基于STPA-ANP模型的民机系统安全性分析

doi:10.12305/j.issn.1001-506X.2022.09.35

Abstract

Abstract:

With the increasing complexity of civil aircraft systems, traditional safety analysis methods can not fully meet the requirements of hazard identification. In order to effectively analyze and evaluate the safety of civil aircraft systems, a safety analysis method combining system-theory process analysis (STPA) and analytic network process (ANP) is proposed. STPA did not provide a complete process of crucial causal factors analysis and evaluation. By combining STPA with the key structure of ANP, the causal factors are analyzed and evaluated to obtain the crucial causal factors of the unsafe control actions. Taking a certain type of digital flight control system of civil aircraft as an example, it is proved that the model method can accurately and completely identify and analyze the potential unsafe control actions of the system and determine the crucial causal factors of the risks through formal modeling and simulation verification. It provides support for the security analysis of civil aircraft system.

Key words: safety analysis, system-theory process analysis (STPA), analytic network process (ANP), civil aircraft system, digital flight control system

CLC Number:

Yaohua LI, Yuan GAO. Safety analysis for civil aircraft system based on STPA-ANP model[J]. Systems Engineering and Electronics, 2022, 44(9): 2986-2994.

Figures/Tables 16

Fig.1

Table 1

Fig.2

Fig.3

Table 2

Fig.4

Table 3

Table 4

Table 5

Table 6

Table 7

Fig.5

Fig.6

Fig.7

Fig.8

Table 8

References 30

1	KHAKZAD N , KHAN F , AMYOTTE P . Safety analysis in process facilities: comparison of fault tree and Bayesian network approaches[J]. Reliability Engineering & System Safety, 2011, 96 (8): 925- 932.
2	CARMAN A L , VANDERPOOL R C , STRADTMAN L R , et al. Standardizing a federally qualified health center's preventive care processes: use of failure modes and effects analysis[J]. Health Care Management Review, 2020, 45 (3): 228- 231. doi: 10.1097/HMR.0000000000000189
3	ZHENG Y , ZHAO F , WANG Z . Fault diagnosis system of bridge crane equipment based on fault tree and Bayesian network[J]. The International Journal of Advanced Manufacturing Technology, 2019, 105 (9): 3605- 3618. doi: 10.1007/s00170-019-03793-0
4	OUYANG L H . An interval probability-based FMEA model for risk assessment: a real-world case[J]. Quality and Reliability Engineering and International, 2020, 36 (1): 125- 134. doi: 10.1002/qre.2563
5	LEVESON N . Engineering a safer world: systems thinking applied to safety[M]. Massachusett: MIT Press, 2012: 171- 249.
6	CASTILHO D S , URBINA L , DE A D . STPA for continuous controls: a flight testing study of aircraft crosswind takeoffs[J]. Safety Science, 2018, 108, 129- 139. doi: 10.1016/j.ssci.2018.04.013
7	CRAIG K , ALLISO N . Systems theoretic accident model and process (STAMP) safety modelling applied to an aircraft rapid decompression event[J]. Safety Science, 2017, 98, 159- 166. doi: 10.1016/j.ssci.2017.06.011
8	SILVIS-CIVIDJIAN N , VERBAKEL W , ADMIRAAL M . Using a systems-theoretic approach to analyze safety in radiation therapy-first steps and lessons learned[J]. Safety Science, 2020, 122, 104519. doi: 10.1016/j.ssci.2019.104519
9	MAHAJAN H S , BRADLEY T , PASRICHA S . Application of systems theoretic process analysis to a lane keeping assist system[J]. Reliability Engineering & System Safety, 2017, 167, 177- 183.
10	CHAAL M . A framework to model the STPA hierarchical control structure of an autonomous ship[J]. Safety Science, 2020, 132, 104939. doi: 10.1016/j.ssci.2020.104939
11	LUNDE A , NJA O . A systems thinking approach to safety in Norwegian avalanche rescue operations[J]. Safety Science, 2021, 144, 105466. doi: 10.1016/j.ssci.2021.105466
12	CHEN L , JIAO J , ZHAO T D . A novel hazard analysis and risk assessment approach for road vehicle functional safety through integrating STPA with FMEA[J]. Applied Sciences, 2020, 10 (21): 7400. doi: 10.3390/app10217400
13	BENSACI C . STPA and Bowtie risk analysis study for centralized and hierarchical control architectures comparison[J]. Alexandria Engineering Journal, 2020, 59 (5): 3799- 3816. doi: 10.1016/j.aej.2020.06.036
