STPA enabled safety assessment in the architecting of complex systems

Abstract STPA is a hazard assessment technique that represents systems as hierarchical control structures composed of feedback control loops. Existing computational support focuses on creating the diagrams that depict these hierarchies. However, the elements in the loops and the signals exchanged must be determined manually. This impedes safety assessment, thus reducing the number of designs that can potentially be explored. Furthermore, the manual approach does not guarantee the correct update of the architecture with changes resulting from safety assessment, which can make the architecture inconsistent with the safety assessment. To overcome these limitations, proposed for the first time are two methods that automate the creation of: (1) hierarchical control structures and (2) detailed control loops. The methods create STPA models by analysing the architecture, which is modelled as a graph. The concept is illustrated with a representative example of a wheel brake system. The resulting models are compared with those obtained manually by the authors of STPA. The automation is shown to significantly reduce the required time and effort. It was also found to ensure consistency among the safety analysis and the architecture definition as it requires safety features to be included in the architecture before being considered in STPA analysis.