220 likes | 833 Views
Computer Science Department University Of Adelaide. Hazard Management for Safety Critical Systems. Philip Benjamin Supervised by: Dr. David Hemer. Abstract of talk. Safety critical systems increasingly used in industries Regulated by safety standards
E N D
Computer Science Department University Of Adelaide Hazard Management for Safety Critical Systems Philip Benjamin Supervised by: Dr. David Hemer
Abstract of talk • Safety critical systems increasingly used in industries • Regulated by safety standards • Require tool support for hazard management • Existing tools have limitations • Aim to address these limitations • Data model for hazard management • Existing model • New improved model • Require tracking and managing hazards • Lots of data • Complex inter-relationships
Talk Outline • Terminology: • Hazards, risk, safety integrity levels, etc • Existing tools • HazLog • Cassandra • Explain the existing data model for HazLog and the proposed conceptual data model
Reference Material • Def(Aust) 5679 Australian Defense Standard for Procurement of Computer-Based Safety Critical Systems • UK MOD 00-56 Safety Management Requirements for Defense Systems, U.K. Ministry of Defense • Neil StoreySafety Critical Computer Systems • HazLog Tool support for hazard management, Australian Workshop on Industrial Experience with Safety Critical Systems
Terms in Safety Critical Systems • Accident: An unintended event or sequence of events that causes death, injury, or damage • Hazard: A situation in which there is actual or potential danger to people or the environment • Risk: A combination of the frequency or probability of a specified hazardous event, and its consequence • Risk Assessment: Assessed by providing levels of integrity and levels of trust to the systems
Hazard Analysis • Range of techniques that provides insight into characteristics of the system under investigation • Event tree analysis (ETA) • Start with all possible outcomes and work forward to determine their outcomes • Fault tree analysis (FTA) • Start with all identified hazards and work backward to determine their possible causes • Logical operators are used to combined the effect of events • Data from other earlier accidents/incidents from similar system in service can be used as starting point
Existing Tools • Cassandra • Supports Def Stan 00-56, MIL-STD-882C • Has one kind of risk • Safety Integrity Level’s (SIL) • HazLog • Supports Def(Aust) 5679 • Two levels of hazards • System Hazard • Component Hazard • Risk allocation • Level Of Trust (LOT) • Safety Integrity Level’s (SIL)
HazLog Limitations • Incompatibility of this tool with standards other than Def(Aust) 5679 • e.g. Two separate risk allocations • Only supports two levels of hazards • May want to support more levels • e.g. Systems of systems
Analysis of the new Data Model • There is one type of generic hazard - can be either system or component hazard • Cutsets model relationships between hazards • parent or child • The occurrence of a loop in the model could result in a graph • Child node can also become a parent node of another parent node above its level
Project Plan • Week 1 to 6: Initial report • Week 7: Presentation with a 15 min talk • Milestones: • 1st Milestone: (Week 9) Initial requirements and analysis (What the tool must be doing) • 2nd Milestone: (Week 11) Initial Design (Drawing entity- relationship diagrams) • 3rd Milestone: (Week 3 Semester 2) Prototype • 4th Milestone: (Week 5 Semester 2) Case Study to work out the gaps using “aircraft safety” • 5th Milestone: (Week 7 Semester 2) Final Design • Final Presentation (1 week) • Final Report (Last 4 weeks of Semester 2)
Conclusion • Safety critical software require hazard management • Tool required • Current tools have limitations • Aim to address these limitations by redesigning existing HazLog tool