systems typically fail because of the unintended consequences of their design, the things they do that were not intended to be done. - M. Griffin, System Engineering and the “Two Cultures” of Engineering, March 28, 2007

  2. Problem • Need early evaluation of software requirements and design • Assess test and validation plans for software-system interaction risks • Identify requirements gaps • Perform virtual system integration tests prior to software-hardware integration • Benefits • Reduce software-system integration risks and requirements-induced errors early • Improve efficiency and repeatability of analysis • Reduce contention for software-hardware integration laboratory resources SAS 07 Automation for System Safety Analysis Malin

  3. Technical Approach Systematic semi-automated analysis for early evaluation and rapid update • Capture model of the controlled system architecture • Abstract physical architecture models extracted directly from requirements and design text and data • Capture risks and hazards in model • Constraints, hazards, risks from requirements and design • Risk and failure libraries • Analyze model and risk data to identify relevant risks and constraints • Analyze and simulate risk propagation in the system • Use operational and off-nominal scenarios and configurations • Identify possible test scenarios for virtual system integration testing SAS 07 Automation for System Safety Analysis Malin

  4. Relevance to NASA • This work leverages component tools that have been used in NASA applications • Goal: Integrate and enhance these tools for software assurance early, during requirements and design phases • Project test case is NASA Constellation Launch Abort System (LAS) SAS 07 Automation for System Safety Analysis Malin

  5. Library Components, Connections, States & Risks Physical/Functional Architecture Models Functional Diagrams Risks & Mitigations • Analyze and Simulate: • Identify interaction-risk pairs • Estimate severity in nominal and fault scenarios • Investigate influence of timing Virtual System Integration Lab (VSIL) Extend and Integrate Existing Technology Inputs  Extraction  Modeling  Analysis  Simulation  Testing Aerospace Ontology Taxonomy, Thesaurus, Classes, Synonyms Requirements and Constraints Text Extraction Tool: Model Parts, Interfaces, Risks, Scenarios • Modeling Tool: • - Map • Connect • Visualize • - Embed problems and states Discrete Time Simulation Model Interaction Model Reports Pairs, Paths, Risky Scenarios, Test Cases for Virtual System Integration Testing SAS 07 Automation for System Safety Analysis Malin

  6. Extraction Tool and Nomenclature • Reconciler Extractor • Extract models from requirements text and threat/risk analysis • Uses semantic parsing and word/phrase classification • Aerospace Systems Library and Ontology • Taxonomy of model elements • Extensive problem taxonomy and thesaurus with hazard types from Constellation HA handbook • Current NASA use: Semantic text mining for trend analysis of JSC Discrepancy Reports • Mechanical, electrical, software and process discrepancies in NASA-furnished equipment SAS 07 Automation for System Safety Analysis Malin

  7. Model-Based Safety Analysis Case • Model extraction and hazard analysis were demonstrated in 2005 • Case: Generic unmanned spacecraft; concerns about transmitter noise • Reconciler tool: Extracted from SpecTRM requirements and DDP risks • Hazard Identification Tool: Models and path analysis • CONFIG tool: Timed discrete event simulation SAS 07 Automation for System Safety Analysis Malin

  8. Modeler: Architecture Model and Visualization of a Set of Requirements • [C.1] Telecommunication Subsystem • [C.1.1] The CDHC sends the TeleSub a compressed picture. [FG.1] [TeleSub C.1.4] • [C.1.2] The CDHC sends the TeleSub telemetry. [FG.2] [FR.1] [FR.5] [TeleSub C.1.5]  • [C.1.3] The CDHC sends In View of Ground alerts to the TeleSub. [DP.5.6] [TeleSub C.1.6] • [C.1.4] The CDHC receives plan files from the TeleSub. [FR.3] [TeleSub C.1.3] • [C.1.5] The CDHC receives ground commands from the TeleSub. [FR.3] [TeleSub C.1.2]  • [C.1.6] The CDHC receives the TeleSub operating state from the TeleSub. [DP.5.5] [TeleSub C.1.1] … • [C.2] Camera Subsystem • [C.2.1] The CDHC sends the Camera a "take picture" command. [FG.2] [FR.1] [FR.3] • [C.2.2] The CDHC sends the Camera x, y and z gimballing coordinates. [FG.2] [FR.1] [FR.3]   • [C.2.3] The CDHC sends a turn on command to the Camera. [DP.5.3] [H Constraint 1.1.4] • [C.2.4] The CDHC sends a turn off command to the Camera. [DP.5.3] • [C.2.5] The CDHC receives a compressed picture file from the Camera. [FG.1] [FG.2] [FR.1] • … • [C.4] Attitude Determination Subsystem • [C.4.1] The CDHC receives an In View of Ground alert from the ADS. [DP.5.6] [ADS] • [C.4.2] The CDHC receives the ADS operating state from the ADS. [DP.5.5] [ADS] Physical/Functional Architecture Model SAS 07 Automation for System Safety Analysis Malin

  9. Path Analyzer: Find Potential Interaction Problems • Find matching pairs of components (hazard source-vulnerable sink) • Find system interaction paths with hazards • Estimate local and integrated system hazard impact severity SAS 07 Automation for System Safety Analysis Malin

  10. Simulator: CONFIG Simulation Tool to Assess Timed Scenarios NASA experience with CONFIG hybrid discrete event simulation tool: Used for software virtual validation testing for 1997 90-day manned Lunar Life Support Test • Software: Intelligent control for gas storage and transfer • Testing: Simulated failures and imbalances that would not be tested in hardware-software integration • Too slow to develop, too expensive, too destructive • Results: Identified software requirements deficiencies SAS 07 Automation for System Safety Analysis Malin

  11. Virtual System Integration Lab Models and Test Definitions • Triakis has used VSIL in >25 avionics verification projects • Models and problem configurations for new tests and test suite models SAS 07 Automation for System Safety Analysis Malin

  12. Accomplishments: First 9 Months • Drafted Concept of Operations • Enhanced tools for SA use • Completed a simple integration of tool functions, inputs and outputs • Selected Constellation Launch Abort System Case • Gained access to ICE materials 9/07 SAS 07 Automation for System Safety Analysis Malin

  13. Potential Applications • Visualize integrated requirements • Evaluate completeness and consistency of requirements and risk • Quickly reanalyze each revision of requirements and risk • Validate FMEA and fault trees • Validate and test early with low-fidelity simulation SAS 07 Automation for System Safety Analysis Malin

  14. Next Steps • Complete first version of Launch Abort System case and evaluate • Text extraction from requirements and risks • Model construction and visualization • Model analysis to identify interaction risks and test configurations for virtual software integration testing • Complete Concept of Operations • Enhance tool suite capabilities, integration and user interfaces to reach TRL 6 and prepare for other uses for Constellation software assurance SAS 07 Automation for System Safety Analysis Malin

More Related