基于STPA-Bayes模型的机载平视显示系统安全性分析与评价

doi:10.3969/j.issn.1001-506X.2020.05.15

Abstract

Abstract:

The airborne head-up display (HUD) system can greatly improve the success rate of take-off and landing in bad weather and has become a safety promotion technology promoted by the civil aviation administration of China. By constructing a special Ⅰ/Ⅱ approach scene using the HUD system under low visibility, the system-theoretic process analysis (STPA) is used to identify potential unsafe control actions in this scenario. The verification and scenario analysis is carried out through strict formal language, and a scenario analysis framework containing 21 general factors is presented. In order to make up the shortcomings of lacking quantitative analysis, the Bayesian network is introduced to calculate the probability of unsafe control action, and the STPA-Bayes safety analysis and evaluation model is proposed. The results show that this method can effectively identify and analyze potential hazards of the system, reduce the influence of human factors on the results, and provide supports to the safety analysis of the airborne display system.

Key words: safety analysis, system-theoretic process analysis (STPA), formal verification, Bayesian network, head-up display (HUD) system

CLC Number:

Changxiao ZHAO, Hao LI, Lei DONG, Peng WANG. Safety analysis and evaluation of airborne HUD system based on STPA-Bayes model[J]. Systems Engineering and Electronics, 2020, 42(5): 1083-1092.

