Modelling Multiple Levels of Abstraction in Hierarchical Control Structures

; ; (). Modelling Multiple Levels of Abstraction in Hierarchical Control Structures. In: 5th European STAMP/STPA Workshop and Conference. (September 13-15). Reykjavík, Iceland: Reykjavík University.

STPA makes use of a functional system representation in the form of a Hierarchical Control Structure and takes this model as starting point for the analysis process. The development of the Hierarchical Control Structure typically involves multiple iterations and starts at a rather abstract view which is refined during the modelling process. In the majority of cases the Hierarchical Control Structure Diagram is used synonymously to the Hierarchical Control Structure (model). In other words: The Hierarchical Control Structure Diagram is the model and besides of the diagram representation there is no more documentation.

Differentiating models from their representation as diagrams – which is common in model-based systems engineering – opens up a number of new opportunities. This applies to STPA as well. In the context of this talk, two of these opportunities will be addressed.

1) Depending on the analysis scope and the system analyzed, it is of advantage to visualize the Hierarchical Control Structure (model) with the help of multiple diagrams. For example when different mission phases like system development and system operation need to be considered. The idea is not to analyze the mission phases separately. This would be against the fundamental STAMP principle of holism. Instead the objective is to use multiple diagrams in order to represent different viewpoints and characteristics of one and the same system.  For example to explicitly highlight the interaction between the mission phases.

2) STPA is flexible with respect to the level of detail explicitly modelled in a Hierarchical Control Structure. A system may be modelled with only a handful of controllers irrespectively of the complexity of the system. However, the analyst may also decide to go into more details and identify for the same system many more controllers. Later represents the same system but at a different level of abstraction. It goes without saying that the level of abstraction not only affects controllers but the control flow, that is the control actions and feedback, as well. As a matter of fact, it is not uncommon to start the modelling process at an abstract level and refine the model stepwise while progressing with modelling. The second aspect in this talk addresses working with different levels of abstraction, discusses the pros and cons of this approach and touches upon the various consistency considerations which have to be taken into account.