140 likes | 322 Views
Automation for System Safety Analysis: Executive Briefing. Jane T. Malin, Principal Investigator Project: Automated Tool and Method for System Safety Analysis Software Assurance Symposium September, 2007.
E N D
Automation for System Safety Analysis: Executive Briefing Jane T. Malin, Principal Investigator Project: Automated Tool and Method for System Safety Analysis Software Assurance Symposium September, 2007 Complex systems typically fail because of the unintended consequences of their design, the things they do that were not intended to be done. - M. Griffin, System Engineering and the “Two Cultures” of Engineering, March 28, 2007
Problem • Need early evaluation of software requirements and design • Assess test and validation plans for software-system interaction risks • Identify requirements gaps • Perform virtual system integration tests prior to software-hardware integration • Benefits • Reduce software-system integration risks and requirements-induced errors early • Improve efficiency and repeatability of analysis • Reduce contention for software-hardware integration laboratory resources SAS 07 Automation for System Safety Analysis Malin
Technical Approach Systematic semi-automated analysis for early evaluation and rapid update • Capture model of the controlled system architecture • Abstract physical architecture models extracted directly from requirements and design text and data • Capture risks and hazards in model • Constraints, hazards, risks from requirements and design • Risk and failure libraries • Analyze model and risk data to identify relevant risks and constraints • Analyze and simulate risk propagation in the system • Use operational and off-nominal scenarios and configurations • Identify possible test scenarios for virtual system integration testing SAS 07 Automation for System Safety Analysis Malin
Relevance to NASA • This work leverages component tools that have been used in NASA applications • Goal: Integrate and enhance these tools for software assurance early, during requirements and design phases • Project test case is NASA Constellation Launch Abort System (LAS) SAS 07 Automation for System Safety Analysis Malin
Library Components, Connections, States & Risks Physical/Functional Architecture Models Functional Diagrams Risks & Mitigations • Analyze and Simulate: • Identify interaction-risk pairs • Estimate severity in nominal and fault scenarios • Investigate influence of timing Virtual System Integration Lab (VSIL) Extend and Integrate Existing Technology Inputs Extraction Modeling Analysis Simulation Testing Aerospace Ontology Taxonomy, Thesaurus, Classes, Synonyms Requirements and Constraints Text Extraction Tool: Model Parts, Interfaces, Risks, Scenarios • Modeling Tool: • - Map • Connect • Visualize • - Embed problems and states Discrete Time Simulation Model Interaction Model Reports Pairs, Paths, Risky Scenarios, Test Cases for Virtual System Integration Testing SAS 07 Automation for System Safety Analysis Malin
Extraction Tool and Nomenclature • Reconciler Extractor • Extract models from requirements text and threat/risk analysis • Uses semantic parsing and word/phrase classification • Aerospace Systems Library and Ontology • Taxonomy of model elements • Extensive problem taxonomy and thesaurus with hazard types from Constellation HA handbook • Current NASA use: Semantic text mining for trend analysis of JSC Discrepancy Reports • Mechanical, electrical, software and process discrepancies in NASA-furnished equipment SAS 07 Automation for System Safety Analysis Malin
Model-Based Safety Analysis Case • Model extraction and hazard analysis were demonstrated in 2005 • Case: Generic unmanned spacecraft; concerns about transmitter noise • Reconciler tool: Extracted from SpecTRM requirements and DDP risks • Hazard Identification Tool: Models and path analysis • CONFIG tool: Timed discrete event simulation SAS 07 Automation for System Safety Analysis Malin
Modeler: Architecture Model and Visualization of a Set of Requirements • [C.1] Telecommunication Subsystem • [C.1.1] The CDHC sends the TeleSub a compressed picture. [FG.1] [TeleSub C.1.4] • [C.1.2] The CDHC sends the TeleSub telemetry. [FG.2] [FR.1] [FR.5] [TeleSub C.1.5] • [C.1.3] The CDHC sends In View of Ground alerts to the TeleSub. [DP.5.6] [TeleSub C.1.6] • [C.1.4] The CDHC receives plan files from the TeleSub. [FR.3] [TeleSub C.1.3] • [C.1.5] The CDHC receives ground commands from the TeleSub. [FR.3] [TeleSub C.1.2] • [C.1.6] The CDHC receives the TeleSub operating state from the TeleSub. [DP.5.5] [TeleSub C.1.1] … • [C.2] Camera Subsystem • [C.2.1] The CDHC sends the Camera a "take picture" command. [FG.2] [FR.1] [FR.3] • [C.2.2] The CDHC sends the Camera x, y and z gimballing coordinates. [FG.2] [FR.1] [FR.3] • [C.2.3] The CDHC sends a turn on command to the Camera. [DP.5.3] [H Constraint 1.1.4] • [C.2.4] The CDHC sends a turn off command to the Camera. [DP.5.3] • [C.2.5] The CDHC receives a compressed picture file from the Camera. [FG.1] [FG.2] [FR.1] • … • [C.4] Attitude Determination Subsystem • [C.4.1] The CDHC receives an In View of Ground alert from the ADS. [DP.5.6] [ADS] • [C.4.2] The CDHC receives the ADS operating state from the ADS. [DP.5.5] [ADS] Physical/Functional Architecture Model SAS 07 Automation for System Safety Analysis Malin
Path Analyzer: Find Potential Interaction Problems • Find matching pairs of components (hazard source-vulnerable sink) • Find system interaction paths with hazards • Estimate local and integrated system hazard impact severity SAS 07 Automation for System Safety Analysis Malin
Simulator: CONFIG Simulation Tool to Assess Timed Scenarios NASA experience with CONFIG hybrid discrete event simulation tool: Used for software virtual validation testing for 1997 90-day manned Lunar Life Support Test • Software: Intelligent control for gas storage and transfer • Testing: Simulated failures and imbalances that would not be tested in hardware-software integration • Too slow to develop, too expensive, too destructive • Results: Identified software requirements deficiencies SAS 07 Automation for System Safety Analysis Malin
Virtual System Integration Lab Models and Test Definitions • Triakis has used VSIL in >25 avionics verification projects • Models and problem configurations for new tests and test suite models SAS 07 Automation for System Safety Analysis Malin
Accomplishments: First 9 Months • Drafted Concept of Operations • Enhanced tools for SA use • Completed a simple integration of tool functions, inputs and outputs • Selected Constellation Launch Abort System Case • Gained access to ICE materials 9/07 SAS 07 Automation for System Safety Analysis Malin
Potential Applications • Visualize integrated requirements • Evaluate completeness and consistency of requirements and risk • Quickly reanalyze each revision of requirements and risk • Validate FMEA and fault trees • Validate and test early with low-fidelity simulation SAS 07 Automation for System Safety Analysis Malin
Next Steps • Complete first version of Launch Abort System case and evaluate • Text extraction from requirements and risks • Model construction and visualization • Model analysis to identify interaction risks and test configurations for virtual software integration testing • Complete Concept of Operations • Enhance tool suite capabilities, integration and user interfaces to reach TRL 6 and prepare for other uses for Constellation software assurance SAS 07 Automation for System Safety Analysis Malin