Real-time risk assessment for maritime autonomous surface ships based on STPA and FTPN

doi:10.16265/j.cnki.issn1003-3033.2024.08.1290

Abstract

Abstract:

In order to monitor the risk during the navigation of MASS, the safety control structure of MASS was constructed based on System-theoretic Accident Model and Process (STAMP). STPA was used to define the losses/accidents and system-level hazards, identify unsafe control actions, analyze loss scenarios, and construct an accident model for system state transition. FTPN was used to model the process model, and a given MASS navigation situation was used to obtain the relevant fuzzy time functions and to project the situational evolution of FTPN. A new risk level expression was introduced, and a two-dimensional path diagram of system loss/accident was used to visualize the real-time system risk level and system unsafe states transition paths. The results show that at the current moment of the set navigation situation, no safe water depth input, no updated collision avoidance path, unsafe heading and speed, and grounding are the highest risk system unsafe states and correspond to the four highest risk transition paths. The study shows that the FTPN process model driven by STPA can comprehensively assess the real-time risk level of MASS navigation. Visualize real-time risk with a two-dimensional path diagram of real-time losses/accidents of the system, which can monitor the unsafe system states during MASS navigation and describe their transition paths.

Key words: systems-theoretic process analysis (STPA), maritime autonomous surface ships (MASS), fuzzy-timing Petri net (FTPN), transition path, real-time risk assessment

CLC Number:

X913.4安全系统工程

XI Yongtao, LIU Pengjie, HU Shenping, HAN Bing. Real-time risk assessment for maritime autonomous surface ships based on STPA and FTPN[J]. China Safety Science Journal, 2024, 34(8): 18-26.

Figures/Tables 10

Fig.1

Fig.2

Table 1

Results of defining the purpose of the analysis

H	库所	系统级危险	安全约束	追溯路径
H₁	$P H 1$	MASS未与他船保持安全距离	MASS需保证不会导致CS的安全距离	A₁
H₂	$P H 2$	MASS相对他船航向和航速不安全	MASS需确保当前航向/航速不会导致CS	A₁
H₃	$P H 3$	MASS未满足富余水深限制	MASS需确保富余水深满足富余水深限制	A₂
H₄	$P H 4$	MASS相对浅滩的航向/航速不安全	MASS需确保当前航向/航速可凭自身行动避免搁浅	A₂

Table 1

Fig.3

Table 2

Traceability between the outputs of STPA and the corresponding FTPN places

STPA输出	追溯路径
A	A₁\ $P A 1$		A₂\ $P A 2$
H	H₁\ $P H 1$	H₂\ $P H 2$	H₃\ $P H 3$	H₄\ $P H 4$
U	U₁\ $P U 1$ ; U₂\ $P U 2$ ; U₃\ $P U 3$ ; U₄\ $P U 4$
L	U₁\ $P U 1$ ← L₁\ $P L 1$ -L₁₁\ $P L 11$	U₂\ $P U 2$ ← L₁₂\ $P L 12$ -L₁₅\ $P L 15$	U₃\ $P U 3$ ← L₁₆\ $P L 16$ -L₂₄\ $P L 24$	U₄\ $P U 4$ ← L₂₅\ $P L 25$ -L₃₅\ $P L 35$

Table 2

Fig.4

Table 3

Table 4

Relevant fuzzy time function dE,v(τ)

E	v	d_E_,_v(τ)	E	v	d_E_,_v(τ)
T₁× $P U 1$	$P L 3$	d₁(τ)=(177,190,190,207)	T₁× $P U 4$	$P L 3$	d₁₀(τ)=(390,449,449,564)
T₂× $P H 1$	$P L 3 P U 1$	d₂(τ)=(113,120,120,132)	T₃× $P H 1$	$P L 3 P U 4$	d₁₁(τ)=(0,0,0,0)
T₄× $P A 1$	$P L 3 P U 1 P H 1$	d₃(τ)=(192,213,213,216)	T₄× $P A 1$	$P L 3 P U 4 P H 1$	d₁₂(τ)=∞
T₂× $P H 2$	$P L 3 P U 1$	d₄(τ)=(167,188,188,211)	T₃× $P H 2$	$P L 3 P U 4$	d₁₃(τ)=∞
T₅× $P A 1$	$P L 3 P U 1 P H 2$	d₅(τ)=(139,145,145,157)	T₅× $P A 1$	$P L 3 P U 4 P H 2$	d₁₄(τ)=∞
T₂× $P H 3$	$P L 3 P U 1$	d₆(τ)=(267,278,278,356)	T₃× $P H 3$	$P L 3 P U 4$	d₁₅(τ)=(14,14,14,14)
T₆× $P A 2$	$P L 3 P U 1 P H 3$	d₇(τ)=(28,28,28,28)	T₆× $P A 2$	$P L 3 P U 4 P H 3$	d₁₆(τ)= (14,14,14,14)
T₂× $P H 4$	$P L 3 P U 1$	d₈(τ)=(0,0,0,0)	T₃× $P H 4$	$P L 3 P U 4$	d₁₇(τ)= (0,0,0,0)
T₇× $P A 2$	$P L 3 P U 1 P H 4$	d₉(τ)=(274,306,306,396)	T₇× $P A 2$	$P L 3 P U 4 P H 4$	d₁₈(τ)=(28,28,28,28)

