toulouse, september 2003 page 1 journee altarica airbus esacs isaac

Toulouse, September 2003

JOURNEE ALTARICA

Airbus

ESACS ISAAC


SYSTEM

DESIGN PROCESS

SAFETY PROCESS

Design

“View”Safety “View”

Objective: to identify any potential hazard to remove the causes of the identified hazards to mitigate the effect of the hazards to maintain the hazards probability in the limits imposed by the severity class

ESACS SCOPE & OBJECTIVE (REMINDER)

ESACS: Enhanced Safety Assessment for Complex Systems


Applicable at different steps of system development process.

Model capturing (SM or FoSaM)

FM capturing Extended model (ESM)

SR capturing Model analysisverification tool

Safety resultextraction

Safety analysistools

ESACS General Methodology

Name

This slide should serve to structure the following presentation of the technology.


• Abstraction on the System Model

• Failure Mode Capturing

• Safety Requirements Capturing

• Safety Model Analysis

– Fault Tree Generation– Sequence Generation– Model Checking

• Model using Safety Architecture Patterns (FoSaM)

APPLICATION OF THEPRELIMINARY ESACS METHODOLOGY & TOOL-SET


• Unquestionable advantages in term of formal safety modelling and interactive simulation (normal and failure behaviour)

• Safety assessment based on a unique view of the system improves integration of system design and safety analysis in the early phases of development

• Improvement of the interaction between design and Safety Engineers through a better exchange of information

• Both static and dynamic properties can be studied

• Automatic generation of FTA is a plus

• Moreover during cycle 2 tests, new features, required at the end of cycle 1 tests, were implemented to allow the user obtaining more useful results from the safety analyses

Main advantages of ESACS approach and tools

• Automatic verification of the system safety requirement (use of FTA, use of safety patterns) improves the effectiveness of the validation and verification process

• Workload is expected to be decreased in the whole process (including modifications arising later in the system life cycle)

• The Design Engineers is more involved (significant points expected to be found earlier)

• Problems can be identified more efficiently

• Hazards and undesired outputs (timing aspects) are expected to be earlier identified (before simulations and test activities)


Weak points and expected improvements

• ESACS methodology relies on new technologies (model checkers, sequence generation). A high level of skills and training is thus required to handle them

• Model checker of system models using fully “real” parameters may lead to memory overflow and over computation time for complex system models

• Definition of a common format can be helpful for the integration of new tools, but should not be the sole answer since upgrades of new tools may lead to a loss of their interoperability with the rest of ESACS platform

• Interoperability between modelling tools need to be further investigated

• In any case it had to be said that, during cycle 2, in parallel to the activity of development of new facilities, Technology Partners done some job towards integration.

• Integration of ESACS safety process into a current industrial process will probably take time:

– due to ESACS maturity needs for improvements

– for the involved engineers to get used to this new common process

• At the end of cycle 2 application, the main methodological basis for an integrated and automated safety evaluation on complex systems have been built.

• The main improvements required by the users concern technological aspects (e.g. the optimisation of the computation algorithm and the improvement of integration among the different tools available then of the user interface) ISAAC project


Integration of methodology into the safety process inside the industrial development process

EEqquuiippmmeennttss

SSyysstteemm FFuunnccttiioonnss

FFaaiilluurree ccoonnddiittiioonnss

FFMMEESS,, FFCC,, EEvveenntt,, DDSSFF

EESSMM//FFooSSAAMM:: IInnvveessttiiggaattee rreedduunnddaannccyy iiddeennttiiffyy ssaaffeettyy ppaatttteerrnnss

……..

CCllaassssiiccaall PP..SS..SS..AA

DDeeppeennddeennccee DDiiaaggrraamm//FFaauulltt TTrreeee

Input Safety Requirements

SSyysstteemm FF..HH..AA

AA AArrcchhiitteeccttuurree SSaaffeettyy VVaalliiddaattiioonn

RReessuulltt CCoommppaarriissoonn

FFTT GGeenneerraattiioonn

sseeqquueenncceess ……

EESSAACCSS ddeettaaiilleedd sstteeppss

OOtthheerr VVaalliiddaattiioonn AAccttiivviittiieess

VVeerriiffiiccaattiioonn AAccttiivviittiieess:: CCllaassssiiccaall SS..SS..AA,, EESSAACCSS ddeettaaiilleedd sstteeppss,,……

EESSAACCSS ffiirrsstt sstteeppss

VVaalliiddaattiioonn AAccttiivviittiieess


A proposal for a new project was presented to the EC in the FP6-1st Call

(March 2003):

ISAACImprovement of Safety Activities on Aeronautical Complex systems

Partners: ESACS Consortium + DASSAULT AVIATION

PERSPECTIVE ON THE FUTURE WORK:FP6 “ISAAC” PROPOSAL


OBJECTIVES:CONSOLIDATION OF ESACS WORK (towards mature

technology), including:• High Level Representation, UML, Patterns for architecture• Timing and Quantitative Analysis• ESACS Platform improvement

NEW THEMES, including:• Human errors• Common Cause analysis • Mission Analysis• System Diagnosability

COMMONALITIES, including:• Process sharing: Common Points of Methodology & Analysis• Integrability: Translators and Algorithms, Libraries



DETAILED OBJECTIVES: Common Cause analysis

– Interfacing:

» system function/failure simulations

» with geometrical/topological simulations

– Improving:

» The safety process: Common Mode Analysis, Zonal Safety Analysis, Particular Risk Analysis

» The layout/installation process: layout requirements

– Airbus experimentation:

» Connecting OCAS and IRIS (topological tool)

» Assessing the connection requirements with CATIA

» Testing on A380 system case studies



In the frame of ISAAC, to go towards a “more mature” tool-set to be applied in the Industrial Process

CONCLUSION

Standard Involvement

toulouse, september 2003 page 1 journee altarica airbus esacs isaac

Documents