Showing papers on "System safety published in 2015"

SAHARA: a security-aware hazard and risk analysis method

Abstract: Safety and Security are two seemingly contradictory system features, which have challenged researchers for decades. Traditionally, these two features have been treated separately, but due to the increasing knowledge about their mutual impacts, similarities, and interdisciplinary values, they have become more important. Because systems (such as Car2x in the automotive industry) are increasingly interlaced, it is no longer acceptable to assume that safety systems are immune to security risks. Future automotive systems will require appropriate systematic approaches that will support security-aware safety development. Therefore, this paper presents a combined approach of the automotive HARA (hazard analysis and risk assessment) approach with the security domain STRIDE approach, and outlines the impacts of security issues on safety concepts at system level. We present an approach to classify the probability of security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we analyze the impact of these security threats on the safety analysis of automotive systems. This paper additionally describes how such a method has been developed based on the HARA approach, and how the safety-critical contributions of successful security attacks can be quantified and processed.

A critique of the Hazard and Operability (HAZOP) study

Abstract: Conventional wisdom holds that the Hazard and Operability (HAZOP) study is the most thorough and complete process hazard analysis (PHA) method. Arguably, it is the most commonly-used PHA method in the world today. However, the HAZOP study is not without its weaknesses, many of which are not generally recognized. This article provides a critique of the method to assist study teams in compensating for them to the extent possible and to help guide the development of improved methods.

Safety risk management of unmanned aircraft systems

Abstract: The safety risk management process describes the systematic application of management policies, procedures, and practices to the activities of communicating, consulting, establishing the context, and assessing, evaluating, treating, monitoring and reviewing risk. This process is undertaken to provide assurances that the risks associated with the operation of unmanned aircraft systems have been managed to acceptable levels. The safety risk management process and its outcomes form part of the documented safety case necessary to obtain approvals for unmanned aircraft system operations. It also guides the development of an organization's operations manual and is a key component of an organization's safety management system. The aim of this chapter is to provide existing risk practitioners with a high level introduction to some of the unique issues and challenges in the application of the safety risk management process to unmanned aircraft systems. The scope is limited to safety risks associated with the operation of unmanned aircraft in the civil airspace system and over inhabited areas. This chapter notes the unique aspects associated with the application of the safety risk management process to UAS compared to that of conventionally piloted aircraft. Key challenges discussed include the specification of high-level safety criteria; the identification, analysis and evaluation of the risks; and the effectiveness of available technical and operational mitigation strategies. This chapter also examines some solutions to these challenges, including those currently in practice and those still under research and development.

Sociotechnical attributes of safe and unsafe work systems

Abstract: Theoretical and practical approaches to safety based on sociotechnical systems principles place heavy emphasis on the intersections between social–organisational and technical–work process factors. Within this perspective, work system design emphasises factors such as the joint optimisation of social and technical processes, a focus on reliable human–system performance and safety metrics as design and analysis criteria, the maintenance of a realistic and consistent set of safety objectives and policies, and regular access to the expertise and input of workers. We discuss three current approaches to the analysis and design of complex sociotechnical systems: human–systems integration, macroergonomics and safety climate. Each approach emphasises key sociotechnical systems themes, and each prescribes a more holistic perspective on work systems than do traditional theories and methods. We contrast these perspectives with historical precedents such as system safety and traditional human factors and ergonomics, and describe potential future directions for their application in research and practice. Practitioner Summary: The identification of factors that can reliably distinguish between safe and unsafe work systems is an important concern for ergonomists and other safety professionals. This paper presents a variety of sociotechnical systems perspectives on intersections between social–organisational and technology–work process factors as they impact work system analysis, design and operation.

Robotic vehicle active safety systems and methods

Abstract: Systems and methods implemented in algorithms, software, firmware, logic, or circuitry may be configured to process data and sensory input to determine whether an object external to an autonomous vehicle (e.g., another vehicle, a pedestrian, road debris, a bicyclist, etc.) may be a potential collision threat to the autonomous vehicle. The autonomous vehicle may be configured to implement active safety measures to avoid the potential collision and/or mitigate the impact of an actual collision to passengers in the autonomous vehicle and/or to the autonomous vehicle itself. Interior safety systems, exterior safety systems, a drive system or some combination of those systems may be activated to implement active safety measures in the autonomous vehicle.

