Model Based
Safety
Analysis
MBSA Methods with SIMFIA
1/22
Agenda
 Safety activities within Engineering Process
 SIMFIA for model making and processing as
integrated in the whole process
 Modelling approach for MBSA
 MBSA with SIMFIA for Airworthiness
 SIMFIA references
MBSA Methods with SIMFIA
2/22
Safety Activities during development cycle
Concept and
Concept and
Definition
Definition
Development
Development
PROCESS
PROCESS CONTROL , TECHNICAL STUDIES, TRAINING, DISSEMINATION
DEFINITION
CONFIGURATION MANAGEMENT
Aircraft
Requirements
Identification
System
Requirements
Identification
Item Requirements
Identification
Item Verification
Item Design
DELIVERY
Feasibility studies
Feasibility studies
In
In
Service
Service
In service
Follow up
Change Ctrl
System
Verification
Aircraft Verification
Aircraft Verification
Aircraft FHA
Aircraft Synthesis
PASA
Aircraft CCA
Aircraft CCA
Validation of
requirements
at the next
highest level
System FHA
Item Verification
System SSA
System PSSA
System CCA
System CCA
Top down RAM and
safety
Development
Requirements &
validation
Validation of
requirements
at the next
highest level
System Verification
Item FMEA
Item FMEA
Item FTA
Item FTA
Item CMA
Item CMA
Validation of
requirements
at the next
highest level
Bottom Up
Safety
Requirements
verification
Item Software Design
Item Hardware Design
SIMFIA
Technological Design
3/22
MBSA Methods with SIMFIA
Interoperability of SIMFIA workbench designed
to produce and process the models
System
Design
Functional
Hazard
Analysis
Additional
Analysis
Trouble
shooting /
Testability
Operaters /
Users
Support
Specification
Information
RAMS
Analysis
Safety
Analysis
FAULT
TREE
Qualitative
Quantitative
Assessment
Safety
Demonstration
Data
Sheet
Demonstration
Report
Design
Information
SIMFIA
Design process
MODELS
SAFETY
FMECA
SIMFIA
Development process
RELDIAG
SIMUL
MBSA Methods with SIMFIA
RAMS tasks
Doc / Report
4/22
Top Down
DESIGN
INFORMATION
REPOSITORY
Model Structure
SYSTEM
SUB SYSTEM
EQUIPMENT
…
RAMS
INFORMATION
DATA BASES
-n
Datasheets
for
Reports
-n
-n
…
-n
Bottom Up
System
Engineering
Tool / Workbench
Framework
Data /
Information /
Model
Patterns
Functional/
Hazard
analysis
Model Processing
RAMS
analysis
-consistensy check
-completeness check
-scenario simulations
Safety
analysis
MBSA Methods with SIMFIA
Simulation/
Diagnosis
5/22
Structure of SIMFIA
SIMUL
Function / Hazard
Simulation
SOFIA
Functional
and
SOFIA
Dysfunctional analysis
SIMFIA
SIMFIA
Logistic
Data
Base
R.A.M.S
R.A.M.SSoftware
Software
F.M.E.C.A
SAFETY
Fault tree
Spreadsheets
(ASCII, ...)
RELDIAG
(Reliability Diagram)
SIMLOG
Logistic SIMLOG
Support Analysis
Software
Logistic Support Analysis
Fault Modes, Effect and
Criticality Analysis
OPTIM - STOCK
Initial spares allocation
COST
Life cycle cost
Level Of Repair Analysis
LORA
Level Of Repair Analysis
MBSA Methods with SIMFIA
6/22
Modelling Methodology for MBSA
 Top Down approach: from need to solution….




First step: specification production
Second step: solution functional specification
Third step: physical specification.
Last step: manufacturing
MBSA Methods with SIMFIA
8/22
Modeling Method in MBSA approach
SOW
Specification
System
F2
F1
Functional
Design
Physical
Definition
Step 1
Step 2
Step 3
Soft
Hard
Manufacturing
Step 4
MBSA Methods with SIMFIA
9/22
Reminder about the Safety process
 The steps along the Safety process are following:
– Functional Hazards Assessment (FHA) : A Functional Hazard
Assessment is defined as a systematic, comprehensive
examination of functions to identify and classify failure conditions
of those functions according to their severity
– Preliminary System Safety Assessment (PSSA): A PSSA is used
to complete the failure conditions list and the corresponding safety
requirements.
– System Safety Assessment (SSA): A System Safety Assessment
is a systematic, comprehensive evaluation of the implemented
system to show that relevant safety requirements are met.
· The SSA is a verification that the implemented design meets
both the qualitative and quantitative safety requirements as
defined in the FHA and PSSA
· Therefore it needs, both qualitative and quantitative verification
means such as FTA, FMEA, FMES etc…
MBSA Methods with SIMFIA
10/22
FHA with SIMFIA

