Show simple item record

dc.contributor.advisorNancy G. Leveson and Mary E. Devenny.en_US
dc.contributor.authorDunn, Nicholas Connoren_US
dc.contributor.otherMassachusetts Institute of Technology. Department of Aeronautics and Astronautics.en_US
dc.date.accessioned2014-03-19T15:44:39Z
dc.date.available2014-03-19T15:44:39Z
dc.date.copyright2013en_US
dc.date.issued2013en_US
dc.identifier.urihttp://hdl.handle.net/1721.1/85777
dc.descriptionThesis: S.M., Massachusetts Institute of Technology, Department of Aeronautics and Astronautics, 2013.en_US
dc.descriptionCD-ROM contains 2 Excel spreadsheets.en_US
dc.descriptionCataloged from PDF version of thesis.en_US
dc.descriptionIncludes bibliographical references (pages 139-140).en_US
dc.description.abstractTraditional hazard analysis techniques based on failure models of accident causality, such as the probabilistic risk assessment (PRA) method currently used at NASA, are inadequate for analyzing safety at the system level. System-Theoretic Accident Model and Processes (STAMP) shifts the focus of safety from preventing failures to that of a dynamic feedback control system that enforces behavioral constraints. System-Theoretic Process Analysis (STPA), the hazard analysis method based on STAMP, was applied to the launch and mission phases of a NASA/JAXA Global Precipitation Measurement (GPM) Core Observatory-based satellite. Exploiting the fact that nearly all satellites follow similar lifecycles and employ common functional architectures with relatively-decoupled, unique mission payloads, a template for future satellite STPA safety analyses was developed. The template seeks to aid and guide new STPA applications while reducing analysis time by providing the STPA analysis for many common satellite functions. Increasing pressure to reduce satellite mission costs has renewed interest in modular payloads. Traditional hazard analysis methods are dependent on the hardware used, so they must be redone for the entire system if the payload is changed. This repetition of work is time intensive and costly. STPA is the only hazard analysis method that may be performed early in development and without details of the system hardware implementation. Using the GPM-based satellite STPA analysis, the influence of the mission payload on safety at the system-level is considered. Five types of control action mismatch resulting from changing payloads were identified along with the corresponding additional STPA analysis required to ensure safety at the system level.en_US
dc.description.statementofresponsibilityby Nicholas Connor Dunn.en_US
dc.format.extent140 pagesen_US
dc.language.isoengen_US
dc.publisherMassachusetts Institute of Technologyen_US
dc.relation.requiresSystem requirements: Windows and CD-ROM drive.en_US
dc.rightsM.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission.en_US
dc.rights.urihttp://dspace.mit.edu/handle/1721.1/7582en_US
dc.subjectAeronautics and Astronautics.en_US
dc.titleSatellite System Safety Analysis Using STPAen_US
dc.title.alternativeSatellite System Safety Analysis Using System-Theoretic Process Analysisen_US
dc.typeThesisen_US
dc.description.degreeS.M.en_US
dc.contributor.departmentMassachusetts Institute of Technology. Department of Aeronautics and Astronautics.en_US
dc.identifier.oclc871340076en_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record