diff --git a/safety-analysis/linux-abstract-control-structure.dot b/safety-analysis/linux-abstract-control-structure.dot
new file mode 100644
index 0000000..793a295
--- /dev/null
+++ b/safety-analysis/linux-abstract-control-structure.dot
@@ -0,0 +1,91 @@
+digraph G {
+node [shape=box width=0.8 height=0.5 labelloc=c margin=0.1
+      fontname="Open Sans" fontsize=14 style=filled fillcolor=white]
+graph [splines=ortho ranksep=0.6 nodesep=0.6]
+edge [fontname="Open Sans" fontsize=12]
+layout=dot; overlap=false;
+ordering=out; compound=true; newrank=true;
+
+subgraph cluster_user {
+    label="Application workloads" labeljust=l color=lightgrey
+    fontname="Open Sans" fontsize=16 style=filled margin=10
+    rvc [label="Safety workloads" width=3.2 fillcolor=red fontcolor=yellow]
+    ivi [label="Other workloads" width=4]
+    }
+
+subgraph cluster_os {
+    label="OS" labeljust=l
+    fontname="Open Sans" fontsize=16 margin=10 style=filled color=lightgrey
+
+    subgraph cluster_services {
+    label="Services" color=darkgrey labeljust=l labelloc=b margin=5
+        systemd [label="Service Manager" width=4]
+        services [label="Other Services"]
+        compositor [label="Compositor" width=1.5]
+        }
+
+    subgraph cluster_kernel {
+        label="Kernel" color=darkgrey labeljust=l labelloc=b margin=5
+        acon [label="Access control" width=3.4]
+        dcon [label="Device control"]
+        tcon [label="Task control"]
+        mman [label="Memory Management" width=3.5]
+        dint [label="Device interfaces" width=3.5]
+        }
+    syscall [shape=circle width=0.3 height=0.3 fontsize=11
+        label="" xlabel="syscall, sysfs,\nprocfs, etc." fontcolor=darkgreen]
+    interrupt [shape=circle width=0.3 height=0.3 fontsize=11
+        label="" xlabel="IRQ, NMI\nException" fontcolor=darkgreen]
+    }
+
+subgraph cluster_hardware {
+    label="Hardware" style=filled color=lightgrey labelloc=t labeljust=l
+    fontname="Open Sans" fontsize=16 margin=11
+    memory [label="Memory"]
+    processor [label="CPU"]
+    Watchdog [fillcolor=red fontcolor=yellow]
+    Network
+    GPU
+    Other
+    }
+
+
+{rank=same; rvc; ivi;}
+{rank=same; systemd; syscall;}
+{rank=same; compositor; services; dcon; tcon;}
+{rank=same; interrupt; dint}
+{rank=same; Other; GPU; Network; memory; processor; Watchdog;}
+
+rvc -> systemd [ltail=cluster_user lhead=cluster_services]
+rvc -> systemd [dir=back style=dashed ltail=cluster_user lhead=cluster_services]
+ivi -> syscall [dir=none ltail=cluster_user weight=3]
+ivi -> acon [dir=back style=dashed ltail=cluster_user lhead=cluster_kernel weight=3]
+rvc -> ivi [dir=both color=blue]
+
+syscall -> acon [lhead=cluster_kernel]
+interrupt -> Network [dir=none lhead=cluster_hardware]
+interrupt -> dint [lhead=cluster_kernel]
+
+systemd -> syscall [dir=none ltail=cluster_services lhead=cluster_kernel weight=1]
+services -> mman [dir=back style=dashed ltail=cluster_services lhead=cluster_kernel]
+
+systemd -> compositor
+systemd -> compositor [dir=back style=dashed]
+systemd -> services
+systemd -> services [dir=back style=dashed]
+compositor -> services [dir=both color=blue]
+
+acon -> dcon
+dcon -> mman
+dcon -> mman [dir=back style=dashed]
+acon -> mman
+acon -> mman [dir=back style=dashed]
+acon -> tcon
+tcon -> mman
+tcon -> mman [dir=back style=dashed]
+mman -> dint [ltail=cluster_kernel]
+mman -> dint [dir=back style=dashed ltail=cluster_kernel]
+
+dint -> processor [lhead=cluster_hardware]
+dint -> memory [dir=back style=dashed lhead=cluster_hardware]
+}
diff --git a/safety-analysis/linux-abstract-control-structure.md b/safety-analysis/linux-abstract-control-structure.md
new file mode 100644
index 0000000..3ce59c3
--- /dev/null
+++ b/safety-analysis/linux-abstract-control-structure.md
@@ -0,0 +1,13 @@
+# Linux abstract control structure model
+
+Example of an abstract STPA control structure model for Linux-based operating systems.
+
+* Boxes are *controllers* or *controlled processes*
+  - May be logical roles or abstractions rather than concrete components
+* Red highlights show where safety-certified components may be included
+* Solid black arrows indicate *control actions*
+* Dashed black arrows indicate *feedback*
+* Blue arrows indicate *information or data flow*
+* Circles labelled in green are interface details included for clarity
+
+![STPA control structure diagram](linux-abstract-control-structure.png)
diff --git a/safety-analysis/linux-abstract-control-structure.png b/safety-analysis/linux-abstract-control-structure.png
new file mode 100644
index 0000000..b1cab7d
Binary files /dev/null and b/safety-analysis/linux-abstract-control-structure.png differ