The integration between process engineering and variability management is required for tailoring of safety-oriented processes with variabilities to individual projects in a similar manner to the product lines. Previous studies have not adequately established the Safety-oriented Process Lines (SoPLs). This paper focuses on the seamless integration between Eclipse Process Framework (EPF) Composer and Base Variability Resolution (BVR) Tool. The former supports the major parts of the OMGs Software & Systems Process Engineering Metamodel (SPEM) Version 2.0, while the latter is a simplification and enhancement of the OMGs revised submission of Common Variability Language (CVL). The proposed integration is implemented as Eclipse plugin. It provides support for importing backend folders and files within the method library of EPF Composer, resolving problems with the files for variability management with the BVR Tool, and exporting back the resolved process models to the EPF Composer. The applicability of the implemented plugin is demonstrated by engineering an ECSS-E-ST-40C compliant SoPL for the space projects and applications.
In safety-critical (software) systems, safety management embraces both processes and products, which due to e.g., product's upgrade, tend to be tailored, giving rise to safety-oriented product lines and corresponding safety-oriented process lines. To tailor these lines systematically, their inter-dependencies would have been taken into consideration. To date, however, no satisfying implemented solution is available on the shelf. Accordingly, this paper focuses on the co-engineering of process and product lines. At first, the process and product lines need to be established for which the integration between Eclipse Process Framework (EPF) Composer, Composition with Guarantees for High-integrity Embedded Software Components Assembly (CHESS) Tool and Base Variability Resolution (BVR) Tool is achieved; they are process engineering, product design and variant management solutions, respectively. After that, the process and product lines are integrated. This is done for cross-dimension variant management and change impact analysis. The applicability of the integrated lines is illustrated for the attitude and orbit control subsystem.
The key to system safety is the identification and elimination/mitigation of potential hazards and documentation of evidences for safety cases. This is generally done during the system design and development phase. However, for automated systems, there is also a need to deal with unknowns and uncertainties during operational phase. This paper focuses on virtual boundaries around geographic zones (i.e., geofences) that can serve as an active countermeasure for dynamic management of risks in automated transportation/production contexts. At first, hazard analysis is performed using the Hazard and Operability (HAZOP) and Fault Tree Analysis (FTA) techniques. Based on the hazard analysis, appropriate measures, such as geofences for elimination/mitigation of hazards are defined. Subsequently, they are translated into the safety requirements. We leverage on simulation based digital twins to perform verification and validation of production site by incorporating safety requirements in them. Finally, to manage risks in a dynamic manner, the operational data is gathered, deviations from specified behaviours are tracked, possible implications of control actions are evaluated and necessary adaptations are performed. The risk management is assured in situations, such as communication loss, subsystem failures and unsafe paths. This approach provides a basis to fill the gaps between the safety cases and the actual system safety emanating from system/environment evolution as well as obsolescence of evidences. The applicability of the proposed framework is exemplified in the context of a semi-automated quarry production scenario.
The goal of Industry 4.0 is to be faster, more efficient and more customer-centric, by enhancing the automation and digitalisation of production systems. Frequently, the production in Industry 4.0 is categorised as safetycritical, for example, due to the interactions between autonomous machines and hazardous substances that can result in human injury or death, damage to machines, property or the environment. In order to demonstrate the acceptable safety of production operations, safety cases are constructed to provide comprehensive, logical and defensible justification of the safety of a production system for a given application in a predefined operating environment. However, the construction and maintenance of safety cases in alignment with Industry 4.0 are challenging tasks. For their construction, besides the modular, dynamic and reconfigurable nature of Industry 4.0, the architectural levels of the things, fog and cloud computing have to be considered. The safety cases constructed at system design and development phases might be invalidated during production operations, thus necessitating some means for dynamic safety assurance. Moreover, flexible manufacturing in Industry 4.0 also underlines the need for safety assurance in a dynamic manner during the operational phase. Currently published studies are not explicitly supporting the safety assurance of Industry 4.0, which is the focus of this paper with special emphasis on dynamic safety assurance. At first, the Hazard and Operability (HAZOP) and Fault Tree Analysis (FTA) techniques are used for the identification and mitigation/elimination of potential hazards. Next, based on the hazard analysis results, we derived the safety requirements and safety contracts. Subsequently, safety cases are constructed using the OpenCert platform and safety contracts are associated with them to enable necessary changes during runtime. Finally, we use a simulations based approach to identify and resolve the deviations between the system understanding reflected in the safety cases and the current system operation. The dynamic safety assurance is demonstrated using a use case scenario of materials transportation and data flow in the Industry 4.0 context.
The drones provide an active measure to identify, monitor, analyze and resolve risks of autonomous systems during operational phase. To date, however, the published studies have not considered them for managing risks in a dynamic manner. The capability to deal with unknowns and uncertainties during operational phase is regarded as essential to exploit the autonomous systems at their full potential. This paper targets the drone-based assurance of autonomous systems. The hazard and threat analyses are performed during design and development phase by using the Hazard and Operability (HAZOP) and Threat and Operability (THROP) techniques, respectively. Based on the analyses results, the safety and security requirements are derived. The assume-guarantee contracts are also derived for uncertainty sources; they are integrated in the blockchain-based smart contracts. The simulators are leveraged for performing the verification and validation as well as improving systems. For assuring safety and security during operational phase, the contracts derived for uncertainty sources are checked. In case of divergence, the drones provide assistance; otherwise, depending on the severity risk factor, system control is taken to avoid the mishap risk. The applicability of the proposed methodology is exemplified in the context of a quarry site production scenario.
The current trends of digitalization and Industry 4.0 are bringing ample opportunities for manufacturing industry to fine tune their products and processes at will, to meet changing market needs within short notice. However, the characteristics of advanced production systems, such as dynamic interactions between machines and reconfigurations, if not carefully orchestrated, could potentially lead to production failures or mishaps, making them safety-critical. Previous studies on hazard analysis, safety-performance tradeoffs and assurance cases have not specifically considered the dynamic reconfiguration scenarios in production systems. In this paper, for the hazard identification and mitigation/elimination, the principal characteristics of highly reconfigurable production systems have been given special consideration. Even if the hazard analysis results are incorporated in the initial designs of production systems, operational changes, such as adding/removing machines in response to market demands, system failures, or unanticipated hazardous conditions may still adversely impact the production safety and operational performance. For the operational changes, we perform the quantitative assessment through configuration analytics to determine the corresponding impacts on safety, performance and production demands. After that, the assurance case models are obtained with production line to cope with the potential problems during the dynamic safety assurance. The applicability of the proposed methodology is demonstrated in the context of a quarry site production scenario.
The advanced production systems are composed of separate and distinct systems that operate in both isolation and conjunction, and therefore forms the System-of-Systems (SoS). However, a lot of production systems are classified as safety-critical, for example, due to the interactions between machines and involved materials. From the safety perspective, besides the behaviour of an individual system in SoS, the emergent behaviour of systems that comes from their individual actions and interactions must be considered. An unplanned event or sequence of events in safety-critical production systems may results in human injury or death, damage to machines or the environment. This paper focuses on the construction equipment domain, particularly the quarry site, which solely produce dimension stone and/or gravel products. The principal contribution of this paper is SoS hazard identification and mitigation/elimination for the electric quarry site for which the combination of guide words based collaborative method Hazard and Operability (HAZOP) and Fault Tree Analysis (FTA) are used. The published studies on HAZOP and FTA techniques have not considered the emergent behaviours of different machines. The applicability of particular techniques is demonstrated for individual and emergent behaviours of machines used in the quarry operations, such as autonomous hauler, wheel loader, excavator and crusher.