14	赵长啸, 李浩, 董磊, 等. 基于STPA-Bayes模型的机载平视显示系统安全性分析与评价[J]. 系统工程与电子技术, 2020, 42 (5): 1083- 1092.
	ZHAO C X , LI H , DONG L , et al. Safety analysis and evaluation ofairborune HUD system based on STPA-Bayes model[J]. Systems Engeneering and Electronics, 2020, 42 (5): 1083- 1092.
15	WANG H L , ZHONG D M , ZHAO T D . Avionics system failure analysis and verification based on model checking[J]. Engineering Failure Analysis, 2019, 105, 373- 385. doi: 10.1016/j.engfailanal.2019.06.020
16	ASARE P, LACH J, STANKOVIC J. FSTPA-I: a formal approach to hazard identification via system theoretic process analysis[C]//Proc. of the 4th IEEE/ACM International Conference on Cyber-Physical System, 2013: 150-159.
17	CARPITELLA S . A risk evaluation framework for the best maintenance strategy: the case of a marine salt manufacture firm[J]. Reliability Engineering & System Safety, 2021, 205, 107265.
18	GUO Q J . Resilience assessment of safety system at subway construction sites applying analytic network process and extension cloud models[J]. Reliability Engineering & System Safety, 2020, 201, 106956.
19	BALALI A . Ranking effective risks on human resources threats in natural gas supply projects using ANP-COPRAS method: case study of Shiraz[J]. Reliability Engineering & System Safety, 2021, 208, 107442.
20	READ G J M , NAWEED A , SALMON P M . Complexity on the rails: a systems-based approach to understanding safety management in rail transport[J]. Reliability Engineering & System Safety, 2019, 188, 352- 365.
21	AC-25-19A. Certification maintenance requirements[S]. Washington D.C. : Federal Aviation Authority, 2011.
22	ATASOY V E , CETEK C . Enhanced cruise range prediction for narrow-body turbofan commercial aircraft based on QAR data[J]. The Aeronautical Journal, 2020, 125 (1286): 672- 701.
23	修忠信. 民用飞机系统安全性设计与分析技术概括[M]. 上海: 上海交通大学出版社, 2013.
	XIU Z X . Introduction to safety design and evaluation techno-logy for civil aircraft systems[M]. Shanghai: Shanghai Jiaotong University Press, 2013.
24	汪应洛. 系统工程[M]. 5版北京: 机械工业出版社, 2015: 131- 136.
	WANG Y L . Systems engineering[M]. 5th ed Beijing: China Machine Press, 2015: 131- 136.
25	张广泉. 形式化方法导论[M]. 北京: 清华大学出版社, 2015: 39- 180.
	ZHANG G Q . Introduction to formal methods[M]. Beijing: Tsinghua University Press, 2015: 39- 180.
26	LONGJI D A , EMILIA V . System safety assessment based on STPA and model checking[J]. Safety Science, 2018, 109, 130- 143. doi: 10.1016/j.ssci.2018.05.009
27	DAHMANE W M , OUCHANI S , BOUARFA H . Towards a reliable smart city through formal verification and network analysis[J]. Computer Communications, 2021, 180, 171- 187. doi: 10.1016/j.comcom.2021.09.006
28	CHEN L , JIAO J , WEI Q X , et al. An improved formal fai-lure analysis approach for safety-critical system based on MBSA[J]. Engineering Failure Analysis, 2017, 82, 713- 725. doi: 10.1016/j.engfailanal.2017.06.034
29	柯宇航, 李艳军, 曹愈远, 等. 基于模型的飞控系统安全性分析研究[J]. 系统工程与电子技术, 2021, 43 (11): 3259- 3265. doi: 10.12305/j.issn.1001-506X.2021.11.26
	KE Y H , LI Y J , CAO Y Y , et al. Research on model-based safety analysis of flight control system[J]. Systems Engineering and Electronics, 2021, 43 (11): 3259- 3265. doi: 10.12305/j.issn.1001-506X.2021.11.26
30	郑磊, 胡剑波. 基于STAMP/STPA的机轮刹车系统安全性分析[J]. 航空学报, 2017, 38 (1): 246- 256.
	ZHENG L , HU J B . Safety analysis of wheel brake system based on STAMP/STPA[J]. Acta Aeronautica et Astronautica Sinica, 2017, 38 (1): 246- 256.

级别	描述
A-1	妨碍继续安全飞行和着落, 可能导致机毁人亡
A-2	安全裕度或功能的大幅度降低, 相当少量人员受到严重或致命伤
A-3	安全裕度或功能的显著降低, 有人员受伤可能
A-4	安全裕度或功能的轻微降低, 不会显著降低飞机安全性

系统级危险	描述	可能导致的事故
H-1	民机在飞行过程中偏离预定航线	A-1, A-2, A-3, A-4
H-2	民机在飞行过程中违反最低间隔要求	A-1, A-2, A-3, A-4

系统功能	潜在UCA	系统级危险	标记
俯仰横滚控制	控制指令缺失或未被正确传递	H-1, H-2	U-1
	控制指令正确传递但未被正确执行	H-1, H-2	U-2
	控制指令正确传递并执行, 但是作动系统未正确响应	H-1, H-2	U-3
	控制指令正确传递并执行, 但是飞行姿态未改变	H-1, H-2	U-4

编号	致因因素	标记	类别
1	FCC物理故障	A1	控制器
2	FCC控制算法缺陷	A2
3	驾驶员控制指令缺失	A3
4	驾驶员向FCC传输指令错误	A4
5	A/P控制指令缺失	A5
6	A/P向FCC传输指令错误	A6
7	传感器物理故障	B1	传感器
8	传感器数据丢失	B2
9	接收到不完整的传感器数据	B3
10	传感器数据错误	B4
11	作动系统物理故障	C1	作动器
12	FCC控制指令缺失	C2
13	FCC向作动系统传输指令错误	C3

