Safety-driven design for software-intensive aerospace and automotive systems

Proceedings of the IEEE

Volumn 98, Issue 4, 2010, Pages 515-525

  Stringfellow, Margaret V ^a   Leveson, Nancy G ^a   Owens, Brandon D ^a,b  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Accident; Complexity; Control; Hazard; Process; Risk; Safety; Safety driven design; Software; STAMP; STPA

Indexed keywords

ACCIDENT PREVENTION; ACCIDENTS; COMPUTER SOFTWARE; CONTROL ENGINEERING; DESIGN; HAZARDS; PROCESSING; RISKS; STAMPING;

ACCIDENT CAUSATION; AUTOMOTIVE SYSTEMS; COMPLEXITY; CONVENTIONAL DESIGN; DESIGN DECISIONS; ENGINEERING TECHNIQUES; SOFTWARE INTENSIVE SYSTEMS; STPA;

SOFTWARE DESIGN;

EID: 77950463562     PISSN: 00189219     EISSN: None     Source Type: Journal    
DOI: 10.1109/JPROC.2009.2039551     Document Type: Article

References (22)

1. R. C. Conant and W. R. Ashby, "Every good regulator of a system must be a model of that system," International Journal of System Science, vol.1, pp. 89-97, 1970.
2. J. Dehlinger and R. R. Lutz, "Software fault tree analysis for product lines," in Proc. 8th IEEE Symposium on High Assurance Systems Engineering (HASE '04), Tamp, FL, 2004, pp. 12-21.
3. N. Dulac, B. D. Owens, N. G. Leveson, and J. S. Carroll, "A formal modeling approach to risk management in the development of space exploration systems," in Proc. Int. Assoc. Adv. Space Safety Conf., Chicago, IL, May 2007.
4. R. D. Hawkins and J. A. McDermid, "Performing hazard and safety analysis of object oriented systems," in Proc ISSC, Denver, CO, Aug. 2002.
5. JPL Special Review BoardReport on the Loss of the Mars Polar Lander and Deep Space 2 Missions NASA Jet Propulsion Laboratory, Mar. 22, 2000.
6. N. G. Leveson and P. R. Harvey, "Analyzing software safety," IEEE Trans. Software Engineering, vol.SE-9, no.5, pp. 569-583, Sep. 1983.
7. N. Leveson, Safeware: System Safety and Computers. Addison-Wesley, 1995.
8. N. G. Leveson, "Intent specifications: An approach to building human-centered specifications," IEEE Trans. Software Engineering, vol.26, no.1, pp. 15-35, 2000.
9. N. G. Leveson, "The role of software in spacecraft accidents," AIAA Journal of Spacecraft and Rockets, vol.41, no.4, pp. 564-575, Jul./Aug. 2004a.
10. N. G. Leveson, "A new accident model for engineering safer systems," Safety Science, vol.42, no.4, pp. 237-270, 2004b. (Pubitemid 38258330)
11. N. G. Leveson, "Model-Based Analysis of Socio-Technical Risk," Massachusetts Institute of Technology, Cambridge, MA, Tech. Rep., ESD-WP-2004-2008, 2004c.
12. N. G. Leveson, N. Dulac, J. Cutcher-Gershenfeld, B. Barrett, J. Carroll, D. Zipkin, and S. Friedenthal, "Modeling, analyzing, and engineering safety culture," in 1st Int. Conf. Int. Assoc. Adv. Space Safety, Nice, France, Oct. 2005.
13. N. G. Leveson, Engineering a Safer World: System Safety for the 21st Century, 2009.
14. O. Lisagor, J. A. McDermid, and D. J. Pumfrey, "Safety analysis of software architecturesVBLightweight PSSA," in Int. Conf. of the System Safety Society, 2004.
15. J. McDermid, Software Hazard and Safety Analysis, in Formal Techniques in Real-Time and Fault-Tolerant Systems. Berlin: Springer, 2002, pp. 23-34.
16. B. Owens, M. Stringfellow, N. Leveson, M. Ingham, and K. Weiss, "A Safety-Driven, Model-Based System Engineering Methodology, Part II: Application of the Methodology to an Outer Planet Exploration Mission, MIT Tech. Rep., 2007.
17. B. D. Owens, M. S. Herring, N. Dulac, N. G. Leveson, M. D. Ingham, and K.A. Weiss, "Application of a safety-driven design methodology to an outer planet exploration mission," in Proc. IEEE Aerosp. Conf., "ig Sky, MT, Mar. 1-8, 2008, paper 1279.
18. S. J. Pereira, G. Lee, and J. Howard, "A system-theoretic hazard analysis methodology for a non-advocate safety assessment of the ballistic missile defense system," in Proc. AIAA Missile Sci. Conf., Monterey, CA, Nov. 2006.
19. J. Rasmussen, "Risk management in a 2 dynamic society: A modelling problem," Safety Science, vol. 27, no. 2/3, pp. 183-213, 1997 (Pubitemid 28020542)
20. M. Stringfellow, B. Owens, N. Leveson, M. Ingham, and K. Weiss, "A Safety-Driven, Model-Based System Engineering Methodology, Part I, MIT Tech. Rep., 2007.
21. M. V. Stringfellow, "Safety-Driven System Engineering Process," S.M. Thesis, Aeronautics and Astronautics, Massachusetts Institute of Technology, Cambridge, MA, 2008.
22. Y. Thomas, "Mars Program Independent Assessment Team Report," NASA, Mar. 2000, (Chairman).