lecture 04 02 11 2015
play

Lecture 04 (02.11.2015) Hazard Analysis Christoph Lth Jan - PowerPoint PPT Presentation

May 12, 2023 •356 likes •634 views

Systeme hoher Qualitt und Sicherheit Universitt Bremen WS 2015/2016 Lecture 04 (02.11.2015) Hazard Analysis Christoph Lth Jan Peleska Dieter Hutter SSQ, WS 15/16 Where are we? 01: Concepts of Quality 02: Legal Requirements:

  1. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016 Lecture 04 (02.11.2015) Hazard Analysis Christoph Lüth Jan Peleska Dieter Hutter SSQ, WS 15/16

  2. Where are we? 01: Concepts of Quality 02: Legal Requirements: Norms and Standards 03: The Software Development Process 04: Hazard Analysis 05: High-Level Design with SysML 06: Formal Modelling with SysML 07: Detailed Specification with SysML 08: Testing 09 and 10: Program Analysis 11: Model-Checking 12: Software Verification (Hoare-Calculus) 13: Software Verification (VCG) 14: Conclusions SSQ, WS 15/16

  3. Your Daily Menu Hazard Analysis: What‘s that?  Different forms of hazard analysis: Failure Mode andEffects Analysis (FMEA)  Failure Tree Analysis (FTA)  Event Tree Analysis (ETA)  SSQ, WS 15/16 3

  4. Hazard Analysis in the Development Cycle SSQ, WS 15/16

  5. The Purpose of Hazard Analysis System Safety Hazard Analysis systematically determines a list of Hazard safety requirements . Validation Analysis The realisation of the safety requirements by Safety Validated the software product Requirements Software must be verified . Verification The product must be validated wrt. the safety requirements. Software Development (V-Model) SSQ, WS 15/16 5

  6. Hazard Analysis… provides the basic foundations for system safety. is performed to identify hazards, hazard effects, and hazard causal factors. is used to determine system risk, to determine the signifigance of hazards, and to etablish design measures that will eliminate or mitigate the identified hazards. is used to systematically examine systems, subsystems, facilities, components, software, personnel, and their interrelationships. Clifton Ericson: Hazard Analysis Techniques for System Safety . Wiley-Interscience, 2005. SSQ, WS 15/16 6

  7. Form and Output of Hazard Analysis The output of Hazard Analysis is a list of safety requirements, and documents detailing how these were derived. Because the process is informal, it can only be checked by reviewing . It is therefore critical that standard forms of analysis are used,  documents have a standard form, and  all assumptions are documented.  SSQ, WS 15/16 7

  8. Classification of Requirements Requirements to ensure Safety  Security  Requirements for Hardware  Software  Characteristics / classification of requirements according to the type of a property  SSQ, WS 15/16 8

  9. Classification of Hazard Analysis Top-down methods start with an anticipated hazard and work back from the hazard event to potential causes for the hazard Good for finding causes for hazard  Good for avoiding the investigation of “non - relevant”  errors Bad for detection of missing hazards  Bottom-up methods consider “arbitrary” faults and resulting errors of the system, and investigate whether they may finally cause a hazard Properties are complementary to top-down properties  SSQ, WS 15/16 9

  10. Hazard Analysis Methods Fault Tree Analysis (FTA) – top-down Failure Modes and Effects Analysis (FMEA) – bottom up Event Tree Analysis (ETA) – bottom-up Cause Consequence Analysis – bottom up HAZOP Analysis – bottom up SSQ, WS 15/16 10

  11. Fault Tree Analysis (FTA) Top-down deductive failure analysis (of undesired states) Define undesired top-level event  Analyse all causes affecting an event to construct fault  (sub)tree Evaluate fault tree  SSQ, WS 15/16 11

  12. Fault-Tree Analysis: Process Overview 1. Understand system design 2. Define top undesired event 3. Establish boundaries (scope) 4. Construct fault tree 5. Evaluate fault tree (cut sets, probabilities) 6. Validate fault tree (check if correct and complete) 7. Modify fault tree (if required) 8. Document analysis SSQ, WS 15/16 12

