No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Using SysML to Automatically Generate of Failure Modes and Effects Analyses
Abstract
This paper describes a method for automated generation of Failure Modes and Effects Analyses from SysML models containing block definition diagrams, internal block diagrams, state transition machines, and activity diagrams. The SysML model can be created in any SysML modeling tool and then an analysis is performed using the AltaRica language and modeling tool. An example using a simple satellite and ground user shows the approach.
... This section delves into efforts to integrate security analysis into MBSE, with a particular focus on FMEA generation or fault tree generation, as detailed in references [17][18][19][20]. The analysis of both FMEA tables and dynamic fault tree generation methods can be effectively supported by SysML [17,[21][22][23]. ...
... Thus, integrating safety and reliability analysis with MBSE can effectively reduce the occurrence of errors caused by manual reasoning. The integration of safety analysis with Model-Based Systems Engineering (MBSE) has mainly focused on the generation of Failure Modes and Effects Analysis (FMEA) [18,19] or the generation of fault trees [20,24,25]. ...
... They studied and compared the SysML language with the AltaRica language and ultimately had safety experts complete the FMEA report. Hecht et al. [19] employed model transformation techniques to convert SysML models representing system structure and fault modes into AltaRica models and subsequently generated FMEA tables from these models. However, these methods rely more on security experts to create the FMEA table manually, and the specific failure reasons need to be added by security experts. ...
As embedded systems become increasingly complex, traditional reliability analysis methods based on text alone are no longer adequate for meeting the requirements of rapid and accurate quantitative analysis of system reliability. This article proposes a method for automatically generating and quantitatively analyzing dynamic fault trees based on an improved system model with consideration for temporal characteristics and redundancy. Firstly, an “anti-semantic” approach is employed to automatically explore the generation of fault modes and effects analysis (FMEA) from SysML models. The evaluation results are used to promptly modify the system design to meet requirements. Secondly, the Profile extension mechanism is used to expand the SysML block definition diagram, enabling it to describe fault semantics. This is combined with SysML activity diagrams to generate dynamic fault trees using traversal algorithms. Subsequently, parametric diagrams are employed to represent the operational rules of logic gates in the fault tree. The quantitative analysis of dynamic fault trees based on probabilistic models is conducted within the internal block diagram of SysML. Finally, through the design and simulation of the power battery management system, the failure probability of the top event was obtained to be 0.11981. This verifies that the design of the battery management system meets safety requirements and demonstrates the feasibility of the method.
... Safety artifacts such as FMEA tables and fault trees can be automatically generated from this model. In [37] and [38], the authors demonstrate the ability to generate a single type of safety artifact from SysML models. Xiang et al. [37] transformed SysML models into reliability configuration model (RCM) specifications from which static fault trees were generated. ...
... Xiang et al. [37] transformed SysML models into reliability configuration model (RCM) specifications from which static fault trees were generated. Hecht et al. [38] transformed SysML diagrams that modeled the system structure and behavior into AltaRica models from which an FMEA table was generated. Although both [37] and [38] show the utility in using SysML models to automatically generate safety artifacts, they are limited to a specific type of safety artifact. ...
... Hecht et al. [38] transformed SysML diagrams that modeled the system structure and behavior into AltaRica models from which an FMEA table was generated. Although both [37] and [38] show the utility in using SysML models to automatically generate safety artifacts, they are limited to a specific type of safety artifact. The entire safety life cycle requires several safety artifacts to be generated as the system design evolves. ...
Safety analysis is often performed independent of the system design life cycle, leading to inconsistency between the system design and the safety artifact. Additionally, the process of generating safety artifacts is manual, time-consuming, and error-prone. As a result, safety analysis often requires re- work, is expensive, and increases system development time. Several model-based systems engineering (MBSE) approaches have been developed to automatically generate certain safety artifacts. However, these approaches only cover part of the system design and safety life cycle. To truly leverage the benefits of MBSE, system design must be undertaken together with safety analysis for the entire life cycle, and multiple safety artifacts must be generated from the same model. Moreover, MBSE approaches that require a model transformation between the system design and the safety model suffer from the inability to automatically reflect changes made to a safety artifact in the system and the safety model. This paper presents a framework to integrate the entire system design and safety life cycle using an MBSE approach. Both the system design and the safety data are captured in a single SysML model, from which safety artifacts such as failure modes and effects analysis (FMEA) tables and fault trees are automatically generated. This framework ensures consistency between the system design and the safety analysis by requiring no model transformation, thus reducing the resources required for safety analysis. The proposed Integrated System Design and Safety (ISDS) framework comprises three phases that together cover the entire system design and safety life cycle. In this paper, the application of Phase 1 of the framework to a real-world case study is demonstrated.