Table 4

Table 5

Case evolution and calculation results of FTPN in the case study

情态	层	库所	托肯	托肯颜色	(τ_x,Q_x)
c₁	L层	$P L 3$	t₁/ $P L 3$	{ $P L 3$ , $P L 3$ ,1,(0,0,0,0)}	(0,1)
c₂	U层	$P U 1$	t₁/ $P U 1$	{ $P U 1$ , $P L 3 P U 1$ ,2,(177,190,190,207)}	(191,1)
c₂	U层	$P U 4$	t₁/ $P U 4$	{ $P U 4$ , $P L 3 P U 4$ >,2,(390,449,449,564)}	(468,0)
c₃	H层	$P H 1$	t₁/ $P H 1$	{ $P H 1$ , $P L 3 P U 1 P H 1$ ,3,(290,310,310,339)}	(313,0)
		$P H 1$	t₂/ $P H 1$	{ $P H 1$ , $P L 3 P U 4 P H 1$ ,3,(390,449,449,564)}	(468,0)
		$P H 2$	t₁/ $P H 2$	{ $P H 2$ , $P L 3 P U 1 P H 2$ ,3,(344,378,378,418)}	(380,0)
		$P H 2$	t₂/ $P H 2$	{ $P H 2$ , $P L 3 P U 4 P H 2$ ,3,∞}	(∞,0)
		$P H 3$	t₁/ $P H 3$	{ $P H 3$ , $P L 3 P U 1 P H 3$ ,3,(444,468,468,563)}	(492,0)
		$P H 3$	t₂/ $P H 3$	{ $P H 3$ , $P L 3 P U 4 P H 3$ ,3,(404,463,463,578)}	(482,0)
		$P H 4$	t₁/ $P H 4$	{ $P H 4$ , $P L 3 P U 1 P H 4$ ,3,(177,190,190,207)}	(191,1)
		$P H 4$	t₂/ $P H 4$	{ $P H 4$ , $P L 3 P U 4 P H 4$ ,3,(390,449,449,564)}	(468,0)
c₄	A层	$P A 1$	t₁/ $P A 1$	{ $P A 1$ , $P L 3 P U 1 P H 2 P A 1$ ,4,(482,523,523,555)}	(520,0.348)
			t₂/ $P A 1$	{ $P A 1$ , $P L 3 P U 1$ P_H2 $P A 1$ ,4,∞}	(∞,0)
			t₃/ $P A 1$	{ $P A 1$ , $P L 3 P U 4 P H 2 P A 1$ ,4,(483,523,523,575)}	(527,0.445)
			t₄/ $P A 1$	{ $P A 1$ , $P L 3 P U 4$ P_H2 $P A 1$ ,4,∞}	(∞,0)
		$P A 2$	t₁/ $P A 2$	{ $P A 2$ , $P L 3 P U 1 P H 3 P A 2$ ,4,(472,496,496,591)}	(520,0.566)
			t₂/ $P A 2$	{ $P A 2$ , $P L 3 P U 1 P H 3 P A 2$ ,4,(418,477,477,592)}	(496,0.828)
			t₃/ $P A 2$	{ $P A 2$ , $P L 3 P U 4 P H 4 P A 2$ ,4,(451,496,496,603)}	(517,0.779)
			t₄/ $P A 2$	{ $P A 2$ , $P L 3 P U 4 P H 4 P A 2$ ,4,(418,477,477,592)}	(496,0.828)

