DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

System Reliability Estimation of Divert Attitude Control System of a Launch Vehicle using Bayesian Networks

Divert attitude and control system (DACS) is a one-shot system and provides attitude correction and translation of the Launch vehicle. DACS consists of many flight critical sub systems which are arranged in a series configuration. The traditional Reliability block diagram and Fault tree diagram methods are unsuitable for reliability modelling, when considering uncertainty among the components and system. Bayesian network is the natural choice to model dependencies among the components and system. DACS being one shot system, it is very expensive and time consuming to test more number of systems during the design and development. Hence the data is drawn from component level, subsystem level and expert opinion is used for reliability estimation. In this paper, Bayesian network modelling of DAC system was carried out for estimating the reliability using multi-level data. An algorithm is developed for computation of Conditional probabilities in Bayesian network. Posterior probability distribution of components is calculated using Markov Chain Monte Carlo (MCMC) simulations and results are compared with Junction tree based exact inference algorithm. MATLAB code is developed to estimate the reliability of DAC system

A review of applications of fuzzy sets to safety and reliability engineering

Safety and reliability are rigorously assessed during the design of dependable systems. Probabilistic risk assessment (PRA) processes are comprehensive, structured and logical methods widely used for this purpose. PRA approaches include, but not limited to Fault Tree Analysis (FTA), Failure Mode and Effects Analysis (FMEA), and Event Tree Analysis (ETA). In conventional PRA, failure data about components is required for the purposes of quantitative analysis. In practice, it is not always possible to fully obtain this data due to unavailability of primary observations and consequent scarcity of statistical data about the failure of components. To handle such situations, fuzzy set theory has been successfully used in novel PRA approaches for safety and reliability evaluation under conditions of uncertainty. This paper presents a review of fuzzy set theory based methodologies applied to safety and reliability engineering, which include fuzzy FTA, fuzzy FMEA, fuzzy ETA, fuzzy Bayesian networks, fuzzy Markov chains, and fuzzy Petri nets. Firstly, we describe relevant fundamentals of fuzzy set theory and then we review applications of fuzzy set theory to system safety and reliability analysis. The review shows the context in which each technique may be more appropriate and highlights the overall potential usefulness of fuzzy set theory in addressing uncertainty in safety and reliability engineering

Bayesian Methods for Estimating the Reliability of Complex Systems Using Heterogeneous Multilevel Information

We propose a Bayesian approach for assessing the reliability of multicomponent systems. Our models allow us to evaluate system, subsystem, and component reliability using the available multilevel information. Data are collected over time, and include pass/fail, lifetime, censored, and degradation data. We illustrate the methodology through an example and discuss how to extend the approach to more complex systems

Integrated Scenario-Based Methodology for Project Risk Management

Project risk management is currently used in several industries and mandated by government acquisition agencies around the world to manage uncertainty in an effort to improve a project's probability of success. Common practice involves developing a list of risk items scored with probability and consequence ordinal scales by committee usually focusing on cost and schedule issues. A scenario based process modeling construct is introduced using a hybrid Probabilistic Risk Assessment and Decision Analysis framework integrating project development risks with operational system risks. Project management's decisions are explicitly modeled and ranked based on risk importance to the project. Multiple consequence attributes are unified providing a basis for computing total project risk. This study shows that such an approach leads to an analysis system where scenarios tracing risk items to many possible consequences are explicitly understood; the interaction between cost, schedule, and performance models drive the analysis; probabilities for overruns, delays, increased system hazards are determined directly; and state-of-the-art quantification techniques are directly applicable. All these enhance project management's capability to respond with more effective decisions

Fault Tree Analysis: a survey of the state-of-the-art in modeling, analysis and tools

