This document introduces ATICA4Capella, a model-based safety analysis framework and toolset for the aerospace industry. It uses the Capella modeling environment for systems engineering. The toolset allows defining functional requirements, performing a functional hazard analysis, and generating safety documentation. It also supports semi-automated fault tree analysis and is aligned with aerospace safety standards like ARP4761. A case study of applying the tools to an eVTOL vehicle design is presented. The document outlines ongoing work to further integrate requirements management and automated analysis capabilities.

1. | Last updated: 08/09/2023
model-based
safety analysis
framework
for the
aerospace
industry
ANZEN PUBLIC

2. Who are we?
2
ANZEN PUBLIC
System, safety and
reliability experts
✓ Highly experienced system-safety & reliability
engineers
✓ Specialization in complying with the highest quality
standards for safety/availability critical missions
Specialization
✓ Complex electronics
✓ Safety Critical Systems
✓ Autonomous & software
defined systems
Digitalization of
systems engineering
✓ Development and extension of model-based software
tools for digitalization of the system & safety
engineering process

3. Outline
• Introduction to digital engineering
• ATICA, our safety engineering hub
• ATICA4Capella
• Use case example: eVTOL vehicle
• Wrap-up and next steps
3
ANZEN PUBLIC

4. The systems engineering process
ANZEN PUBLIC 4
Model Based
Systems Engineering (MBSE)
Model
Based
Design
(MBD)
Digital
Twin
Model Based Safety Analysis
Mission
concept
System
design
Sub-system /
components
Use of digital tools to support the systems engineering process
Requirement management
tools
✓ Software data base
✓ Enhanced traceability
✓ Customization and reuse
Model Based System
Engineering
✓ Interoperability with
requirement tools
✓ Systems architecture
Model Based Design
✓ Interoperability with MBSE
✓ Systems prototyping and
detailed definition
✓ Simulation
✓ Automatic code generation
Digital Twin
✓ Enhanced virtual
representation of the
system
✓ Multi-physics simulation
✓ Operational scenarios
Product Life cycle
management
✓ Configuration
management and version
control
Model Based Safety
Analysis
✓ Interoperability
✓ Centralized source of
information
✓ Semi-automated analysis
and documentation

5. Framework and tools
ANZEN PUBLIC 5
Model Based
Systems Engineering (MBSE)
Model
Based
Design
(MBD)
Digital
Twin
Mathworks
Simulink
Mathworks
SystemComposer
Mathworks
RequirementsToolbox
Mathworks
Simscape
IBM
DOORS
IBM
RHAPSODY
ANSYS
SCADE
CAMEO
Systems Modeler
SIEMENS
TEAMCENTER
SIEMENS
POLARION
CAPELLA
Model Based Safety Analysis
Use of digital tools to support the systems engineering process

6. Framework and tools
ANZEN PUBLIC 6
Model Based
Systems Engineering (MBSE)
Model
Based
Design
(MBD)
Digital
Twin
Model Based Safety Analysis
ATICA Framework
ATICA
@reqs
ATICA
@mbsa
ATICA
@fdir
ATICA @rpf
ATICA @dt
ATICA
@mbd

7. ATICA, our safety engineering hub
ANZEN PUBLIC 7
ATICA
MBSA
Safety & Reliability
Analysis Backends
Requirements
Product Lifecycle
Management
Model Based Systems
Engineering
Model Based Design and
Simulation
atica4capella
On going
On going
prospect
prospect
CAMEO
CAPELLA
SIMULINK
SCADE
RHAPSODY
DOORS TEAM
CENTER JAMA
TEAM
CENTER
WIND
CHILL
SES
STUDIO

8. Outline
• Introduction to digital engineering
• ATICA, our safety engineering hub
• ATICA4Capella
• Use case example: eVTOL vehicle
• Wrap-up and next steps
8
ANZEN PUBLIC

9. Digitally-assisted design for safety
9
Operational
analysis
Systems
analysis
Logical
architectures
Physical
architecture
Design and
simulation
Model-based
systems engineering
(Arcadia)
Stakeholder
needs
Functional
requirements
System
requirements
Implementation
requirements
Requirement
management
Certification basis
/ SORA
Functional
Hazard Analysis
Fault Tree Analysis,
FMEA / FMECA
Reliability
Prediction
Model-based
safety analysis
(Atica)
V&V
requirements
System
integrator
Equipment
manufacturer
System
Operators
Safety
assessment
process on civil
airborne systems
ARP-4761
ANZEN PUBLIC
Tailored to ARP-4754A,
INCOSE, etc.

10. ATICA4Capella | MBSA toolset
10
ATICA
Model Based Safety Analysis
Model Based Systems
Engineering
Capella / Arcadia
MBSE front end ATICA4Capella
Safety metamodel plugin
ARP-4761
Safety methodology
- Integrated in
Capella/Arcadia
- Aligned with ARP-4761
Safety ontology:
- Failure Condition
- Functional Failure
- Failure Mode
Fault Tree Analysis Backend
Markov chain Backend
Probabilistic analysis Backend
Safety & Reliability
Analysis
Backends
ANZEN PUBLIC
Tailored to ARP-4754A,
INCOSE, etc.

