Scribd
Upload
22 views32 pages

WS2324 DSS 01 IntroductionSS

Introduction to Design of Safety

Uploaded by

Manish Debnath
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views32 pages

WS2324 DSS 01 IntroductionSS

Introduction to Design of Safety

Uploaded by

Manish Debnath
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

Master Program

Mechatronic and Cyber-Physical Systems


(Faculty Mechanical Engineering and Mechatronics, Deggendorf)
Module
Functional Safety
Welcome to the class
Design of Safe Systems
Winter Semester 2023/2024

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 1
Paradigm of Safety by Design

People

[Rey 2014 – System Design For Safety]

[Rajabalinejad 2019 – Paradigm of Safety by Design, Semantic Schholar, 2022]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 2
Poll – Attendance This Morning’s Class

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 3
Ground Rules Zoom Lecture

• mute yourself

• turn off your camera unless you are in group assignments or discussions

• provide a profile-picture of yourself, not of someone/something else

• for questions, raise your hand and wait until I call you, than use your
microphone

• don’t use the chat unless I request it

• blur your background if on camera to protect privacy

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 4
Timeline

Design of Safe Systems, Wednesdays, 2:00 pm to 3:30 pm (CET,CEST)


Reunifcation Day
2 3 4 5 6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
October 2023 Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu
number of lecture 1 2 3
All Saints' Day
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
November 2023 Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th
number of lecture 4 5 6 7
Christmas Holidays
1 ## ## 4 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
December 2023 Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
number of lecture 8 9 10
Christmas Holidays
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
January 2024 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Tu Tu Tu Tu Tu Tu
number of lecture 11 12 13 exam period Tu Tu Tu Tu Tu Tu

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
February 2024 dfdf We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Mo
number of lecture exam period *
exam: tba, together with "Design of Safe Systems"
auxiliary means: three two-sided sheets in DIN A4 format with own handwritten formulary, non-programmable hand calculator, ruler for whole exam
*semester break Feb. 15 to Mar. 14, 2024

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 5
Organization

lecture live, fully virtual via ZOOM

teaching method lecture via slides, live hand written derivations on white board, live group assignments,
homework if needed, 15 min break after 90 min
my expectation active participation during assignments – for your own good,
if you leave your computer permanently during class, log off from Zoom
recording no, due to organizational and legal reasons; slides after class on iLearn

access code no change

exam for module “Functional Safety”, one final written exam in person in Cham, together with
“Principles of Functional Safety”, 90 min,
(date and venue tba), allowed aids: three two-sided sheets in DIN A4 format with own
handwritten formulary, hand calculator, ruler
consulting hours any time, appointments via e-mail, consulting via ZOOM

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 6
Organization
literature (selection) Börcsök, Josef (2021): Funktionale Sicherheit. Grundzüge
sicherheitstechnischer Systeme. 5., überarbeitete Auflage. (English
version available, but not as good)
Bozzano, Marco; Villafiorita, Adolfo (2010): Design and safety
assessment of critical systems. Boca Raton: Auerbach Publications
Gebhardt, Vera; Rieger, Gerhard M.; Mottok, Jürgen; Gießelbach,
Christian (2013): Funktionale Sicherheit nach ISO 26262. Ein
Praxisleitfaden zur Umsetzung. 1. Aufl. Heidelberg: dpunkt-Verl.
(German only)
Smith, David J.; Simpson, Kenneth G.L. (2020): The Safety Critical
Systems Handbook. A straightforward Guide to Functional Safety:
IEC 61508 (2010 Edition), IEC 61511 (2016 Edition), ...
Standards IEC 61508 – Functional safety of elec./ … safety-related systems
2006/42/EC – Directive on machinery
ISO 13849-1 – Safety of machinery
ISO 26262-01 – Road vehicles, Functional safety
ISO 12100 – Safety of machinery
DIN EN 15233 – Methodik zur Bewertung der funktionalen
Sicherheit von Schutzsystemen für explosionsgefährdete Bereiche
CE Mark, Certification
DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 7
Design of Safe Systems
Contents