Fault tree analysis (FTA) is a very prominent method to analyze the risks related to safety and economically critical assets, like power plants, airplanes, data centers and web shops. FTA methods comprise of a wide variety of modelling and analysis techniques, supported by a wide range of software tools. This paper surveys over 150 papers on fault tree analysis, providing an in-depth overview of the state-of-the-art in FTA. Concretely, we review standard fault trees, as well as extensions such as dynamic FT, repairable FT, and extended FT. For these models, we review both qualitative analysis methods, like cut sets and common cause failures, and quantitative techniques, including a wide variety of stochastic methods to compute failure probabilities. Numerous examples illustrate the various approaches, and tables present a quick overview of results

Compositional dependability analysis of dynamic systems with uncertainty

Over the past two decades, research has focused on simplifying dependability analysis by looking at how we can synthesise dependability information from system models automatically. This has led to the field of model-based safety assessment (MBSA), which has attracted a significant amount of interest from industry, academia, and government agencies. Different model-based safety analysis methods, such as Hierarchically Performed Hazard Origin & Propagation Studies (HiP-HOPS), are increasingly applied by industry for dependability analysis of safety-critical systems. Such systems may feature multiple modes of operation where the behaviour of the systems and the interactions between system components can change according to what modes of operation the systems are in.MBSA techniques usually combine different classical safety analysis approaches to allow the analysts to perform safety analyses automatically or semi-automatically. For example, HiP-HOPS is a state-of-the-art MBSA approach which enhances an architectural model of a system with logical failure annotations to allow safety studies such as Fault Tree Analysis (FTA) and Failure Modes and Effects Analysis (FMEA). In this way it shows how the failure of a single component or combinations of failures of different components can lead to system failure. As systems are getting more complex and their behaviour becomes more dynamic, capturing this dynamic behaviour and the many possible interactions between the components is necessary to develop an accurate failure model.One of the ways of modelling this dynamic behaviour is with a state-transition diagram. Introducing a dynamic model compatible with the existing architectural information of systems can provide significant benefits in terms of accurate representation and expressiveness when analysing the dynamic behaviour of modern large-scale and complex safety-critical systems. Thus the first key contribution of this thesis is a methodology to enable MBSA techniques to model dynamic behaviour of systems. This thesis demonstrates the use of this methodology using the HiP-HOPS tool as an example, and thus extends HiP-HOPS with state-transition annotations. This extension allows HiP-HOPS to model more complex dynamic scenarios and perform compositional dynamic dependability analysis of complex systems by generating Pandora temporal fault trees (TFTs). As TFTs capture state, the techniques used for solving classical FTs are not suitable to solve them. They require a state space solution for quantification of probability. This thesis therefore proposes two methodologies based on Petri Nets and Bayesian Networks to provide state space solutions to Pandora TFTs.Uncertainty is another important (yet incomplete) area of MBSA: typical MBSA approaches are not capable of performing quantitative analysis under uncertainty. Therefore, in addition to the above contributions, this thesis proposes a fuzzy set theory based methodology to quantify Pandora temporal fault trees with uncertainty in failure data of components.The proposed methodologies are applied to a case study to demonstrate how they can be used in practice. Finally, the overall contributions of the thesis are evaluated by discussing the results produced and from these conclusions about the potential benefits of the new techniques are drawn

System diagnosis using a bayesian method

Today’s engineering systems have become increasingly more complex. This makes fault diagnosis a more challenging task in industry and therefore a significant amount of research has been undertaken on developing fault diagnostic methodologies. So far there already exist a variety of diagnostic methods, from qualitative to quantitative. However, no methods have considered multi-component degradation when diagnosing faults at the system level. For example, from the point a new aircraft takes off for the first time all of its components start to degrade, and yet in previous studies it is presumed that apart from the faulty component, other components in the system are operating in a healthy state. This thesis makes a contribution through the development of an experimental fuel rig to produce high quality data of multi-component degradation and a probabilistic framework based on the Bayesian method to diagnose faults in a system with considering multi-component degradation. The proposed method is implemented on the fuel rig data which illustrates the applicability of the proposed method and the diagnostic results are compared with the neural network method in order to show the capabilities and imperfections of the proposed method