  13. Fault Tree Analysis: Example 1 Example: A lamp warning about low level of brake fluid. See circuit diagram. Top Undesired Event: Warning lamp off despite low level of fluid. Float switch Fuse Lamp Battery Source: N. Storey, Safety-Critical Computer Systems. SSQ, WS 15/16

  14. FTA: Example II Example: A laser operated from a control computer system. The laser is connected via a relay and a power driver, and protected by a cover switch. Top Undesired Event: Laser activated without explicit command from computer system. Source: N. Storey, Safety-Critical Computer Systems. SSQ, WS 15/16

  15. Event Tree Analysis (ETA) Applies to a chain of cooperating activities Investigates the effect of activities failing while the chain is processed Depicted as binary tree; each node has two leaving edges: Activity operates correctly  Activity fails  Useful for calculating risks by assigning probabilities to edges O(2^n) complexity SSQ, WS 15/16 16

  16. Event Tree Analysis Overview Input: • Design knowledge • Accident histories ETA Process: 1. Identify Accident Scenarios 2. Identify IEs (Initiating Events) 3. Identify pivotal events 4. Construct event tree diagrams 5. Evaluate risk paths 6. Document process Output: Mishap outcomes • Outcome risks • Causal sources • Safety Requirements • SSQ, WS 15/16 17

  17. Event Tree Analysis: Example 1 Cooling System for a Nuclear Power Plant IE Pivotal Events Outcome Electricity Emergency Fission Product Containment Fission Release Core Cooling Removal Very Small Available Available Small Fails Available Small Available Fails Medium Available Fails Available Large Fails Pipe Fails Very Large Breaks Very Large Fails SSQ, WS 15/16 18

  18. Event Tree Analysis: Example 2 Fire Detection/Suppression System for Office Building IE Pivotal Events Outcomes Prob. Fire Detection Fire Alarms Fire Sprinkler Works Works Works YES (P= 0.8) 0.00504 Limited damage YES (P= 0.7) NO (P= 0.2) Extensive damage, 0.00126 People escape YES (P= 0.9) Limited damage, 0.00216 YES (P= 0.8) Wet people NO (P= 0.3) Fire Starts P= 0.01 Death/injury, NO (P= 0.2) 0.00054 Extensive damage NO (P= 0.1) Death/injury, 0.001 Extensive damage SSQ, WS 15/16 19

  19. Failure Modes and Effects Analysis (FMEA) Analytic approach to review potential failure modes and their causes. Three approaches: functional , structural or hybrid. Typically performed on hardware, but useful for software as well. It analyzes the failure mode,  the failure cause,  the failure effect,  its criticality,  and the recommended action.  and presents them in a standardized table . SSQ, WS 15/16 20

  20. Software Failure Modes Guide word Deviation Example Interpretation omission The system produces no output No output in response to change when it should. Applies to a in input; periodic output single instance of a service, but missing. may be repeated. commission The system produces an output, Same value sent twice in series; when a perfect system would spurious output, when inputs have produced none. One must have not changed. consider cases with both, correct and incorrect data. early Output produced before it Really only applies to periodic should be. events; Output before input is meaningless in most systems. late Output produced after it should Excessive latency (end-to-end be. delay) through the system; late periodic events. value Value output is incorrect, but in Out of range. (detectable) a way, which can be detected by the recipient. value Value output is incorrect, but in Correct in range; but wrong (undetectable) a way, which cannot be value detected. SSQ, WS 15/16 21

  21. Criticality Classes Risk as given by the risk mishap index (MIL-STD-882): Severity Probability 1. Catastrophic A. Frequent 2. Critical B. Probable 3. Marginal C. Occasional 4. Negligible D. Remote E. Improbable Names vary, principle remains: Catastrophic – single failure  Critical – two failures  Marginal – multiple failures/may contribute  SSQ, WS 15/16 22

