Risk-Based Formal Requirement Elicitation for Automatic Spacecraft Maneuvering
As space continues to become more congested, automated techniques for spacecraft maneuvering become increasingly attractive for tasks such as collision avoidance, rendezvous and proximity operations, and station keeping. This work uses hazard analysis to elicit requirements for an autonomous spacecraft controller. Spacecraft maneuvers today are planned by human operators and conducted days to hours in advance. This represents a risk averse climate that is hesitant to rely on automation. In the absence of regulations governing automated maneuvering, a risk-based approach is a promising technique. First, top-down accidents, hazards, and safety constraints are identified. Second, a functional control model for an automatic collision avoidance system on a spacecraft in the context of a theoretical Space Traffic Management system is constructed using System Theoretic Accident Models and Processes (STAMP). Third, unsafe control actions, scenarios, and mitigating requirements are identified using Systems Theoretic Process Analysis (STPA). These requirements form the foundation for the development of automatic control designs for spacecraft. Finally, the safety constraints are formally specified as high level requirements as a path towards formal analysis of the system.