CECILIA
CECILIA workshop (the merge of CECILIA OCAS and CECILIA ARBOR) is a graphical tool for editing and computing fault trees and MBSA models (cuts, sequences, probabilities).
It can also be used to contribute to complementary studies, such as analysis of common modes (non dissimilar hardware or software, power supply, etc.), zonal analysis (fire, hydraulic leakage, etc.), analysis of particular risks (lightning, engine burst, bird strike, etc.) or determination of the MMEL (for dispatch purposes).
MBSA models are based on the “AltaRica Data-Flow” formal language and can be simulated step by step.
CECILIA Workshop is a Dassault Aviation tool, used by its teams for both development and certification, for both FTA and MBSA modules. CECILIA is developed, maintained and distributed exclusively by SATODEV.
FAULT TREES
CECILIA workshop lets you edit fault trees (FTAs). Tree creation is simple and intuitive. Layout is automatic. Breakdown into sub-trees enables work to be prioritized. Tree consistency is checked on opening and after each save.
The “CECILIA – fault trees” training course is available to help you master the subtleties of this software.
CECILIA Workshop’s FTA module is widely used by Dassault Aviation for demonstrations of safety objectives as defined in CS 25.1309 and reliability objectives, within the framework of civil and/or military certification and qualification of its aircraft.
MBSA MODELS
CECILIA Workshop lets you edit and simulate MBSA models. The graphical interface automatically generates AltaRica code, leaving the “transitions” and “assertions” to the user. Once the basic bricks have been built, equipment and systems are constructed by composition (drag & drop of components, intuitive links, numerous layers available).
Once syntax and semantic consistency has been verified, the model can be simulated step by step, enabling functional behavior and fault propagation to be visualized graphically.
Numerous public models are available, from the simplest to the most advanced, to illustrate the tool’s capabilities.
The “CECILIA – MBSA models” training course is available to help you master the subtleties of the tool.
CECILIA Workshop (MBSA module and computations) has been qualified 3 times as a tool for demonstrating safety objectives within the meaning of CS 25.1309, as part of the certification process for the Dassault Aviation aircrafts Falcon 7X (2007), Falcon 8X(2016) and Falcon 6X (2023), notably for the flight control system.
ONERA used the same modules for the safety analysis of a light UAV in SAIL III category (Specific Assurance Integrity Level). In 2024, THALES obtained the first Design Verification Report (DVR) issued by EASA for its AVEM 300 UAV (and its critical CERBERE autopilot system), in collaboration with Aeromapper and ONERA.
COMPUTATIONS
Many functions and parameters can be shared between fault trees and MBSA models. This is the case for the generation and resolution of Boolean equations (static models). This gives access to cut computations (Functional Failures Set for the combination of development errors, Minimal Cuts Set for the combination of random failures) as well as probabilities computations. For the latter, numerous variables can be parameterized (distribution laws, failure rates, inspection times, dormant failures, different computations methods, etc.).
Cuts can be post-processed by re-computating them according to attributes (which can be defined), a very useful tool for contributing to common causes analyses.
For dynamic or looped models (MBSA only), computations are performed using the sequence generator.
Documents reporting the results of all these computations can be generated automatically.
The proper use of these computations is covered in the “CECILIA – MBSA models” and “CECILIA- fault trees” training courses.
Finally, the MBSA model can be exported in suitable formats for stochastic Monte Carlo simulations, or ingested by a model-checker.
TEST CECILIA
Our experts will work with you, free of charge and without obligation, to explain the features of CECILIA workshop and meet your specific needs. A one-hour demonstration is available by videoconference.
