System theoretic framework for assuring safety and dependability of highly integrated aero engine control systems
Author(s)
Atherton, Malvern J
DownloadFull printable version (6.815Mb)
Other Contributors
System Design and Management Program.
Advisor
Nancy Leveson.
Terms of use
Metadata
Show full item recordAbstract
The development of complex, safety-critical systems for aero-engine control is subject to the, often competing, demands for higher safety and reduced development cost. Although the commercial aerospace industry has a general good safety record, and has placed much emphasis on process improvement within a strong safety culture, there continues to be a large number of design and requirements errors found during development and after entry into service. 'The thesis assesses current system safety practice within the aero engine control system industry, including international standards, and reviews the current practice against the research at MIT by Professor Nancy Leveson. The thesis focuses in particular on software safety as this is the area that has proven most challenging and most likely to experience high costs. The particular research topics reviewed are Intent Specifications, the System Theoretic Accident Modeling and Processes (STAMP) technique, and requirements completeness criteria. Research shows that many problems arise from requirements and design errors rather than component failures. Several example incidents from an engine company are reviewed and these show a pattern of common problems which could have been caught by the use of more comprehensive requirements completeness checks and by the use of Intent Specifications. In particular, assumptions are not currently documented in the specifications but are kept separately, and the need to identify assumptions is not emphasized enough in existing processes. (cont.) It is concluded that the existing development process has significant room for improvement in the coordination between the safety assessment and system development processes. In particular, more could be done by the use of requirements completeness checks, software hazard analysis, the adoption of the Intent Specification approach and in the use of the STAMP models.
Description
Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2005. Includes bibliographical references (p. 108-110).
Date issued
2005Department
System Design and Management Program.Publisher
Massachusetts Institute of Technology
Keywords
System Design and Management Program.