Extending and automating a Systems-Theoretic hazard analysis for requirements generation and analysis.

Thomas, John

doi:10.2172/1044959

Cited by 92 publications

(84 citation statements)

References 71 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the following example, a real nuclear power plant design was used but the details had to be changed for obvious reasons. The full analysis (for safety) can be found in Thomas [5].…”

Section: Applying Stpa To Securitymentioning

confidence: 99%

Systems thinking for safety and security

Young

Leveson

2013

Proceedings of the 29th Annual Computer Security Applications Conference

127

117

View full text Add to dashboard Cite

The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety professionals. Despite their shared challenge, there is little evidence that recent advances that enable one community to better prevent losses have been shared with the other for possible implementation. Limitations in current safety approaches have led researchers and practitioners to develop new models and techniques. These techniques could potentially benefit the field of security. This paper describes a new systems thinking approach to safety that may be suitable for meeting the challenge of securing complex systems against cyber disruptions. SystemsTheoretic Process Analysis for Security (STPA-Sec) augments traditional security approaches by introducing a top-down analysis process designed to help a multidisciplinary team consisting of security, operations, and domain experts identify and constrain the system from entering vulnerable states that lead to losses. This new framework shifts the focus of the security analysis away from threats as the proximate cause of losses and focuses instead on the broader system structure that allowed the system to enter a vulnerable system state that the threat exploits to produce the disruption leading to the loss.

show abstract

“…In the following example, a real nuclear power plant design was used but the details had to be changed for obvious reasons. The full analysis (for safety) can be found in Thomas [5].…”

Section: Applying Stpa To Securitymentioning

confidence: 99%

Systems thinking for safety and security

Young

Leveson

2013

Proceedings of the 29th Annual Computer Security Applications Conference

127

117

View full text Add to dashboard Cite

show abstract

“…A engenharia de sistemas define ainda que segurança é uma propriedade emergente do sistema, que surge quando seus componentes em todos os níveis hierárquicos se inter-relacionam respeitando as restrições de segurança estabelecidas (LEVESON, 2004;FLEMMING, 2004;THOMAS, 2013 …”

Section: Segurança Críticaunclassified

“…Nesse capítulo será apresentado a metodologia proposta para a análise de impacto, que utiliza a técnica STPA, derivada do modelo STAMP, em ambos cenários automático e manual. Os passos descritos neste capítulo foram retirados basicamente de Leveson (2012) e Thomas (2013), onde este último desenvolveu uma metodologia sistemática de aplicação do STPA, e adicionados um passo adicional de análise dos fatores causais levantados.…”

Section: Escolha Do Tipo De Operaçãounclassified

“…Da lista de perigos percebeu-se alguns possíveis conflitos de procedimentos como por exemplo autorizar o pouso de uma aeronave em emergência com a pista ocupada é perigoso (P 1 ), mas não autorizar o pouso de uma aeronave em emergência também é perigoso (P 4 ). Como Thomas (2013) cita, a melhor maneira de se prevenir esses conflitos seria criar saídas no projeto do sistema que os evitassem, mas caso não seja possível, uma das maneiras é ordenar os perigos em importância e escolher o perigo que causa o menor impacto possível.…”

Section: Conceitualização Da Análiseunclassified

“…Thornberry (2014) estendeu o STPA para incluir essa proposta. Thomas (2013) cita que dependendo do nível de detalhe desejado na análise do STPA, as tabelas de contexto podem ficar enormes e o levantamento de fatores causais pode levantar uma quantidade muito grande de fatores. Um possível foco de estudo seria em ferramentas automatizadas na análise de grande tabelas de contexto e de levantamento de fatores causais.…”

Section: Conclusõesunclassified

See 2 more Smart Citations

Metodologia de análise de impacto em segurança crítica da automação das tarefas do controlador de tráfego aéreo da torre de controle de aeródromo.

