Abstract
We develop a notion of safety architecture, based on an extension to bow tie diagrams, to characterize the overall scope of the mitigation measures undertaken to provide safety assurance in the context of unmanned aircraft systems. We use a formal semantics as a basis for implementation in our assurance case tool, AdvoCATE. We also describe the functionality that a safety architecture affords to support both the related safety analysis and subsequent development activities. We motivate the need for a safety architecture through an example based upon a real safety case, whilst also illustrating its application and utility. Additionally, we discuss its role, when combined with structured arguments, in providing a more comprehensive basis for the associated safety case.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
For example, see http://www.cgerisk.com/knowledge-base/risk-assessment/chaining-bowties/.
- 2.
We are aware of only one other tool that supports both BTDs and argument structures [11].
- 3.
The term barrier is often used interchangeably with control in bow tie literature, although we will distinguish them here.
- 4.
E.g., Properties whose violations could translate into weaknesses in the risk analysis and, as a consequence, in the implemented safety system.
- 5.
For example, BowTieXP: http://www.cgerisk.com/, BowTie Pro: http://www.bowtiepro.com/, RiskView: http://www.meercat.com.au/, THESIS BowTie: http://www.abs-group.com/, etc..
References
FAA Air Traffic Organization: Transforming Risk Management: Understanding the Challenges of Safety Risk Measurement, December 2016. https://go.usa.gov/xXxea
UK Civil Aviation Authority: Bowtie Risk Assessment Models (2015). http://www.caa.co.uk/Safety-Initiatives-and-Resources/Working-with-industry/Bowtie/
Acfield, A.P., Weaver, R.A.: Integrating safety management through the bowtie concept: a move away from the safety case focus. In: Australian System Safety Conference, pp. 3–12, May 2012
Clothier, R.A., Williams, B.P., Fulton, N.L.: Structuring the safety case for unmanned aircraft system operations in non-segregated airspace. Saf. Sci. 79, 213–228 (2015)
Joint Authorities for Rulemaking of Unmanned Systems: JARUS Guidelines on Specific Operations Risk Assessment (SORA) (External Consultation Draft), August 2016
Denney, E., Pai, G.: Safety considerations for UAS ground-based detect and avoid. In: 35th IEEE/AIAA Digital Avionics Systems Conference, pp. 1–10, September 2016
Prevot, T., Rios, J., Kopardekar, P., Robinson III, J., Johnson, M., Jung, J.: UAS Traffic Management (UTM) concept of operations to safely enable low altitude fight operations. In: 16th AIAA Aviation Technology, Integration, and Operations Conference, AIAA-2016-3292, June 2016
Denney, E., Pai, G.: A methodology for the development of assurance arguments for unmanned aircraft systems. In: 33rd International System Safety Conference, August 2015
Denney, E., Pai, G.: Architecting a safety case for UAS flight operations. In: 34th International System Safety Conference, August 2016
Denney, E., Pai, G.: Argument-based airworthiness assurance of small UAS. In: 34th IEEE/AIAA Digital Avionics Systems Conference, pp. 5E4-1–5E4-17, September 2015
Adelard LLP: Assurance and Safety Case Environment. http://www.adelard.com/asce/
Denney, E., Pai, G., Pohl, J.: AdvoCATE: an assurance case automation toolset. In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP 2012. LNCS, vol. 7613, pp. 8–21. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33675-1_2
NASA Office of Safety and Mission Assurance: NASA General Safety Program Requirements. NPR 8715.3C (2008)
Dugan, J., Pai, G., Xu, H.: Combining software quality analysis with dynamic event/fault trees for high assurance systems engineering. In: 10th IEEE High Assurance Systems Engineering Symposium, pp. 245–255, November 2007
Duijm, N.J.: Safety-barrier diagrams as a safety management tool. Reliab. Eng. Syst. Saf. 94(2), 332–341 (2009)
FAA Air Traffic Organization: Safety Management System Manual version 4.0, May 2014
Brooker, P.: Air Traffic Management Accident Risk. Part 1: The Limits of Realistic Modelling. Saf. Sci. 44(5), 419–450 (2006)
Feiler, P., Gluch, D., Mcgregor, J.: An Architecture-led Safety Analysis Method. In: 8th European Congress on Embedded Real Time Software and Systems, January 2016
Denney, E., Pai, G.: Composition of safety argument patterns. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 51–63. Springer, Cham (2016). doi:10.1007/978-3-319-45477-1_5
Denney, E., Naylor, D., Pai, G.: Querying safety cases. In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 294–309. Springer, Cham (2014). doi:10.1007/978-3-319-10506-2_20
Steinberg, D., Budinsky, F., Paternostro, M., Merks, E.: EMF: Eclipse Modeling Framework 2.0, 2nd edn. Addison-Wesley Professional, Reading (2009)
Acknowledgements
This work was funded by the Safe Autonomous Systems Operations (SASO) project under the Airspace Operations and Safety Program of the NASA Aeronautics Research Mission Directorate.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Denney, E., Pai, G., Whiteside, I. (2017). Modeling the Safety Architecture of UAS Flight Operations. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10488. Springer, Cham. https://doi.org/10.1007/978-3-319-66266-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-66266-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66265-7
Online ISBN: 978-3-319-66266-4
eBook Packages: Computer ScienceComputer Science (R0)