S2C Project

Collaborative project led by IRT Saint Exupéry and SystemX

Logo IRT Saint Exupéry
Logo SystemX

The S2C project (System & Safety Continuity) is a collaborative project led by IRT Saint Exupéry and SystemX.

It brings together 17 industrial and academic members.

The project focuses on methods and tools for establishing and maintaining the confidence about consistency between System Engineering (SE) and Safety activities (SA). Especially when using MBSE and MBSA models:

Three working axes were considered to develop methodologies for consistency between systems engineering activities and activities aimed at ensuring operational safety performance:

  • The overall SE-SA consistency process.
  • A practical guide to MBSA modeling in AltaRica.
  • Methods and tools to ensure consistency between MBSE and MBSA models.

All axes used the AIDA case study, a drone system for inspecting aircraft before take-off from a previous IRT Saint Exupéry project (MOISE project). All the processes and methodologies developed by the project are thus illustrated on this use case made available.

The resulting work is available on this page.

Overall SE/SA consistency process

AXE A

This theme deals with the consistency of engineering data exchanged between the Systems Engineering (SE) and Safety (SA) teams.

This work was carried out within the framework of the aeronautical sector and complements the existing normative ARP (Aerospace Recommended Practice). They provide a set of models (process, data-model, traceability plan...) and recommendations to ensure the consistency of engineering data shared between the SE and SA teams and thus make the developments/analyses carried out on both sides more robust. This work was carried out for the different systemic levels of the aeronautical context: aircraft manufacturer, system manufacturer and to a lesser extent equipment manufacturer.

An se/sa consistency model has been produced. It is a set of complementary views that meets the objective of consistency:

  • Objective-oriented view (left side)
  • Business-oriented view or se/sa consistency process (left side below)
  • Data-oriented view (left side below)

The goal-oriented view describes the objectives of the se/sa definition consistency, the strategies to achieve them and the solutions proposed by the s2c project.

The SE/SA consistency process describes the activities carried out by the SE and SA teams, for the different systemic levels (aircraft manufacturer, system, equipment manufacturer) with a particular focus on the activities to be carried out to ensure the consistency of the data exchanged. It thus highlights patterns of consistency, similar from one systemic level to another. Some recommendations accompany some consistency activities, such as consistency review checklists. This process proposes different process alternatives (co-engineering, impact of reuse...) to take into account the diversity of possible cases.

It is complemented by a data model listing the engineering data (requirements, models, results, hypotheses, etc. ) shared between the two SE and SA teams and which are involved in the overall chain of consistency.

Based on this data-model, a traceability plan was proposed, which allows the impact analysis in the event of changes in data (management of consistency over time). It highlights links of atomic granularity or set, as well as the types of link creation: links automatically created via the SE or SA tools, links whose creation can be automated because they can be deduced from the analysis method, links that must be created manually. In addition, recommendations for the optimization of the traceability planar provided.

Based on the traceability plan realized and instantiated to the AIDA use case, a POC (Proof of Concept – Demonstrator) for managing consistency over time was produced that allows the visualization and management of the impact of an SE evolution on SA analyses. It implements a mechanism for analyzing and managing suspicious links for the entire chain of consistency and proposes a mechanism for scoring the severity of the impact (minor, major, critical).

At a lower level of maturity, a pre-study was carried out on the incompatibility of concepts or solutions proposed by specialty engineering (SE, SA, V&V, hydraulics, acoustics, etc.) that the system architect must take into account to build the overall solution. A model of incompatibilities of concepts and solutions SE / SA and Test has been produced, and a first framework for detecting and alerting these incompatibilities proposed.

All of this work is available here.

MBSA methodology guide

AXE B

This axis concerns the development of a Safety modeling methodology with the AltaRica language to facilitate the adhesion and use of fault propagation models by safety engineers.
A methodological guide has been prepared. This guide is intended for both beginners and experienced safety engineers in modeling. Indeed, it delivers the keys to start a modeling project in AltaRica and it deals with the challenging points and to avoid pitfalls but it also explores the the rules and mathematical principles governing the calculations hidden behind modeling software for more advanced readers.

The guide presents 3 levels of reading – Beginner, Intermediate, Advanced – to allow everyone to find their need according to their experience.

The guide is centered around an example: here represented with an observer of the CMD variable:

This example is declined throughout the guide, with its internal flows:

Then modeled

  • in the tool (SATODEV Cecilia Workshop) with Failure Conditions which replace the CMD variable:
  • In the tool Airbus Protect SimfiaNeo:
  • In Open AltaRica:

Finally, the guide proposes methods  for solving the problem of control loopsthe circular equations in AltaRIca, applicable to all situations.

This method is concretized by a methodological guide, a starter kit for beginners, and all the sources of the models used.

Documents are available here.

Consistency Methodology Between MBSE and MBSA Models

AXE C

Methods and means of establishing and maintaining system/safety consistency"

This axis concerns the definition of a methodology to improve confidence in consistency between architecture models from systems engineering and Safety models.

When designing a solution for a critical system, the following condensed process takes place between the system architect and the safety expert. :

Since everyone makes its own representation of the system to achieve its own goals (in our case, using both models), it is difficult to know, in the end, if they share the same understanding.

The following illustration can help to understand some of the possible deviations between abstractions:

Identified deviations require a joint and recurring review between the previous actors to assess their impact as follows:

Identification of deviations remains a challenging point.

This is the purpose of this axis of the project, to identify and treat deviations.

The following figure summarizes the methods proposed and evaluated to identify these discrepancies between abstractions.

first level report called "TOP" makes it possible to introduce and position the 3 proposed methods which are then precisely described in a dedicated technical report.

Each of these reports is also accompanied by a more synthetic presentation document to offer a simpler level of reading

 

Architecture of deliverables for axis C

Architecture des livrables de l’axe C

All these deliverables are available here.

The

Thesis and project publications

The

Project members

Partners of the IRT Saint Exupéry

Logo Airbus
DGA
IRIT
LAAS CNRS
LGM
Liebherr
Onera
Samares
SATODEV
Thales

Partners of the l'IRT SystemX

Dassault Aviation
MBDA-Logo 200px
ISAE supmeca
Thales

Contact 

IRT Saint Exupery

systems-engineering@irt-saintexupery.com

QRcode mail IRT
Scroll to top