https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Safety Analysis of Systems-of-Systems
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0003-4756-7285
2022 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Safety-critical systems may fail dangerously with severe consequences to the health of the involved humans, costly equipment, the environment, or other valuable assets of a stakeholder. For these classes of systems, the developers are obliged to analyze each potentially hazardous situation thoroughly. In addition, any identified hazardous situation needs to be considered for risk reduction measures, including adjustments of the system's design, additional safeguards if the hazards cannot entirely be removed by design, or warning information to users.  

An essential activity in the development process is the safety analysis, where hazards related to the system under development are identified, and the risks are evaluated and classified. This classification stipulates the rigor of complying with safety standard requirements and directing the development and verification activities. Several techniques for safety analysis have been identified in the literature and are applied in industrial development processes.

The technical evolution enables moving from developing single systems with specific features towards attaching several independent systems to a system-of-systems.On top of the trend towards connectedness, there is also a trend towards more and more automation. In the vehicle domain, autonomous vehicles can collaborate to achieve specific goals, like transporting goods in warehouses, transporting containers in automated ports, or transporting material in off-road environments.

Autonomy brings in new challenges when ensuring product safety and functional safety for single systems due to the lack of a human operator as a fallback solution.Further, when autonomous vehicles collaborate in a fleet, the safety analysis becomes more complex since their interaction and interoperability bring forth new hazards not identifiable with a safety analysis of a single system. Our research aims to bridge this gap and provide solutions for specifying a system-of-systems and finding and developing suitable safety analysis methods.

To understand the challenges and current practices, we have studied industrial projects where systems-of-systems are developed. We have applied safety analysis methods to our industrial cases and found limitations of finding hazards related to a system-of-systems. As part of our research, we have developed extensions to the safety analysis methods to support the analysis of a system-of-systems. We have developed the Safe System-of-Systems (SafeSoS) method which is a structured and hierarchical process to discover and document a system-of-systems characteristics on three primary abstraction levels. Additionally, we utilize model-based formalism to describe the System-of-Systems’ characteristics on each level. Our research results support engineers in the industry when designing a safety-critical system-of-systems.

Abstract [sv]

Safety-critical systems may fail dangerously with severe consequences to the health of the involved humans, costly equipment, the environment, or other valuable assets of a stakeholder. For these classes of systems, the developers are obliged to analyze each potentially hazardous situation thoroughly. In addition, any identified hazardous situation needs to be considered for risk reduction measures, including adjustments of the system's design, additional safeguards if the hazards cannot entirely be removed by design, or warning information to users.  An essential activity in the development process is the safety analysis, where hazards related to the system under development are identified, and the risks are evaluated and classified. This classification stipulates the rigor of complying with safety standard requirements and directing the development and verification activities. Several techniques for safety analysis have been identified in the literature and are applied in industrial development processes.The technical evolution enables moving from developing single systems with specific features towards attaching several independent systems to a system-of-systems.On top of the trend towards connectedness, there is also a trend towards more and more automation. In the vehicle domain, autonomous vehicles can collaborate to achieve specific goals, like transporting goods in warehouses, transporting containers in automated ports, or transporting material in off-road environments.Autonomy brings in new challenges when ensuring product safety and functional safety for single systems due to the lack of a human operator as a fallback solution.Further, when autonomous vehicles collaborate in a fleet, the safety analysis becomes more complex since their interaction and interoperability bring forth new hazards not identifiable with a safety analysis of a single system. Our research aims to bridge this gap and provide solutions for specifying a system-of-systems and finding and developing suitable safety analysis methods.To understand the challenges and current practices, we have studied industrial projects where systems-of-systems are developed. We have applied safety analysis methods to our industrial cases and found limitations of finding hazards related to a system-of-systems. As part of our research, we have developed extensions to the safety analysis methods to support the analysis of a system-of-systems. We have developed the Safe System-of-Systems (SafeSoS) method which is a structured and hierarchical process to discover and document a system-of-systems characteristics on three primary abstraction levels. Additionally, we utilize model-based formalism to describe the System-of-Systems’ characteristics on each level. Our research results support engineers in the industry when designing a safety-critical system-of-systems.

