基于STPA-ANP模型的民机系统安全性分析

doi:10.12305/j.issn.1001-506X.2022.09.35

摘要/Abstract

摘要：

随着民机系统复杂程度不断提高, 传统的安全性分析方法已不能完全满足危险源高效识别的要求, 为有效分析和评估民机系统安全性, 提出系统理论过程分析(system-theory process analysis, STPA)和网络分析法(analytic network process, ANP)相结合的安全性分析方法。针对STPA没有给出完整的关键致因分析与评估过程, 将STPA与ANP关键结构对应结合, 对危险控制动作进行致因分析和评估, 得到危险控制动作关键致因。以某型民机数字式飞控系统为例展开分析, 通过形式化建模验证及仿真验证, 证明该模型方法可以准确和完整地识别分析系统潜在危险并确定危险关键致因, 为民机系统安全性分析提供支持。

关键词: 安全性分析, 系统理论过程分析, 网络分析法, 民机系统, 数字式飞控系统

Abstract:

With the increasing complexity of civil aircraft systems, traditional safety analysis methods can not fully meet the requirements of hazard identification. In order to effectively analyze and evaluate the safety of civil aircraft systems, a safety analysis method combining system-theory process analysis (STPA) and analytic network process (ANP) is proposed. STPA did not provide a complete process of crucial causal factors analysis and evaluation. By combining STPA with the key structure of ANP, the causal factors are analyzed and evaluated to obtain the crucial causal factors of the unsafe control actions. Taking a certain type of digital flight control system of civil aircraft as an example, it is proved that the model method can accurately and completely identify and analyze the potential unsafe control actions of the system and determine the crucial causal factors of the risks through formal modeling and simulation verification. It provides support for the security analysis of civil aircraft system.

Key words: safety analysis, system-theory process analysis (STPA), analytic network process (ANP), civil aircraft system, digital flight control system

中图分类号:

李耀华, 高源. 基于STPA-ANP模型的民机系统安全性分析[J]. 系统工程与电子技术, 2022, 44(9): 2986-2994.

Yaohua LI, Yuan GAO. Safety analysis for civil aircraft system based on STPA-ANP model[J]. Systems Engineering and Electronics, 2022, 44(9): 2986-2994.

