Formal Availability Analysis using Theorem Proving

Availability analysis is used to assess the possible failures and their restoration process for a given system. This analysis involves the calculation of instantaneous and steady-state availabilities of the individual system components and the usage of this information along with the commonly used availability modeling techniques, such as Availability Block Diagrams (ABD) and Fault Trees (FTs) to determine the system-level availability. Traditionally, availability analyses are conducted using paper-and-pencil methods and simulation tools but they cannot ascertain absolute correctness due to their inaccuracy limitations. As a complementary approach, we propose to use the higher-order-logic theorem prover HOL4 to conduct the availability analysis of safety-critical systems. For this purpose, we present a higher-order-logic formalization of instantaneous and steady-state availability, ABD configurations and generic unavailability FT gates. For illustration purposes, these formalizations are utilized to conduct formal availability analysis of a satellite solar array, which is used as the main source of power for the Dong Fang Hong-3 (DFH-3) satellite.Comment: 16 pages. arXiv admin note: text overlap with arXiv:1505.0264

Dynamic Dependability Analysis using HOL Theorem Proving with Application in Multiprocessor Systems

Dynamic dependability analysis has become an essential step in the design process of safety-critical systems to ensure the delivery of a trusted service without failures. Dependability usually encompasses several attributes, such as reliability and availability. A dynamic dependability model is created using one of the dependability modeling techniques, such as Dynamic Fault Trees (DFTs) and Dynamic Reliability Block Diagrams (DRBDs). Several analysis methods, including paper-and-pencil or simulation, exist for analyzing these models to ascertain various dependability related parameters. However, their results cannot be always trusted since they may involve some approximations, truncations or even errors. Formal methods, such as model checking and theorem proving, can be used to overcome these inaccuracy limitations due to their inherent soundness and completeness. However, model checking suffers from state-space explosion if the state space is large. While, theorem proving was used only for the static dependability analysis without considering the system dynamics. In order to conduct the formal dependability analysis of systems that exhibit dynamic failure behaviors within a theorem prover, these models need to be captured formally, where their structures, operators and properties are properly formalized. In this thesis, we provide a complete framework for the formal dependability analysis of systems modeled as DFTs and DRBDs in the HOL4 higher-order logic theorem prover. We provide the formalization of DFT gates and verify important simplification theorems based on well-known DFT algebra. In addition, our framework allows both qualitative and quantitative DFT analyses to be conducted using theorem proving. We use this formalization to formally verify the DFT rewrite rules, that are used by automated DFT analysis tools, to ascertain their correctness. Due to the lack of a DRBD algebra that allows the analysis using a theorem prover, in this thesis, we develop and formalize a novel algebra that includes operators and simplification theorems to formalize traditional RBD structures, such as the series and parallel, besides the DRBD spare construct. We formally verify their reliability expressions, which allows conducting both the qualitative and quantitative analyses of a given system. Leveraging upon the complementary nature of DFTs and DRBDs, our proposed framework provides the possibility of formally converting one model to the other, which allows reasoning about both the success and failure of a given system. Our framework provides generic expressions of probability of failure and reliability that are independent of the failure distribution of an arbitrary number of system components, which cannot be obtained using other formal tools, such as model checking. In order to demonstrate the usefulness of the proposed framework, we formally model and analyze the dependability of the terminal, broadcast and network reliability of shuffle-exchange networks, which are multistage interconnections networks that are used to connect the elements of multiprocessor systems. Conducting a sound analysis with generic expressions is essential in these systems, where it is required to accurately capture and analyze the failure behavior

Grey GERT Network Model of Equipment Lifetime Evaluation Based on Small Samples

The reliability evaluation of high reliability and long life equipment is widely concerned in recent decades. Enough failure samples of these kinds of equipment are not easy or economic to obtain in reliability test, in addition, experience information is sometimes inaccurate or uncertainty. To overcome the deficiency in traditional method which requires large numbers of samples, a quantitative analysis model of equipment reliability evaluation is proposed in this paper in view of the few failure data of equipment life tests. GERT network is introduced to describe the kinds of working states of the equipment system and random process of equipment state transition choice after stress impact of single component. Considering the uncertainty and inaccuracy of the statistical data and experience information, the parameters of GERT network are represented by interval grey number. The system equivalent transfer function could be obtained by GERT matrix solving algorithm, and the reliability evaluation of equipment system can be realized. The case study results show that the equipment reliability evaluation Grey-GERT model based on small samples would save much time with little accuracy losing. Besides, the study provides a new thinking for reliability accelerated life test

Resilient and Trustworthy Dynamic Data-driven Application Systems (DDDAS) Services for Crisis Management Environments

Future crisis management systems needresilient and trustworthy infrastructures to quickly develop reliable applications and processes, andensure end-to-end security, trust, and privacy. Due to the multiplicity and diversity of involved actors, volumes of data, and heterogeneity of shared information;crisis management systems tend to be highly vulnerable and subjectto unforeseen incidents. As a result, the dependability of crisis management systems can be at risk. This paper presents a cloud-based resilient and trustworthy infrastructure (known as rDaaS) to quickly develop secure crisis management systems. The rDaaS integrates the Dynamic Data-Driven Application Systems (DDDAS) paradigm into a service-oriented architecture over cloud technology and provides a set of resilient DDDAS-As-A Service (rDaaS) components to build secure and trusted adaptable crisis processes. The rDaaS also ensures resilience and security by obfuscating the execution environment and applying Behavior Software Encryption and Moving Technique Defense. A simulation environment for a nuclear plant crisis management case study is illustrated to build resilient and trusted crisis response processes

Analyzing Traffic and Multicast Switch Issues in an ATM Network.

This dissertation attempts to solve two problems related to an ATM network. First, we consider packetized voice and video sources as the incoming traffic to an ATM multiplexer and propose modeling methods for both individual and aggregated traffic sources. These methods are, then, used to analyze performance parameters such as buffer occupancy, cell loss probability, and cell delay. Results, thus obtained, for different buffer sizes and number of voice and video sources are analyzed and compared with those generated from existing techniques. Second, we study the priority handling feature for time critical services in an ATM multicast switch. For this, we propose a non-blocking copy network and priority handling algorithms. We, then, analyze the copy network using an analytical method and simulation. The analysis utilizes both priority and non-priority cells for two different output reservation schemes. The performance parameters, based on cell delay, delay jitter, and cell loss probability, are studied for different buffer sizes and fan-outs under various input traffic loads. Our results show that the proposed copy network provides a better performance for the priority cells while the performance for the non-priority cells is slightly inferior in comparison with the scenario when the network does not consider priority handling. We also study the fault-tolerant behavior of the copy network, specially for the broadcast banyan network subsection, and present a routing scheme considering the non-blocking property under a specific pattern of connection assignments. A fault tolerant characteristic can be quantified using the full access probability. The computation of the full access probability for a general network is known to be NP-hard. We, therefore, provide a new bounding technique utilizing the concept of minimal cuts to compute full access probability of the copy network. Our study for the fault-tolerant multi-stage interconnection network having either an extra stage or chaining shows that the proposed technique provides tighter bounds as compared to those given by existing approaches. We also apply our bounding method to compute full access probability of the fault-tolerant copy network