Markus Schacher is co-founder and KnowBody of KnowGravity Inc., a small but smart consulting company based in Zurich, Switzerland and specialized in model-based engineering. As a trainer, Markus ran the first public courses on UML in Switzerland back in early 1997 and as a consultant he helped many large projects introducing and applying model-based techniques. As an active member of the Object Management Group (OMG), Markus is involved in the development of various modeling languages such as the Business Motivation Model (BMM), the Semantics of Business Vocabulary and Business Rules (SBVR), and the UML Testing Profile (UTP). He is co-author of three books on business rules, SysML, and operational risk as well as a frequent presenter in international conferences.
Model-based Risk Analysis in the Railways Domain
Back in 2010 the Swiss Railways started an initiative to standardize the interfaces of their highly safety-relevant interlocking systems across all suppliers. As the leading contractor, KnowGravity Inc. approached this challenge in an entirely model-based way: from model-based requirements engineering in SysML, over executable specifications in xUML and model-based testing using the UML testing profile (UTP), down to model-based planning and document production. So, it was only natural to perform risk analysis in a model-based way as well. In this presentation I will show how we developed a formal model to predict and evaluate critical behavior of complex heterogeneous systems utilizing the mechanism of UML profiling. Developing a UML profile for risk analysis enabled us to apply common techniques such as HAZOP, FMEA, FTA and ETA using a commercial UML modeling tool. It also made tight model integration and comprehensive traceability between risk models and other languages implemented as UML profiles possible. I will discuss the organizational as well as technical challenges we were (and still are) facing, particularly the reuse of model elements across multiple systems and components to be able to "model by difference" the risk-related aspects of a whole family of systems.