Towards Real-Time, On-Board, Hardware-Supported Sensor and Software Health Management for Unmanned Aerial Systems

Abstract: Unmanned aerial systems (UASs) can only be deployed if they can effectively complete their missions and respond to failures and uncertain environmental conditions while maintaining safety with respect to other aircraft as well as humans and property on the ground In this paper, we design a real-time, on-board system health management (SHM) capability to continuously monitor sensors, software, and hardware components for detection and diagnosis of failures and violations of safety or performance rules during the flight of a UAS Our approach to SHM is three-pronged, providing: (1) real-time monitoring of sensor and/or software signals; (2) signal analysis, preprocessing, and advanced on the- fly temporal and Bayesian probabilistic fault diagnosis; (3) an unobtrusive, lightweight, read-only, low-power realization using Field Programmable Gate Arrays (FPGAs) that avoids overburdening limited computing resources or costly re-certification of flight software due to instrumentation Our implementation provides a novel approach of combining modular building blocks, integrating responsive runtime monitoring of temporal logic system safety requirements with model-based diagnosis and Bayesian network-based probabilistic analysis We demonstrate this approach using actual data from the NASA Swift UAS, an experimental all-electric aircraft

Dynamic safety cases for through-life safety assurance

Abstract: We describe dynamic safety cases, a novel operationalization of the concept of through-life safety assurance, whose goal is to enable proactive safety management. Using an example from the aviation systems domain, we motivate our approach, its underlying principles, and a lifecycle. We then identify the key elements required to move towards a formalization of the associated framework.

Uncertainty management in multidisciplinary design of critical safety systems

Abstract: Managing the uncertainty in multidisciplinary design of safety-critical systems requires not only the availability of a single approach or methodology to deal with uncertainty but a set of different strategies and scalable computational tools (that is, by making use of the computational power of a cluster and grid computing). The availability of multiple tools and approaches for dealing with uncertainties allows cross validation of the results and increases the confidence in the performed analysis. This paper presents a unified theory and an integrated and open general-purpose computational framework to deal with scarce data, and aleatory and epistemic uncertainties. It allows solving of the different tasks necessary to manage the uncertainty, such as uncertainty characterization, sensitivity analysis, uncertainty quantification, and robust design. The proposed computational framework is generally applicable to solve different problems in different fields and be numerically efficient and scalable, allowin...

Development and validation of a multilevel safety climate measurement tool in the construction industry

Abstract: Construction organizations are large and complex with decentralized structures, and characterized by non-routine work undertaken by semi-autonomous work groups. Construction workers’ perceptions of safety climate can form at different levels and vary between subunits. A multilevel safety climate measurement tool was proposed, which identified five important safety agents, i.e. client, principal contractor, supervisor, co-workers, and individual workers. Surveys were conducted at three construction projects commissioned by Fonterra Co-operative Group. A total of 356 participants completed the survey. The data was subject to scale reliability analysis and factor analysis. The results showed that all scales achieved satisfactory internal consistency and the multilevel factorial structure was generally supported. At the organizational level, the tool measures clients’ overall safety priority and safety actions, and principal contractors’ general commitment to safety. At the group level, the tool measures supe...

Attribute-Based Safety Risk Assessment. I: Analysis at the Fundamental Level

Abstract: Quantifying safety risks and performing comparative analyses is an emerging research field. Unfortunately, current risk assessment strategies are problematic because they require every new infrastructure feature and construction method to be individually evaluated using laborious research processes. To enhance the current construction safety management methods, an attribute-based risk identification and analysis method is presented that helps designers and preconstruction planners identify and model safety risk independently of specific activities or building components. The inspiration for this new risk management technique was derived from the Human Genome Project, which implies that while there are billions of people around the world, their vulnerability towards specific kinds of disease can be explained by a limited number of genes. This concept for attribute-based risk assessment was adapted by testing the hypothesis that injuries and fatalities in construction result from a finite number of ...

