基于STPA的飞机交流系统供电转换安全性分析方法研究  

作　　者：田毅 陈杰辉 袁海宵[4] 马世耀 TIAN Yi;CHEN Jiehui;YUAN Haixiao;MA Shiyao(College of Safety Science and Engineering,Civil Aviation University of China,Tianjin 300300,China;Sino-European Institute of Aviation Engineering,Civil Aviation University of China,Tianjin 300300,China;Tianjin Aviation Equipment Safety and Airworthiness Technology Innovation Center,Tianjin 300300,China;Electrical Integration Department,Shanghai Aircraft Design and Research Institute,Shanghai 201210,China)

机构地区：[1]中国民航大学安全科学与工程学院,天津300300 [2]中国民航大学中欧航空工程师学院,天津300300 [3]天津市航空装备安全性与适航技术创新中心,天津300300 [4]上海飞机设计研究院电气集成部,上海201210

出　　处：《航空工程进展》2024年第2期108-116,共9页Advances in Aeronautical Science and Engineering

基　　金：天津市航空装备安全性与适航技术创新中心开放基金(JCZX-2022-KF-07)。

摘　　要：飞机交流发电系统是整机的主要电力来源,应对其进行完善的安全性分析。传统安全性分析方法对系统组件间非线性交互引起的安全问题关注较少,当研制型号支持数据不足时,存在分析遗漏风险。根据典型交流发电系统供电转换过程基本特点,基于STPA方法构建安全控制结构图,识别不安全控制行为(UCA),引入相似系统的失效模式及影响分析(FMEA)结果,分析UCA致因因素和致因场景,使用时间自动机理论的形式化工具进行系统建模与验证;通过专家评判及事故对比来验证该方法的正确性。结果表明:在传统分析方法的基础上引入STPA方法,能够有效识别出不安全控制行为和事故发生的原因,该方法可以作为传统方法的有效补充。The aircraft AC power generation system is the main source of power for the whole aircraft,so a com-plete safety analysis is required.Traditionally safety analysis pays less attention to the security problems caused by nonlinear interaction between system components.Especially when the support data of the developed model is insuf-ficient,there is a risk of analysis omission.According to the basic characteristics of the power supply conversion process of AC power generation system,this paper constructs a safety control structure chart and identify unsafe control action(UCA)based on the STPA method,and introduces the failure model and effect analysis(FMEA)of similar system to analyse the UCA cause factor and cause scenario.Using formal tool of timed automata theory,the system modeling and verification are carried out.The correctness of this methods is confirmed by expert evalua-tion and accident comparison.The result shows that the introduction of STPA based on traditional safety analysis methods can effectively identify unsafety control action and the causes of accident,which can be an effective supple-ment to the traditional method.

关 键 词：飞机交流发电系统 STPA UCA 时间自动机理论 

分 类 号：V242.2[航空宇航科学与技术—飞行器设计]