• Introduction to Safe Systems, Product Design Process PDP


• VDI 2206 – Design methodology for Mechatronic Systems, 2006
• VDI 2206 – Development of Mechatronic and Cyber-Physical Systems, 2021
• Model Based Systems Engineering and Design, using Matlab-Simulink and Matlab-
Simscape, Hardware in the Loop (HIL) Testing, Design of Experiments (DoE)
• Safety Oriented Development Process: Reliability/Durability/Life Test
• Exam Preparation

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 8
Design of Safe Systems
Contents

• Introduction to Safe Systems, Product Design Process PDP


• VDI 2206 – Design methodology for Mechatronic Systems, 2006
• VDI 2206 – Development of Mechatronic and Cyber-Physical Systems, 2021
• Model Based Systems Engineering and Design, using Matlab-Simulink and Matlab-
Simscape, Hardware in the Loop (HIL) Testing, Design of Experiments (DoE)
• Safety Oriented Development Process: Reliability/Durability/Life Test
• Exam Preparation

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 9
Promise of Today’s Lecture

Getting to know

… what a safe system is

… first view on product design process and formal methods for safety assessment

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 10
Introduction

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 11
Why Safe Systems?
example: Boeing 737-Max incidents due to its faulty
Maneuvering Characteristics Augmentation System (MCAS)

March 2018, Ethiopian Airlines, crash


 157 people dead
October 2018, Lion Air (Indonesia), crash
 189 people dead

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 12
Why Safe Systems?
example: Boeing 737-Max incidents due to its faulty
Maneuvering Characteristics Augmentation System (MCAS)

• MCAS erroneously activated on both flights, triggering a chain of events that ended
with 346 people dead
• „Boeing’s employees chose the path of profit over candor by concealing material
information from the FAA (Federal Aviation Administration) concerning the operation
of its 737 Max airplane and engaging in an effort to cover up their deception.”
[Acting Assistant Attorney General David P. Burns of the Justice Department’s
Criminal Division]
• $243.6 million in criminal penalties,
• plus $500 million to a crash-victim beneficiaries fund
• separate $1.77 billion compensation payment to Max customers

[The Air Current, January 10, 2021]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 13
[The Air Current, January 10, 2021]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 14
Why Safe Systems?

autonomous systems enabled by


artificial intelligence …

[www.therobotreport.com, Nuro]

… major catastrophic
accidents are yet to come?

[sproboticworks.com]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 15
DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 16
“Definition” of Complex Safety-Critical Systems

“A complex safety-critical system is a system whose safety cannot be shown


solely by test, whose logic is difficult to comprehend without the aid of
analytical tools, and that might directly or indirectly contribute to put human
lives at risk, damage the environment, or cause big economical losses.”

[SAE (1996) – Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and
Equipment. Technical Report ARP4761, Society of Automotive Engineers]

“However, there is no universal terminology or method for safety. Nor is


there a universally accepted treatment of the topic. … Without claiming to be
the “definitive” approach [also within this class, R. Platz]”
[Gonzalo, Rey (JJJJ): System Design for Safety. Moog Inc]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 17
DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 18
Steady Trend Toward Complexity
reduction in costs is increasing diffusion
• Quantitative Software Management, Inc. (2009) estimates one function point as
148 lines of C code
• millions of embedded microprocessors are used for safety-critical applications and
many of them have faults
• between 1990 and 2000, firmware errors accounted for about 40% of the half-
million recalled pacemakers (Maisel et al., 2001; Ebert and Jones, 2009)
gain in performance is increasing complexity
• number of functions, e. g. for modern jet-fighters that are, in fact, designed to be
slightly aerodynamically unstable  a small variation in the current flight conditions
causes the plane to abruptly change trajectory
• number of states, e. g. digital systems with a large number of states that can make
their comprehension difficult and exhaustive testing impossible
• discrete behavior, e. g. a little variation in one program input could cause a great
variation in one output
• invisibility, e. g. software can be visualized only by overlapping several different
views (e.g., data-flow, control-flow) that define its behavior.

