计算机科学

计算机科学 ›› 2026, Vol. 53 ›› Issue (1): 341-352.doi: 10.11896/jsjkx.241000156

• 信息安全 • 上一篇    下一篇

基于STPA的飞行导引系统模式转换的安全性分析研究

左辰翠, 黄志球, 胡军, 谢健, 徐恒, 石帆   

  1. 南京航空航天大学计算机科学与技术学院 南京 210016
  • 收稿日期:2024-10-28 修回日期:2025-03-10 发布日期:2026-01-08
  • 通讯作者: 黄志球(zqhuang@nuaa.edu.cn)
  • 作者简介:(chencuizuo@163.com)
  • 基金资助:
    国家自然科学基金联合基金(U224120044)

Research on Safety Analysis of Mode Transition of Flight Guidance System Based on STPA

ZUO Chencui, HUANG Zhiqiu, HU Jun, XIE Jian, XU Heng, SHI Fan   

  1. School of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016, China
  • Received:2024-10-28 Revised:2025-03-10 Online:2026-01-08
  • About author:ZUO Chencui,born in 2000,postgra-duate.Her main research interests include formal methods and system safety analysis.
    HUANG Zhiqiu,born in 1965,Ph.D,professor,is a distinguished member of CCF(No.09028D).His main research interests include software engineering,safety of software and formal methods.
  • Supported by:
    Joint Funds of the National Natural Science Foundation of China(U224120044).

PDF (PC)

5

摘要: 在民机自动飞行过程中,飞行导引系统的模式转换是影响安全的重要因素,应对其进行充分的安全性分析。传统安全分析方法主要关注各个组件的失效因素,忽略了由组件间非线性交互产生的安全问题。为此,采用系统理论过程分析(System Theory Process Analysis,STPA)方法,对飞行导引系统模式转换进行系统且完整的分析。同时,鉴于STPA方法中存在需人工分析的部分,引入了基于时间自动机理论的形式化模型检查工具UPPAAL对系统进行建模与验证,以确保控制结构图的正确性,并识别真正不安全控制行为(Unsafe Control Action,UCA),从而避免资源的浪费。最后,提出规范化的致因因素分析框架对通过验证的UCA进行逐一分析。实例证明,所提方法对航空类复杂系统安全性分析具有较好的效果。

关键词: 飞行导引系统, 模式转换, 系统理论过程分析, 模型检查, UPPAAL

Abstract: In the process of automatic flight of civil aircraft,the mode transition of the flight guidance system is an important factor affecting safety and should be subject to a comprehensive safety analysis.Traditional safety analysis methods mainly focus on the failure factors of individual components,ignoring the safety issues arising from the nonlinear interactions between components.For this reason,this paper adopts the System Theory Process Analysis(STPA) method to conduct a systematic and complete analysis of the mode transition of the flight guidance system.Meanwhile,considering that there are parts in the STPA me-thod that require manual analysis,the formal model checking tool UPPAAL based on the theory of timed automata is introduced to model and verify the system,so as to ensure the correctness of the control structure diagram and identify the truly Unsafe Control Actions(UCA),thus avoiding the waste of resources.Finally,a standardized causal factor analysis framework is proposed to analyze the verified UCAs one by one.The example proves that the proposed method is effective for the safety analysis of aviation complex systems.

Key words: Flight guidance system, Mode transition, System theoretic process analysis, Model checking, UPPAAL

中图分类号: 

