Deriving of Time Constants in Timed Automata for Hazard Transition Sequences for STAMP/STPA

In recent years, information systems have become large-scale and complicated. The demand for research on the cause analysis of information systems that can fail and the construction of countermeasures has been increasing. Systems Theoretic Accident Model and Processes (STAMP) is an accident model ba...

Full description

Saved in:
Bibliographic Details
Published inProcedia computer science Vol. 176; pp. 1392 - 1401
Main Authors Okano, Kozo, Yang, Pan, Ogata, Shinpei, Okamoto, Keishi
Format Journal Article
LanguageEnglish
Published Elsevier B.V 2020
Subjects
Model Checking
Path Detecting
STAMP/STPA
Time Constraints
Timed Automata
Path Detecting
Model Checking
Time Constraints
STAMP/STPA
Timed Automata
Online AccessGet full text

Cover

More Information
Summary:In recent years, information systems have become large-scale and complicated. The demand for research on the cause analysis of information systems that can fail and the construction of countermeasures has been increasing. Systems Theoretic Accident Model and Processes (STAMP) is an accident model based on systems theory. STAMP has the feature that it can analyze not only failures of system components and human errors but also hazards caused by unsafe interaction between components and between components and humans. An analysis method based on the STAMP model System-Theoretic Process Analysis (STPA) is a method for analyzing in advance the possibility of a system accident for the interaction between a controller and a controlled device. As a preliminary study, we have performed STAMP/STPA to ‘Fallen Barrier Trap at Railroad Crossing,” which is an example of STAMP/STPA analysis. We have analyzed with the time automaton model checker UPPAAL in cooperation with STAMP Workbench, a STAMP/STPA support tool. From the preliminary study, we consider that the analysis procedure can be automated in order to reduce the burden on analysts. In this paper, we propose a method for deriving hazard transition sequences as a STAMP/STPA support method. Specifically, the model definition is described in STAMP Workbench, the method of deriving files that can be used in UPPAAL from the definition statement is described, and in order to automate model checking, the SAT/SMT solver is used. The constraints for the clock variables in each component are automatically derived. This paper describes a method for deriving the shortest path as a counterexample that does not satisfy the safety constraint equation by using the calculation method of the concrete value the constraints of and the binary search method. The proposed method is applied manually as the evaluation experiment. We confirmed that an effective sequence corresponding to some hazard scenarios derived by the conventional procedure could be derived.
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2020.09.149