| 引用本文: | 刘炳琪,胡剑波,刘畅,李俊.飞机差动刹车纠偏过程的STAMP/STPA安全性分析[J].哈尔滨工业大学学报,2020,52(4):66.DOI:10.11918/201812044 |
| LIU Bingqi,HU Jianbo,LIU Chang,LI Jun.STAMP/STPA safety analysis of aircraft differential braking correction process[J].Journal of Harbin Institute of Technology,2020,52(4):66.DOI:10.11918/201812044 |
|
| |
|
|
| 本文已被:浏览 1418次 下载 677次 |
码上扫一扫! |
|
|
| 飞机差动刹车纠偏过程的STAMP/STPA安全性分析 |
|
刘炳琪1,2,胡剑波1,刘畅1,2,李俊1,2
|
|
(1.空军工程大学 装备管理与无人机工程学院,西安 710051; 2.空军工程大学 研究生学院,西安 710051)
|
|
| 摘要: |
| 为防止飞机在全电差动刹车纠偏过程中发生危险或事故,将该过程的安全问题视为一个控制问题,从控制的角度开展STAMP/STPA安全性分析.首先,基于系统理论事故模型及过程(system-theoretic accident model and process,STAMP)建立考虑人机协调的飞机全电差动刹车系统STAMP模型,确定整个差动刹车系统的控制反馈关系;然后,采用系统理论过程分析(system theoretic process analysis,STPA)方法对差动刹车纠偏过程进行安全性分析,确定系统级事故和危险,识别潜在风险和不安全控制行为(unsafe control action,UCA),从控制、反馈和协调3个方面对不安全控制行为进行定性致因分析;最后,建立飞机地面滑跑模型,对纠偏过程中出现的部分不安全控制行为(UCA1、UCA2和UCA5)进行仿真分析.仿真结果表明:在1°初始偏航角或1 m/s持续侧风的情况下未提供差动刹车动作,飞机在5 s后会偏出跑道;在1°初始偏航角(无侧风)情况下发生差动刹车动作延迟,延迟大于5 s时飞机会偏出跑道.仿真结果从定量角度对飞机全电差动刹车纠偏过程提出了安全约束,并验证了STAMP/STPA方法的有效性. |
| 关键词: 人机协调 差动刹车系统 控制反馈关系 不安全控制行为 安全约束 |
| DOI:10.11918/201812044 |
| 分类号:V37 |
| 文献标识码:A |
| 基金项目:国家自然科学基金(71601183) |
|
| STAMP/STPA safety analysis of aircraft differential braking correction process |
|
LIU Bingqi1,2,HU Jianbo1,LIU Chang1,2,LI Jun1,2
|
|
(1.Equipment Management and Unmanned Aerial Vehicle Engineering College, Air Force Engineering University, Xi’an 710051, China; 2.Graduate College, Air Force Engineering University, Xi’an 710051, China)
|
| Abstract: |
| To prevent the occurrence of danger or accident during the correction process of all-electric differential braking, the safety problem was regarded as a control problem, and the safety analysis based on STAMP/STPA was carried out from the control point of view. First, based on the system-theoretic accident model and process (STAMP), the STAMP model of the aircraft all-electric differential braking system considering human-machine coordination was established to determine the control feedback relationship of the entire differential braking system. Then, the system theoretic process analysis (STPA) method was used to analyze the safety of the differential braking correction process, determine system-level accidents and hazards, identify potential risks and unsafe control actions (UCA), and conduct qualitative analysis of UCA from the aspects of control, feedback, and coordination. Finally, an airplane ground sliding model was established to simulate and analyze some unsafe control behaviors (UCA1, UCA2, and UCA5) that occurred during the correction process. Simulation results show that the differential braking action was not provided in the case of 1° initial yaw angle or 1 m/s continuous crosswind, and the aircraft was out of the runway after 5 s; the differential braking action delay occurred at 1° initial yaw angle (with no crosswind), and the aircraft was out of the runway when the delay was greater than 5 s. From the quantitative point of view, the safety constraints of the aircraft all-electric differential braking correction process were proposed, and the effectiveness of the STAMP/STPA method was verified. |
| Key words: human-machine coordination differential braking system control feedback relationship unsafe control behavior safety constraint |
|
|
|
|