... Diese Werkzeuge unterstützen eine korrekte Anwendung der Sprache und die Erzeugung unterschiedlicher Sichten (Diagramme). MBSE-Methoden werden eingesetzt, um verschiedene Entwicklungsaktivitäten zu unterstützen, darunter Anforderungserhebung [14], Architekturentwurf [13], Konzeptentwicklung und Änderungsauswirkungsanalyse in mechatronischen Systemen [15], Sicherheits-und Zuverlässigkeitsanalyse [16] oder die Entwicklung rekonfigurierbarer Systeme [17]. Abgesicherte Erkenntnisse über den Nutzen und die Vorteile von MBSE in der industriellen Praxis werden bisher kaum berichtet. ...
Cyber-physical systems, used in domains such as avionics or medical devices, perform critical functions where a fault might have catastrophic consequences (mission failure, severe injuries, etc.). Their development is guided by rigorous practice standards that prescribe safety analysis methods in order to verify that failure have been correctly evaluated and/or mitigated. This laborintensive practice typically focuses system safety analysis on system engineering activities.
As reliance on software for system operation grows, embedded software systems have become a major source of hazard contributors. Studies show that late discovery of errors in embedded software system have resulted in costly rework, making up as much as 50% of the total software system cost. Automation of the safety analysis process is key to extending safety analysis to the software system and to accommodate system evolution.
In this paper we discuss three elements that are key to safety analysis automation in the context of fault tree analysis (FTA). First, generation of fault trees from annotated architecture models consistently reflects architecture changes in safety analysis results. Second, use of a taxonomy of failure effects ensures coverage of potential hazard contributors is achieved. Third, common cause failures are identified based on architecture information and reflected appropriately in probabilistic fault tree analysis. The approach utilizes the SAE Architecture Analysis & Design Language (AADL) standard and the recently published revised Error Model Annex V2 (EMV2) standard to represent annotated architecture models of systems and embedded software systems.
The approach takes into account error sources specified with an EMV2 error propagation type taxonomy and occurrence probabilities as well as direct and indirect propagation paths between system components identified in the architecture model to generate a fault graph and apply transformations into a fault tree representation to support common mode analysis, cut set determination and probabilistic analysis.
This paper describes a modular representation and compositional analysis of a system's hardware and software components, called Fault Propagation and Transformation Calculus (FPTC). We show, given an architectural description of how components are combined into a whole system, together with an FPTC expression of each component's failure behaviour, how the failure properties of the whole system can be computed automatically from the individual FPTC expressions.From a safety point of view, this provides some idea of robustness: the system's capability to withstand certain types of failures in individual components. It also provides a way to understand how and where to develop fault accommodation within an architecture.
Cyberphysical (embedded) computer system availability and reliability can be modeled and assessed using the Architecture Analysis and Design Language (AADL) and its Error Model Annex. AADL can represent systems at multiple levels of abstraction. Therefore, analyses can be performed early and often throughout the development process thereby minimizing the cost and schedule impact of changes. We discuss how the AADL and its Error Model Annex can be used for automated generation of a reliability/dependability model. We then describe a tool set to graphically create AADL system architecture and error behavior files that are then transformed into Stochastic Petri Nets (SPN) and Stochastic Activity Network (SAN) representations and demonstrate its use using a generic satellite as an example.
A Practical Guide to SysML, 2e, fully updated for SysML version 1.3, provides a comprehensive and practical guide for modeling systems with SysML. SysML is a complex tool with many features and a steep learning curve. This book provides guidance on the commonly-used features (sometimes called "SysML Light") to help readers and instructors get started quickly. It also includes a full description of the language along with a quick reference guide, and examples to help readers understand how SysML can be used in practice. Additionally, it offers guidance on how an organization or project can transition to model based systems engineering using SysML, with considerations for processes, methods, tools, and training. The authoritative guide for understanding and applying SysML Written by the leader and two key members of the OMG SysML standardization team Language description, examples, and quick reference guide included.
“Traditional” risk modeling formalisms (e.g. FMEA, Fault Trees, Markov Processes, etc.) are well mastered by safety analysts. Efficient algorithms and tools are available. However, models designed with these formalisms are far from the specifications of the systems under study. They are consequently hard to design and to maintain throughout the life cycle of systems. The high-level modeling language AltaRica has been created to tackle this problem. The objective of the AltaRica 3.0 project is to design a new version of AltaRica, and to develop a complete set of authoring, simulation and assessment tools to perform safety analyses: virtual experiments on systems, via models, calculation of different kinds of reliability indicators, etc. AltaRica 3.0 improves significantly the expressive power of AltaRica Data-Flow without decreasing the efficiency of its assessment algorithms. Prototypes of a Fault Tree compiler, a stochastic and a stepwise simulators have been already developed. Other tools are under specification or implementation.
