Hazard Analysis of Complex Spacecraft Using Systems-Theoretic Process Analysis

Ishimatsu, Takuto; Leveson, Nancy G.; Thomas, John; Fleming, Craig; Katahira, Mitsuhiko; Miyamoto, Yuko; Ujiie, Ryo; Nakao, Haruka; Hoshino, Nobuyuki

doi:10.2514/1.a32449

Cited by 91 publications

(45 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From the 13 common identified hazards, it can be observed that both methods found software error type hazards covering the dynamic behavior of the system. In Ishimatsu et al (2014); Thomas and Leveson (2011); Leveson et al (2012); Nakao et al (2011);Fleming et al (2012Fleming et al ( , 2013, the authors have mentioned that the traditional analysis methods (FMEA, FTA, etc.) cannot identify software errors.…”

Section: Discussionmentioning

confidence: 99%

“…The authors presented the advantages and disadvantages of these methods and concluded their study with an attempt of combining both deductive (top-down) and inductive (bottom-up) risk/safety analysis methods. Ishimatsu et al (2014) compared the STPA hazards analysis results with the FTA analysis results that were used to certify the H-II Transfer Vehicle (HTV). The HTV is an unmanned cargo transfer spacecraft that is launched from the Tanegashima Space Center aboard the H-IIB rocket and delivers supplies to the international space station (ISS).…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Comparison of the FMEA and STPA safety analysis methods–a case study

et al. 2017

View full text Add to dashboard Cite

As our society becomes more and more dependent on IT systems, failures of these systems can harm more and more people and organizations. Diligently performing risk and hazard analysis helps to minimize the potential harm of IT system failures on the society and increases the probability of their undisturbed operation. Risk and hazard analysis is an important activity for the development and operation of critical software intensive systems, but the increased complexity and size puts additional requirements on the effectiveness of risk and hazard analysis methods. This paper presents a qualitative comparison of two hazard analysis methods, failure mode and effect analysis (FMEA) and system theoretic process analysis (STPA), using case study research methodology. Both methods have been applied on the same forward collision avoidance system to compare the effectiveness of the methods and to investigate what are the main differences between them. Furthermore, this study also evaluates the analysis process of both methods by using a qualitative criteria derived from the technology acceptance model (TAM). The results of the FMEA analysis were compared to the results of the STPA analysis, which were presented in a previous study. Both analyses were conducted on the same forward collision avoidance system. The comparison shows that FMEA and STPA deliver similar analysis results.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Comparison of the FMEA and STPA safety analysis methods–a case study

et al. 2017

View full text Add to dashboard Cite

show abstract

“…In [10][11][12] the fact is also confirmed, that the causes of many incidents and accidents through software are in the software requirements specification (SRS), rather than in coding. Today the evaluation of measures for the software quality subcharacteristics and characteristics, and indicators for the software quality metrics is conducted only for the ready source code [12].…”

Section: Introductionmentioning

confidence: 86%

“…Analysis of the impact of software quality on the work of complex hardware and software systems [10][11][12] showed the important trend (that should be considered when evaluating and ensuring the software quality): software quality evaluation at the design stage will provide the opportunity for early detection of errors, for improving the software quality and for reducing the costs in its development. In [10][11][12] the fact is also confirmed, that the causes of many incidents and accidents through software are in the software requirements specification (SRS), rather than in coding.…”

Section: Introductionmentioning

confidence: 99%

Method of Evaluating the Weights of Software Quality Measures and Indicators

Hovorushchenko¹

2017

Appl. Theory Comput. Technol.

View full text Add to dashboard Cite

Nowadays the actual task is evaluating the mutual influences of the software quality characteristics and subcharacteristics by the measures and software quality metrics -by the indicators. The aim of this study is the development of the method of evaluating the weights of software quality measures and indicators. The first time developed method of evaluating the weights of the software quality measures and indicators differs from known methods that: considers the correlation of software quality subchcaracteristics by the measures and metrics by the indicators, calculates the weights of exactly measures and indicators, provides the conclusion about the presence of which measures and indicators in the software requirements specification (SRS) is necessary for the appropriate level of veracity of the software quality assessment. The weights of the software quality measures and indicators provide the sorting of all missing in the SRS measures and indicators in descending of their significance (in descending of their weights), i.e. the priority of their further addition in the SRS.

show abstract

“…The original FMEA method, best suited to the failure of single component was extended to other entities like computer based control systems or event human procedures (Ishimatsu et al, 2010). The authors do not overlook these progresses but think they do not change significantly the landscape as far as identifying emerging risks is concerned.…”

Section: A C C E P T E D Accepted Manuscriptmentioning

confidence: 99%

Limitations of current risk assessment methods to foresee emerging risks: Towards a new methodology?

Escande

Proust

Coze

2016

Journal of Loss Prevention in the Process Industries

View full text Add to dashboard Cite

Coze. Limitations of current risk assessment methods to foresee emerging risks : Towards a new methodology ?. Journal of Loss Prevention in the Process Industries, Elsevier, 2016Elsevier, , 43, pp.730-735. 10.1016Elsevier, /j.jlp.2016 M A N U S C R I P T A C C E P T E D AbstractThe objective of this work-in-progress is to investigate the potentialities but also the limitations of traditional risks analysis tools especially in the context of emerging technologies and develop a method facilitating the early detection of scenarios of accidents. This is certainly a challenge particularly for new industrial fields since, in this case, very little or no lesson from past accidents is available. It is believed that such situations cannot be conveniently treated using traditional risk assessment methods (HAZOP, FMEA,...) and typical examples are given. The reason is that those methods rely heavily on past accidents and are therefore "trapped" in them so that they are largely "inductive". In terms of foreseeing the future, the shortcomings of inductive methods are recalled. The possibility to imagine the future with very little clues is then discussed on the ground of theoretical consideration and a way to do so is proposed (abduction, serendipity). Then on the basis of the observation of how the experts work and how discoveries are made, a potential new methodology is outlined. Keywords: Decision engineering, Hazards identification, Management and planning, SafetyHighlights :• illustrated examples of various situations where standard risk analysis failed ;• illustrated examples of the successful identification of a unknown risk within the context of a formatted risk analysis exercise; • investigation of the way discoveries are made and of the potential links with the risk analysis exercise.

show abstract

Hazard Analysis of Complex Spacecraft Using Systems-Theoretic Process Analysis

Cited by 91 publications

References 4 publications

Comparison of the FMEA and STPA safety analysis methods–a case study

Comparison of the FMEA and STPA safety analysis methods–a case study

Method of Evaluating the Weights of Software Quality Measures and Indicators

Limitations of current risk assessment methods to foresee emerging risks: Towards a new methodology?

Contact Info

Product

Resources

About