致因因素	A1	A2	A3	A4	A5	A6	B1	B2	B3	B4	C1	C2	C3
A1	1	4	3	2	3	2	2	3	3	2	2	2	4
A2		1	3	2	3	2	5	3	3	2	2	1/3	3
A3			1	1/2	2	1/2	1/2	2	3	1/3	1/4	1/3	2
A4				1	1/2	2	1/2	1/2	2	1/4	1/3	1/3	2
A5					1	2	1/3	1/2	2	1/4	1/2	1/3	3
A6						1	1/3	1/2	1/2	1/3	1/5	1/4	2
B1							1	2	3	1/2	2	1/3	2
B2								1	2	1/3	1/3	1/3	2
B3									1	1/5	1/4	1/4	2
B4										1	1/2	1/3	3
C1											1	1/2	4
C2												1	2
C3													1

Safety analysis for civil aircraft system based on STPA-ANP model

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 30

Related Articles 9

Recommended Articles

Metrics

Comments

致因因素	A1	A2	A3	A4	A5	A6	B1	B2	B3	B4	C1	C2	C3
A1	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2	0.146 2
A2	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4	0.119 4
A3	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9	0.048 9
A4	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6	0.048 6
A5	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6	0.047 6
A6	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8	0.038 8
B1	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4	0.080 4
B2	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1	0.051 1
B3	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2	0.033 2
B4	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7	0.104 7
C1	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8	0.107 8
C2	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9	0.143 9
C3	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5	0.029 5

编号	致因因素	权重	排序
1	FCC物理故障	0.146 2	1
2	FCC控制算法缺陷	0.119 4	3
3	驾驶员控制指令缺失	0.048 9	8
4	驾驶员向FCC传输指令错误	0.048 6	9
5	A/P控制指令缺失	0.047 6	10
6	A/P向FCC传输指令错误	0.038 8	11
7	传感器物理故障	0.080 4	6
8	传感器数据丢失	0.051 1	7
9	接收到不完整的传感器数据	0.033 2	12
10	传感器数据错误	0.104 7	5
11	作动系统物理故障	0.107 8	4
12	FCC控制指令缺失	0.143 9	2
13	FCC向作动系统传输指令错误	0.146 2	13

致因因素	对比分析		排序变化
致因因素	STPA-ANP	仿真结果	排序变化
A1	1	1	-
A2	3	3	-
A3	8	7	↑1
A4	9	9	-
A5	10	10	-
A6	11	11	-
B1	6	6	-
B2	7	8	↓1
B3	12	13	-
B4	5	5	-
C1	4	4	-
C2	2	2	-
C3	13	12	-

[1]	Jianing DENG, Yu WU, Shuting XU, Jinzhan GOU. Comprehensive evaluation of carrier aircraft's dispatch and recovery based on fuzzy Bayesian-ANP [J]. Systems Engineering and Electronics, 2022, 44(11): 3423-3432.
[2]	Yuhang KE, Yanjun LI, Yuyuan CAO, Xingcheng ZHANG. Research on model-based safety analysis of flight control system [J]. Systems Engineering and Electronics, 2021, 43(11): 3259-3265.
[3]	Changxiao ZHAO, Hao LI, Lei DONG, Peng WANG. Safety analysis and evaluation of airborne HUD system based on STPA-Bayes model [J]. Systems Engineering and Electronics, 2020, 42(5): 1083-1092.
[4]	Sen QIAO, Zhiqiu HUANG, Jinyong WANG, Weijian WAN. DFT quantitative analysis method based on statistical model checking [J]. Systems Engineering and Electronics, 2020, 42(2): 480-488.
[5]	CHEN Lu, JIAO Jian, WEI Qianxin. Model-checking oriented unified modeling method based on NuSMV [J]. Systems Engineering and Electronics, 2018, 40(7): 1654-1659.
[6]	CHEN Lei, JIAO Jian, ZHAO Tingdi. Review for model-based safety analysis of complex safety-critical system [J]. Systems Engineering and Electronics, 2017, 39(6): 1287-1291.
[7]	HE Deyu1,2, HU Niaoqing1,2, HU Lei1,2, CHEN Ling1,2, GUO Yiping3. Design of demonstration platform of fault safety analysis -based on virtual prototyping [J]. Systems Engineering and Electronics, 2017, 39(3): 681-686.
[8]	ZHANG Di， GUO Qi-sheng， LI Zhi-guo. Capability limited hierarchy evaluation of weapon equipment system based on ANP [J]. Systems Engineering and Electronics, 2015, 37(4): 817-824.
[9]	JIANG Jiang,LI Xuan,CHEN Ying-wu,YANG Ke-wei. Evidential network and its application in safety analysis of aerospace systems [J]. Journal of Systems Engineering and Electronics, 2011, 33(6): 1270-1275.