Place, publisher, year, edition, pages
Västerås: Mälardalen University , 2022.
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 355
Keywords [en]
System-of-Systems, Safety Analysis, Hazard Analysis, Model-based Development
National Category
Computer Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-56680ISBN: 978-91-7485-542-5 (print)OAI: oai:DiVA.org:mdh-56680DiVA, id: diva2:1616829
Public defence
2022-01-14, Zeta (och Zoom), Mälardalens högskola, Västerås, 13:00 (English)
Opponent
Supervisors
Available from: 2021-12-06 Created: 2021-12-04 Last updated: 2022-11-08Bibliographically approved
List of papers
1. Analyzing Hazards in System-of-Systems: Described in a Quarry Site Automation Context
Open this publication in new window or tab >>Analyzing Hazards in System-of-Systems: Described in a Quarry Site Automation Context
2017 (English)In: 11th Annual IEEE International Systems conference SysCon, 2017, p. 544-551Conference paper, Published paper (Refereed)
Abstract [en]

Methods for analyzing hazards related to individual systems are well studied and established in industry today. When system-of-systems are set up to achieve new emergent behavior, hazards specifically caused by malfunctioning behavior of the complex interactions between the involved systems may not be revealed by just analyzing single system hazards. A structured process is required to reduce the complexity to enable identification of hazards when designing system-of-systems. In this paper we first present how hazards are identified and analyzed using hazard and risk assessment (HARA) methodology by the industry in the context of single systems. We describe systems-of-systems and provide a quarry site automation example from the construction equipment domain. We propose a new structured process for identifying potential hazards in systems-of-systems (HISoS), exemplified in the context of the provided example. Our approach helps to streamline the hazard analysis process in an efficient manner thus helping faster certification of system-of-systems.

Series
Annual IEEE Systems Conference
Keywords
Hazard Analysis and Risk Assessment, System-of-Systems, Autonomous Machines, Safety, Certification
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-35503 (URN)10.1109/SYSCON.2017.7934783 (DOI)000403403400078 ()2-s2.0-85021435169 (Scopus ID)978-1-5090-4623-2 (ISBN)
Conference
11th Annual IEEE International Systems conference SysCon17, 24 Apr 2017, Montreal, Quebec, Canada
Projects
ITS-EASY Post Graduate School for Embedded Software and SystemsSafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communication
Funder
EU, Horizon 2020, 692529 Vinnova
Available from: 2017-06-09 Created: 2017-06-09 Last updated: 2021-12-04Bibliographically approved
2. Can STPA be used for a System-of-Systems? Experiences from an Automated Quarry Site
Open this publication in new window or tab >>Can STPA be used for a System-of-Systems? Experiences from an Automated Quarry Site
2018 (English)In: 4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings, 2018, no 4, article id 8544433Conference paper, Published paper (Refereed)
Abstract [en]

Automation is becoming prevalent in more and more industrial domains due to the potential benefits in cost reduction as well as the new approaches/solutions they enable. When machines are automated and utilized in system-of-systems, a thorough analysis of potential critical scenarios is necessary to derive appropriate design solutions that are safe as well. Hazard analysis methods like PHA, FTA or FMEA help to identify and follow up potential risks for the machine operators or bystanders and are well-established in the development process for safety critical machinery. However, safety certified individual machines can no way guarantee safety in the context of system-of-systems since their integration and interactions could bring forth newer hazards. Hence it is paramount to understand the application sce- narios of the system-of-systems and to apply a structured method to identify all potential hazards. In this paper, we 1) provide an overview of proposed hazard analysis methods for system-of- systems, 2) describe a case from construction equipment domain, and 3) apply the well-known System-Theoretic Process Analysis (STPA)f to our case. Our experiences during the case study and the analysis of results clearly point out certain inadequacies of STPA in the context of system-of-systems and underlines the need for the development of improved techniques for safety analysis of system-of-systems.

