[SystemSafety] Fwd: new papers related to STAMP and other news

From: Nancy Leveson < >
Date: Sun, 28 Jul 2013 14:03:02 -0700


The third MIT STAMP Workshop will be held the week of March 24, 2014. (This time it will not be near Easter or Passover but will be during the MIT Spring break so that I can get access to rooms that hold over 200 people). More details to follow.

The First European STAMP Workshop organized by the Technical University of Braunschweig and the University of Stuttgart was held in Braunschweig last May. I'm not sure when the second one will be held.

We will be holding a small (this time I really mean it :-)) invited workshop Nov. 7 at MIT on the application of STAMP to security. Write me if you want to attend (we have very limited space).

*New papers on the PSAS website* (or you can get to them directly at
http://sunnyday.mit.edu/STAMP-publications.html )

*Evaluating the Safety of Digital Instrumentation and Control Systems in
Nuclear Power Plants* by John Thomas, Francisco Luis de Lemos, and Nancy Leveson.

     This final report for an NRC grant contains a case study of STPA applied to a Generic Pressurized Water Reactor (PWR), a comparison of the results of the STPA analysis with traditional analyses performed on such systems, and potential uses for STPA in the licensing of nuclear power plants. Because we were not limited by journal or conference page limits, the entire analysis is shown.

*"Drawbacks in Using the Term System of Systems*" by Nancy Leveson, *Journal
of Biotechnology Instrumentation and Technology*, March/April 2013.

     An invited short essay after I spoke at an AAMI meeting. By inventing a new name for a "complex system" we have not created anything new. Some drawbacks of this new buzzword are described. An aircraft example is provided.

"*Is Estimating Probabilities the Right Goal for System Safety*?" A blog post I wrote that is now on the PSAS website ( http://psas.scripts.mit.edu/home/ )

     I wrote this short essay after being frustrated by too many people telling me it is not possible to make decisions about safety without probabilities. I don't think we can make good decisions *with*  probabilities.

*Relatively new postings (you may have already seen these)*:

*Extending and Automating a Systems-Theoretic Hazard Analysis for
Requirements Generation*, John Thomas (his Ph.D. dissertation).

    John defines a formal mathematical structure underlying STPA and introduces a procedure for systematically performing an STPA analysis based on that structure. A method for using the results of the hazard analysis to generate formal safety-critical, model-based system and software requirements is also presented. Techniques to automate both the STPA analysis and the requirements generation are introduced, as well as a method to detect conflicts between safety requirements and other functional model-based requirements during early development of the system.

*"Hazard Analysis of a Complex Spacecraft using STPA*" by Takuto Ishimatsu,
Nancy G. Leveson, John Thomas, Cody Fleming, Masafumi Katahira, Yuko Miyamoto, Ryo Ujiie, Haruka Nakao, and Nobuyuki Hoshino, * AIAA Journal of Spacecraft and Rockets *, in press, 2013.

      Another example of STPA, this time on the JAXA HTV (an unmanned cargo spacecraft that takes supplies to the International Space Station). This paper also includes information on analyzing hazards arising from having multiple controllers of a process and a comparison with the traditional fault tree analysis that was used on the HTV.

"*Software and the Challenge of Flight Contro*l" by Nancy Leveson. A chapter in a forthcoming book from the AIAA and edited by Roger Launius, James Craig, and John Krige titled *Space Shuttle Legacy: How We Did It/What We Learned*

    Although facing incredible challenges, the Shuttle software is remarkably good. This chapter explains why I think that was so and what we can learn about developing software today. In many ways, software engineering is moving in the opposite direction from the practices that made this software so successful.

*To appear in the next couple of months*:

*An STPA Primer*. Detailed instructions on how to do STPA along with
answers to Frequently Asked Questions and lots of examples.

*Improving Hazard Analysis and Certification of Integrated Modular
Avionics*by Cody Fleming and Nancy Leveson

*Report on Identifying and Analyzing Hazardous Scenarios for TBO
(Trajectory Based Operations) in the Terminal Area* by Cody Fleming, Seth Placke, Nancy Leveson, Eric Harkleroad, Adan Vela, and Jim Kuchar (MIT and Lincoln Labs).

    A demonstration for the FAA of the application of STPA to early PHA and concept analysis for an important NextGen component.

Exciting projects are also underway involving automobiles, UAVs, high-speed rail, radiation therapy, human factors in STPA, and security.

-- 
Prof. Nancy Leveson
Aeronautics and Astronautics and Engineering Systems
MIT, Room 33-334
77 Massachusetts Ave.
Cambridge, MA 02142

Telephone: 617-258-0505
Email: leveson_at_xxxxxx
URL: http://sunnyday.mit.edu



_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Sun Jul 28 2013 - 23:03:12 CEST

This archive was generated by hypermail 2.3.0 : Sat Feb 23 2019 - 02:17:06 CET