图/表 16

图1

表1

图2

图3

表2

图4

表3

表4

表5

表6

表7

图5

图6

图7

图8

表8

参考文献 30

1	KHAKZAD N , KHAN F , AMYOTTE P . Safety analysis in process facilities: comparison of fault tree and Bayesian network approaches[J]. Reliability Engineering & System Safety, 2011, 96 (8): 925- 932.
2	CARMAN A L , VANDERPOOL R C , STRADTMAN L R , et al. Standardizing a federally qualified health center's preventive care processes: use of failure modes and effects analysis[J]. Health Care Management Review, 2020, 45 (3): 228- 231. doi: 10.1097/HMR.0000000000000189
3	ZHENG Y , ZHAO F , WANG Z . Fault diagnosis system of bridge crane equipment based on fault tree and Bayesian network[J]. The International Journal of Advanced Manufacturing Technology, 2019, 105 (9): 3605- 3618. doi: 10.1007/s00170-019-03793-0
4	OUYANG L H . An interval probability-based FMEA model for risk assessment: a real-world case[J]. Quality and Reliability Engineering and International, 2020, 36 (1): 125- 134. doi: 10.1002/qre.2563
5	LEVESON N . Engineering a safer world: systems thinking applied to safety[M]. Massachusett: MIT Press, 2012: 171- 249.
6	CASTILHO D S , URBINA L , DE A D . STPA for continuous controls: a flight testing study of aircraft crosswind takeoffs[J]. Safety Science, 2018, 108, 129- 139. doi: 10.1016/j.ssci.2018.04.013
7	CRAIG K , ALLISO N . Systems theoretic accident model and process (STAMP) safety modelling applied to an aircraft rapid decompression event[J]. Safety Science, 2017, 98, 159- 166. doi: 10.1016/j.ssci.2017.06.011
8	SILVIS-CIVIDJIAN N , VERBAKEL W , ADMIRAAL M . Using a systems-theoretic approach to analyze safety in radiation therapy-first steps and lessons learned[J]. Safety Science, 2020, 122, 104519. doi: 10.1016/j.ssci.2019.104519
9	MAHAJAN H S , BRADLEY T , PASRICHA S . Application of systems theoretic process analysis to a lane keeping assist system[J]. Reliability Engineering & System Safety, 2017, 167, 177- 183.
10	CHAAL M . A framework to model the STPA hierarchical control structure of an autonomous ship[J]. Safety Science, 2020, 132, 104939. doi: 10.1016/j.ssci.2020.104939
11	LUNDE A , NJA O . A systems thinking approach to safety in Norwegian avalanche rescue operations[J]. Safety Science, 2021, 144, 105466. doi: 10.1016/j.ssci.2021.105466
12	CHEN L , JIAO J , ZHAO T D . A novel hazard analysis and risk assessment approach for road vehicle functional safety through integrating STPA with FMEA[J]. Applied Sciences, 2020, 10 (21): 7400. doi: 10.3390/app10217400
13	BENSACI C . STPA and Bowtie risk analysis study for centralized and hierarchical control architectures comparison[J]. Alexandria Engineering Journal, 2020, 59 (5): 3799- 3816. doi: 10.1016/j.aej.2020.06.036
14	赵长啸, 李浩, 董磊, 等. 基于STPA-Bayes模型的机载平视显示系统安全性分析与评价[J]. 系统工程与电子技术, 2020, 42 (5): 1083- 1092.
	ZHAO C X , LI H , DONG L , et al. Safety analysis and evaluation ofairborune HUD system based on STPA-Bayes model[J]. Systems Engeneering and Electronics, 2020, 42 (5): 1083- 1092.
15	WANG H L , ZHONG D M , ZHAO T D . Avionics system failure analysis and verification based on model checking[J]. Engineering Failure Analysis, 2019, 105, 373- 385. doi: 10.1016/j.engfailanal.2019.06.020
16	ASARE P, LACH J, STANKOVIC J. FSTPA-I: a formal approach to hazard identification via system theoretic process analysis[C]//Proc. of the 4th IEEE/ACM International Conference on Cyber-Physical System, 2013: 150-159.
17	CARPITELLA S . A risk evaluation framework for the best maintenance strategy: the case of a marine salt manufacture firm[J]. Reliability Engineering & System Safety, 2021, 205, 107265.
18	GUO Q J . Resilience assessment of safety system at subway construction sites applying analytic network process and extension cloud models[J]. Reliability Engineering & System Safety, 2020, 201, 106956.
19	BALALI A . Ranking effective risks on human resources threats in natural gas supply projects using ANP-COPRAS method: case study of Shiraz[J]. Reliability Engineering & System Safety, 2021, 208, 107442.
20	READ G J M , NAWEED A , SALMON P M . Complexity on the rails: a systems-based approach to understanding safety management in rail transport[J]. Reliability Engineering & System Safety, 2019, 188, 352- 365.
21	AC-25-19A. Certification maintenance requirements[S]. Washington D.C. : Federal Aviation Authority, 2011.
22	ATASOY V E , CETEK C . Enhanced cruise range prediction for narrow-body turbofan commercial aircraft based on QAR data[J]. The Aeronautical Journal, 2020, 125 (1286): 672- 701.
23	修忠信. 民用飞机系统安全性设计与分析技术概括[M]. 上海: 上海交通大学出版社, 2013.
	XIU Z X . Introduction to safety design and evaluation techno-logy for civil aircraft systems[M]. Shanghai: Shanghai Jiaotong University Press, 2013.
24	汪应洛. 系统工程[M]. 5版北京: 机械工业出版社, 2015: 131- 136.
	WANG Y L . Systems engineering[M]. 5th ed Beijing: China Machine Press, 2015: 131- 136.
25	张广泉. 形式化方法导论[M]. 北京: 清华大学出版社, 2015: 39- 180.
	ZHANG G Q . Introduction to formal methods[M]. Beijing: Tsinghua University Press, 2015: 39- 180.
26	LONGJI D A , EMILIA V . System safety assessment based on STPA and model checking[J]. Safety Science, 2018, 109, 130- 143. doi: 10.1016/j.ssci.2018.05.009
27	DAHMANE W M , OUCHANI S , BOUARFA H . Towards a reliable smart city through formal verification and network analysis[J]. Computer Communications, 2021, 180, 171- 187. doi: 10.1016/j.comcom.2021.09.006
28	CHEN L , JIAO J , WEI Q X , et al. An improved formal fai-lure analysis approach for safety-critical system based on MBSA[J]. Engineering Failure Analysis, 2017, 82, 713- 725. doi: 10.1016/j.engfailanal.2017.06.034
29	柯宇航, 李艳军, 曹愈远, 等. 基于模型的飞控系统安全性分析研究[J]. 系统工程与电子技术, 2021, 43 (11): 3259- 3265. doi: 10.12305/j.issn.1001-506X.2021.11.26
	KE Y H , LI Y J , CAO Y Y , et al. Research on model-based safety analysis of flight control system[J]. Systems Engineering and Electronics, 2021, 43 (11): 3259- 3265. doi: 10.12305/j.issn.1001-506X.2021.11.26
30	郑磊, 胡剑波. 基于STAMP/STPA的机轮刹车系统安全性分析[J]. 航空学报, 2017, 38 (1): 246- 256.
	ZHENG L , HU J B . Safety analysis of wheel brake system based on STAMP/STPA[J]. Acta Aeronautica et Astronautica Sinica, 2017, 38 (1): 246- 256.