Keywords
Hazard Analysis and Risk Assessment, System- of-Systems, Autonomous Machines, STPA, Safety
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-41719 (URN)10.1109/SysEng.2018.8544433 (DOI)000469921000047 ()2-s2.0-85059989681 (Scopus ID)
Conference
4th IEEE International Symposium on Systems Engineering, ISSE 2018; Rome Marriott Park HotelRoma; Italy; 1 October 2018 through 3 October 2018; Category numberCFP18SYM-ART; Code 143143
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2018-12-21 Created: 2018-12-21 Last updated: 2021-12-04Bibliographically approved
3. A State-based Extension to STPA for Safety-Critical System-of-Systems
Open this publication in new window or tab >>A State-based Extension to STPA for Safety-Critical System-of-Systems
2019 (English)In: 4th International Conference on System Reliability and Safety ICSRS-2019, 2019, p. 246-254Conference paper, Published paper (Refereed)
Abstract [en]

Automation of earth moving machinery enables improving existing production workflows in various applications like surface mines, material handling operations or material transporting. Such connected and collaborating autonomous machines can be seen as a system-of-systems. It is not yet clear how to consider safety during the development of such systemof- systems (SoS). One potentially useful approach to analyze the safety for complex systems is the System Theoretic Process Analysis (STPA). However, STPA is essentially suitable to static monolithic systems and lacks the ability to deal with emergent and dysfunctional behaviors in the case of SoS. These behaviors if not identified could potentially lead to hazards and it is important to provide mechanisms for SoS developers/integrators to capture such critical situations. In this paper, we present an approach for enriching STPA to provide the ability to check whether the distributed constituent systems of a SoS have a consistent perspective of the global state which is necessary to ensure safety. In other words, these checks must be capable at least to identify and highlight inconsistencies that can lead to critical situations. We describe the above approach by taking a specific case of state change related issues that could potentially be missed by STPA by looking at an industrial case. By applying Petri nets, we show that possible critical situations related to state changes are not identified by STPA. In this context we also propose a modelbased extension to STPA and show how our new process could function in tandem with STPA.

Keywords
Hazard Analysis and Risk Assessment, Systemof-Systems, Autonomous Machines, STPA, Safety, Petri Net
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-46270 (URN)10.1109/ICSRS48664.2019.8987632 (DOI)000545634000039 ()2-s2.0-85080111187 (Scopus ID)978-1-7281-4781-9 (ISBN)
Conference
4th International Conference on System Reliability and Safety ICSRS-2019, 20-22 Nov 2019, Rome, Italy
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2019-12-12 Created: 2019-12-12 Last updated: 2021-12-04Bibliographically approved
4. A Process to Support Safety Analysis for a System-of-Systems
Open this publication in new window or tab >>A Process to Support Safety Analysis for a System-of-Systems
2020 (English)In: 31st International Symposium on Software Reliability Engineering ISSRE 2020, Coimbra, Portugal, 2020Conference paper, Published paper (Refereed)
Abstract [en]

Autonomous vehicles grow importance in many domains and depending on the domain and user needs, autonomous vehicles can be designed as stand-alone solutions as in the automotive domain or as part of a fleet with a specific purpose as in the earth moving machinery domain. Contemporary hazard analysis methods primarily focus on analyzing hazards for single systems. Such an analysis requires knowledge about typical usage of a product, and it is evaluated among others if an operator is able to handle a critical situation. Each hazard analysis method requires specific information as input in order to conduct the method. However, for system-of-systems it is not yet clear how to analyze hazards and provide the required information. In this paper we describe a use case from the earth moving machinery domain where autonomous machines collaborate as a system-of-systems to achieve the mission. We propose a hierarchical process to document a system-of-systems and propose the use of model-based development methods. In this work we discuss how to utilize the provided details in a hazard analysis. Our approach helps to design a complex system-of-systems and supports hazard analysis in a more effective and efficient manner.

Place, publisher, year, edition, pages
Coimbra, Portugal: , 2020
Keywords
Autonomy, System-of-Systems, Safety Analysis, Hazard Analysis
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-51697 (URN)10.1109/ISSREW51248.2020.00038 (DOI)2-s2.0-85099824856 (Scopus ID)9781728198705 (ISBN)
Conference
31st International Symposium on Software Reliability Engineering ISSRE 2020, 12 Oct 2020, Coimbra, Portugal
Projects
ITS-EASY Post Graduate School for Embedded Software and SystemsSUCCESS: Safety assurance of Cooperating Construction Equipment in Semi-automated Sites
Available from: 2020-10-20 Created: 2020-10-20 Last updated: 2021-12-04Bibliographically approved
5. How to Analyze the Safety of Concepts for a System-of-Systems?
Open this publication in new window or tab >>How to Analyze the Safety of Concepts for a System-of-Systems?
2021 (English)In: 7TH IEEE INTERNATIONAL SYMPOSIUM ON SYSTEMS ENGINEERING, 2021, p. 1-8Conference paper, Published paper (Refereed)
Abstract [en]

