Citation: | ZHONG D M,GONG H Y,SUN R. An improved STPA for accurate identification of loss scenarios[J]. Journal of Beijing University of Aeronautics and Astronautics,2023,49(2):311-323 (in Chinese) doi: 10.13700/j.bh.1001-5965.2021.0226 |
System-theoretic accident model and processes (STAMP), which considers system safety as an emergent property of systems, provides a more accurate accident/loss causality model for modern complex systems. System-theoretic process analysis (STPA), a new approach to risk analysis based on STAMP, is getting more and more attention and is now included in several international standards. However, STPA is mainly conducted manually, so it is difficult to identify the loss scenarios emerging in complex systems. In this paper, we clarify the concepts of unsafe control action (UCA), loss scenario, and process model, and use finite state machines to construct all the behaviors needed for the identification of either UCAs or loss scenarios. Meanwhile, Model checking technology is employed to identify loss scenarios for time-dependent and time-independent UCAs. The improved STPA is capable of accurate identification of loss scenarios, while reducing the probability of missed identification or false identification.
[1] |
LEVESON N. Introduction to STAMP [EB/OL]. (2020-07-20) [2021-04-19]. http://psas.scripts.mit.edu/home/wp-content/uploads/2020/07/STAMP-Tutorial.pdf.
|
[2] |
LEVESO N, THOMAS J. STPA handbook [EB/OL]. (2018-03-15) [2021-04-19].https://psas.scripts.mit.edu/home/materials/.
|
[3] |
Radio Technical Commission for Aeronautics. Airworthiness security methods and considerations: RTCA DO 356A[S]. 2018.
|
[4] |
International Organization for Standardization. Road vehicles-safety of the intended functionality: ISO/PAS 21448[S]. 2019.
|
[5] |
THOMAS J. Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis[D]. Massachusetts: Massachusetts Institute of Technology, 2013: 19-23.
|
[6] |
ASARE P, LACH J, STANKOVIC J A. FSTPA-I: A formal approach to hazard identification via system theoretic process analysis[C]//Cyber-Physical Systems (ICCPS), 2013 ACM/IEEE International Conference on. New York: ACM, 2013: 150-159.
|
[7] |
ABDULKHALEQ A, WAGNER S. Integrating state machine analysis with system-theoretic process analysis[C]//Software Engineering 2013 – Workshopband. Bonn: Gesellschaft für Informatik e. V. , 2013: 501-514.
|
[8] |
SUO D. Tool-assisted hazard analysis and requirement generation based on STPA[D]. Massachusetts: Massachusetts Institute of Technology, 2016: 48-57.
|
[9] |
CHEN M, WANG L, HU J, et al. An extraction method of STPA variable based on four-variable model[C]//International Conference on Intelligent and Interactive Systems and Applications. Berlin: Springer, 2018: 375-381.
|
[10] |
ABDULKHALEQ A, WAGNER S. Integrated safety analysis using systems-theoretic process analysis and software model checking[C]//International Conference on Computer Safety, Reliability, and Security. Berlin: Springer, 2014: 121-134.
|
[11] |
HOWARD G, BUTLER M, COLLEY J, et al. A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B[J]. International Journal of Critical Computer-Based Systems, 2019, 9(1-2): 56-75.
|
[12] |
DAKWAT A L, VILLANI E. System safety assessment based on STPA and model checking[J]. Safety Science, 2018, 109: 130-143. doi: 10.1016/j.ssci.2018.05.009
|
[13] |
CLARKE E M, HENZINGER T A, VEITH H, et al. Handbook of model checking[M]. Berlin: Springer, 2018: 75-148.
|
[14] |
夏宇. 基于NuSMV和STPA的RBC交接场景安全分析方法研究[D]. 北京: 北京交通大学, 2018: 27-32.
XIA Y. Research on safety analysis method for RBC handover based on NuSMV and STPA[D]. Beijing: Beijing Jiaotong University, 2018: 27-32(in Chinese).
|
[15] |
李浩. 基于STAMP理论的机载显示系统安全性分析方法研究[D]. 天津: 中国民航大学, 2020: 13-17.
LI H. Research on safety analysis method of airborne display system based on the STAMP theory[D]. Tianjin: Civil Aviation University of China, 2020: 13-17(in Chinese).
|