Skip to main content
European Commission logo
TRIMIS

Improvement of Safety Activities on Aeronautical Complex systems

Project

ISAAC - Improvement of Safety Activities on Aeronautical Complex systems

Funding origin:
European
European Union
STRIA Roadmaps:
Vehicle design and manufacturing (VDM)
Vehicle design and manufacturing
Transport mode:
Airborne
Airbone
Transport sectors:
Passenger transport
Passenger transport
Freight transport
Freight transport
CORDIS link: https://cordis.europa.eu/project/id/501848
Duration:
Start date: 01/02/2004,
End date: 01/02/2007
Status: Finished
Funding details:
Total cost:
€9 496 751
EU Contribution:
€5 361 941
Download PDF

Overview

Background & policy context:

Avionic systems are becoming more and more complex. They incorporate heterogeneous components, perform a large number of functions and interact with operators through advanced interfaces. As a consequence, it is becoming harder to manage all the aspects of safety assessment and to maintain the safety levels required by societal needs.

A previous FP5 project, ESACS (Enhanced Safety Assessment for Complex Systems), has shown the benefit of using formal techniques to assess aircraft safety.

In particular ESACS investigated how to use 'design tools' for defining a common reference model for describing both the functional (design aspect) and dysfunctional modes (safety aspect) of a complex system. It has also been investigated how the formal verification techniques can be used to express safety properties (requirements) and how to use these techniques to help the safety analysis process.

In this way, the proposed methodology enables a common environment for both designers and safety engineers. ISAAC builds upon and extends the results of ESACS to go a step further into the improvement and integration of safety activities of aeronautical complex systems.

Objectives:

The overall objective of the ISAAC project was to increase the capability and efficiency for safety and systems engineers to perform safety assessment resulting in safe systems.

A goal of ISAAC was to extend the scope of the shared environment in a number of dimensions. It took into account results from well established tools used in performing particular risk and zonal safety analysis and used this information to identify and inject unintended interactions with 'intended-functionality' - independent but co-located systems. It evaluated the relationship between the human and the machine and offers a complex human, complex machine interaction model.

Another ISAAC goal was to expand the scope of the scientific knowledge that can then be incorporated in the environment.

A number of different techniques intended to give an indication of levels of safety that the temporal behaviour of a system achieves have been investigated in previous efforts, such as dynamic fault trees (static fault trees incorporating sequencing information), sequence diagrams, even history charts with meaningful colours and line thickness. All of these methods are good tools to present the sequencing or temporal behaviour of a system. None have, in their current state, produced a clear indicator that represents the level of safety a system upholds in terms of its temporal or sequencing behaviour. ISAAC therefore extends the current effort enough to define a new metric, process and presentation to represent the level of safety that the temporal or sequential behaviour that a system achieves, hence time-safety-metric.

Methodology:

To reach ISAAC's goals, the work followed detailed technical and scientific objectives organised into three complementary dimensions, which are in turn structured into basic topics:

1. First dimension: Consolidation

This job was dedicated to direct needs emerging from the results of the ESACS project. It comprised the following topics:

  • integration with higher level notations for requirements;
  • extension of traditional techniques to timing aspects, and quantitative analysis;
  • further development of platform/tools already started in ESACS.

The ESACS approach suggested using formal notations for safety analysis. Because safety specific tasks may increase considerably the modelling effort, ISAAC investigates higher level notations, such as UML, to ease such overhead, by allowing safety engineers to express more easily safety requirements, mode logic, and patterns of safety architectures that allow both the designers and safety engineers to work on the validation of a preliminary aircraft system model with respect to safety requirements. ESACS took advantage of the expressiveness of the formal notation that permits to represent and assess the safety of dynamic systems. ISAAC develops more the timing aspects by developing methods/metrics to deal with this aspect. Finally, ISAAC enhances the ESACS platform with all improvements, extensions to the methodology, and analyses mentioned above.

2. Second dimension: Extension

The core of basic tools of the ESACS platform offers also a good starting point to investigate safety-related topics not covered by the ESACS project. The second dimension of the ISAAC project thus aims at providing methodologies, techniques and tools to support the following activities related to the safety assessment of a system:

  • Human Error;
  • Common Cause Analysis;
  • Mission Analysis; and
  • Testability.

Human error analysis is becoming more and more important. A dominant factor contributing to human errors is the so-called 'clumsy' automation, which leads to 'automation surprises', where the electronic systems behave differently from what the pilot expects. What is important is the way pilot and controller of the aircraft interact.

Common Cause Analysis (CCA) is a well-established means of taking into account events or failures that bypass or invalidate redundancy or independence. Even though this process is intended to ensure that common cause

Contribute! Submit your project

Do you wish to submit a project or a programme? Head over to the Contribute page, login and follow the process!

Submit