Safety-driven system engineering process

Stringfellow, Margaret Virgina

Author(s)

Stringfellow, Margaret Virgina

DownloadFull printable version (18.44Mb)

Other Contributors

Massachusetts Institute of Technology. Dept. of Aeronautics and Astronautics.

Advisor

Nancy G. Leveson.

Terms of use

M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

As the demand for high-performing complex systems has increased, the ability of engineers to meet that demand has not kept pace. The creators of the traditional system engineering processes did not anticipate modern complex systems, and the application of traditional processes to complex systems such as spacecraft has repeatedly led to disastrous results. Too often, system safety is considered late in the design process, after much of the design is set. This thesis presents an iterative safety-driven system engineering process to address this problem. The process integrates safety into the design process, ensuring that safety is designed into the system, rather than added on. The techniques used in this process are: I) Intent Specifications, a framework for organizing system development and operational information in a hierarchical structure; 2) the System-Theoretic Accident Modeling and Processes (STAMP) model of accident causation, a framework upon which to base powerful safety engineering techniques; 3) STAMP-based Hazard Analysis (STPA) a novel hazard analysis technique; and 4) SpecTRM-Requirements Language (SpecTRM-RL), a formal modeling language. Intent Specification is used to document the design with complete traceability from system goals, requirements, and constraints to the operational design and software code. The STAMP framework is used to apply concepts from control theory to system engineering. STPA is used to identify hazards and eliminate them or mitigate their effects to ensure a safe system design. Finally, SpecTRM-RL is used to create the blackbox behavior models. An example of this process applied to an outer moon exploration mission is presented (in the form of an intent specification) and discussed. The specification focuses on the design of the control system and functionality of the scientific instruments, while also including a high-level design of the entire spacecraft. The application of the process described in this thesis demonstrates that design decisions are safety-driven, and that the results of the hazard analysis are integrated into all aspects of the design.

Description

Thesis (S. M.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2008.

MIT Barker Library copy: leaves 82 to 106 bound upside-down.

Includes bibliographical references (leaves 56-59).

Date issued

2008

URI

http://hdl.handle.net/1721.1/49685

Department

Massachusetts Institute of Technology. Department of Aeronautics and Astronautics

Publisher

Massachusetts Institute of Technology

Keywords

Aeronautics and Astronautics.

Collections

Graduate Theses