  22. FMEA Example: Airbag Control (Struct.) ID Mode Cause Effect Crit. Appraisal 1 Omission Gas cartridge Airbag not released in C1 SR-56.3 empty emergency situation 2 Omission Cover does not Airbag not released fully in C1 SR-57.9 detach emergency situation. 3 Omission Trigger signal Airbag not released in C1 Ref. To SW- not present in emergency situation FMEA emergency. 4 Comm. Trigger signal Airbag released during C2 Ref. To SW- present in non- normal vehicle operation FMEA emergency SSQ, WS 15/16 23

  23. FMEA Example: Airbag Control (Funct.) ID Mode Cause Effect Crit. Appraisal 5-1 Omission Software Airbag not C1 See 1.1, 1.2. terminates released in abnormally emergency. 5-1.1 Omission - Division by 0 See 1 C1 SR-47.3 Static Analysis 5-1.2 Omission - Memory fault See 1 C1 SR-47.4 Static Analysis 5-2 Omision Software does not Airbag not C1 SR-47.5 terminate released in Static Analysis emergency. 5-3 Late Computation takes Airbag not C1 SR-47.6 too long. released in emergency. 5-4 Comm. Spurious signal Airbag released C2 SR-49.3 generated in non- emergency 5-5 Value (u) Software computes Either of 5-1 or C1 SR-12.1 wrong result 5-4. Formal Verification SSQ, WS 15/16 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS173 Lecture B, November 3, 2015 Tandy Warnow November 10, 2015 CS 173, Lecture B November 3,

CS173 Lecture B, November 3, 2015 Tandy Warnow November 10, 2015 CS 173, Lecture B November 3,

CS173 Lecture B, November 3, 2015 Tandy Warnow November 10, 2015 CS 173, Lecture B November 3, 2015 Tandy Warnow Problem 1 Prove (by induction on n , the number of vertices in G ) that every simple graph G can be properly vertex-colored using

612 views • 27 slides
Approximation Algorithms Lecture 8 September 17, 2015 Sariel (UIUC) New CS473 1 Fall 2015 1

Approximation Algorithms Lecture 8 September 17, 2015 Sariel (UIUC) New CS473 1 Fall 2015 1

NEW CS 473: Theory II, Fall 2015 Approximation Algorithms Lecture 8 September 17, 2015 Sariel (UIUC) New CS473 1 Fall 2015 1 / 39 Todays Lecture Dont give up on NP-Hard problems: (A) Faster exponential time algorithms: n O ( n ) , 3 n

2.01k views • 160 slides
ECON4910 Environmental economics, Spring 2015 Michael Hoel: Lecture 12: International

ECON4910 Environmental economics, Spring 2015 Michael Hoel: Lecture 12: International

ECON4910 Environmental economics, Spring 2015 Michael Hoel: Lecture 12: International environmental agreements Updated March 16, 2015 Please bring lecture note to lecture. Reading: Perman et al. (2011): Sections 9.1-9.3 Barrett (2005) Hoel:

827 views • 34 slides
Lecture 3 Last mile data collection and Tracking Winter 2015 Richard Anderson 1/21/2015

Lecture 3 Last mile data collection and Tracking Winter 2015 Richard Anderson 1/21/2015

Computing and Global Health Lecture 3 Last mile data collection and Tracking Winter 2015 Richard Anderson 1/21/2015 University of Washington, Winter 2015 1 Todays topics Readings and assignments Cold chain assignment review

621 views • 42 slides
Lecture 5 Logistics Winter 2015 Richard Anderson 1/28/2015 University of Washington, Winter

Lecture 5 Logistics Winter 2015 Richard Anderson 1/28/2015 University of Washington, Winter

Computing and Global Health Lecture 5 Logistics Winter 2015 Richard Anderson 1/28/2015 University of Washington, Winter 2015 1 Todays topics Ron Pankiewicz, Village Reach GAVI Supply Chain Strategy Logistics requirements

590 views • 36 slides
ECON 4910 Environmental economics; spring 2015 Michael Hoel: Lecture note 10: Climate policy I

ECON 4910 Environmental economics; spring 2015 Michael Hoel: Lecture note 10: Climate policy I

