Welcome to

the new Enterprise Architect extension for STPA SAHRA

SAHRA is an extension for the popular Sparx Systems Enterprise Architect™ UML/SysML modeling tool, which enables practitioners to adopt the hazard analysis method "System Theoretic Process Analysis" (STPA) for their engineering and analysis processes. STPA, which has been developed by Nancy Leveson at MIT, specifically adresses risks which are generated by functional interaction between control units present in a system. As a result, STPA is especially suitable for analysis of software-based socio-technologic systems. Consequently STPA does not treat safety as a (component) failure problem but as a control problem: Understanding how a system can enter an unsafe state requires understanding which unsafe control actions can occur and why and how they occur.

The SAHRA Enterprise Architect™ extension is developed in a cooperation between the Safety-Critical Systems Research Lab of the Zurich University of Applied Sciences and industrial partners.

find out more

Features of SAHRA

Key Features

SAHRA supports the complete STPA process by providing key features for:

  1. Modeling of Hierarchical Control Structures
  2. Context sensitive object browser and editor
  3. STPA Step 1 Editor to find Unsafe Control Actions
  4. STPA Step 2 Editor to find Scenarios and Causal Factors

The SAHRA MDG Technology for STPA extends UML with a special STPA profile including new diagram types and toolboxes. Beside Enterprise Architect's own reporting features, SAHRA can export analysis results to html. Hierarchical Control Structure SAHRA supports capturing hierarchical control structure diagrams by providing a "STPA Hierarchical Control Structure" diagram type and the respective elements in the Toolbox.

Hierarchical Control Structure

SAHRA supports capturing hierarchical control structure diagrams by providing a "STPA Hierarchical Control Structure" diagram type and the respective elements in the Toolbox. Toolbox The STPA Toolbox contains all elements necessary to capture a hierarchical control structure:

  1. Controller
  2. Controlled Process
  3. Control Action Connector
  4. Feedback Connector

The additional hub element is used when modelling hierarchical control structures with several levels of abstraction using multiple diagrams.

HCS Diagrams

The diagram is captured as any diagram in Enterprise Architect. All standard Enterprise Architect dialogs and diagram manipulation functionalities are supported. For example the properties- notes-, and traceability-dialog or the distribute and align functionalities.

SAHRA Object Browser

The SAHRA Object browser displays context sensitive information about the currently selected diagram object. For example source and target of a control action connector. With the SAHRA Object browser new control action and feedback elements can be created and linked to the selected connector. Likewise existing control action and feedback elements can be linked or unliked to the connector. The SAHRA Object browser features a context menu which allows to easily rename and re-arrange elements or opening up the Enterprise Architect properties dialog for example. Additionally the SAHRA Object browser supports copy-, cut- and paste-functionalities to easily move control action and feedback elements between connectors. The SAHRA Object browser can be freezed to not respond to the selection of new elements anymore.

STPA Step 1

STPA Step 1 is captured in SAHRA with the help of a custom analysis view showing the control action under consideration as root node. With a mind-map approach the STPA Step 1 editor allows the analyst to capture the analysis with help of keywords to find unsafe control actions which can be linked with hazards and losses. In our case studies we used unwanted process state, unwanted process reaction and assumptions as an extension to the 'classical' STPA elements. While the analyst works on the analysis the respective elements and links are automatically created and updated in the model repository. Any specific element (for example a hazard) can be used multiple times by simple dragging it to an existing node to create a link

STPA Step 2

STPA Step 2 is captured in SAHRA with the help of a custom analysis view showing the node under consideration as root node. With a mind-map approach the STPA Step 2 editor allows the analyst to capture the analysis with help of template Scenarios to find Causal Factors. In our case studies we used node types Assumption, Notes and Information as an extension to the 'classical' STPA elements. While the analyst works on the analysis the respective elements and links are automatically created and updated in the model repository. Any specific element (for example a hazard) can be used multiple times by simple dragging it to an existing node to create a link.



Availability

sahraOne

sahraTwo

You want to work with SAHRA?

While some of the modules and features of SAHRA are in internal and external beta-testing others are still in development. We have therefore until now provided demo versions solely to strategic partners. Please contact us for further information or to be notified about the software's availability.


Publications

Publications

Krauss, Sven Stefan; Reif, Monika Ulrike; Rejzek, Martin; Senn, Christoph; Hilbes, Christian (2016). STPA – Sicherheitsanalyse für komplexe Systeme: Talk presented at: safe.tech 2016. (26.-27.04.2016). Munich: TÜV SÜD AG. (Download PDF)

Krauss, Sven Stefan; Rejzek, Martin; Hilbes, Christian (2015). Tool qualification considerations for tools supporting STPA: In: Proceedings of the 3rd European STAMP Workshop 5-6 October 2015, Amsterdam. Procedia Engineering, 128 15-24. Peer reviewed. (Download PDF)

Krauss S., Rejzek M., Hilbes Ch. Tool Qualification Considerations for Tools Supporting STPA. Talk presented at: 3rd European STAMP Workshop; 2015 October 4-6; Amsterdam, Netherlands. (Download PDF)

Rejzek M., Krauss S., Hilbes Ch. Safety Driven Design with UML and STPA. Talk presented at: 4th MIT STAMP Workshop; 2015 March 23-26; Massachusetts Institute of Technology, USA. (Download PDF)

How to cite SAHRA

To cite SAHRA, please use:

Safety-Critical Systems Research Lab Team of ZHAW Zurich University of Applied Sciences, SAHRA - STPA based Hazard and Risk Analysis, www.sahra.ch (Access date)

References

NG. Leveson. 2011. Engineering A Safer World: Systems Thinking Applied to Safety, MIT Press, Cambridge

NG. Leveson. 2004. A new accident model for engineering safer systems. Safety science, 42(4), 237-270.

Example Model

The example model which is shown on some SAHRA screenshots is adapted from:

J. Sgueglia. 2015. Managing Design Changes using Safety-Guided Design for a Safety Critical Automotive System, MIT Master's Thesis, June 2015


Safety-Critical Systems Research Lab

about img

ABOUT US

Safety-Critical Systems Research Lab

The Institute for Applied Mathematics and Physics promotes technological progress in the field of systems critical to safety by offering interdisciplinary competence and experience in the following areas:

  1. Hazard and risk analysis
  2. Functional safety of complex programmable systems
  3. Quantitative safety analyses
  4. Formal specification, development and verification methods

We place these aspects in the context of development processes, safety and RAMS management, and verification and validation, with our goals ranging from the development of certified products and systems all the way up through to the Declaration of Conformity and the CE label. Combined with our expertise in the areas of system theory, the modeling and simulation of complex systems, statistical and probabilistic analysis and formal verification methods, we offer our industrial partners the broad range of technical knowledge required to successfully implement innovative solutions for use in applications critical to safety which require the design, analysis, and validation of complex programmable (processor-based or FPGA-based) systems critical to safety. Especially if: Risk analyses of highly dynamic and complex systems and processes are required; The use of existing standards is not obviously possible. Don't hesitate to contact us to learn more about our projects and partners and professional seminars, and advanced training.