Developing safety-critical products like cars, trains, or airplanes requires rigor in following development processes, and evidence for product safety must be collected. Safety needs to be considered during each development step and traced through the development life cycle. The current standards and approaches focus on single human-operated products. The technical evolution enables integrating existing products and new autonomous products into system-of-systems to automate workflows and production streams. Developing safety-critical systems-of-systems requires similar processes and mapping to safety-related activities. However, it is unclear how to consider safety during different development steps for a safety-critical system-of-systems. The existing hazard analysis methods are not explicitly mapped to developing a system-of-systems and are vague about the required information on the intended behavior. This paper focuses on the concept phase for developing a system-of-systems, where different technical concepts for a specific product feature are evaluated. Specifically, we concentrate on the evaluation of the safety properties of each concept. We present a process to support the concept phase and apply a model-driven approach to capture the system-of-systems’ relevant information. We then show how this knowledge is used for conducting an FMEA and HAZOP analysis. Lastly, the results from the analysis are mapped back into the sequence diagrams. This information is made available during the next development stages. We apply the method during the concept phase for designing an industrial system-of-systems. Our approach helps to design complex system-of-systems and supports concept evaluation considering the criticality of the concept under consideration.

Keywords
Airplanes;Production;Hazards;Product safety;Automobiles;Modeling;Standards;Hazard Analysis and Risk Assessment;System-of-Systems;Autonomous Machines;Safety;Concept Phase
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-56427 (URN)10.1109/ISSE51541.2021.9582527 (DOI)000848245100036 ()2-s2.0-85119099341 (Scopus ID)
Conference
2021 IEEE International Symposium on Systems Engineering (ISSE)
Available from: 2021-11-09 Created: 2021-11-09 Last updated: 2022-11-18Bibliographically approved
6. A Structured Safety Analysis Process for Systems-of-Systems (SafeSoS)
Open this publication in new window or tab >>A Structured Safety Analysis Process for Systems-of-Systems (SafeSoS)
2022 (English)Manuscript (preprint) (Other academic)
Abstract [en]

Automation is gaining importance in many domains, such as vehicle platoons, smart manufacturing, smart cities, and defense applications. However, the automated system must guarantee safe operation in any critical situation without humans in the loop as a fall-back solution. Additionally, autonomy can cause new types of hazards that need to be identified and analyzed.This paper studies cases from the transportation domain where autonomous vehicles are integrated into workflows in an open-surface mine for efficient material  transportation. In this application many individual systems collaborate to form a system-of-system (SoS) to achieve the mission goals. The complexity of such an SoSand the dependencies between the constituent systems complicate the safety analysis. In an SoS there exist several causes leading to new emergent hazards, failure of identification of which could lead to catastrophes.

In this paper, we describe an SoS-centric process called 'SafeSoS', capable of identifying emergent hazards, through  structuring the complex characteristics of an SoS  on three hierarchical levels to enable better comprehension and analysis. We describe the process in detail and apply the process to an industrial transportation system from the earth-moving machinery domain.As part of the SafeSoS process, we utilize model-based formalisms to describe the characteristics of the application and the constituent systems, which form the input for analyzing the safety of the resulting SoS.We apply the safety analysis methods HiSoS, SMM, FTA, FMEA and Hazop to the industrial SoS with the purpose to identify emergent hazards. As a result of our work, we show how to identify and analyze emergent hazards by the help of our SafeSoS approach. 

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-56682 (URN)
Conference
IEEE ACCESS
Available from: 2021-12-04 Created: 2021-12-04 Last updated: 2023-11-22Bibliographically approved

Open Access in DiVA

fulltext(3215 kB)1556 downloads
File information
File name FULLTEXT02.pdfFile size 3215 kBChecksum SHA-512
2bb287e678dcd460077405560a76a26365faed19835534a113d24d730e1f02a66d1af2f83cec76d1e391df9a33165eee27aa671b09b9fa8b12387ecbb541bdda
Type fulltextMimetype application/pdf

Authority records

Baumgart, Stephan

Search in DiVA

By author/editor
Baumgart, Stephan
By organisation
Embedded Systems
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 1558 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1413 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf