Safety Assessment of Complex, Software-Intensive Systems

Leveson, Nancy G.; Fleming, Craig; Spencer, Matthew; Thomas, John; Wilkinson, Chris

doi:10.4271/2012-01-2134

Cited by 27 publications

(18 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From the 13 common identified hazards, it can be observed that both methods found software error type hazards covering the dynamic behavior of the system. In Ishimatsu et al (2014); Thomas and Leveson (2011); Leveson et al (2012); Nakao et al (2011);Fleming et al (2012Fleming et al ( , 2013, the authors have mentioned that the traditional analysis methods (FMEA, FTA, etc.) cannot identify software errors.…”

Section: Discussionmentioning

confidence: 99%

“…SFMEA (Pries 1998) and especially also STPA ) have been developed to overcome the existing problems in traditional analysis methods. According to Leveson et al (2012) and Fleming et al (2012Fleming et al ( , 2013, STPA can find more component interaction, software, and human hazards than traditional methods. Therefore, according to the authors, STPA is more effective because it is developed by considering system thinking that considers whole system as a single unit and finds more hazards.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Comparison of the FMEA and STPA safety analysis methods–a case study

et al. 2017

View full text Add to dashboard Cite

As our society becomes more and more dependent on IT systems, failures of these systems can harm more and more people and organizations. Diligently performing risk and hazard analysis helps to minimize the potential harm of IT system failures on the society and increases the probability of their undisturbed operation. Risk and hazard analysis is an important activity for the development and operation of critical software intensive systems, but the increased complexity and size puts additional requirements on the effectiveness of risk and hazard analysis methods. This paper presents a qualitative comparison of two hazard analysis methods, failure mode and effect analysis (FMEA) and system theoretic process analysis (STPA), using case study research methodology. Both methods have been applied on the same forward collision avoidance system to compare the effectiveness of the methods and to investigate what are the main differences between them. Furthermore, this study also evaluates the analysis process of both methods by using a qualitative criteria derived from the technology acceptance model (TAM). The results of the FMEA analysis were compared to the results of the STPA analysis, which were presented in a previous study. Both analyses were conducted on the same forward collision avoidance system. The comparison shows that FMEA and STPA deliver similar analysis results.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Comparison of the FMEA and STPA safety analysis methods–a case study

et al. 2017

View full text Add to dashboard Cite

show abstract

“…The analysis of a new Air Traffic Control procedure (performed by two students) found more hazardous scenarios than a team of experts had found [9]. In the analysis of a blood gas analyzer, STPA found 175 scenarios versus 75 found by a FMEA.…”

Section: Analysis Of the Results Of The Case Studymentioning

confidence: 99%

Hazard Analysis of Complex Spacecraft Using Systems-Theoretic Process Analysis

Ishimatsu¹,

Leveson²,

Thomas³

et al. 2014

Journal of Spacecraft and Rockets

Self Cite

View full text Add to dashboard Cite

A new hazard analysis technique, called System-Theoretic Process Analysis, is capable of identifying potential hazardous design flaws, including software and system design errors and unsafe interactions among multiple system components. Detailed procedures for performing the hazard analysis were developed and the feasibility and utility of using it on complex systems was demonstrated by applying it to the Japanese Aerospace Exploration Agency H-II Transfer Vehicle. In a comparison of the results of this new hazard analysis technique to those of the standard fault tree analysis used in the design and certification of the H-II Transfer Vehicle, System-Theoretic Hazard Analysis found all the hazardous scenarios identified in the fault tree analysis as well as additional causal factors that had not been) identified by fault tree analysis.

show abstract

“…Another method that has been extensively used for risk analysis of DP incidents is the Bayesian Network (BN), a graphical model that represents the dependency between variables, using nodes and directed links, making it possible to show conditional probabilities for a set of variables (Ancione, Bragatto and Milazzo, 2020). In addition, the system theoretic process analysis (STPA) is used for analysing the dynamic behaviour of the systems, providing advantages over other traditional methods (Leveson et al 2012).…”

Section: Introductionmentioning

confidence: 99%

Risk Analysis of DP Incidents During Drilling Operations

et al. 2021

View full text Add to dashboard Cite

This paper aims to present a method to determine the type of dynamic positioning (DP) incidents that have a more significant risk during drilling operations in the period 2007-2015, according to the element or the type of failure that causes the DP system to fail. Two different classifications are made: 1) according to the element that produces the incident (which has been the traditional classification in the industry) and 2) according to the type of error that arises, the latter being an alternative classification proposed in this paper. The predictable financial losses for each level of severity are used to define the resulting consequences for each case. A risk analysis is performed with the data obtained, showing the potentially more dangerous incidents, either because of their higher number of occurrences or because their consequences are remarkable. According to the classification proposed, the main causes with the higher risk results were power and environmental, according to the traditional classification, and fault/failure. Thus, the power segment’s combination of failures is the riskiest cause during the DP drilling operations.

show abstract

Safety Assessment of Complex, Software-Intensive Systems

Cited by 27 publications

References 3 publications

Comparison of the FMEA and STPA safety analysis methods–a case study

Comparison of the FMEA and STPA safety analysis methods–a case study

Hazard Analysis of Complex Spacecraft Using Systems-Theoretic Process Analysis

Risk Analysis of DP Incidents During Drilling Operations

Contact Info

Product

Resources

About