MBSE-driven early Risk Management: A Framework for the NEBULA-Xplorer mission
G.S. Pantoji (TU Delft - Aerospace Engineering)
I. Akay – Mentor (TU Delft - Aerospace Engineering)
Martin Grim – Mentor (SRON–Netherlands Institute for Space Research)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Most mission costs and risks are determined early, but risk assessments are performed late when design freedom is low. Traditional document-based dependability methods fail to inform early design choices. This research explored how Model-Based Systems Engineering (MBSE) can embed risk management within system architecture to shift dependability analysis earlier in the lifecycle.
The objective was to develop a fault-detection and risk-assessment framework integrated with MBSE to improve early-phase design evaluation for the NEBULA-Xplorer mission. The study addressed how MBSE models can represent fault-critical information, what early fault patterns can be detected, how external analysis can be integrated, and how effective the resulting framework is in identifying system-level risks. A layered, tool-agnostic framework was developed that combined four layers: requirements traceability, rule-based fault detection, graph-based failure analysis, and severity-driven risk assessment. Functional, structural, and parametric model views were enhanced with design and failure attributes such as redundancy, power, and radiation tolerance.
Failure propagation was analysed using graph-theory metrics (connectivity, min-cut, and centrality) to identify single points of failure and structural bottlenecks. Results were then translated into an ECSS-aligned Functional FMEA, producing a structured risk assessment directly from the MBSE model. The framework was applied and demonstrated in the Capella environment for the NEBULA-Xplorer, a student X-ray observation mission developed at SRON. The mission’s resource constraints and educational nature made it ideal for demonstrating a lightweight, explainable MBSE-based dependability process. Analyses highlighted key functions acting as system-level bottlenecks, validating the framework’s ability to expose early architectural vulnerabilities.
The framework satisfied all functional and non-functional requirements and aligned with ECSS dependability standards. Validation against FEMMP criteria confirmed strengths in methodological rigour, traceability, and automation, while identifying improvement in scalability and GUI maturity. The approach enabled traceable, modeldriven fault detection and risk assessment during Phases A–B, reducing manual analysis effort.
This work demonstrates that MBSE can evolve from a descriptive modelling tool into a driver of early, actionable, model-based risk management. Future extensions should incorporate multi-failure scenarios, degradation states, time-dependent behaviours, and improved usability to further strengthen risk management within MBSE.
help_outline