Model-based dependability analysis : state-of-the-art, challenges and future outlook

Abstract: Over the past two decades, the study of model-based dependability analysis has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models - typically state automata - to explore system behaviour through fault injection. This paper reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for model-based dependability analysis

Automatic phased mission system reliability model generation

There are many methods for modelling the reliability of systems based on component failure data. This task becomes more complex as systems increase in size, or undertake missions that comprise multiple discrete modes of operation, or phases. Existing techniques require certain levels of expertise in the model generation and calculation processes, meaning that risk and reliability assessments of systems can often be expensive and time-consuming. This is exacerbated as system complexity increases. This thesis presents a novel method which generates reliability models for phasedmission systems, based on Petri nets, from simple input files. The process has been automated with a piece of software designed for engineers with little or no experience in the field of risk and reliability. The software can generate models for both repairable and non-repairable systems, allowing redundant components and maintenance cycles to be included in the model. Further, the software includes a simulator for the generated models. This allows a user with simple input files to perform automatic model generation and simulation with a single piece of software, yielding detailed failure data on components, phases, missions and the overall system. A system can also be simulated across multiple consecutive missions. To assess performance, the software is compared with an analytical approach and found to match within 5% in both the repairable and non-repairable cases. The software documented in this thesis could serve as an aid to engineers designing new systems to validate the reliability of the system. This would not require specialist consultants or additional software, ensuring that the analysis provides results in a timely and cost-effective manner

Model-Based Assurance for Satellites with Commercial Parts in Radiation Environments

Small satellite projects often do not have the budget or schedule to incorporate radiation-hardened parts or extensive radiation test campaigns into their schedule. Yet a case must be made that the spacecraft will function as intended in orbit, with radiation, temperature and vacuum affecting part performance. The Vanderbilt Institute for Space and Defense Electronics, with support from NASA HQ, NASA NEPP, and NASA JPL, has developed a platform for making a safety case for systems with commercial (non-hardened) parts, called the Systems Engineering Assurance and Modeling (SEAM) platform. The platform has three elements: goal structuring notation (GSN), systems engineering models (SysML and our extensions), and Bayesian networks (BN). The GSN is a visual argument structure that presents an argument that the system meets specifications based on goals, strategies, and evidence. The systems engineering model is a high-level descriptive language that captures the spacecraft design and system architecture through various diagrams. We extend the SysML diagram set to include fault propagation diagrams, which map the environment, failure manifestations, anomalies, failure effects and responses (mitigation measures) of components and systems. The SEAM platform provides a low-cost alternative to conventional radiation hardening assurance paradigms

Development of an algorithm for automated cause-consequence diagram construction.

Cause-consequence analysis is one of the best tools available for a comprehensive reliability study. The cause-consequence diagram (CCD) method, like fault tree analysis, represents the failure logic of the system, but in addition the CCD also identifies the complete set of consequences following a given initiating event. While there are well-developed commercialized software packages for fault tree evaluation and construction, no satisfactory methodology has been published for automated cause-consequence chart synthesis. Hence this paper outlines the development of an algorithm for automated causeconsequence diagram construction. The algorithm builds on methods developed previously for fault tree construction, such as topology diagrams, describing how components are linked together in a system, and component decision tables which model component behaviour. Using this information rules have been developed which enable the construction of the CCD. Once constructed the diagram can be quantified to give exact system reliability. To demonstrate the construction the algorithm is applied to a simple example

Integrated assurance assessment of a reconfigurable digital flight control system

The integrated application of reliability, failure effects and system simulator methods in establishing the airworthiness of a flight critical digital flight control system (DFCS) is demonstrated. The emphasis was on the mutual reinforcement of the methods in demonstrating the system safety

A novel qualitative prospective methodology to assess human error during accident sequences