  • V249
[1]SAVELEV A,NERETIN E.Development of safetyrequire-ments for tracking active pilot controls by signals from an automatic flightcontrol system[C]//Proceedings of the 2019 International Conference on Control,Artificial Intelligence,Robotics &Optimization(ICCAIRO).IEEE,2019:19-24.
[2]OLIVER N,CALVARD T,POTOČNIK K.Cognition,technology,and organizational limits:Lessons from the Air France 447 disaster[J].Organization Science,2017,28(4):729-743.
[3]BOSS K K.Characteristics and analysis of major US air carrier accidents between 1991 and 2010[M].Oklahoma:Oklahoma State University,2012.
[4]LI X,ZHU Y,FAN Y,et al.A Comparison of SAE ARP 4754A and ARP 4754[J].Procedia Engineering,2011,17:400-406.
[5]LEVESON N,FLEMING C,THOMAS J,et al.A Comparison of SAE ARP 4761 and STPA Safety Assessment Processes[C]//Safety-Critical Systems Symposium.2015.
[6]QIE Z,YAN H.A Causation Analysis of Chinese Subway Construction Accidents Based on Fault Tree Analysis-Bayesian Network[J].Frontiers in Psychology,2022,13:887073.
[7]ANJALEE J A L,RUTTER V,SAMARANAYAKE N R.Application of failure mode and effect analysis(FMEA) to improve medication safety:a systematic review[J].Postgraduate Medical Journal,2021,97(1145):168-174.
[8]MILLER S P,CARLSON T M,TRIBBLE A C.Flight guidance system requirements specification[R].NASA,2003.
[9]TRIBBLE A C,LEMPIA D L,MILLER S P.Software safetyanalysis of a flight guidance system[C]//Proceedings of the 21st Digital Avionics Systems Conference.IEEE,2002.
[10]JOSHI A,MILLER S P,HEIMDAHL M P E.Mode confusion analysis of a flight guidance system using formal methods[C]//Digital Avionics Systems Conference.2003.
[11]OWRE S,RUSHBY J M,SHANKAR N.PVS:A prototype ve-rification system[C]//International Conference on Automated Deduction.Berlin:Springer,1992:748-752.
[12]CIMATTI A,CLARKE E,GIUNCHIGLIA F,et al.NuSMV:A new symbolic model verifier[C]//Computer Aided Verification:11th International Conference.Berlin:Springer,1999:495-499.
[13]WOODCOCK J,LARSEN P G,BICARREGUI J,et al.Formal methods:Practice and experience[J].ACM Computing Surveys,2009,41(4):1-36.
[14]SULAMAN S M,BEER A,FELDERER M,et al.Comparison of the FMEA and STPA safety analysis methods-a case study[J].Software Quality Journal,2019,27:349-387.
[15]LEVESON N G.Engineering a safer world:Systems thinkingapplied to safety[M]. Massachusetts:MIT Press,2016.
[16]LEVESON N,DULAC N,ZIPKIN D,et al.Engineering resilience into safety-critical systems[M]//Resilience Engineering.2017:95-123.
[17]CHAAL M,BANDA O A V,GLOMSRUD J A,et al.A framework to model the STPA hierarchical control structure of an autonomous ship[J].Safety Science,2020,132:104939.
[18]SAHAY R,ESTAY D A S,MENG W,et al.A comparative risk analysis on CyberShip system with STPA-Sec,STRIDE and CORAS[J].Computers & Security,2023,128:103179.
[19]SADEGHI R,GOERLANDT F.A proposed validation frame-work for the system theoretic process analysis(STPA) technique[J].Safety Science,2023,162:106080.
[20]BENSACI C,ZENNIR Y,POMORSKI D,et al.STPA and Bowtie risk analysis study for centralized and hierarchical control architectures comparison[J].Alexandria Engineering Journal,2020,59(5):3799-3816.
[21]BENSACI C,ZENNIR Y,POMORSKI D,et al.Collision hazard modeling and analysis in a multi-mobile robots system transportation task with STPA and SPN[J].Reliability Engineering & System Safety,2023,234:109138.
[22]TSUJI M,TAKAI T,KAKIMOTO K,et al.Prioritizing scenarios based on STAMP/STPA using statistical model checking[C]//2020 IEEE International Conference on Software Testing,Verification and Validation Workshops(ICSTW).IEEE,2020:124-132.
[23]DE SOUZA F,DE MELO B J,HIRATA C M,et al.Combining STPA with SysML modeling[C]//2020 IEEE International Systems Conference(SysCon).IEEE,2020:1-8.
[24]ZHONG D,SUN R,GONG H,et al.System-theoretic processanalysis based on SysML/MARTE and NuSMV[J].Applied Sciences,2022,12(3):1671.
[25]DGHAYM D,HOANG T S,TURNOCK S R,et al.An STPA-based formal composition framework for trustworthy autonomous maritime systems[J].Safety Science,2021,136:105139.
[26]BEHRMANN G,DAVID A,LARSEN K G.A tutorial on uppaal[EB/OL].https://uppaal.org/texts/21-tutorial.pdf.
[27]LIU S,ZHOU C,SHAO H,et al.Research on automatic flight control system flight mode operation logic[C]//Journal of Phy-sics:Conference Series.2023.
[28]HÜBENER D,LUCKNER R,WEBER G.Concepts for Independent Monitoring of Flight Control Laws[C]//Proceedings of the 10th EUCASS-9th CEAS Aerospace Europe Conference 2023.2023.
[29]HANDBOOK A F.Federal Aviation Administration[R].Department of Transportation,1972.
[30]ISHIMATSU T,LEVESON N G,THOMAS J,et al.Modeling and Hazard Analysis Using STPA[C]//Proceedings of the 4th IAASS Conference.2010.
[31]MCCRACKEN D D,REILLY E D.Backus-naur form(BNF)[M]//Encyclopedia of Computer Science.2003:129-131.
[32]MAIDI M.The common fragment of CTL and LTL[C]//Proceedings of 41st Annual Symposium on Foundations of Compu-ter Science.IEEE,2000:643-652.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市两江新区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发