Download This PaperDoctoral Dissertation — Augmenting a Hazard Analysis Method with Error Propagation Information for Safety-Critical Systems
Clemson University, TigerPrints, 2018
158 Pages Posted: 1 May 2020
Date Written: 2018
Abstract
Safety-critical systems need specific activities in the software development life cycle to ensure that the system will operate safely. The objective of this dissertation is to develop a new safety analysis method to identify hazards. The method uses error propagation information and the internal structure rather than the interfaces of a system. We propose development procedures to augment STPA (System-Theoretic Process Analysis) with error propagation information derived from the architecture description of a system represented in the AADL (Architecture Analysis Design Language). We will focus on how the AADL error ontology can be used to assist in identifying errors, how those errors propagate among components, and whether the errors lead to hazards in the system. Our research shows that tracing error propagation leads to the discovery of hazards and additional information that other methods miss. The new safety analysis method, Architecture Safety Analysis Method (ASAM), by augmenting STPA with early design information, is able to find more hazards, unsafe control actions, safety constraints and causes of the unsafe control actions than by using STPA alone. Our method leaves more false positives than STPA, but in safety analysis having false positive is preferred over missing actual hazards. We use the AADL error ontology to rigorously describe system component errors and how they propagate among components. We illustrate this rigorous description through several examples and we demonstrate that it yields hazards that an STPA analysis of the example did not find. In addition, we provide a mathematical notation and expressions so that formal analysis and verification of the hazards can be done to ensure that all causes of the hazards have been identified and that any developed safety constraints fully mitigate the hazards, through the use of compositional reasoning.
Keywords: ASAM, STPA, Error Ontology
Suggested Citation: Suggested Citation