| dc.contributor.advisor | Nancy Leveson. | en_US |
| dc.contributor.author | Atherton, Malvern J | en_US |
| dc.contributor.other | System Design and Management Program. | en_US |
| dc.date.accessioned | 2006-03-29T18:48:06Z | |
| dc.date.available | 2006-03-29T18:48:06Z | |
| dc.date.copyright | 2005 | en_US |
| dc.date.issued | 2005 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/32477 | |
| dc.description | Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2005. | en_US |
| dc.description | Includes bibliographical references (p. 108-110). | en_US |
| dc.description.abstract | The development of complex, safety-critical systems for aero-engine control is subject to the, often competing, demands for higher safety and reduced development cost. Although the commercial aerospace industry has a general good safety record, and has placed much emphasis on process improvement within a strong safety culture, there continues to be a large number of design and requirements errors found during development and after entry into service. 'The thesis assesses current system safety practice within the aero engine control system industry, including international standards, and reviews the current practice against the research at MIT by Professor Nancy Leveson. The thesis focuses in particular on software safety as this is the area that has proven most challenging and most likely to experience high costs. The particular research topics reviewed are Intent Specifications, the System Theoretic Accident Modeling and Processes (STAMP) technique, and requirements completeness criteria. Research shows that many problems arise from requirements and design errors rather than component failures. Several example incidents from an engine company are reviewed and these show a pattern of common problems which could have been caught by the use of more comprehensive requirements completeness checks and by the use of Intent Specifications. In particular, assumptions are not currently documented in the specifications but are kept separately, and the need to identify assumptions is not emphasized enough in existing processes. | en_US |
| dc.description.abstract | (cont.) It is concluded that the existing development process has significant room for improvement in the coordination between the safety assessment and system development processes. In particular, more could be done by the use of requirements completeness checks, software hazard analysis, the adoption of the Intent Specification approach and in the use of the STAMP models. | en_US |
| dc.description.statementofresponsibility | by Malvern J. Atherton. | en_US |
| dc.format.extent | 120 p. | en_US |
| dc.format.extent | 6847448 bytes | |
| dc.format.extent | 6854854 bytes | |
| dc.format.mimetype | application/pdf | |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | |
| dc.subject | System Design and Management Program. | en_US |
| dc.title | System theoretic framework for assuring safety and dependability of highly integrated aero engine control systems | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | S.M. | en_US |
| dc.contributor.department | System Design and Management Program. | en_US |
| dc.identifier.oclc | 61772088 | en_US |