Fault tree analysis (FTA) is a traditional reliability analysis technique. In practice, the manual development of fault trees could be costly and error-prone, especially in the case of fault tolerant systems due to the inherent complexities such as various dependencies and interactions among components. Some dynamic fault tree gates, such as Functional Dependency (FDEP) and Priority AND (PAND), are proposed to model the functional and sequential dependencies, respectively. Unfortunately, the potential semantic troubles and limitations of these gates have not been well studied before. In this paper, we describe a framework to automatically generate static fault trees from system models specified with SysML. A reliability configuration model (RCM) and a static fault tree model (SFTM) are proposed to embed system configuration information needed for reliability analysis and error mechanism for fault tree generation, respectively. In the SFTM, the static representations of functional and sequential dependencies with standard Boolean AND and OR gates are proposed, which can avoid the problems of the dynamic FDEP and PAND gates and can reduce the cost of analysis based on a combinatorial model. A fault-tolerant parallel processor (FTTP) example is used to demonstrate our approach.
The verification of safety-critical systems using formal techniques is not something new[15]. Traditionally, safety-critical systems are verified using hazard analysis techniques, e.g., fault tree analysis. As safety-critical systems have become larger and more complex, several analysis techniques with compositional capabilities were developed. However, these techniques were not able to analyse stochastic systems. In this paper, we present a model-based compositional safety analysis technique (i.e., failure propagation analysis) and explore the feasibility of integrating this safety analysis technique with techniques of probabilistic model checking, more precisely the PRISM model checker. By doing so, we make it possible to rigorously verify a model while system failure behaviours are quantitatively analysed.
Traditional methods for assessing software safety suffer from poor integration (from methodological, operational and semantic points of view) both with each other, and with the rest of the develpment life cycle of safety-critical systems. Our goal is to develop a set of methods and tools that addresses these weaknesses; this article describes our current research in these areas. We describe an integrated approach to software safety analysis based on the techniques of fault tree analysis and failure modes, effects, and criticality analysis, together with a prototype tool set to implement these techniques. Issues pertaining to the integration of safety analysis into a broader development life cycle are also discussed. Our approach emphasizes pragmatism and simplicity—we aim to create a set of tools and methods that are robust, and straightforward, and directly usable by industrial practitioners in the field of software safety.
The development of safety critical systems becomes even harder since the complexity of these systems grows continuously. Moreover, this kind of process involves the use of powerful design methods and precise reliability techniques that utilize dissimilar models and construction policy. In this article we propose a method to unify and enhance this process by linking functional design phase using SysML with commonly used reliability techniques such as FMEA and dysfunctional models construction in AltaRica Data Flow. We present how SysML models can be analyzed automatically in order to produce an FMEA and expose a parallel between SysML models and AltaRica Data Flow ones. The given approach is structured around a database of dysfunctional behaviors that supports the studies and is updated by the obtained results. We exemplify the approach to analyze a system of level controlling of a tank.
Assessing the safety characteristics of software driven safety
critical systems is problematic. The author has performed software FMEA
on embedded automotive platforms for brakes, throttle, and steering with
promising results. Use of software FMEA at a system and a detailed level
has allowed visibility of software and hardware architectural approaches
which assure safety of operation while minimizing the cost of safety
critical embedded processor designs. Software FMEA has been referred to
in the technical literature for more than fifteen years. Additionally,
software FMEA has been recommended for evaluating critical systems in
some standards, notably draft IEC 61508. Software FMEA is also provided
for in the current drafts of SAE ARP 5580. However, techniques for
applying software FMEA to systems during their design have been largely
missing from the literature. Software FMEA has been applied to the
assessment of safety critical real-time control systems embedded in
military and automotive products. The paper is a follow on to and
provides significant expansion to the software FMEA techniques
