2024 | 02 – Model Based Safety Analysis in ARP-4761A

This month we will be talking about quantitative analysis methods enabled by Model Based Safety Analysis

Model Based Safety Analysis in ARP-4761A

The ARP-4761A – Guidelines for Conducting the Safety Assessment Process on Civil Aircraft, Systems, and Equipment recognizes Model Based Safety Analysis as an acceptable method for calculating failure probabilities and analyzing failure propagation.

While the standard insists on its application as a quantitative verification method, in Anzen we are applying a wider interpretation filling the gaps between systems engineering and safety and dependability analysis with a tailored model-based approach. More about this could be found in the Introduction to ATICA4CAPELLA.

Extended system-safety model

Model Based Safety Analysis methods find their roots in the models describing the system. While the ARP-4761A does not emphasize if these models are created specifically for MBSA or shared across different disciplines, Anzen has consolidated a methodology where the models are inherited from the MBSE (Systems Engineering) representation of the system, and extended with additional modeling artifacts that allow to cover safety and dependability features.

The models must describe the structure (input/outputs, data flows) of the system as well as its (nominal) behaviour, typically represented by state-machines and/or semi-analytical expressions describing how outputs relate to inputs. The safety extension allows to model failures and how these failures alter the nominal behaviour.

Formal models

In MBSE the standard representation of the models is in the form of diagrams. However, the same information could be presented in the shape of a textual file, similarly to a programming language.
This is what is called formal model, a model that is readable by a machine and that will be used as input for advanced analysis.

Safety analysis solvers

MBSA enables two main families of analysis:

  • Deductive approach starting from a system property (failure condition) the objective is to verify the logical paths that lead to the (undesired) condition. This is an alternative to the more conventional Fault Tree Analysis, also enabling cut sets and minimum cut sets calculation.

  • Inductive approach in this case it is the other way around, the solver starts by the failure events and propagate its effects up to the system layer, verifying the violation of higher-level properties. This would work similarly to a Reliability Block Diagram analysis (RBD) and may be an alternative to FMECA.

ATICA – Model Based Safety Analysis Framework

Formal models are complex and require a specific syntax. In Anzen we are consolidating a framework that performs the automatic translation of diagram-based models into formal (textual) models, adapted to the format and syntax prescribed by the specific simulation tool or solver required for the analysis.
By using this framework, systems engineers and safety specialists can work directly on their preferred MBSE tool, and benefit from seamless integration with advanced safety analysis solvers.

Feel free to reach out to us to get additional info and request a demo -> Contact