An Accident Model with Considering Physical Processes for Indoor Environment Safety

Round 1

Reviewer 1 Report

The idea of the paper is original to how abnormal system behaviors cause indoor climate anomalies and try to develop a system that guarantee the safely on home. This paper proposes an extending of the Systems-Theoretic Accident
Model and Process (STAMP) with considering physical processes (STAMP-
PP). In addition, a System-Theoretic Process Analysis (STPA) is adapted to a
smart home system for indoor temperature adjustment. There is minor comments, please cite the following reference talk about machine learning for smart building applications: https://dl.acm.org/citation.cfm?id=3311950

Author Response

Point 1: There is minor comments, please cite the following reference talk about machine learning for smart building applications: https://dl.acm.org/citation.cfm?id=3311950

Response 1: Because machine learning can be taken as a solution to enable a smart home environment in the viewpoint of implementation, the reference paper provided by the reviewer can be cited in Section 2.1 Smart Home when discussing the smart home. Thus, one sentence, that is, "Possible solutions that enable the smart of a smart home can resort to techniques like machine learning \cite{Djenouri2019}." can be added at line 115 in order to cite the reference.

Point 2: As can be seen from the review report, the reviewer selected "Must be improved" to the question "Does the introduction provide sufficient background and include all relevant references?". Moreover, by considering the minor comment in Point 1, it is reasonable to infer that the reviewer wanted the authors to cite the reference provided by the reviewer in the section of Introduction.

Response 2: The main contributions of this paper are about an extension of the accident model STAMP, and an application of the tailored hazard analysis technique, i.e., STPA. Techniques related to the implementation of the smart home, for example, machine learning is not mainly considered in this paper. Therefore, the authors recommend citing the reference provided by the reviewer as talked in Response 1. Because there is no other comment on the section of Introduction, this section is left as it was.

Reviewer 2 Report

In this paper, the authors present an accident model with considering physical processes for indoor environment safety, which extend the STAMP model with considering physical processes. More specifically, the authors use a tailored STPA approach. The paper show a comparison with the original STPA model. However, there are some problems as follows.

Author Response

Point 1: Some figures are difficult to understand, especially figure 8 and 9.

Response 1: Figures 8 and 9 are the results of applying the tailored STPA, which documented by using the LGLD approach that has been discussed in Section 4, especially Section 4.2 and Figure 5. The authors think that the difficulties in understanding Figures 8 and 9 come from the lack of explicitly saying that the results are documented by the LGLD approach when introducing Figures 8 and 9. Thus, it may be difficult for the reviewer to understand each part of Figures 8 and 9 in connection with the LGLD approach. To solve this problem, the authors recommend adding an explanation at the beginning of introducing Figures 8 and 9. That is the sentence at line 502 can be revised to: "Part of the results are shown in Figures 8 and 9, which adopted the LGLD approach introduced in Section 4.2 for the documentation. They are illustrating the results of analyzing the control actions "set OFF" and "set to X ºC"."

Point 2: When comparing results, the advantages of the tailored STPA over the original STPA are not clear.

Response 2: In Section 4.4 when comparing the results, the comparison of the results of the first step of STPA is discussed in the third paragraph, and the comparison of the results of the second step of STPA is discussed in the last paragraph. The advantages of the tailored STPA are discussed at the end of Section 5 (from line 630 to line 652). That is the advantages are discussed in the section of the discussion, not in Section 4.4 when comparing the results. The authors think that one possible improvement to this is that explicitly saying at the end of Section 4.4 that the discussion of the advantages will be at the end of Section 5. Also, it is better to add some statements about the differences of resulting documentation by the LGLD approach and conventional tables and lists. Thus, we could add the following statements at the end of Section 4.4. "The results that documented by tables and lists are separated. It is a trivial problem when checking the relations between the results that were documented by the conventional approach. The LGLD approach integrated the results and overcame this problem. We will discuss the advantages of the tailored STPA at the end of Section 5."

Reviewer 3 Report

The paper presents an extension of the STAMP (Systems-Theoretic Accident Model and Process) model with considering Physical Processes to understand accident formation. The model is then applied to smart home systems.

Strong points of the paper include the theoretical approach to the problem, even if it could have included more formal details.

I was not very satisfied with the depth of the analysis with respect to related works. For example, the authors do not consider many related works on intelligent system that take into account outside environments such as https://doi.org/10.1016/j.entcom.2019.100306. It would perhaps be interesting to extend the discussion in order to consider these recent works, comparing the presented model with the other existing approaches, highlighting their novelty of the work.

However, I think the paper is well structured, highly readable and self contained so I propose a minor revision considering the inclusion of some of the suggestions.

Author Response

Point 1: the authors do not consider many related works on intelligent system that take into account outside environments such as 10.1016/j.entcom.2019.100306. It would perhaps be interesting to extend the discussion in order to consider these recent works, comparing the presented model with the other existing approaches, highlighting their novelty of the work.

Response 1: Accident models and hazard analysis techniques are techniques in the system safety research area. They are designated to use in the phase of requirement elicitation of system development. Generally, they are solving problems related to the understanding of accident formation and analysis of hazards based on some accident models, etc. We adopted them to apply in the smart home environment in the present paper. That's why we mainly discussed the prevalent accident models in the related work. Smart home systems in the present paper refer to the indoor climate adjustment service (discussed from line 150 to line 153, and Section 3.2.1). There are do may related works on intelligent systems that take into account outside environments (according to the paper the reviewer provided, the authors think that it might be a misspelling and perhaps should be indoor/inside environments). However, the ones that deal with other problems rather than safety may not be necessarily discussed in the related work. The reason is that they and the present paper solve different problems, and thus the comparability is low. As this paper talked about applying the accident model to smart home systems that adjust the indoor climate. We thus recommend adding a subsection in Section 6 to discuss related work about safety researches about smart home systems as follows.

"In the past, safety researches inside the home environment used to based on events or chain-of-event. With the emergence of the so-called smart homes, safety researches inside the home environment also have new forms. Some referred to monitoring the home environment. With the purpose to detect safety problems of indoor climate abnormal variations, \cite{yang2013} proposed a CPS (Cyber-Physical Systems) home safety architecture to support an event-based detection. \cite{yang2006} presented a method that maps the real home connection to a virtual home environment, together with related policies to ensure remote monitoring, to ensure home safety. Elderly safety in the smart home environment was achieved by analyzing and inferring locations, time slots, and period of stay of elderly \cite{Kim2013}. Robot techniques were also employed, e.g., \cite{lee2010} developed a robot which can, for example, sense gas leakage and shut off the gas valve. Others focus on a specific part of the home. \cite{Yared2015} proposed to risk analysis and assessment when cooking to prevent potential risks. This is due to the kitchen is also prone to safety problems like gas leakage and fire accidents. Electricity is also an important risk factor. \cite{hasan2012} adopted an alert circuit with a voltage level indicator to prevent the smart solar home system from being overloaded and damaged. With cloud computing techniques become pervasive in implementing smart home systems, risks like cloud service unavailability have also been introduced. To overcome this, \cite{Doan2018} discussed the home resilience in the presence of could unavailability and proposed RES-Hub, i.e., a stand-alone hub to ensure the continuity of required functionalities.

Most of the work like the discussion above focuses on implement systems to deal with home safety problems. If not properly designed and implemented, the system itself can be a risk factor. Thus, requirement elicitation becomes critical. Conventional safety-related techniques are applied to safety-critical areas, e.g., aviation \cite{allison2017}. Our work employed these techniques to the smart home systems."