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 19
Steady Trend Toward Complexity

growth in flight software, NASA missions

size of flight
software, e.g.
amount of code
lines

[Bozzano, 2010]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 20
Levels of Criticality [Bozzano, 2010]

business-critical systems
failure of the system might cause a high economic loss
* *

*ERP – Enterprise Resource Planning systems

mission-critical systems
uncrewed baggage
failures might cause loss of a spacecraft handling
function necessary to achieve one
of the goals

[NASA, 2010] [BEUMER Group, 2013]

safety-critical systems
system failures might cause risk to human life or damages to the environment

[CRRC Corporation Limited, 2018] [ms-grafixx, 2021]


DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 21
Levels of Criticality [Bozzano, 2010]

fail-operational systems required to operate


• in nominal conditions
• in degraded situations
• e.g. airplanes, they must be able to fly even if
some components fail
[www.transportenvironment.org]

fail-safe systems are demanded to safely


• shut down in case of single or multiple
failures.
• e.g. trains, stopping is typically sufficient

[Bozzano, 2010] [www.happyrail.com]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 22
Diverse Causes for Systems to Fail

incapable design
errors during development (especially early stages such as specification,
requirement, conception)

overloaded/overstressed
• operated in environmental conditions for which it was not designed
• failure of other system components

variation in the production and design


natural variations in the materials, in the production processes, and in quality
assurance procedures

wear, time-variant behavior


• components become weaker with use and age
• changes in material properties over time
• non-linearities
[Bozzano, 2010]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 23
Design of Safe Systems – History of Tools

1853 – Elevators
became popular only after 1853 when Elisha Otis demonstrated a freight elevator
equipped with a safety device to prevent falling in case the cable should tear

[Alamy.de]

[https://otiselevator.umwblogs.org/adoption/] https://www.youtube.com/watch?v=sSjJjKcoNRk

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 24
Design of Safe Systems – History of Tools

1853 – Elevators
became popular only after 1853 when Elisha Otis demonstrated a freight elevator
equipped with a safety device to prevent falling in case the cable should tear

Safety engineering matured as a discipline only in the past 70 years


• system safety, as we know it today, is related to problems the U.S. Air Force after
World War II and its efforts to prevent them
• the Air Force lost 7,715 aircraft, 8,547 persons were killed
• “fly-fix-fly” approach during the 50ies
 safety was not a specific system engineering activity, only for project teams
 after system deployment and accident occurred, investigations reconstructed the
causes to allow engineers to “fix” the design and prevent future similar events
 ineffective approach, did not help prevent accidents with causes different from
those investigated,
 too costly and too dangerous, e. g. risks of nuclear weapons
 approach needed in which system safety activities are integrated into the
development process
[Bozzano, 2010]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 25
Product Design Process PDP

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 26
Product Design Process (PDP) with Reliability Assessment Tools

knowledge quality
from ABC-analysis, design management, collecting field
qualitative specification sheet experience review FMEA*, FTA*, … audits data

quantitative reliability targets non-deterministic and Weibull analysis, statistical analyzing field
probability measures DoE, Boole*, process data
Markov-Chains*, planning
FTA*

*in “Principles of Functional Safety”


[cf. Bertsche 2004 – Zuverlässigkeit im Fahrzeug- und Maschinenbau (Reliability in Automotive and Mechanical Engineering)]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 27
Product Design Process PDP

optimiza- realiza- serial


idea definition concept design
tion tion/ test prod.

Parallel “life cycles” in product development

[Asiedu, Gu 1998 – Product life cycle cost analysis: State of the art review]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 28
Research Examples

active buckling control [SFB 805]

semi-active vibration control via [SFB 805]

shunt-Damping

semi-active dynamic load redistribution


and health control

quantification of model
and data uncertainty / [SFB 805]

health monitoring
[Fraunhofer LBF]

adaptronics
passive/active vibration isolation
dynamic / electric / thermal
reliability of high-voltage batteries
DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 29
Weiterentwicklung Rundstab (bis zum MAFDS)

[Aeropol Aviation Services Corp.]


DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 30
Modular Active Spring-Damper System (MASDS)

• load distribution
• stability
• vibration control
• health control
12 year research
collaboration: Controlling
Uncertainty in Load
Carrying Systems
(ended 2021)

[Patent: Enß, G., Gehb, C., Götz, B., Melz, T., Ondoua, S., Platz, R., Schäffner, M., (2015)]

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 31
End of Lecture

… and please remember to provide a profile-picture in Zoom

DIT Deggendorf Institute of Technology – WS2324 – Design Safe Systems – 01 Introduction – Oct 11, 2023 – R. Platz, Slide 32

You might also like