Numerous theoretical models and techniques to assess human error were developed since the 60's. Most of these models were developed for the nuclear, military, and aviation sectors. These methods have the following weaknesses that limit their use in industry: the lack of analysis of underlying causal cognitive mechanisms, need of retrospective data for implementation, strong dependence on expert judgment, focus on a particular type of error, and/or analysis of operator behaviour and decision-making without considering the role of the system in such decisions. The purpose of the present research is to develop a qualitative prospective methodology that does not depend exclusively on retrospective information, that does not require expert judgment for implementation and that allows predicting potential sequences of accidents before they occur. It has been proposed for new (or existent) small and medium- scale facilities, whose processes are simple. To the best of our knowledge, a methodology that meets these requirements has not been reported in literature thus far. The methodology proposed in this study was applied to the methanol storage area of a biodiesel facility. It could predict potential sequences of accidents, through the analysis of information provided by different system devices and the study of the possible deviations of operators in decision-making. It also enabled the identification of the shortcomings in the human-machine interface and proposed an optimization of the current configuration.Fil: Calvo Olivares, Romina Daniela. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de Cuyo. Facultad de Ingenieria. Instituto de Capacitación Especial y Desarrollo de Ingeniería Asistida por Computadora; ArgentinaFil: Rivera, Selva Soledad. Universidad Nacional de Cuyo. Facultad de Ingenieria. Instituto de Capacitación Especial y Desarrollo de Ingeniería Asistida por Computadora; ArgentinaFil: Núñez Mc Leod, Jorge Eduardo. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de Cuyo. Facultad de Ingenieria. Instituto de Capacitación Especial y Desarrollo de Ingeniería Asistida por Computadora; Argentin

Impact Of Fault Current Limiters And Demand Response On Electric Utility Asset Management Programs

Over-currents are known to be the dominant cause of power system component failures or deterioration from full functionality. Some of these effects may remain unknown and could later result in catastrophic failures of the entire or large portions of the system. There are plenty of devices/methods available to limit the undesirable consequences of the over-current events. These devices/methods have great impact on system reliability by reducing stress on power system components and increasing their useful lifetime. Due to the importance of the subject, there is tremendous need to analyze and compare these devices/methods in terms of reliability. However, few researches have been reported on analyzing reliability impacts of these devices. Reported studies, in the meantime, appear to have investigated these effects qualitatively rather than quantitatively. This is mainly due to lack of a mathematical model to study the direct impacts of over-current values on system reliability. The main stream of reliability calculations are normally based on statistical measures of system outages rather than electrical parameters such as over-current values. Over-currents usually appear in two common forms of fault currents and overload currents. Fault Current Limiters (FCL) and protection devices are commonly used to limit the impact of fault currents. FCL’s limit the magnitude of fault currents and protection devices limit the exposure time of the component to the fault current and therefore have great impact on increasing the lifetime of the components. Overloads, on the other hand, have smaller magnitudes than those of fault currents but can still be destructive because of normally much longer exposure times. Overcoming overload problems usually requires control strategies such as generation rescheduling, and/or load shedding, and optimized usage of existing assets. Using Demand Response (DR) programs are one of the most effective ways of reducing overload burdens on the power system. In this dissertation, simulation models are developed and used to determine the effect of FCL on reducing the magnitude of fault currents. Various case studies will be performed to calculate the effectiveness of FCL’s in real power system applications. Then, security/dependability studies on the protection systems will be performed to analyze and calculate their effectiveness in reducing exposure times to fault currents. Based on the calculated indices, proper selection of protection schemes can be made based on the desired level of dependability/security. In the next part of the work, a mathematical model is developed to calculate the effect of fault current magnitude and duration on the reliability and asset management. Using the developed model and results of the earlier sections of this research work, the impact of protection systems and FCL devices on reliability and asset management programs are quantitatively calculated and compared. The results from such studies will assist in maintenance planning and in proper selection of the fault current limiting devices with regards to desired reliability and asset management programs. DR programs are introduced and modeled in this dissertation as an effective tool in reducing overload burdens on power system components. Using the developed mathematical model, DR programs are studied and compared in terms of reliability improvement that they provide by preventing unnecessary increase in the component failure rates