Elicitation of requirements for safety critical aero-enginecontrol systems is dependent on the capture of core design intent andthe systematic derivation of requirements addressing hazardousdeviations from that intent. Derivation of these requirements isinextricably linked to the safety assessment process. Conventional civilaerospace practice (as advocated by guidelines such as ARP4754 andARP4671) promotes the application of Functional Hazard Assessment (FHA)to sets of statements of functional intent. Systematic hazard analysisof scenario-based requirements representations is less well understood.This paper discusses the principles and problems of hazard analysis andproposes an approach to conducting hazard analysis on use caserequirements representations. Using the approach, it is possible tojustifiably derive hazard-mitigation use cases as first classrequirements from systematic hazard analysis of core design intentscenarios. An industrial example is used to illustrate the technique
展开▼