originally described by the author in the 1993 RAMS paper
“Validating The Safety Of Real-Time Control Systems Using
FMEA”
The AltaRica 3.0 project for Model-Based Safety Assessment, DCDS 2013 conference Recommended Failure Modes and Effects Analysis (FMEA) for non-Automobile Applications
- Tatiana Prosvirnova
- Michel Batteux
- Pierre-Antoine Brameret
- Great York
- Britain
Prosvirnova, Tatiana, 2013, Michel Batteux, Pierre-Antoine Brameret, e.t al.,The AltaRica
3.0 project for Model-Based Safety Assessment, DCDS 2013 conference, September 4-6,
2013,
York,
Great
Britain,
available
at
http://altarica.fr/wp-
content/uploads/2013/09/PBB13_DCDS2013_AltaRica3_0.pdf
SAE, 2001. SAE International (standards organization), " Recommended Failure Modes and
Effects Analysis (FMEA) for non-Automobile Applications ", SAE Aerospace
Recommended Practice ARP-5580, July 2001
Kazuo Yanoo, Yoshiharu Maeno, and Kumiko Tadano Automatic Synthesis of Static Fault Trees from System Models
- Prosvirnova Xiang
Xiang, Prosvirnova, 2011. Kazuo Yanoo, Yoshiharu Maeno, and Kumiko Tadano, " Automatic
Synthesis of Static Fault Trees from System Models ", 2011 Fifth International Conference
on Secure Software Integration and Reliability Improvement
Architecture Analysis and Design Language (AADL) Annex Volume 1: Annex A: Graphical AADL Notation, Annex C: AADL Meta-Model and Interchange Formats, Annex D: Language Compliance and Application Program Interface Annex E: Error Model Annex
SAE, 2011. SAE International (standards organization). Architecture Analysis and Design
Language (AADL) Annex Volume 1: Annex A: Graphical AADL Notation, Annex C:
AADL Meta-Model and Interchange Formats, Annex D: Language Compliance and
Application Program Interface Annex E: Error Model Annex, available online at
http://www.sae.org/servlets/works/documentHome.do?comtID=TEAAS2C&docID=AS550
6/1&inputPage=dOcDeTaIlS
Safety Analysis for a Software Intensive System
- W G Greenwell
- M Haddock
- S Hecht
- E Meyers
- E Shokri
- Nguyen
Greenwell, W., 2008. G. Haddock, M. Hecht, S. Meyers, E. Shokri, E. Nguyen, "Safety Analysis
for a Software Intensive System", Proc. 2008 Space Systems Engineering and Risk
Management Workshop, Los Angeles, CA
February, 2008, available online at
www.aero.org/conferences
NASA-GB-8719.13, available from http://www.hq.nasa.gov/office/codeq/doctree/871913.pdf No Magic)Cameo Systems Modeler home page
NASA, 2004 Software Safety Guidebook ", NASA-GB-8719.13, available from
http://www.hq.nasa.gov/office/codeq/doctree/871913.pdf
No Magic, 2015 No Magic, Inc., 20(Ge, 2010)Cameo Systems Modeler home page,
http://www.nomagic.com/products/cameo-systems-modeler.html
Using FMEA to Improve Software Reliability
- K Strong
Strong, K., 2013. "Using FMEA to Improve Software Reliability", Pacific Northwest
Software Quality Conference (PNSQC) 2013 Proceedings, available at
http://www.uploads.pnsqc.org/2013/papers/t-026_Strong_paper.pdf
Analysing System Failure Behaviours With PRISM
- X R F Ge
- J A Paige
- Mcdermaid
Ge, X. 2 0 1 0, R.F.Paige and J.A.McDermaid. Analysing System Failure Behaviours With
PRISM, 2010 Fourth IEEE International Conference on Secure Software Integration and
Reliability
Improvement
Companion,
available
online
at
www.researchgate.net/publication/.../72e7e517e8dd421bca.pdf
Helminen Atte Failure Mode and Effects Analysis of Software- Based Automation Systems " , Finnish Radiation and Nuclear Safety Authority (STUK), report STUK-YTO-TR 190
- Haapanen Pentti
Pentti, Haapanen 2002. Helminen Atte, " Failure Mode and Effects Analysis of Software-
Based Automation Systems ", Finnish Radiation and Nuclear Safety Authority (STUK),
report
STUK-YTO-TR
190,
August
2002,
available
at
http://www.fmeainfocentre.com/handbooks/softwarefmea.pdf
25 th Annual INCOSE International Symposium (IS2015)
Seattle, July 13-(Fenelon, 1993), 2015
Modeling of Failures, Recoveries, and Propagations in SysML
- M Hecht
- J Tamaki
- D Lo
Hecht, M. 2013, J. Tamaki, D. Lo, "Modeling of Failures, Recoveries, and Propagations in
SysML", International Symposium on Software Reliability Engineering, Pasadena,
CA, November, 2013
Recommended Failure Modes and Effects Analysis (FMEA) for non-Automobile Applications
SAE, 2001. SAE International (standards organization), "Recommended Failure Modes and
Effects Analysis (FMEA) for non-Automobile Applications", SAE Aerospace
Recommended Practice ARP-5580, July 2001
Automatic Synthesis of Static Fault Trees from System Models
- Prosvirnova Xiang
- Yoshiharu Yanoo
- Kumiko Maeno
- Tadano
Xiang, Prosvirnova, 2011. Kazuo Yanoo, Yoshiharu Maeno, and Kumiko Tadano, "Automatic
Synthesis of Static Fault Trees from System Models", 2011 Fifth International Conference
on Secure Software Integration and Reliability Improvement
Modeling of Failures Recoveries and Propagations in
- M J Hecht
- D Tamaki
- Lo
AADL Error Model Version 2 available online athttps
- P Feiler
Space Systems Engineering and Risk Management Workshop Los Angeles CAFebruary
- Greenwell G Haddock
- M Hecht
- S Meyers
- E Shokri
- E Nguyen