Comprehensive traffic control system

Abstract: The present invention provides a system that utilizes radio signals, cellular network and GPS technologies to provide a multi task system that deals with a variety of traffic related aspects such as intersection design systems, in-car traffic light systems, in-car traffic light system app for both drivers and pedestrians, roadside assistance and safety alert systems, high speed chase systems, roadway radar systems, law enforcement safety systems, emergency vehicles preemption systems, vehicle location logging systems, security and crime-fighting systems, missing person search systems and children in vehicles safety systems. The system consists of a number of electronic units, each one of these units perform a number of programmed functions. Examples of these units are: Police Vehicle Unit, Emergency Vehicle Unit, Vehicle Unit and Roadway Intersection Unit.

Safety-driven early concept analysis and development

Abstract: As aerospace systems become increasingly complex and the roles of human operators and autonomous software continue to evolve, traditional safety-related analytical methods are becoming inadequate. Traditional hazard analysis tools are based on an accident causality model that does not capture many of the complex behaviors found in modern engineered systems. Additionally, these traditional approaches are most effective during late stages of system development, when detailed design information is available. However, system safety cannot cost-effectively be assured by discovering problems at these late stages and adding expensive updates to the design. Rather, safety should be designed into the system from its very conception. The primary barrier to achieving this objective is the lack of effectiveness of the existing analytical tools during early concept development. This thesis introduces a new technique, which is based on a more powerful model of accident causality that can capture behaviors that are prevalent in these complex, software-intensive systems. The proposed approach builds on a new accident causality model, called Systems-Theoretic Accident Model and Process, developing a methodology on the model so that it can be applied during the early concept development stages of systems engineering. The goals are to (1) develop rigorous, systematic tools for the analysis of future concepts in order to identify hazardous scenarios, and (2) extend these tools to assist stakeholders in the development of concepts using a safety-driven approach. This work first develops a methodology for hazard analysis of a concept of operations (ConOps) using control theory to generate a model of that ConOps. Formal, systems-theoretic concepts such as hierarchy, emergence, communication, and coordination are used to analyze the model and identify hazards in the concept. These hazardous scenarios then guide the development of requirements and the generation of a system architecture, defined as a hierarchical control structure. This model-based approach represents a significant departure from the state of the art; in the new approach a concept is defined, developed, and analyzed according to a control theoretic model rather than free form, natural language text. The power of the proposed approach-called Systems-Theoretic Early Concept Analysis-is demonstrated on a concept currently being developed by the United States Federal Aviation Administration.

A comprehensive and harmonized method for assessing the effectiveness of advanced driver assistance systems by virtual simulation: The P.E.A.R.S

