Towards a Unified Model-Based Safety Assessment

  • Thomas Peikenkamp
  • Antonella Cavallo
  • Laura Valacca
  • Eckard Böde
  • Matthias Pretzer
  • E. Moritz Hahn
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4166)


The increase of complexity in aircraft systems demands for enhanced analysis techniques. Methods are required that leverage the burden of their application by reusing existing design and process information and by enforcing the reusability of analyses results allowing early identification of design’s weak points and check of design alternatives.This report elaborates on a method that assumes a system specification in an industrial standard notation and allows to perform several formal safety analyses. Based on a collection of failure models and means of specifying safety requirements, the techniques produce results along the lines of traditional methods.

We show how to combine traditional techniques, required by the AerospaceRecommendedPractice (SAE-ARP) standards, likeFaultTree Analysis, Failure Mode and Effect Analysis and Common Cause Analysis and also how to automate most of the analysis activities.

The methods described in this paper can be used as means to support the Certification process.


Safety Requirement Fault Tree Analysis Fault Tree Analysis Mission Phase Nominal Correctness 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Harel, D., Politi, M.: Modelling Reactive Systems with Statecharts: The STATEMATE Approach. McGraw-Hill, New York (1998)Google Scholar
  2. 2.
    The MathWorks: Simulink — Model-Based and System-Based Design (2004)Google Scholar
  3. 3.
    Bienmüller, T., Damm, W., Wittke, H.: The STATEMATE Verification Environment - Making It Real. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 561–567. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Joshi, A., Heimdahl, M.P.: Model-Based Safety Analysis of Simulink Models Using SCADE Design Verifier. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 122–135. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    ARP4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. Aerospace Recommended Practice, Society of Automotive Engineers, Detroit, USA (1996)Google Scholar
  6. 6.
    Peikenkamp, T., Cavallo, A., Valacca, L., Böde, E., Pretzer, M., Hahn, E.M. (2006),
  7. 7.
    Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)Google Scholar
  8. 8.
    I-Logix: ModelCertifier User Manual. I-Logix, Andover, MA (2002/2003)Google Scholar
  9. 9.
    Vesely, W.E., Goldberg, F., Roberts, N.H., Haasl, D.F.: Fault Tree Handbook. NUREG-0492. U.S. Nuclear Regulatory Commission, Washington, DC (1981)Google Scholar
  10. 10.
    Peikenkamp, T., Böde, E., Brückner, I., Spenke, H., Bretschneider, M., Holberg, H.: Model-based Safety Analysis of a Flap Control System. In: Proc. of INCOSE, Toulouse (2004)Google Scholar
  11. 11.
    Drechsler, R., Becker, B.: Binary Decision Diagrams – Theory and Implementation. Kluwer Academic Publishers, Dordrecht (1998)Google Scholar
  12. 12.
    Somenzi, F.: CUDD: CU Decision Diagram Package Release 2.4.1. University of Colorado at Boulder (2005)Google Scholar
  13. 13.
    Schellhorn, G., Thums, A., Reif, W.: Formal fault tree semantics. In: IDPT 2002: Interated Design and Process Technology (2002)Google Scholar
  14. 14.
    Hansen, K.M.: Linking Safety Analysis to Safety Requirements. Ph.D thesis, Institut for Informationsteknologi, DTU Lyngby (1996)Google Scholar
  15. 15.
    Schäfer, A.: Combining real-time model-checking and fault tree analysis. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805. Springer, Heidelberg (2003)Google Scholar
  16. 16.
    Papadopoulos, Y., Maruhn, M.: Model-based synthesis of fault trees from Matlab-Simulink models. In: The International Conference on Dependable Systems and Networks (DSN 2001) (2001)Google Scholar
  17. 17.
    Papadopoulos, Y., McDermid, J.A.: Hierarchically performed hazard origin and propagation studies. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Bozzano, M., et al.: ESACS: An integrated methodology for design and safety analysis of complex systems. In: ESREL (2003)Google Scholar
  19. 19.
    Hermanns, H. (ed.): Interactive Markov Chains. LNCS, vol. 2428, p. 129. Springer, Heidelberg (2002)MATHCrossRefGoogle Scholar
  20. 20.
    Baier, C., et al.: Efficient computation of time-bounded reachability probabilities in uniform continuous-time markov decision processes. Theor. Comput. Sci. 345(1), 2–26 (2005)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Herbstritt, M., Wimmer, R., Peikenkamp, T., Böde, E., Hermanns, H., Adelaide, M., Becker, B.: Analysis of Large Safety-Critical Systems: A quantitative approach. Reports of SFB/TR 14 AVACS 8 (2006), ISSN: 1860-9821

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Thomas Peikenkamp
    • 1
  • Antonella Cavallo
    • 2
  • Laura Valacca
    • 3
  • Eckard Böde
    • 1
  • Matthias Pretzer
    • 1
  • E. Moritz Hahn
    • 1
  1. 1.Kuratorium OFFIS e.V.OldenburgGermany
  2. 2.Alenia Aeronautica S.p.A.Caselle, TurinItaly
  3. 3.Societa’ Italiana Avionica S.p.ATurinItaly

Personalised recommendations