FHA PROCESS:
– Identification of all the functions associated with the level under study (internal
functions and exchanged functions)
– Identification and description of failure conditions associated with these functions,
considering single and multiple failures in normal and degraded environments
– Determination of the effects of the failure condition
– Classification of failure condition effects on the aircraft (Catastrophic, SevereMajor/Hazardous, Major, Minor and No Safety Effect)
– Assignment of requirements to the failure conditions to be considered at the lower
level
– Identification of the supporting material required to justify the failure condition
effect classification
– Identification of the method used to verify compliance with the failure condition
requirements
MBSA Methods with SIMFIA
11/22
FHA with SIMFIA
 The FHA is an oriented analysis of the system. SIMFIA
can be used as a support for such analysis using a
specificication « high level » model
MBSA Methods with SIMFIA
12/22
FHA with SIMFIA
 High level / functional view of the system.
MBSA Methods with SIMFIA
13/22
FHA with SIMFIA
 User data to input the columns content for each Failure
condition
 This allows to document all functional knowledge of the
system in a Simfia Model for further processing of this
knowledge
 Fully FHA – compliant output
Function
Failure Condition
Phase
To_decelerate_the_aircraf
t_using_the_braking_syst Unannounced loss of
em
braking system
Landing
To_decelerate_the_aircraf
t_using_the_braking_syst Unannounced loss of
em
braking system
RTO
To_decelerate_the_aircraf
t_using_the_braking_syst Announced loss of
em
braking system
Landing
EFFECT OF FAILURE CONDITION ON
Reference to supporting
AIRCRAFT/CREW
Classification
material
Crew detects failure when braking is
launched. The Crew/Aircraft is in exit ramp
Procedures to prevent loss
phase. Crew ensure some braking via flight
of normal, emergency or
controls and/or thrust reversers
CATASTROPHIC parking mode
Crew detects failure when braking is
launched. The Crew/Aircraft is in exit ramp
Procedures to prevent loss
phase. Crew ensure some braking via flight
of normal, emergency or
controls and/or thrust reversers
CATASTROPHIC parking mode
Crew warns their passengers and control
tower of the failure. Crew ensure some
Do this kind of scenario in
braking via flight controls and/or thrust
tests to improve reactivity
reversers. Airport prepare the landing route
and minimize this kind of
14/22
by using foam to decelerate.
HAZARDOUS
event.
MBSA Methods with SIMFIA
PSSA / SSA with SIMFIA
 PSSA / SSA Process
– Preliminary / Final technical « breakdown » of the
functions
·  Model all equipments and link them to the
functions
MBSA Methods with SIMFIA
15/22
· ATA32_LANDING_GEARS Breakdown
MBSA Methods with SIMFIA
16/22
· COCKPIT_ATA_32 Breakdown
MBSA Methods with SIMFIA
17/22
PSSA / SSA with SIMFIA
 The functionnal model can be used to generate the
table containing all quantitative objectives
 There again thanks to user data available in SIMFIA
Failure Condition
Unannounced loss of braking system
Announced loss of braking system
Class. / RT
MIN (Saf. Fl.)
DEL (Op. Rel.)
MIN (Saf. Fl.)
DEL (Op. Rel.)
S/R Objective
Design Objective
Expected
probability
1.0E-03 (Saf.)
1.0E-05 (Saf.)
TBD
1.0E-03 (Saf.)
1.0E-05 (Saf.)
TBD
MBSA Methods with SIMFIA
18/22
PSSA / SSA with SIMFIA
 The expected probability can then be
evaluated using the full model with technical
equipments for each FC using FTA analysis
(one FTA per phase)
MBSA Methods with SIMFIA
19/22
SIMFIA V2 connectors to capture external information

Functional Analysis languages : SADT, SART, APTE…

Hardware Modelling languages : EXPRESS , SIMLULLINK,
MACAR…

Performance analysis languages : PETRI, Queue
Network…

Formal languages : STATE MATE…
MBSA Methods with SIMFIA
20/22
SIMFIA references in aeronautics
COMPANY
MODULES
AIRBUS
SAFETY, SIMUL
BRITISH AEROSPACE
SAFETY, FMECA, RELDIAG
CASSIDIAN
SAFETY, FMECA, RELDIAG, DIAGSYS
EUROCOPTER
SAFETY, FMECA, RELDIAG
ROLLS ROYCE UK
SAFETY, FMECA, RELDIAG
SAGEM
SAFETY, FMECA, RELDIAG
SAFRAN
SAFETY, FMECA, RELDIAG
THALES
SAFETY, FMECA, RELDIAG, DIAGSYS, SIMUL
MBSA Methods with SIMFIA
21/22
SIMFIA references in other domains
COMPANY
TYPES OF SYSTEMS
SNECMA
Production of models of Engines
SAGEM
Production of models of Unmanned Air Systems
CEGELEC
TOTAL
Power Supply Networks
Offshore platforms
GEMS
Vascular Platforms
EUROCOPTER
Design To Cost Simulation Framework
PSA
Computer Aided Diagnosis an TroubLeshooting
BOMBARDIER
Operational Availability Follow Up and Management
Application
MBSA Methods with SIMFIA
22/22