Abstract: The assessment of real-world effectiveness of advanced driver assistance systems (ADAS) is gaining importance as more and more systems enter the market. Many different approaches have been developed. Therefore, the automobile industry, universities, and automotive research institutes in Europe have started an initiative for cooperative research. A ‘Harmonization Group’ was established in 2012 whose motivation is the development of a comprehensive, reliable, transparent, and thus accepted methodology for quantitative assessment of these systems by virtual simulation. The harmonization group focuses on prospective analysis, which has the objective to estimate the expected safety benefits of current and beyond-state-of-the-art applications. Commonly used methods for prospective analyses are FOT's, subject studies in driving simulators, on closed test tracks or on open roads, and virtual analyses by means of simulation. Currently, the basis for an assessment by virtual simulation can be obtained either from reconstructed real-world crashes or from generic synthetic scenarios derived from realistic distributions of pre-crash conditions and traffic. Simulations allow for large number of cases and thus are capable of fulfilling the requirements posed by a sound sample size calculation. Simulation is certainly not a sole generic solution for all kinds of research questions, but it represents an integrative method to combine different knowledge areas in order to achieve an overall effectiveness result. It offers a promising combination of speed, flexibility, reproducibility, and experimental control. The expected outputs of the group activities are the following: (1) Identification of research questions (e.g. what changes in traffic safety can be expected due to the introduction of system X in country Y?); (2) Definitions and metrics of the effectiveness (e.g. % reduction in fatal/injury crashes in a specific country/Europe; total reduction in fatalities over a period depending on a penetration rate); (3) Structure for the assessment procedures including a description of the required sub-processes and the procedures to be followed; (4) Description of the basic abstract models that are used in the simulation: driver, vehicle, road, traffic, and safety systems. The driver model is used to simulate various driver responses to inputs from the environment and the signals of the ADAS in various driving situations, traffic conditions, cars, and environments; (5) Examples of the assessment of several ADAS (e.g. Lane Departure Warning, Advanced Cruise Control, Automated Emergency Braking). The paper is a methodological paper presenting on-going activities of the Harmonization Group, so-called P.E.A.R.S. (Prospective Effectiveness Assessment for Road Safety), that involves more than 30 institutions in Europe. Applied results will come once the harmonized framework is completed and the validation tests on several driving assistance systems have been shown successful. Further the document is set up to deliver the appropriate input for a draft proposal of an International Organization for Standardization (ISO) or Society of Automotive Engineers (SAE) standard. This activity is an opportunity to harmonize methodologies used for assessment of ADAS in Europe. The involvement of non-European based stakeholders allows for a worldwide harmonization impact. A comprehensive assessment theoretical framework as well as concrete techniques should become available for wide usage by all stakeholders involved in ADAS effectiveness assessment.

WAP: Digital dependability identities

Abstract: Cyber-Physical Systems (CPS) provide enormous potential for innovation but a precondition for this is that the issue of dependability has been addressed. This paper presents the concept of a Digital Dependability Identity (DDI) of a component or system as foundation for assuring the dependability of CPS. A DDI is an analyzable and potentially executable model of information about the dependability of a component or system. We argue that DDIs must fulfill a number of properties including being universally useful across supply chains, enabling off-line certification of systems where possible, and providing capabilities for in-field certification of safety of CPS. In this paper, we focus on system safety as one integral part of dependability and as a practical demonstration of the concept, we present an initial implementation of DDIs in the form of Conditional Safety Certificates (also known as ConSerts). We explain ConSerts and their practical operationalization based on an illustrative example.

Risk Assessment for Natural Gas Hydrate Carriers: A Hazard Identification (HAZID) Study

Abstract: Sea transport of natural gas in the form of hydrate pellets is a new technological approach. Introducing new technologies bears raises the possibility of introducing unknown risks or—in case of alternatives for already existing technical solutions—higher risk, either human-, environmental-, or property-related. The option of gas transport by natural gas hydrate pellets has been introduced within the Korean joint research project. One key task was the safety evaluation of the novel natural gas hydrate carrier (NGH carrier) developed in the project. The aim of this work was to support and assess the risk aspects of the development to ensure that the risk level for the newly developed concept is as low as for existing competing concepts, especially LNG carriers. The NGH carrier is based on the concept of the self-preservation effect and thereby preserves NGH in the form of pellets at atmospheric pressure and temperatures lower than −20 °C. In order to identify all the possible hazards in the system and then enhance the system safety, a Hazard Identification (HAZID) study was conducted. As a result of the HAZID, 80 identified hazards in total were explored and ranked in terms of risk index for the semi-quantitative risk evaluation. Among the hazards identified, three hazards were found to have unacceptable risk level and twenty eight to have acceptable but ALARP risk level. Regarding the hazards with unacceptable risk or ALARP risk, additional safety actions and recommendations for risk control were discussed and proposed in a SAFETY ACTION REGISTER, which would be considered and utilized by designers when developing the detailed system design in the future. In conclusion, the overall safety level of the NGH carrier is considered acceptable. However, it was found that a few external hazards associated with extremely harsh weather could be critical threats to the system. Relevant safety actions against them, therefore, must be provided in the system design.