Hazard analysis for the requirements specification of safety-critical systems using the combination of FHA and FTA techniques

Hazard Analysis (HA) is a crucial process for identifying and mitigating risks associated with systems development. However, current HA techniques suffer from several limitations, including a lack of preliminary hazard identification and inadequate hazard documentation, which can lead to system breakdowns. Therefore, this research aims to enhance HA techniques by addressing these limitations by conducting HA in requirement specification and producing a more comprehensive hazard log. To achieve this aim, a research methodology consisting of three phases was designed. Phase 1 involved analyzing existing HA techniques and identifying gaps in hazard analysis. Phase 2 involved developing a combined hazard analysis technique that addresses these key limitations by integrating functional hazard analysis (FHA) and fault tree analysis (FTA) techniques. The proposed technique is intended for use during the requirement specification of system development to produce a comprehensive hazard log. In Phase 3, the proposed technique was evaluated through a case study of a generic patient-controlled analgesia pump model. The performance of the proposed technique was evaluated using the F1-score measure, precision, and accuracy. Four evaluation methods were used to compare the results of single FHA, single FTA, using both FHA and FTA, and combining FHA and FTA techniques. The results showed that the combined FHA and FTA technique achieved the highest performance value of 0.96 for accuracy and 0.98 for precision, recall, and F1-score measure. This concludes that though individually FHA produces a large output data while FTA is not a preliminary technique yet both of them complements each other to achieve the aim of conducting HA in requirement specification and produce a minimalized and comprehensive hazard log. Based on these findings, the combined FHA and FTA technique is recommended for implementation during the requirement specification of systems development to identify hazards and produce a comprehensive hazard log. Future directions for research could include automating the technique to identify hazards by analyzing system functions using the causal factors in terms of variables

Model-checking tool support for quantitative risk analysis and design for safety

This paper is concerned with quantitative analysis of tolerance of sensor hardware failures by control system software. The aim is to help the system designer evaluate the efectiveness of risk reduction measures in the system design. This paper proposes an approach for using stochastic model checking to evaluate how likely a given sensor failure mode is to lead to a hazardous system failure, taking control logic and sensor-update timing failures into account. In particular we propose two complementary techniques: one for examining short- term consequences of component failures and the other for examining more subtle longer-term consequences (so-called hidden failures). The techniques overcome scaling issues and yield valuable insights into the relative merits of dierent design decisions. The PRISM model checker is used for stochastic analysis of Continuous Time Markov Chain (CTMC) system models. The approach is illustrated on a case study from manufacturing, involving an industrial metal Press. Although relatively simple, the Press exhibits a wide range of different behaviours, including hidden failures and subtle race conditions

Safety analysis of software product lines using state-based modeling and compositional model checking

Software product lines are widely used due to their advantageous reuse of shared features while still allowing optional and alternative features in the individual products. In high-integrity product lines such as pacemakers, flight control systems, and medical imaging systems, ensuring that common and variable safety requirements hold as each new product is built or existing products are evolved is key to the safe operations of those systems. However, this goal is currently hampered by the complexity of identifying the interactions among common and variable features that may undermine system safety. This is largely due to (1) the fact that the available safety analysis techniques lack sufficient support for analyzing the combined effects of different features, and (2) existing techniques for identifying feature interactions do not adequately accommodate the presence of common features and results in repeated checking across different products. The work described here addresses the first problem by systematically exploring the relationships between behavioral variations and potential hazardous states through scenario guided executions of the state model over the variations. It contributes to a solution to the second problem by generating formal obligations at the interfaces between features, so that sequentially composed features can be verified in a way that allows reuse for subsequent products. The main contributions of this work are an approach to perform safety analysis on the variations in a product line using state-based modeling, a tool-supported technique that guides and manages the generation of model-checkable properties from product-line requirements, and a formal framework for model checking product-line features that removes restrictions on how the features can be sequentially composed. The techniques and their implementations are demonstrated in the context of a medical-device product line

Towards reliable and survivable ocean wave energy converters

Ocean wave energy is a new and developing field of renewable energy with great potential. The energy contained in one meter of an average wave off the coast of Newport Oregon could supply dozens of homes with electricity. However, ocean waves are usually quite irregular which leads to large bursts and lulls in the power available for extraction. These bursts and lulls generate large cyclic system stresses that will invariably work over time to damage an ocean wave energy converter. Due to the generally remote and extreme conditions of deployment, the reliability and survivability of an Ocean Wave Energy Converter (OWEC) are expected to greatly impact the cost of generated power passed to the consumer. For this reason, it is imperative that OWECs are both highly reliable during operation, and highly survivable through extreme conditions. This thesis is a compilation of three papers relating to the reliability and survivability of OWECs. The first paper broadly addresses the probabilistic design of ocean wave energy converters for real ocean waves. The analysis conducted in this paper used 13 years of data from the Stonewall Banks data buoy off the coast of Newport Oregon (NDBC buoy 46050) to extrapolate probabilistic information that could be used throughout the design process to improve system reliability. The second paper provides a definition and metric for the widely used term survivability. Survivability is often confused with the similar concept of reliability. The paper seeks to highlight differences between the two terms with the intention of clarifying their relation to system design. The final paper presents a method for concept evaluation in the earliest stages of design. A comparative function based failure analysis is conducted during the concept stage to aid in design selection. Selecting concepts that show promising failure traits early in the design process will improve the reliability and survivability of the final system

Communication protocols, queuing and scheduling delay analysis in CANDU SCWR hydrogen co-generation model

Industrial dynamical, Networked Control Systems (NCSs) are controlled over a communication network. We study a continuous-time CANada Deuterium Uranium-Super Critical Water Reactor (CANDU-SCWR) hydrogen plant and a discrete-time controller, sensor and actuator block, that are connected via a communication network, such as e.g. controller area network (CAN), Ethernet or wireless networks. Issues associated with NCSs are time-varying delays, timevarying sampling intervals and loss of data due to packet drop outs. Delays are also associated with software chosen, control system architecture and computation load. CANDU-SCWR hydrogen co-generation model reliability can be analyzed by dynamic flow graph methodology. We have analyzed the CANDU-SCWR feed water integration with the oxygen unit of copper chloride cycle and also conducted an analytical review of the current networked control system delays