级别	描述
A-1	妨碍继续安全飞行和着落, 可能导致机毁人亡
A-2	安全裕度或功能的大幅度降低, 相当少量人员受到严重或致命伤
A-3	安全裕度或功能的显著降低, 有人员受伤可能
A-4	安全裕度或功能的轻微降低, 不会显著降低飞机安全性

系统级危险	描述	可能导致的事故
H-1	民机在飞行过程中偏离预定航线	A-1, A-2, A-3, A-4
H-2	民机在飞行过程中违反最低间隔要求	A-1, A-2, A-3, A-4

系统功能	潜在UCA	系统级危险	标记
俯仰横滚控制	控制指令缺失或未被正确传递	H-1, H-2	U-1
	控制指令正确传递但未被正确执行	H-1, H-2	U-2
	控制指令正确传递并执行, 但是作动系统未正确响应	H-1, H-2	U-3
	控制指令正确传递并执行, 但是飞行姿态未改变	H-1, H-2	U-4

编号	致因因素	标记	类别
1	FCC物理故障	A1	控制器
2	FCC控制算法缺陷	A2
3	驾驶员控制指令缺失	A3
4	驾驶员向FCC传输指令错误	A4
5	A/P控制指令缺失	A5
6	A/P向FCC传输指令错误	A6
7	传感器物理故障	B1	传感器
8	传感器数据丢失	B2
9	接收到不完整的传感器数据	B3
10	传感器数据错误	B4
11	作动系统物理故障	C1	作动器
12	FCC控制指令缺失	C2
13	FCC向作动系统传输指令错误	C3

致因因素	A1	A2	A3	A4	A5	A6	B1	B2	B3	B4	C1	C2	C3
A1	1	4	3	2	3	2	2	3	3	2	2	2	4
A2		1	3	2	3	2	5	3	3	2	2	1/3	3
A3			1	1/2	2	1/2	1/2	2	3	1/3	1/4	1/3	2
A4				1	1/2	2	1/2	1/2	2	1/4	1/3	1/3	2
A5					1	2	1/3	1/2	2	1/4	1/2	1/3	3
A6						1	1/3	1/2	1/2	1/3	1/5	1/4	2
B1							1	2	3	1/2	2	1/3	2
B2								1	2	1/3	1/3	1/3	2
B3									1	1/5	1/4	1/4	2
B4										1	1/2	1/3	3
C1											1	1/2	4
C2												1	2
C3													1