Research On Safety Analysis Method Of Airborne Display System Based On The STAMP Theory

Large-scale flight delays and take-off/landing safety caused by severe weather are two major problems affecting civil aviation.To solve these problems,many new display systems have gradually been applied.The airborne display system belongs to the safety critical system,and it is necessary to carry out complete risk analysis during development process.With the increase of system complexity,traditional methods show many limitations.It's necessary to study the new safety analysis methods of airborne display systems.The extended research for system safety and human-system interaction safety respectively is conducted based on the Systems-Theoretic Accident Model and Process(STAMP),which is a new theory of safety analysis.The head-up display system is taken as an example to conduct a case analysisFirstly,System-Theoretic Process Analysis(STPA),a safety analysis method based on STAMP,is combined with formal verification-UPPAAL based on Timed Automata by studing the combination process and the conversion between the two methods.It can identify and verify potential unsafe control actions of system.Then,the STPA-Bayes quantitative analysis model is established by using Bayesian network.It can calculate occurrence probability of unsafe control actions.Meanwhile,the results are compared with the Fault Tree to verify its correctness.Finally,based on the first two parts,the human reliability is studied,and a human error analysis model-STPA-CREAM is proposed.The human-HUD interaction process is analyzed to identify potential risksThe results show that the formal method based on STPA can effectively identify and analyze potential hazards and improve analysis efficiency of unsafe control actions STPA-Bayes quantitative analysis model makes up for the lack of quantitative analysis of STPA.The combination of the two can perform a complete safety analysis for system from both qualitative and quantitative aspects.The STPA-CREAM can fully analyze human errors and design defects during the human-system interaction process and give evaluation.