ECON 4910 Environmental economics; spring 2015 Michael Hoel: Lecture note 10: Climate policy I (taxes, quotas) Updated April 7, 2015 Please bring lecture note and EEAG report to lecture. Reading: Perman et al. (2011). Sections 9.5 and 16.1

104 views • 7 slides
Intro INF4140 - Models of concurrency Intro, lecture 1 Hsten 2015 24. 08. 2015 2 / 44

Intro INF4140 - Models of concurrency Intro, lecture 1 Hsten 2015 24. 08. 2015 2 / 44

Intro INF4140 - Models of concurrency Intro, lecture 1 Hsten 2015 24. 08. 2015 2 / 44 Todays agenda Introduction overview motivation simple examples and considerations Start a bit about concurrent programming with critical sections

783 views • 44 slides
attention, memory & reasoning 12.06.2015 MGK Lecture N.Lewandowski SoSe 2015 What is

attention, memory & reasoning 12.06.2015 MGK Lecture N.Lewandowski SoSe 2015 What is

Topics in Cognitive Science attention, memory & reasoning 12.06.2015 MGK Lecture N.Lewandowski SoSe 2015 What is attention? Experiment: Try to notice all the objects and people that surround you here in this room: all the shapes,

507 views • 34 slides
Lecture 4 Medical Record Systems Winter 2015 Richard Anderson 1/28/2015 University of

Lecture 4 Medical Record Systems Winter 2015 Richard Anderson 1/28/2015 University of

Computing and Global Health Lecture 4 Medical Record Systems Winter 2015 Richard Anderson 1/28/2015 University of Washington, Winter 2015 1 Todays topics Paper to Digital, Nicki Dell Readings and assignments Medical Records in

976 views • 33 slides
Presentation of XML Patryk Czarnik XML and Applications 2014/2015 Lecture 11 12.01.2015

Presentation of XML Patryk Czarnik XML and Applications 2014/2015 Lecture 11 12.01.2015

Presentation of XML Patryk Czarnik XML and Applications 2014/2015 Lecture 11 12.01.2015 Separation of content and formatting According to best XML practices: Documents consist of content / data. T ags are for structure and meaning

1.11k views • 74 slides
Lecture 7 Treatment support and mobile devices Winter 2015 Richard Anderson 2/18/2015

Lecture 7 Treatment support and mobile devices Winter 2015 Richard Anderson 2/18/2015

Computing and Global Health Lecture 7 Treatment support and mobile devices Winter 2015 Richard Anderson 2/18/2015 University of Washington, Winter 2015 1 Todays topics Aditya Vashistha Voice based messaging Treatment Support

497 views • 34 slides
Lecture 6 Patient Support Winter 2015 Richard Anderson 2/11/2015 University of Washington,

Lecture 6 Patient Support Winter 2015 Richard Anderson 2/11/2015 University of Washington,

Computing and Global Health Lecture 6 Patient Support Winter 2015 Richard Anderson 2/11/2015 University of Washington, Winter 2015 1 Todays topics Trevor Perrier, SMS Phone messaging Messaging technologies Example Projects

425 views • 38 slides
The two film theory p g p i Interface c i c l David Reckhow CEE 577 #32 2 1 CEE 577

The two film theory p g p i Interface c i c l David Reckhow CEE 577 #32 2 1 CEE 577

CEE 577 Lecture #32 12/28/2015 Updated: 28 December 2015 Print version Lecture #32 Toxics: Volatilization, Photolysis, Hydrolysis and Biodegradation: Recapitulation and Simplified Forms (Chapra, L41, L42, L43 & L44) David Reckhow CEE 577

123 views • 9 slides
EC476 Contracts and Organizations, Part III: Lecture 1 Leonardo Felli 32L.G.06 12 January 2015

EC476 Contracts and Organizations, Part III: Lecture 1 Leonardo Felli 32L.G.06 12 January 2015