11. ATICA4Capella
A Capella addon for model-based safety analysis
Pre-requisites (Capella versions)
• Capella 5.2 (nightly release)
• Capella 6+
ANZEN PUBLIC 11
Compatibility with other addons
• Requirements viewpoint
• M2Doc
anzenengineering.com/atica4capella-download/

12. ATICA4Capella | Safety metamodel
ANZEN PUBLIC 12
FHA
FTA
FMES /
FMECA

13. ATICA4Capella | Functional breakdown
ANZEN PUBLIC 13
System functions (functional breakdown)
Automatic document
generation based on
pre-defined templates
System analysis
Functional
Requirements
Functional
Hazard Analysis
System
requirements

14. ATICA4Capella | Functional breakdown
ANZEN PUBLIC 14
System functions (functional breakdown)
Tested with Capella 6.1

15. ATICA4Capella |
ANZEN PUBLIC 15
Model Based Safety Analysis
Functional Hazard Analysis (FHA)
System analysis
Functional
Requirements
FHA
System requirements
Functional Chains and Failure Conditions

16. ATICA4Capella |
ANZEN PUBLIC 16
Model Based Safety Analysis
Functional Hazard Analysis (FHA)
Functional Chains and Failure Conditions

17. ANZEN PUBLIC 17
Aligned with
ARP4761
prescriptions
FHA
ATICA4Capella | Model Based Safety Analysis
Functional Hazard Analysis (FHA)
Automatic report
generation
based on
template

18. ANZEN PUBLIC 18
ATICA4Capella | Model Based Safety Analysis
Fault tree analysis and FMEA
Logical and physical architectures
Enhanced
traceability from
conceptual
design to
implementation

19. Outline
• Introduction to digital engineering
• ATICA, our safety engineering hub
• ATICA4Capella
• Use case example: eVTOL vehicle
• Wrap-up and next steps
19
ANZEN PUBLIC

20. eVTOL mission description
20
❑ Autonomous vehicle
❑ 4 passengers
❑ Vertical take-off and landing
❑ Urban mobility
❑ 150km range / 1h autonomy
Stakeholder
needs
ANZEN PUBLIC

21. Operational Analysis
eVTOL Operational Concept
21
Stakeholder
needs
Certification basis
Functional
requirements
Analysis of Operational Capabilities
ANZEN PUBLIC

22. System analysis
eVTOL System Analysis
22
Functional
Requirements
Mission and system capabilities
ANZEN PUBLIC

23. System analysis
eVTOL System Analysis
23
Functional
Requirements
FHA
System
requirements
Mode diagram
ANZEN PUBLIC

24. System analysis
eVTOL System Analysis
24
Functional
Requirements
FHA
System
requirements
System functions (functional breakdown)
ANZEN PUBLIC

25. System analysis
eVTOL System Analysis
25
Functional
Requirements
FHA
System
requirements
System functions (system architecture)
ANZEN PUBLIC

26. System analysis
eVTOL System Analysis
26
Functional
Requirements
FHA
System
requirements
System functions (functional chains)
ANZEN PUBLIC

27. System analysis
eVTOL Functional Hazard Analysis
27
Functional
Requirements
FHA
System
requirements
Functional Hazard Analysis
ANZEN PUBLIC

28. System analysis
eVTOL Functional Hazard Analysis
28
Functional
Requirements
FHA
System
requirements
Functional Hazard Analysis (Failure Conditions)
ANZEN PUBLIC

29. eVTOL Functional Hazard Analysis
29
Aligned with
ARP4761
prescriptions
FHA
ANZEN PUBLIC

30. ANZEN PUBLIC 30
ATICA4Capella | Model Based Safety Analysis
Automatic document generation
Automatic document generation (right)
based on pre-defined (fully customizable) templates (left)

31. Outline
• Introduction to digital engineering
• ATICA, our safety engineering hub
• ATICA4Capella
• Use case example: eVTOL vehicle
• Wrap-up and next steps
31
ANZEN PUBLIC

32. Import (export) from (to) file
32
ANZEN PUBLIC
New Feature
Under consolidation

33. ATICA4Capella &
Requirements Viewpoint
33
Prob < 1e-9 h-1
ANZEN PUBLIC
New Feature
Under consolidation
One of the failure conditions
associated to the system
function is catastrophic
Requirements associated to
the failure condition, to be
verified by safety analysis
Requirements associated to
the system function, to be
considered for design

34. (Semi) automated safety analysis
ANZEN PUBLIC 34

35. 35
ANZEN PUBLIC
Fault Tree Analysis and Cut Sets
ATICA4Capella
New Feature
Under consolidation

36. 36
Cut Sets
ATICA4Capella
Results visualization directly
available in Capella and linked to
model elements
ANZEN PUBLIC
New Feature
Under consolidation

37. Fault Tree Analysis
37
Limited visualization features,
improvement on going
ATICA4Capella
Example from ARP-4761
• Failure of all three engines is catastrophic
Voter Voter
Voter
Backup OBC PSU 4 Engine 3
ANZEN PUBLIC
New Feature
Under consolidation
Failure
condition
Failure
modes

38. Key takeaways
ATICA4CAPELLA is a Capella add-on for safety analysis
✓ Especially conceived for the aerospace industry but applicable to other sectors
• ATICA safety metamodel complies with ARP-4761
• The framework can be tailored to meet specific use-cases and company policies
✓ Trial version available, compatible with Capella versions 5.2 and 6+
• Presentation of system analysis and FHA
• Advanced features under consolidation: Fault Tree Analysis, FMECA
ANZEN PUBLIC 38
anzenengineering.com/
atica4capella-download/

39. 39
Pablo Lopez Negro
ATICA Product Owner
pablolopez@anzenengineering.com
Luis Cárdenas
MBSE Engineer
luiscardenas@anzenengineering.com
ANZEN PUBLIC