A study of the selection of microcomputer architectures to automate planetary spacecraft power systems

Performance and reliability models of alternate microcomputer architectures as a methodology for optimizing system design were examined. A methodology for selecting an optimum microcomputer architecture for autonomous operation of planetary spacecraft power systems was developed. Various microcomputer system architectures are analyzed to determine their application to spacecraft power systems. It is suggested that no standardization formula or common set of guidelines exists which provides an optimum configuration for a given set of specifications

Integrating model checking with HiP-HOPS in model-based safety analysis

The ability to perform an effective and robust safety analysis on the design of modern safety–critical systems is crucial. Model-based safety analysis (MBSA) has been introduced in recent years to support the assessment of complex system design by focusing on the system model as the central artefact, and by automating the synthesis and analysis of failure-extended models. Model checking and failure logic synthesis and analysis (FLSA) are two prominent MBSA paradigms. Extensive research has placed emphasis on the development of these techniques, but discussion on their integration remains limited. In this paper, we propose a technique in which model checking and Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) – an advanced FLSA technique – can be applied synergistically with benefit for the MBSA process. The application of the technique is illustrated through an example of a brake-by-wire system

Model-based dependability analysis : state-of-the-art, challenges and future outlook

Abstract: Over the past two decades, the study of model-based dependability analysis has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models - typically state automata - to explore system behaviour through fault injection. This paper reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for model-based dependability analysis

Supervisory Control System Architecture for Advanced Small Modular Reactors

This technical report was generated as a product of the Supervisory Control for Multi-Modular SMR Plants project within the Instrumentation, Control and Human-Machine Interface technology area under the Advanced Small Modular Reactor (SMR) Research and Development Program of the U.S. Department of Energy. The report documents the definition of strategies, functional elements, and the structural architecture of a supervisory control system for multi-modular advanced SMR (AdvSMR) plants. This research activity advances the state-of-the art by incorporating decision making into the supervisory control system architectural layers through the introduction of a tiered-plant system approach. The report provides a brief history of hierarchical functional architectures and the current state-of-the-art, describes a reference AdvSMR to show the dependencies between systems, presents a hierarchical structure for supervisory control, indicates the importance of understanding trip setpoints, applies a new theoretic approach for comparing architectures, identifies cyber security controls that should be addressed early in system design, and describes ongoing work to develop system requirements and hardware/software configurations

An integrated approach to system design, reliability, and diagnosis

The requirement for ultradependability of computer systems in future avionics and space applications necessitates a top-down, integrated systems engineering approach for design, implementation, testing, and operation. The functional analyses of hardware and software systems must be combined by models that are flexible enough to represent their interactions and behavior. The information contained in these models must be accessible throughout all phases of the system life cycle in order to maintain consistency and accuracy in design and operational decisions. One approach being taken by researchers at Ames Research Center is the creation of an object-oriented environment that integrates information about system components required in the reliability evaluation with behavioral information useful for diagnostic algorithms. Procedures have been developed at Ames that perform reliability evaluations during design and failure diagnoses during system operation. These procedures utilize information from a central source, structured as object-oriented fault trees. Fault trees were selected because they are a flexible model widely used in aerospace applications and because they give a concise, structured representation of system behavior. The utility of this integrated environment for aerospace applications in light of our experiences during its development and use is described. The techniques for reliability evaluation and failure diagnosis are discussed, and current extensions of the environment and areas requiring further development are summarized

Managing Systemic Risk in Legal Systems

The American legal system has proven remarkably robust even in the face vast and often tumultuous political, social, economic, and technological change. Yet our system of law is not unlike other complex social, biological, and physical systems in exhibiting local fragility in the midst of its global robustness. Understanding how this “robust yet fragile†(RYF) dilemma operates in legal systems is important to the extent law is expected to assist in managing systemic risk — the risk of large local or even system-wide failures — in other social systems. Indeed, legal system failures have been blamed as partly responsible for disasters such as the recent financial system crisis and the Deepwater Horizon oil spill. If we cannot effectively manage systemic risk within the legal system, however, how can we expect the legal system to manage systemic risk elsewhere? This Article employs a complexity science model of the RYF dilemma to explore why systemic risk persists in legal systems and how to manage it. Part I defines complexity in the context of the institutions and instruments that make up the legal system. Part II defines the five dimensions of robustness that support functionality of the legal system: (1) reliability; (2) efficiency; (3) scalability; (4) modularity, and (5) evolvability. Part III then defines system fragility, examining the internal and external constraints that impede legal system robustness and the fail-safe system control strategies for managing their effects. With those basic elements of the RYF dilemma model in place, Part IV defines systemic risk, exploring the paradoxical role of increasingly organized complexity brought about by fail-safe strategies as a source of legal system failure. There is no way around the RYF dilemma — some degree of systemic risk is inherent in any complex adaptive system — but the balance between robustness and fragility is something we can hope to influence. To explore how, Part V applies the RYF dilemma model to a concrete systemic risk management context — oil drilling in the deep Gulf of Mexico. The legal regime governing offshore oil exploration and extraction has been blamed as contributing to the set of failures that led to the catastrophic Deepwater Horizon spill and is at the center of reform initiatives. Using this case study, I argue that the RYF dilemma model provides valuable insights into how legal systems fail and how to manage legal systemic risk