Figures/Tables 14

Fig.1

Fig.2

Fig.3

Fig.4

Fig.5

Table 1

Fig.6

Table 2

Fig.7

Table 3

Fig.8

Fig.9

Fig.10

Fig.11

References 30

1	修忠信. 民用飞机系统安全性设计与评估技术概论[M]. 上海: 上海交通大学出版社, 2013.
	XIU Z X . Introduction to safety design and evaluation technology for civil aircraft systems[M]. Shanghai: Shanghai Jiaotong University Press, 2013.
2	OZARIN N W. Bridging software and hardware FMEA in complex systems[C]//Proc.of the Reliability & Maintainability Symposium, 2013: 1-6.
3	LEVESON N . A new accident model for engineering safer systems[J]. Safety Science, 2004, 42 (4): 237- 270.
4	YOUSEFI A , RODRIGUEZ H M . Using a system theory based method (STAMP) for hazard analysis in process industry[J]. Journal of Loss Prevention in the Process Industries, 2019, 61, 305- 324.
5	SULTANA S , OKOH P , HAUGEN S . Hazard analysis: application of STPA to ship-to-ship transfer of LNG[J]. Journal of Loss Prevention in the Process Industries, 2019, 60, 241- 252. doi: 10.1016/j.jlp.2019.04.005
6	LEVESON N, FLEMING C, THOMAS J. A comparison of STPA and the ARP 4761 safety assessment process[EB/OL].[2019-07-22].http://sunnyday.mit.edu/STAMP/ARP4761-Comparison-Report-final-2.pdf.
7	KHAWAJI I A. Developing system-based leading indicators for proactive risk management in the chemical processing industry[D]. Boston: Massachusetts Institute of Technology, 2012.
8	REJZEK M , HILBES C . Use of STPA as a diverse analysis method for optimization and design verification of digital instrumentation and control systems in nuclear power plants[J]. Nuclear Engineering and Design, 2018, 331, 125- 135.
9	HAN X , TANG T , LU J D . Analysis of requirement-errors-caused failure of on-board subsystem of CTCS-3 train control system based on failure logs[J]. Journal of the China Railway Society, 2017, 39 (3): 59- 70.
10	ZHANG Y, LIU S. STPA based safety analysis of regional data center in ctcs-1 train control system[C]//Proc.of the International Conference of Safety Produce Informatization, 2019: 240-245.
11	王瑛, 郭之俊, 孙贇, 等. 基于IDAC-STPA模型的战机飞行安全性分析与评价[J]. 系统工程与电子技术, 2019, 41 (5): 1056- 1062.
	WANG Y , GUO Z J , SUN W , et al. Aircraft flight safety analysis and simulation based on IDAC-STPA model[J]. Systems Engineering and Electronics, 2019, 41 (5): 1056- 1062.
12	HU J B , ZHENG L , XU S K . Safety analysis of wheel brake system based on STAMP/STPA and Monte Carlo simulation[J]. Journal of Systems Engineering and Electronics, 2018, 29 (6): 1327- 1339. doi: 10.21629/JSEE.2018.06.20
13	王洁宁, 孙晓萌. 基于STPA空管运行系统安全分析方法研究[J]. 武汉理工大学学报, 2017, 39 (12): 54- 60.
	WANG J N , SUN X M . Research on safety analysis of air traffic control system based on STPA[J]. Journal of Wuhan University of Technology, 2017, 39 (12): 54- 60.
14	KRAUSS S S , REJZEK M , HILBES C . Tool qualification considerations for tools supporting STPA[J]. Procedia Engineering, 2015, 128 (11): 15- 24.
15	LONGJI D A , EMILIA V . System safety assessment based on STPA and model checking[J]. Safety Science, 2018, 109 (11): 130- 143.
16	YANG P , KARASHIMA R , OKANO K . Automated inspection method for an STAMP/STPA-fallen barrier trap at railroad crossing[J]. Procedia Computer Science, 2019, 159 (9): 1165- 1174.
17	LEVESON N . Engineering a safer world: systems thinking applied to safety[M]. Cambridge: MIT Press, 2011.
18	邓雪峰, 孙瑞志, 聂娟, 等. 基于时间自动机的温室环境监控物联网系统建模[J]. 农业机械报, 2016, 47 (7): 301- 308.
	DENG X F , SUN R Z , NIE J , et al. Greenhouse environment monitoring iot system modeling based on timed automata[J]. Transactions of the Chinese Society for Agricultural Machinery, 2016, 47 (7): 301- 308.
19	NIGRO L, SCIAMMARELLA P F. Statistical model checking of distributed real-time actor systems[C]//Proc.of the IEEE/21st ACM International Symposium on Distributed Simulation and Real Time Applications, 2017: 1-8.
20	LU Y , SUN M . Modeling and verification of IEEE 802.11i security protocol in UPPAAL for internet of things[J]. International Journal of Software Engineering and Knowledge Engineering, 2018, 28 (11/12): 1619- 1636.
21	王国卿, 庄雷, 王瑞民, 等. 基于时间自动机的物联网网关安全系统的建模及验证[J]. 通信学报, 2018, 39 (3): 63- 75. doi: 10.3969/j.issn.1001-2400.2018.03.012
	WANG G Q , ZHUANG L , WANG R M , et al. Modeling and verifying based on timed automata of Internet of things gateway security system[J]. Journal on Communications, 2018, 39 (3): 63- 75. doi: 10.3969/j.issn.1001-2400.2018.03.012
22	NIGRO L , SCIAMMARELLA P F . Qualitative and quantitative model checking of distributed probabilistic timed actors[J]. Simulation Modelling Practice and Theory, 2018, 87, 343- 368. doi: 10.1016/j.simpat.2018.07.011
23	LEVESON N, THOMAS J. STPA handbook[EB/OL].[2019-07-22].http://psas.scripts.mit.edu/home/get_file.php?name=STPA_handbook.pdf.
24	陈长飞, 白国强. 贝叶斯网络在消防系统可靠性分析中的应用[J]. 中国安全科学学报, 2018, 28 (6): 97- 102.
	CHEN C F , BAI G Q . Application of Bayesian network in analysis of reliability of fire protection system[J]. Chinese Journal of Safety Science, 2018, 28 (6): 97- 102.
25	ABAEI M M , ABBASSI R , GARANIYA V . Reliability assessment of marine floating structures using Bayesian network[J]. Applied Ocean Research, 2018, 76 (6): 51- 60.
26	KABIR S , PAPADOPOULOS Y . Applications of Bayesian networks and Petri nets in safety, reliability, and risk assessments: a review[J]. Safety Science, 2019, 115 (6): 154- 175.
27	IEŠMANTAS T , ALZBUTAS R . Bayesian spatial reliability model for power transmission network lines[J]. Electric Power Systems Research, 2019, 173 (8): 214- 219.
28	JIANG L , LIU Y L , WANG X M , et al. Operation-oriented reliability and availability evaluation for onboard high-speed train control system with dynamic Bayesian network[J]. Proceedings of the Institution of Mechanical Engineers, 2019, 233 (3): 455- 469.
29	GUETARNI H M I , AISSANI N , CHÂTELET E , et al. Relia- bility analysis by mapping probabilistic importance factors into Bayesian belief networks for making decision in water deluge system[J]. Process Safety Progress, 2019, 38 (2): 1- 14.
30	王鹏, 李浩, 赵长啸, 等. 基于STPA的机载平视显示系统安全性分析[J]. 电讯技术, 2019, 59 (12): 1469- 1476.
	WANG P , LI H , ZHAO C X , et al. Safety analysis of head-up display system based on STPA[J]. Telecommunication Engineering, 2019, 59 (12): 1469- 1476.

