(paper) 외부 행성 탐사 미션에 대한 안전 주도 설계 방법론의 적용

우리나라의 우주 산업도 언젠간 이런 level까지 올라갈 수 있기를 기대한다. domain은 우주이지만, 실제 내용은 Specification, safety engineering에 대한 내용이다.

(핵심 내용) 주요 기술 4개의 integration

  1. Intent Specification, a framework for organizing system development & operational information in a hierarchical structure
  2. 사고의 인과관계를 STAMP model로 제시
  3. STAMP기반 위험원 분석(STPA)
  4. State Analysis, 모델 기반 시스템 엔지니어링 접근법

논문에서 하고 싶은 말이 얼마나 많았던지 24페이지인데, 개인적으로는 사실 100페이지로도 부족할 것 같다. 24페이지로 상당히 압축을 잘 한 것 같다. (그래서 참조문헌을 다 뒤져봐야 내용을 온전히 이해할 것 같은 심오함은 약점)

Intent Specification

Intent spec hierarchy

출처: Brandon D. Owen 2007

각 Level에 대한 설명은 아래와 같은데, 본 논문에서는 Level 0~3에 대하여 focus를 맞추고 있음

Level 0: a project management view and insight into the relationship between the plans and project development

Level 1: the customer view and assists system engineers and customers in agreeing on what should be built and whether that has been accomplished. It includes system goals, highlevel requirements, design constraints, hazards, environmental assumptions, and system limitations.

Level 2: (System Design) the structure and content needed for engineers to reason about the system in terms of the physical principles and laws upon which the system design is based. It documents the basic system-level design decisions made to satisfy the requirements and constraints at Level 1.

Level 3: (Blackbox Behavior level) enhances reasoning about the logical design of the system as a whole and the interaction among the components as well as the functional state without distractions from implementation issues. This level acts as an unambiguous interface between systems engineering and component engineering to assist in communication and review of component blackbox behavioral requirements and to reason about the combined behavior of individual components using informal review,
formal analysis, and simulation. The models at this level are formal and can be both executed and subjected to formal analysis (for example, completeness and consistency

Level 4,5: provide the information necessary to reason about individual component design and implementation issues.

Level 6: provides a view of the operational system


STAMP와 STPA를 기반으로 한 안전 주도 설계 방법

Step 1: Identify Mission Goals, Requirements, and Constraints.
Products: Level 1 intent specification of mission goals and constraints

Step 2: Define System Accidents or Unacceptable Losses.
Products: Level 0 intent specification documenting the accidents.

Step 3: Define High-level Hazards.
Products: Level 1 intent specification documenting high-level hazards.

Step 4: Define High-level Safety-Related Constraints.
Products: Level 1 intent specification documenting safety constraints.

Step 5: Identify Environment and Customer Constraints.
Products: Level 1 intent specification of environmental constraints and environmental
assumptions, customer-derived system design constraints, and customer programmatic constraints.

Step 6: Perform High-level Functional Decomposition.
Products: Level 1 intent specification documenting the functional decomposition.

Step 7: Design High-level System Control Structure.
Products: Level 1 intent specification documenting the high-level control structure.

Step 8: Perform Preliminary Hazard Analysis using STPA and Create Hazard Log.
Products: Level 1 intent specification documenting STPA hazard analysis.

Step 9: Define System Element Specifications.
• Level 1 intent specification documenting goals, requirements, design constraints, and safety constraints for each subsystem or functional element (including subsystems and/or functional elements defined both before Step 9 and during the iterative
sub-steps of Step 9).
• Level 2 intent specification documenting design decisions made to implement the requirements and constraints in Level 1.
• Level 3 intent specification documenting the formal design of the control system.

Step 10: Perform Validation Tests.
Products: Test results.

Step 11: Generate Designs and Software Code.
Products: Design specifications and software code


위의 방법론을 이용하여 Specification 사례가 있는데, seamless하다는 느낌을 받는다. 굉장히 논리적이고 설득력이 있어보인다. (이 정도까지 해야 하는가? 라는 생각이 살짝 들기도 하지만 훌륭하다. )

시스템 Level에서의 Goal, Requirement, Constraint를 만들고, 이를 바탕으로 design decision을 만들고, 이것을 바탕으로 functional model을 만들고, DSM(design structure matrix)방법으로 design을 하고, State analysis를 하는 방식으로 굉장히 깔끔하게 흘러간다.


굉장한 Spec덕후가 아닌가 싶음…full paper를 보고 싶은데.. 1000페이지 되어도 좋으니 말이다.

Spec 논문 오랜만이다. 대학원 때 이후로 첨이니…



One thought on “(paper) 외부 행성 탐사 미션에 대한 안전 주도 설계 방법론의 적용”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s