PRO-ELICERE: A Hazard Analysis Automation Process Applied to Space Systems

ABSTRACT In the last decades, critical systems have increasingly been developed using computers and software even in space area, where the project approach is usually very conservative. In the projects of rockets, satellites and its facilities, like ground support systems, simulators, among other critical operations for the space mission, it must be applied a hazard analysis. The ELICERE process was created to perform a hazard analysis mainly over computer critical systems, in order to define or evaluate its safety and dependability requirements, strongly based on Hazards and Operability Study and Failure Mode and Effect Analysis techniques. It aims to improve the project design or understand the potential hazards of existing systems improving their functions related to functional or non-functional requirements. Then, the main goal of the ELICERE process is to ensure the safety and dependability goals of a space mission. The process, at the beginning, was created to operate manually in a gradual way. Nowadays, a software tool called PRO-ELICERE was developed, in such a way to facilitate the analysis process and store the results for reuse in another system analysis. To understand how ELICERE works and its tool, a small example of space study case was applied, based on a hypothetical rocket of the Cruzeiro do Sul family, developed by the Instituto de Aeronáutica e Espaço in Brazil.

摘要 近数十年来，关键系统愈发依赖计算机与软件进行开发，即便在通常采用极为保守的项目实施方式的航天领域亦是如此。在火箭、卫星及其配套设施（如地面支持系统、模拟器）等航天任务关键作业相关的项目中，必须开展危险分析工作。 ELICERE流程正是为主要针对计算机关键系统开展危险分析而研发，其核心目的是定义或评估系统的安全性与可靠性要求，该流程严格基于危险与可操作性研究（Hazards and Operability Study）及失效模式与影响分析（Failure Mode and Effect Analysis）两类技术方法。该流程旨在优化项目设计，或是厘清现有系统的潜在危险，进而完善其与功能、非功能需求相关的各项功能。综上，ELICERE流程的核心目标是保障航天任务的安全性与可靠性指标达成。 该流程最初仅支持以渐进方式手动开展作业。如今，一款名为PRO-ELICERE的软件工具已被开发，用于简化分析流程并存储分析结果，以供其他系统分析工作复用。 为阐明ELICERE流程及其配套工具的运作逻辑，研究人员以巴西航空航天研究所（Instituto de Aeronáutica e Espaço）研发的一款假想型南十字座（Cruzeiro do Sul）家族火箭为原型，搭建了小型航天研究案例进行演示。