Table 5

Fig.5

References 16

[1]	UTNE I B, ROKSETH B, SØRENSEN A J, et al. Towards supervisory risk control of autonomous ships[J]. Reliability Engineering & System Safety, 2020, 196: DOI: 10.1016/j.ress.2019.106757.
[2]	ZHANG Yingyu, DONG Chuntong, GUO Weiqun, et al. Systems theoretic accident model and process (STAMP): a literature review[J]. Safety Science, 2021: DOI: 10.1016/j.ssci.2021.105596.
[3]	LEVESON N G, THOMAS J. STPA handbook[Z]. Massachusetts Institute of Technology, 2018.
[4]	张浦哲, 吴兵, 严新平, 等. 内河船舶远程驾驶控制系统安全分析[J]. 中国安全科学学报, 2022, 32(8):126-132. doi: 10.16265/j.cnki.issn1003-3033.2022.08.1069
	ZHANG Puzhe, WU Bing, YAN Xinping, et al. Safety analysis for remote control system of inland ships[J]. China Safety Science Journal, 2022, 32(8):126-132. doi: 10.16265/j.cnki.issn1003-3033.2022.08.1069
[5]	CHAAL M, VALDEZ BANDA O A, GLOMSRUD J A, et al. A framework to model the STPA hierarchical control structure of an autonomous ship[J]. Safety Science, 2020, 132: DOI: 10.1016/j.ssci.2020.104939.
[6]	CEYLAN B O, AKYUZ E, ARSLANOĞLU Y. Modified quantitative systems theoretic accident model and processes (STAMP) analysis: a catastrophic ship engine failure case[J]. Ocean Engineering, 2022, 253: DOI: 10.1016/j.oceaneng.2022.111187.
[7]	ZELESKIDIS A, DOKAS I M, PAPADOPOULOS B K. Knowing the safety level of a system in real-time: an extended mathematical model of the STAMP-based RealTSL methodology[J]. Safety Science, 2022, 152: DOI: 10.1016/j.ssci.2022.105739.
[8]	RASTRABANK N. Risk management guidelines for banks and financial institutions[R]. Bank of Tanzania, 2018.
[9]	席永涛, 张靓, 付姗姗, 等. 基于SFN-SD的北极冰区船舶航行风险传递路径研究[J]. 中国安全科学学报, 2023, 33(4):52-60. doi: 10.16265/j.cnki.issn1003-3033.2023.04.0840
	XI Yongtao, ZHANG Liang, FU Shanshan, et al. Research on risk transfer path of ship navigation in Arctic waters based on SFN and SD[J]. China Safety Science Journal, 2023, 33(4):52-60. doi: 10.16265/j.cnki.issn1003-3033.2023.04.0840
[10]	吴哲辉. Petri网导论[M]. 北京: 机械工业出版社, 2006:1-24.
[11]	杜彦华, 范玉顺. 资源约束下多过程的不确定时间建模与分析[J]. 机械工程学报, 2010, 46(4):169-176.
	DU Yanhua, FAN Yushun. Modeling and analyzing of uncertain time for multi-process of workflows with resource constraints[J]. Journal of Mechanical Engineering, 2010, 46(4):169-176.
[12]	MURATA T. Temporal uncertainty and fuzzy-timing high-level Petri nets[C]. International Conference on Application and Theory of Petri Nets, 1996:11-28.
[13]	ZHOU YI, MURATA T. Petri net model with fuzzy timing and fuzzy-metric temporal logic[J]. International Journal of Intelligent Systems, 1999, 14(8):719-745.
[14]	周翔宇, 吴兆麟, 王凤武, 等. 自主船舶的定义及其自主水平的界定[J]. 交通运输工程学报, 2019, 19(6):149-162.
	ZHOU Xiangyu, WU Zhaolin, WANG Fengwu, et al. Definition of autonomous ship and its autonomy level[J]. Journal of Traffic and Transportation Engineering, 2019, 19(6):149-162.
[15]	ZHU Qinghua, XI Yongtao, HU Shenping, et al. Spatial-temporal analysis method of ship traffic accidents involving data field: an evidence from risk evolution of ship collision[J]. Ocean Engineering, 2023, 276: DOI: 10.1016/j.oceaneng.2023.114191.
[16]	王胜正, 申心泉, 赵建森, 等. 基于ASAE深度学习预测海洋气象对船舶航速的影响[J]. 交通运输工程学报, 2018, 18(2):139-147.
	WANG Shengzheng, SHEN Xinquan, ZHAO Jiansen, et al. Prediction of marine meteorological effect on ship speed based on ASAE deep learning[J]. Journal of Traffic and Transportation Engineering, 2018, 18(2):139-147.

T	含义
T₁	SCC未得到高风险警报、未提供必要的控制输入等
T₂	自主避碰/航线跟踪系统未提供避碰路径更新
T₃	S₁船已处于紧迫危险阶段或已无法避免搁浅
T₄	S₁船未减速停止、警告他船等
T₅	S₁船未紧急改变航向航速、警告他船等
T₆	S₁船未减速停船、改变船体姿态、减少吃水等
T₇	S₁船未紧急改变航向航速等