Further Analyses

Owned by Tino Pförtner
Last updated: Aug 09, 2024
5 min read

Deriving Analyses from Design

To further analyze the effects of a cyber attack on high level system functions and functional safety an FMEA analysis and / FTA might be used. Based on the information stored in the system model an FMEA can be derived from a system element. Failure modes and failure nets (FMEA) can be used to derive an FTA.

Deriving FMEA

The FMEA structure can be derived by right-click on a system element in model explorer or diagram:

  1. Right-click on the system element representing the item.

  2. Choose Derive>FMEA

  3. Select folder (optional).

  4. Enter a name.

  5. Define additional root element (optional) (to be implemented).

  6. Click Finish.

An additional root element in step 3 might be needed in FMEA as an object containing failure effects.

Deriving FMEA from system element

The FMEA document is created and visible in the FMEA folder in the workspace. The editor shows the derived FMEA structure as demonstrated in the next figure.

Use the buttons in upper right corner of the window to toggle visibility of certain FMEA content. Please refer to page new FMEAUNDEFINED to complete FMEA structure as needed.

FMEA derived from system element

 

Synchronization between FMEA and UML Model

FMEA and UML model are bidirectionally synchronized:

  • FMEA => UML: Elements added to the FMEA structure using the FMEA editor are listed in in Package FMEA in the Model Explorer.

  • UML => FMEA: If changes are made to system design relevant for FMEA structure, this is displayed by the highlighted “Synchronize FMEA …” button in the upper right corner of the FMEA editor (to be implemented).

Example 1: In SOX functions diagram a failure mode “New FM” is added to a function after FMEA was derived. To synchronize FMEA with the UML model click on Synchronize FMEA … button. - Outcome: the FMEA Synchronizer wizard appears. Select elements to add to FMEA. It is also possible to delete elements from model in case they are no longer needed. Here the failure mode added to system design is chosen to be added to the FMEA.

 

Example 2: In the FMEA editor the malfunction added in example 1 is connected to the malfunction within system element ECU. The new “Effects” connection between the malfunctions is added to the UML model and can be seen in the model explorer in Folder FMEA.

 

Continue editing your FMEA structure. System elements, functions and malfunctions can be added to the structure as needed. Once the structure is completed, create action groups on causes of failure, define prevention and detection actions and create form sheets. Please refer to page new FMEAUNDEFINED for further details.

Deriving an FTA

There are several options for using model information for FTA:

  • Create a new FTA document on a malfunction.

  • Add a malfunction and its causes at a lower level to an existing FTA document by dragging and dropping.

  • Drag a single malfunction on a gate in an existing FTA document.

Creating a New FTA Document on a Malfunction (to be implemented)

A new FTA document can be created by right-clicking on a malfunction in the Model Explorer or a diagram:

  1. Right-click on a malfunction representing the top event of the fault tree (root).

  2. Choose Derive>FTA.

  3. Select folder (optional).

  4. Enter a name.

  5. Enter mission time (optional).

  6. Click Finish.

 

An FTA document is created and visible in the FTA folder in repository view. The selected malfunction is the root element of the fault tree. Due to the OR-semantics of connected malfunctions in design and FMEA (failure net) all malfunctions on a certain level are connected to a next higher-level malfunction via OR gates.

Change the type of gate as needed. To change the type of a gate right-click on it and select Change gate type.

Edit and complete the structure of the FTA.

Adding a Fault Tree to an Existing FTA Document by Dragging and Dropping

A malfunction and its causes on lower level can be added as a fault tree to an existing FTA document by dragging and dropping. Ensure that the Link with Editor button is activated in model explorer view. Locate the malfunction of interest in model explorer and drag it into an FTA document. You can either drop it into an empty document so that the malfunction becomes the root of the fault tree, or you drop it on a gate to add the fault tree below that gate. In either case click on Add fault tree in the dialog that appears.

 

 

Add or Replace a Gate in an Existing FTA Document

In addition, you can create or replace a gate by dragging and dropping of a malfunction from the Model Explorer on a gate in an FTA document. Either click on Replace or Create new gate in the Add fault tree dialog.

Synchronization Between FTA and UML Model

FTA and UML model are bidirectionally synchronized:

  • FTA =>UML: Malfunctions added to the failure tree using the FTA editor are listed in in Package FTA in model explorer

  • UML =>FTA: If changes are made to system design relevant for the failure tree this is displayed by the highlighted Synchronize FTA … button in the upper right corner of the FTA editor (to be implemented). The FTA Synchronizer wizard allows for selecting elements to add to FTA.