Buffl
Buffl
Safety & Cyber-Security

Safety

AH
von Adrian H.

What is the unit of the failure rate?

1/h

What is the approximate rate of natural death?

The rate of natural death is about 1 E-4 per year (=1E-8/h)

Which to dimensions are important in considering something as safe?

Severity - How bad are the consequences?

Frequency - How likely/often does this happen

—> Risk: Combination of Frequency and Severity

—> Safety: Acceptable Risk

What is a Fault?

State of an item consisting of the non-performance of specified requirements by a characteristic of an item.

What is a Failure?

Inability of an item to perfrom its intended function

What is an Error?

  1. An occurence arising as a result of an incorrect action or decision by personnel operating or maintaining a system

  2. A mistake in requirements, design or impplementation


What is the failure rate?

Number of failures per given timespan

What is the failure probability?

Probability of observing a certain failure in a given timespan.

Difference between safety and security?

Safety: Degree of protection against non-malicious danger

Security: Degree of protection against malicious danger, damage and crime

What is the purpose of safety assessment

Structured approach to safety:

  • Evidence for certification

  • Predict likelihood of failures

  • Prevent risk

  • Develop safe systems


When is an aircraft assumed to be safe?

When evidence shows that the boundary probability is met.

What are the most driving safety requirements for a CAT system?

Single-Point failures

What is the purpose of the SFHA?

Comprehensive list of Failure modes and Effects of System Level

Severity Classification

What is the purpose of the PSSA?

Check if the system architecture complies with the regulations

What kinds of safety requirements exist?

Quantitative:

  • failure prob.

  • integrity

  • Monitoring performance

Qualitative:

  • no single point failures

  • Protective features (brakes on axels)

  • DAL

  • Operational Limitations


Where does the 10^-9 Probability requirement come from?

Acceptable prob. for loss of A/C: 10^-6

100 systems in each A/C

ca. 10% of all accidents due to technical issue

What is a failure condition?

Condition with an effect on the aircraft and its occupants, both direct and consequential, caused or contributed to by one or more failures.

Example: A/C enters uncontrolled flight


What is a failure mode?

The way in which the failure of an tiem occurs


Example:

  • Resistor burnout

  • Linkage broke


What is a Failure Effect?

Description of the operation of an item as the result of a failure.


Example:

  • Integrity lost

  • No force on control surface


How does the aviation safety assessment process look like?



What is the difference between validation and verification

Validation: Determines if the requirements are correct, complete and consitent

—> Are we building the right system?

(FHAs and Preliminary Assessments)


Verification: Determines if the requirements are met

—> Are we building the system right?

(Safety Assessments)

What is the mathematical relation between the two consecutive states in a Marcov model?




What is the general solution of the differential equation thet a component is failed?



Which simplifications can be made to failure probailities and why?

  • Failure rate is assumed constant (Bathtub curve)

  • Failure rate is very small —> No Integral

  • Initial correctnes: 1

  • Initial failure: 0


What is the probability of a double failure?

N - Degree of redundancy

Tp - Passivation time

tm - Mission time


What is the extended failure model?

Classification in detected and undetected failures


What is a dependence diagram?

Pros and Cons?

Graphical representations of the chain of events

+ Single Point failures are obvious

- Interdependencies are unclear and hard to see

- No repairability


Symbology of DD?



Calculation of DD Probabilities

Serial events: sum

Parallel events: product


What is a minimum cut set?

Set of events neccessary to cause the top event, where every removed event leads to the top event not occuring.

What is a fault tree?

Graphic visualization of all possible causes for the top event.

+ Shows all paths to top event

+ Single points of failure are obvious

- Interdependecies are hard to see

- No repairability


Symbology of FT?

Gates:

Events:


Calculation of FT?

And Gate: product

Or Gate: sum


What is a FME(C)A?

Failure Modes Effects (and Criticality) Analysis

  • Failure Modes —> Failure effects on next level

  • Determination of Probabilities for each Effect

  • Verification of design and requirements


What is a FMES?

Failure Mode and Effects Summary

  • Summarize failure modes with the same effect

  • Overview of FMEA results


What are typical levels where a FMEA is conducted for an electronic device?

  • Functional Block (Filter, …)

  • Board

  • Component

  • Device


What is a Common Cause?

A single failure, error or event that can produce undesirable effects on two or more systems, equipment, items or functions.

What is a Common Mode Analysis (CMA)?

Confirms independence or acceptable dependance of events

Questionaire

  • Common ressources?

    • Power

    • Hydraulic

    • Network, Interface

    • Processing

    • Data, Storage, Databases

    • Sensors

  • Development and design

    • Specification

    • Tools, Processes

    • Teams

  • Implementation

  • Manufacturing and installation

  • Operation and maintenance

CMA on Fault Tree:

  • Replace AND with OR gates and check if Top event is compromized

  • Determine independence of inputs


What is a Particular Risk Analysis?

Specific studies of events to examine their simulanious and cascading effects (lightning, bird strike)

What is a Zonal Safety Analysis?

Examine relations of failures in adjacent systems (e.g. avionics bay)

Examples for common modes?

Common modes include:

  • HW or SW development

  • Installation, manufacturing

  • Maintenance and repair

  • Cascading faults (overload due to loss of component)

  • Shared ressources (power, hydraulics)


What is a Common Cause Analysis

Analysis into failures, errors or events that can produce undesirable effects on two or more systems, equipment, items or functions.

Consists of:

  • Common Mode Analysis (CMA)

  • Particular Risk Analysis (PRA)

  • Zonal Safety Analysis (ZSA)


Examples of Particular risks


Equipment:

  • Fire, Thermal runaway

  • Leak

  • Burst of pressure vessel

External

  • Bird strike

  • Hail, Ice, Snow, Lightning

Structure

  • Rapid decompression



What is STAMP?

System Theoretic Accident Model and Processes:

  • Modeling of complex systems

  • Representation as hierarchical control structure

Safety = System constraints

Accident = Violation of constraints

Examines System as a whole incl. Interactions


Which main Steps does STPA consist of?

  1. Identify Losses and Hazards: Unacceptable outcomes (=FC) and hazards that can lead to those (=FMs)

  2. Model the hierarchical control structure

  3. Identify unsafe control actions (UCA)

    • Not providing neccessary CA

    • Providing CA that creates a hazard

    • Provide CA at the wrong time or sequence

    • Providing CA too long or stopping too soon

  4. Identify Loss Scenarios: Examine how UCA can occur


Beitreten
Vorschau

Author

Adrian H.

Informationen

Zuletzt geändert

Kurs melden
© 2023 Buffl GmbH