Welcome to

the new Enterprise Architect extension for STPA SAHRA

SAHRA is an extension for the popular Sparx Systems Enterprise Architectâ„¢ UML/SysML modeling tool, which enables practitioners to adopt the hazard analysis method "System Theoretic Process Analysis" (STPA) for their engineering and analysis processes. STPA, which has been developed by Nancy Leveson at MIT, specifically adresses risks which are generated by functional interaction between control units present in a system. As a result, STPA is especially suitable for analysis of software-based socio-technologic systems. Consequently STPA does not treat safety as a (component) failure problem but as a control problem: Understanding how a system can enter an unsafe state requires understanding which unsafe control actions can occur and why and how they occur.

The SAHRA Enterprise Architectâ„¢ extension is developed in a cooperation between the Safety-Critical Systems Research Lab of the Zurich University of Applied Sciences and industrial partners.

find out more

Features of SAHRA

Key Features

SAHRA supports the complete STPA process by providing key features for:

  1. Modeling of Hierarchical Control Structures
  2. Context sensitive object browser and editor
  3. STPA Step 1 Editor to find Unsafe Control Actions
  4. STPA Step 2 Editor to find Scenarios and Causal Factors

The SAHRA MDG Technology for STPA extends UML with a special STPA profile including new diagram types and toolboxes. Beside Enterprise Architect's own reporting features, SAHRA can export analysis results to html. Hierarchical Control Structure SAHRA supports capturing hierarchical control structure diagrams by providing a "STPA Hierarchical Control Structure" diagram type and the respective elements in the Toolbox.

Hierarchical Control Structure

SAHRA supports capturing hierarchical control structure diagrams by providing a "STPA Hierarchical Control Structure" diagram type and the respective elements in the Toolbox. Toolbox The STPA Toolbox contains all elements necessary to capture a hierarchical control structure:

  1. Controller
  2. Controlled Process
  3. Control Action Connector
  4. Feedback Connector

The additional hub element is used when modelling hierarchical control structures with several levels of abstraction using multiple diagrams.

HCS Diagrams

The diagram is captured as any diagram in Enterprise Architect. All standard Enterprise Architect dialogs and diagram manipulation functionalities are supported. For example the properties- notes-, and traceability-dialog or the distribute and align functionalities.

SAHRA Object Browser

The SAHRA Object browser displays context sensitive information about the currently selected diagram object. For example source and target of a control action connector. With the SAHRA Object browser new control action and feedback elements can be created and linked to the selected connector. Likewise existing control action and feedback elements can be linked or unliked to the connector. The SAHRA Object browser features a context menu which allows to easily rename and re-arrange elements or opening up the Enterprise Architect properties dialog for example. Additionally the SAHRA Object browser supports copy-, cut- and paste-functionalities to easily move control action and feedback elements between connectors. The SAHRA Object browser can be freezed to not respond to the selection of new elements anymore.

STPA Step 1

STPA Step 1 is captured in SAHRA with the help of a custom analysis view showing the control action under consideration as root node. With a mind-map approach the STPA Step 1 editor allows the analyst to capture the analysis with help of keywords to find unsafe control actions which can be linked with hazards and losses. In our case studies we used unwanted process state, unwanted process reaction and assumptions as an extension to the 'classical' STPA elements. While the analyst works on the analysis the respective elements and links are automatically created and updated in the model repository. Any specific element (for example a hazard) can be used multiple times by simple dragging it to an existing node to create a link

STPA Step 2

STPA Step 2 is captured in SAHRA with the help of a custom analysis view showing the node under consideration as root node. With a mind-map approach the STPA Step 2 editor allows the analyst to capture the analysis with help of template Scenarios to find Causal Factors. In our case studies we used node types Assumption, Notes and Information as an extension to the 'classical' STPA elements. While the analyst works on the analysis the respective elements and links are automatically created and updated in the model repository. Any specific element (for example a hazard) can be used multiple times by simple dragging it to an existing node to create a link.



Availability