[SystemSafety] Fwd: new papers related to STAMP and other news

Sun Jul 28 23:03:02 CEST 2013

The third MIT STAMP Workshop will be held the week of March 24, 2014. (This
time it will not be near Easter or Passover but will be during the MIT
Spring break so that I can get access to rooms that hold over 200 people).
More details to follow.

The First European STAMP Workshop organized by the Technical University of
Braunschweig and the University of Stuttgart was held in Braunschweig last
May. I'm not sure when the second one will be held.

We will be holding a small (this time I really mean it :-)) invited
workshop Nov. 7 at MIT on the application of STAMP to security. Write me if
you want to attend (we have very limited space).

*New papers on the PSAS website* (or you can get to them directly at
http://sunnyday.mit.edu/STAMP-publications.html )

*Evaluating the Safety of Digital Instrumentation and Control Systems in
Nuclear Power Plants* by John Thomas, Francisco Luis de Lemos, and Nancy
Leveson.
     This final report for an NRC grant contains a case study of STPA
applied to a Generic Pressurized Water Reactor (PWR), a comparison of the
results of the STPA analysis with traditional analyses performed on such
systems, and potential uses for STPA in the licensing of nuclear power
plants. Because we were not limited by journal or conference page limits,
the entire analysis is shown.

*"Drawbacks in Using the Term System of Systems*" by Nancy Leveson, *Journal
of Biotechnology Instrumentation and Technology*, March/April 2013.
     An invited short essay after I spoke at an AAMI meeting. By inventing
a new name for a "complex system" we have not created anything new. Some
drawbacks of this new buzzword are described. An aircraft example is
provided.

"*Is Estimating Probabilities the Right Goal for System Safety*?" A blog
post I wrote that is now on the PSAS website (
http://psas.scripts.mit.edu/home/ )
     I wrote this short essay after being frustrated by too many people
telling me it is not possible to make decisions about safety without
probabilities. I don't think we can make good decisions *with*
 probabilities.

*Relatively new postings (you may have already seen these)*:

*Extending and Automating a Systems-Theoretic Hazard Analysis for
Requirements Generation*, John Thomas (his Ph.D. dissertation).
    John defines a formal mathematical structure underlying STPA and
introduces a procedure for systematically performing an STPA analysis based
on that structure. A method for using the results of the hazard analysis to
generate formal safety-critical, model-based system and software
requirements is also presented. Techniques to automate both the STPA
analysis and the requirements generation are introduced, as well as a
method to detect conflicts between safety requirements and other functional
model-based requirements during early development of the system.

*"Hazard Analysis of a Complex Spacecraft using STPA*" by Takuto Ishimatsu,
Nancy G. Leveson, John Thomas, Cody Fleming, Masafumi Katahira, Yuko
Miyamoto, Ryo Ujiie, Haruka Nakao, and Nobuyuki Hoshino, * AIAA Journal of
Spacecraft and Rockets *, in press, 2013.
      Another example of STPA, this time on the JAXA HTV (an unmanned cargo
spacecraft that takes supplies to the International Space Station). This
paper also includes information on analyzing hazards arising from having
multiple controllers of a process and a comparison with the traditional
fault tree analysis that was used on the HTV.

"*Software and the Challenge of Flight Contro*l" by Nancy Leveson. A
chapter in a forthcoming book from the AIAA and edited by Roger Launius,
James Craig, and John Krige titled *Space Shuttle Legacy: How We Did
It/What We Learned*
    Although facing incredible challenges, the Shuttle software is
remarkably good. This chapter explains why I think that was so and what we
can learn about developing software today. In many ways, software
engineering is moving in the opposite direction from the practices that
made this software so successful.

*To appear in the next couple of months*:

*An STPA Primer*. Detailed instructions on how to do STPA along with
answers to Frequently Asked Questions and lots of examples.

*Improving Hazard Analysis and Certification of Integrated Modular
Avionics*by Cody Fleming and Nancy Leveson

*Report on Identifying and Analyzing Hazardous Scenarios for TBO
(Trajectory Based Operations) in the Terminal Area* by Cody Fleming, Seth
Placke, Nancy Leveson, Eric Harkleroad, Adan Vela, and Jim Kuchar (MIT and
Lincoln Labs).
    A demonstration for the FAA of the application of STPA to early PHA and
concept analysis for an important NextGen component.

Exciting projects are also underway involving automobiles, UAVs, high-speed
rail, radiation therapy, human factors in STPA, and security.

-- 
Prof. Nancy Leveson
Aeronautics and Astronautics and Engineering Systems
MIT, Room 33-334
77 Massachusetts Ave.
Cambridge, MA 02142

Telephone: 617-258-0505
Email: leveson at mit.edu
URL: http://sunnyday.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130728/8e3914fe/attachment.html>