Distinguishing Fact from Fiction in a System of Systems Safety Case
Based on our recent experience, ‘distinguishing fact from fiction’ in relation to System of Systems (SoS) safety has emerged as a pertinent topic in a number of senses. From an analytical perspective, we recognise that it would be a mistake to treat a SoS as ‘just another complex system’. The defining properties of a SoS mean that traditional analysis methods may fall short if applied without additional support. On the other hand, we also argue that the structured and comprehensive analysis of a SoS need not be so complex as to be impractical.
We draw on an internal BAE Systems development project, Integrated Aircrew Training (IAT), as an exemplar. IAT interconnects multiple systems and participants – air and ground assets – into a training SoS. As would be expected we have identified a number of sources of complexity in the analysis of this SoS, chiefly the exponential impact of interactions among increasing numbers of system elements on analysis complexity. However, the training domain provides constraints which may be captured as feature models to structure the analysis.
We outline a SoS hazard assessment process and associated safety case approach that are the subject of ongoing research and development and as such, are not yet formally recognised. They acknowledge that the presence of human decision-makers in a SoS means that human factors analysis contributes significantly to SoS safety assessment. We discuss the human element in SoS safety analysis and show how its treatment in the case of IAT has caused us to recognise that augmented-reality training brings with it both novel sources and consequences of human ‘error’. In this particular SoS, the ‘fact versus fiction’ differential also applies to SoS users and the notion of participant ‘immersion’ is a key area of interest.
KeywordsHazard Assessment System Safety Software Product Line Fault Tree Analysis Hazard Identification
Unable to display preview. Download preview PDF.
- Alexander RD (2007) Using simulation for systems of systems safety analysis. PhD Thesis, University of YorkGoogle Scholar
- Alexander R, Hall-May M, Kelly T (2004) Characterisation of systems of systems failures. Proceedings of the 22nd International System Safety Conference (ISSC '04)Google Scholar
- Bayer J, Flege O, Knauber P et al (1999) PuLSE: a methodology to develop software product lines. Proceedings of the Fifth Symposium on Software ReusabilityGoogle Scholar
- Brown E, Cairns P (2004) A grounded investigation of game immersion. Proc CHI. ACM PressGoogle Scholar
- Csikszentmihalyi M (1990) Flow: the psychology of optimal experience. Harper and Row, New YorkGoogle Scholar
- Czarnecki K, Eisenecker U (2000) Generative programming. Addison-Wesley, Reading MAGoogle Scholar
- Dehlinger J, Lutz RR (2005) Software fault tree analysis for product lines. Proceedings Eighth IEEE International Symposium on High Assurance System Engineering.Google Scholar
- Dekker S (2002) The field guide to human error investigations. Ashgate, Aldershot, UKGoogle Scholar
- Despotou G, Kelly T (2008) Investigating the use of argument modularity to optimise through-life system safety assurance. Proc 3rd IET Int Conf on System Safety (ICSS). IETGoogle Scholar
- Despotou G, Kelly T (2010) Understanding the safety lifecycle of systems of systems. To appear in: Proc 28th International System Safety Conference (ISSC), MinneapolisGoogle Scholar
- Despotou G, Bennett M, Kelly T (2009) Supporting through life safety assurance of COTS based upgrades. Proc 27th International System Safety Conference (ISSC), System Safety SocietyGoogle Scholar
- Habli IM (2009) Model-based assurance of safety-critical product lines. PhD Thesis, University of YorkGoogle Scholar
- Hollnagel E (1998) Cognitive reliability and error analysis method (CREAM). Elsevier, Oxford, UKGoogle Scholar
- Kang KC, Cohen S, Hess J et al (1990) Feature-Oriented Domain Analysis (FODA) feasibility study. Technical report CMU/SEI-90-TR-21Google Scholar
- Kletz T (1992) HAZOP and HAZAN: identifying and assessing process industry hazards. Hemi-sphere Publishing Corporation, WashingtonGoogle Scholar
- Leveson N, Dulac N (2005) Safety and risk-driven design in complex systems-of-systems. 1st NASA/AIAA Space Exploration ConferenceGoogle Scholar
- Raheja D, Moriarty B (2006) New paradigms in system safety. J Syst Saf 42(6)Google Scholar
- SAE (1996) ARP-4761 Aerospace recommended practice: guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment, 12th edn. Society of Automotive EngineersGoogle Scholar
- Stephenson Z, de Souza S, McDermid J (2004) Product line analysis and the system safety process. Proceedings of the International System Safety ConferenceGoogle Scholar
- Villemeur A (1992) Reliability, availability maintainability and safety assessment. John Wiley and Sons, New YorkGoogle Scholar
- Wallace M (2005) Modular architectural representation and analysis of fault propagation and transformation. Electronic Notes in Theoretical Computer Science 141(3)Google Scholar
- Weiss DM, Lai CTR (1999) Software product-line engineering: a family-based software development process. Addison-Wesley, Reading MA.Google Scholar