EC476 Contracts and Organizations, Part III: Lecture 1 Leonardo Felli 32L.G.06 12 January 2015 Course Outline Law and Economics Lecture 1: Contracts what are they? The Coase Theorem. Lecture 2: Principal Agent: Hidden Information and

730 views • 52 slides
Lecture 07 (23-11-2015) Detailed Specification with SysML Christoph Lth Jan Peleska

Lecture 07 (23-11-2015) Detailed Specification with SysML Christoph Lth Jan Peleska

Systeme hoher Qualitt und Sicherheit Universitt Bremen WS 2015/2016 Lecture 07 (23-11-2015) Detailed Specification with SysML Christoph Lth Jan Peleska Dieter Hutter SSQ, WS 15/16 Where are we? 01: Concepts of Quality 02:

468 views • 18 slides
Computing and Global Health Lecture 2, Surveillance Winter 2015 Richard Anderson 1/14/2015

Computing and Global Health Lecture 2, Surveillance Winter 2015 Richard Anderson 1/14/2015

Computing and Global Health Lecture 2, Surveillance Winter 2015 Richard Anderson 1/14/2015 University of Washington, Winter 2015 1 Todays topics Surveillance problem Issues Health Information systems HISP/DHIS2

607 views • 59 slides
Industrial Automation Automation Industrielle Industrielle Automation Safety analysis and

Industrial Automation Automation Industrielle Industrielle Automation Safety analysis and

Industrial Automation Automation Industrielle Industrielle Automation Safety analysis and standards 9.6 Analyse de scurit et normes Sicherheitsanalyse und Normen Prof Dr. Hubert Kirrmann & Dr. B. Eschermann ABB Research Center,

799 views • 31 slides
RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides adopted from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning Engineering."

1.27k views • 84 slides
Using FMEA to Improve So4ware Reliability Kraig Strong -

Using FMEA to Improve So4ware Reliability Kraig Strong -

Using FMEA to Improve So4ware Reliability Kraig Strong - Tektronix What dont we like about (most) quality processes? They are Jme consuming

893 views • 35 slides
Continuous Improvement Toolkit FMEA Continuous Improvement Toolkit . www.citoolkit.com Managing

Continuous Improvement Toolkit FMEA Continuous Improvement Toolkit . www.citoolkit.com Managing

Continuous Improvement Toolkit FMEA Continuous Improvement Toolkit . www.citoolkit.com Managing Deciding & Selecting Planning & Project Management* Pros and Cons Risk PDPC Importance-Urgency Mapping RACI Matrix Stakeholder Analysis

162 views • 15 slides
What Might A Science of Certification Look Like? John Rushby Computer Science Laboratory SRI

What Might A Science of Certification Look Like? John Rushby Computer Science Laboratory SRI

What Might A Science of Certification Look Like? John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Scientific Certification: 1 Overview Some tutorial introduction Implicit vs.

774 views • 48 slides
Holger Hermanns dependable systems and software Saarland University Saarbrcken, Germany

Holger Hermanns dependable systems and software Saarland University Saarbrcken, Germany

Holger Hermanns dependable systems and software Saarland University Saarbrcken, Germany Safety? Safety by design? Make sure hazardous situations are unreachable! Safety by design? Make sure hazardous situations are unreachable! Safety by

1.38k views • 62 slides
Plan for Quality to Improve Patient Safety at the POC SHARON S. EHRMEYER, PH.D., MT(ASCP)

Plan for Quality to Improve Patient Safety at the POC SHARON S. EHRMEYER, PH.D., MT(ASCP)

Plan for Quality to Improve Patient Safety at the POC SHARON S. EHRMEYER, PH.D., MT(ASCP) PROFESSOR, DEPARTMENT OF PATHOLOGY AND LABORATORY MEDICINE SCHOOL OF MEDICINE AND PUBLIC HEALTH MADISON, WI = Quality Meeting the requirements or needs

834 views • 55 slides
efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd

efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd

Practices in model component reuse for efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd Workshop on Education and Practice of Performance Engineering Outline Dependability analysis in practice

515 views • 26 slides

More recommend