FSTPA-I: A formal approach to hazard identification via system theoretic process analysis

Cyber-physical systems (CPS) are usually safety critical, making systems safety a CPS issue. Many efforts have been made in safety verification of CPS and some effort has been made in safety-guided design of specific CPS, but fewer efforts have been made in a formal science to aid in safety-guided design. One domain crucial to safety-guided design is hazard analysis, which can be challenging for complex dynamic systems like CPS. Recently, systems theoretic process analysis (STPA) has emerged as a promising hazard analysis technique applicable to CPS; however despite its improvement over traditional techniques, it lacks a solid formal (rig-orous) approach making much of its application ad-hoc and open to a lot of the issues with non-rigorous methods. This paper presents a formal framework for the hazard identification step in STPA (STPA Step One). We show that the formal framework handles many of the issues that arise in a non-rigorous approach and makes the results from analysis less ambiguous and more complete. We also find that an explicit notion of system components is not necessary for undertaking hazard analysis on the system level much in line with the way systems are analyzed in other systems theory fields.