类型	未提供控制行为	提供错误的控制行为	控制行为时序错误	控制行为作用时间错误
UCA描述	UCA-1:飞行员正确操作后, HUD未显示飞行和导引信息	UCA-2:飞行员正确操作后, HUD显示错误的飞行和导引信息,且未显示告警信息 UCA-3:HUD显示正确的飞行和导引信息时,显示了告警信息	UCA-4:飞行员正确操作后, HUD画面显示延时 UCA-5:HUD在显示错误的飞行和导引信息后,未及时显示告警信息	N/A
导致的危险	H1-2, H2-2, H3-1	H1-3, H2-3, H3-2	H1-3, H2-2, H3-2	N/A
导致的事故	A-4	A-1, A-2, A-3, A-4	A-1, A-2, A-3, A-4	N/A
影响等级	Ⅲ	Ⅱ	Ⅱ	N/A
概率要求	小于10E-5	小于10E-7	小于10E-7	N/A

编号	致因场景
01	HCP_DPM和HCP_MM同时错误处理,导致HCP输出错误的控制命令
02	HCP输出错误的控制命令, HUDC组件正常运行,导致HUDC输出错误的符号数据
03	HUDC输入的源数据错误, HUDC组件正常运行,导致HUDC输出错误的符号数据
04	HUDC_IOM数据转换功能错误,导致HUDC输出错误数据
05	HUDC_A818数据转换功能错误,导致HUDC输出错误数据
06	HUDC_DPM数据处理功能、HUDC_GPM图像转换功能和HUDC_MM监控功能同时错误,导致HUDC输出错误数据
07	HUDC_DPM数据处理功能错误与HUDC_MM监控功能错误同时发生,导致HUDC输出错误数据
08	HUDC_GPM图像转换功能错误与HUDC_MM监控功能错误同时发生,导致HUDC输出错误数据
09	HPU_A818数据转换功能错误,导致HPU投影错误的图像
10	HPU_ISM模块投影功能错误,导致HPU投影错误的图像
11	HPU_DCM畸形矫正功能错误与HPU_ICM监控功能错误同时发生,导致HPU投影错误的图像
12	HUDC输出错误的符号数据, HPU组件正常运行,导致HPU投影错误的图像
13	HCU的RFM模块校准错误,导致HCU显示的画面与实际情况发生偏移
14	HCU的RFM模块校准正确, HPU投影错误的图像,导致HCU显示错误的画面且无告警标识

节点名称	先验概率
HCP_DPM	7.2E-8
HCP_MM	6.5E-8
HUDC_IOM	5.7E-9
HUDC_DPM	2.3E-8
HUDC_GPM	8.8E-8
HUDC_MM	2.6E-8
HUDC_A818	6.7E-9
HPU_A818	1.4E-8
HPU_DCM	3.8E-8
HPU_ICM	2.5E-8
HPU_ISM	1.1E-8
HCU_RFM	1.2E-8