Dirickson¹

View full text Add to dashboard Cite

AGRADECIMENTOSPrimeiro para a minha esposa, Karolyne, que me apoiou e ajudou nessa jornada que foi para nós dois, ambos estudantes de mestrado. Esse trabalho só foi possível ser terminado porque você estava ao meu lado, eu te amo! Para a minha família, em especial meu pai Luiz e mãe Margarete, por serem um porto seguro nos fim de semanas estressados.Para o meu professor e orientador, prof Dr. João Batista Camargo Jr, por ter me recebido tão respeitosa e alegremente em uma área que não tinha nada a ver com a minha, por ter me orientado e guiado nesses anos de mestrado e por ter depositado tanta confiança no meu trabalho. Ao Lúcio Vismari pela coorientação informal dada por tanto tempo, me ensinando como ser um pesquisador. Aos outros amigos e membros do GAS (Grupo depois na análise subsequente dos cenários antes da automação e depois da automação utilizando a técnica Systems-Theoretic Proccess Analysis (STPA), criada a partir do STAMP, para levantar os fatores causais de perigos e seus requisitos de segurança em cada cenário, de forma a ser possível obter uma comparação do que foi modificado com a automação proposta das tarefas. Para validar a metodologia, foi analisada uma tarefa do ATCo da TWR como exemplo. Espera-se obter com a metodologia proposta uma forma mais objetiva e sistêmica de obter o possível impacto em termos de segurança crítica da automação de uma tarefa específica, sendo possível então determinar qual a melhor forma de se pensar essa automação no contexto do ATCo, podendo assim contribuir para a modernização segura do sistema ATM.Palavras-chave: Segurança, ATC, TWR, Engenharia de Sistemas. ABSTRACTWith the increasing growth of aviation as mode of transportation for people and cargo, the Air Traffic Management (ATM) system is on its limits. In order to cope with that, the International Civil Aviation Organization (ICAO), together with country members, developed a new ATM concept called CNS/ATM, bearing several technological improvements with the objective of enhancing capacity and performance of the system, where many of these improvements are automated tasks of human operators, pilots and air traffic controllers (ATCo). In time, it was seen that technological improvements were not enough it was necessary a greater integration between all ATM systems, which would guarantee an interoperability between them. Therefore, the CNS/ATM concept evolved to a Global ATM concept, in which the modernization plan would occur globally and integrated, including many of the improvements of the CNS/ATM concept. This paradigm shift raised several questions on how these changes would affect in the actual system from an economic, environmental, performance and safety points of view. To understand the hazards of the new tasks, several traditional techniques and models are used, like Fault Tree Analysis (FTA) and Error Tree Analysis (ETA). These traditional techniques see accidents because of a chain of failure events, all with an effect-cause relation. This assumption is no longer considered enough in order to unders...

show abstract

Using system dynamics simulation for assessment of hydropower system safety

King

Simonović́

Hartford

2017

Water Resources Research

View full text Add to dashboard Cite

Hydropower infrastructure systems are complex, high consequence structures which must be operated safely to avoid catastrophic impacts to human life, the environment, and the economy. Dam safety practitioners must have an in‐depth understanding of how these systems function under various operating conditions in order to ensure the appropriate measures are taken to reduce system vulnerability. Simulation of system operating conditions allows modelers to investigate system performance from the beginning of an undesirable event to full system recovery. System dynamics simulation facilitates the modeling of dynamic interactions among complex arrangements of system components, providing outputs of system performance that can be used to quantify safety. This paper presents the framework for a modeling approach that can be used to simulate a range of potential operating conditions for a hydropower infrastructure system. Details of the generic hydropower infrastructure system simulation model are provided. A case study is used to evaluate system outcomes in response to a particular earthquake scenario, with two system safety performance measures shown. Results indicate that the simulation model is able to estimate potential measures of system safety which relate to flow conveyance and flow retention. A comparison of operational and upgrade strategies is shown to demonstrate the utility of the model for comparing various operational response strategies, capital upgrade alternatives, and maintenance regimes. Results show that seismic upgrades to the spillway gates provide the largest improvement in system performance for the system and scenario of interest.

show abstract

Extending and automating a Systems-Theoretic hazard analysis for requirements generation and analysis.

Cited by 92 publications

References 71 publications

Systems thinking for safety and security

Systems thinking for safety and security

Metodologia de análise de impacto em segurança crítica da automação das tarefas do controlador de tráfego aéreo da torre de controle de aeródromo.

Using system dynamics simulation for assessment of hydropower system safety

Contact Info

Product

Resources

About