[1]	Yaohua LI, Yuan GAO. Safety analysis for civil aircraft system based on STPA-ANP model [J]. Systems Engineering and Electronics, 2022, 44(9): 2986-2994.
[2]	Yifan LI, Huaming QIAN, Hongzhong HUANG, Tingyu ZHANG, Tudi HUANG. Reliability analysis of command and control network system based on generalized continuous time Bayesian network [J]. Systems Engineering and Electronics, 2022, 44(12): 3880-3886.
[3]	Peng WANG, Zijing SUN, Fan ZHANG, Guosong XIAO. Reliability analysis model for phased-mission system considering probabilistic common cause failures [J]. Systems Engineering and Electronics, 2022, 44(12): 3887-3898.
[4]	Dianfeng QIAO, Yan LIANG, Chaoxiong MA, Xinyu YANG, Mian WANG, Jianguo LI. Recognition and prediction of group target intention in multi-domain operations [J]. Systems Engineering and Electronics, 2022, 44(11): 3403-3412.
[5]	Yanzhao LIU, Zhiqiu HUANG, Guohua SHEN, Jinyong WANG, Heng XU. Behavioral decision-making methods of autonomous vehicles based on decision tree and BN [J]. Systems Engineering and Electronics, 2022, 44(10): 3143-3154.
[6]	Luda ZHAO, Bin WANG. Method of electronic countermeasure targets' list generation based on RS-DBN [J]. Systems Engineering and Electronics, 2021, 43(9): 2373-2382.
[7]	Hongzhuan CHEN, Aijia ZHAO, Tengjiao LI, Congcong CAI, Shuo CHENG, Chunli XU. Fuzzy Bayesian network inference fault diagnosis of complex equipment based on fault tree [J]. Systems Engineering and Electronics, 2021, 43(5): 1248-1261.
[8]	Xue SUN, Zhiqiu HUANG, Guohua SHEN, Jinyong WANG, Heng XU. Behavior decision method of autonomous vehicle based on ontology and BN [J]. Systems Engineering and Electronics, 2021, 43(2): 452-465.
[9]	Yuhang KE, Yanjun LI, Yuyuan CAO, Xingcheng ZHANG. Research on model-based safety analysis of flight control system [J]. Systems Engineering and Electronics, 2021, 43(11): 3259-3265.
[10]	Qiang ZENG, Zheng HUANG, Shuhuan WEI. Bayesian network parameter learning method based on expert priori knowledge and monotonic constraints [J]. Systems Engineering and Electronics, 2020, 42(3): 646-652.
[11]	Sen QIAO, Zhiqiu HUANG, Jinyong WANG, Weijian WAN. DFT quantitative analysis method based on statistical model checking [J]. Systems Engineering and Electronics, 2020, 42(2): 480-488.
[12]	Guanglei MENG, Mingzhe ZHOU, Haiyin PIAO, Huimin ZHANG. Threat assessment method of dual-aircraft formation based on cooperative tactical recognition [J]. Systems Engineering and Electronics, 2020, 42(10): 2285-2293.
[13]	SUN Haiwen, XIE Xiaofang, SUN Tao, ZHANG Longjie. Threat assessment method of warships formation air defense based on DBN under the condition of small sample data missing [J]. Systems Engineering and Electronics, 2019, 41(6): 1300-1308.
[14]	LIU Jiufu, DING Xiaobin, ZHENG Rui, WANG Biao, LIU Haiyang, WANG Zhisheng. Weighted class-conditional Bayesian network classifier parameter learning of chaos quantum particle swarm [J]. Systems Engineering and Electronics, 2019, 41(10): 2304-2309.
[15]	CHEN Lu, JIAO Jian, WEI Qianxin. Model-checking oriented unified modeling method based on NuSMV [J]. Systems Engineering and Electronics, 2018, 40(7): 1654-1659.

Safety analysis and evaluation of airborne HUD system based on STPA-Bayes model

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 30

Related Articles 15

Recommended Articles

Metrics

Comments