Compositional dependability analysis of dynamic systems with uncertainty

Over the past two decades, research has focused on simplifying dependability analysis by looking at how we can synthesise dependability information from system models automatically. This has led to the field of model-based safety assessment (MBSA), which has attracted a significant amount of interest from industry, academia, and government agencies. Different model-based safety analysis methods, such as Hierarchically Performed Hazard Origin & Propagation Studies (HiP-HOPS), are increasingly applied by industry for dependability analysis of safety-critical systems. Such systems may feature multiple modes of operation where the behaviour of the systems and the interactions between system components can change according to what modes of operation the systems are in.MBSA techniques usually combine different classical safety analysis approaches to allow the analysts to perform safety analyses automatically or semi-automatically. For example, HiP-HOPS is a state-of-the-art MBSA approach which enhances an architectural model of a system with logical failure annotations to allow safety studies such as Fault Tree Analysis (FTA) and Failure Modes and Effects Analysis (FMEA). In this way it shows how the failure of a single component or combinations of failures of different components can lead to system failure. As systems are getting more complex and their behaviour becomes more dynamic, capturing this dynamic behaviour and the many possible interactions between the components is necessary to develop an accurate failure model.One of the ways of modelling this dynamic behaviour is with a state-transition diagram. Introducing a dynamic model compatible with the existing architectural information of systems can provide significant benefits in terms of accurate representation and expressiveness when analysing the dynamic behaviour of modern large-scale and complex safety-critical systems. Thus the first key contribution of this thesis is a methodology to enable MBSA techniques to model dynamic behaviour of systems. This thesis demonstrates the use of this methodology using the HiP-HOPS tool as an example, and thus extends HiP-HOPS with state-transition annotations. This extension allows HiP-HOPS to model more complex dynamic scenarios and perform compositional dynamic dependability analysis of complex systems by generating Pandora temporal fault trees (TFTs). As TFTs capture state, the techniques used for solving classical FTs are not suitable to solve them. They require a state space solution for quantification of probability. This thesis therefore proposes two methodologies based on Petri Nets and Bayesian Networks to provide state space solutions to Pandora TFTs.Uncertainty is another important (yet incomplete) area of MBSA: typical MBSA approaches are not capable of performing quantitative analysis under uncertainty. Therefore, in addition to the above contributions, this thesis proposes a fuzzy set theory based methodology to quantify Pandora temporal fault trees with uncertainty in failure data of components.The proposed methodologies are applied to a case study to demonstrate how they can be used in practice. Finally, the overall contributions of the thesis are evaluated by discussing the results produced and from these conclusions about the potential benefits of the new techniques are drawn

Addressing Complexity and Intelligence in Systems Dependability Evaluation

Engineering and computing systems are increasingly complex, intelligent, and open adaptive. When it comes to the dependability evaluation of such systems, there are certain challenges posed by the characteristics of “complexity” and “intelligence”. The first aspect of complexity is the dependability modelling of large systems with many interconnected components and dynamic behaviours such as Priority, Sequencing and Repairs. To address this, the thesis proposes a novel hierarchical solution to dynamic fault tree analysis using Semi-Markov Processes. A second aspect of complexity is the environmental conditions that may impact dependability and their modelling. For instance, weather and logistics can influence maintenance actions and hence dependability of an offshore wind farm. The thesis proposes a semi-Markov-based maintenance model called “Butterfly Maintenance Model (BMM)” to model this complexity and accommodate it in dependability evaluation. A third aspect of complexity is the open nature of system of systems like swarms of drones which makes complete design-time dependability analysis infeasible. To address this aspect, the thesis proposes a dynamic dependability evaluation method using Fault Trees and Markov-Models at runtime.The challenge of “intelligence” arises because Machine Learning (ML) components do not exhibit programmed behaviour; their behaviour is learned from data. However, in traditional dependability analysis, systems are assumed to be programmed or designed. When a system has learned from data, then a distributional shift of operational data from training data may cause ML to behave incorrectly, e.g., misclassify objects. To address this, a new approach called SafeML is developed that uses statistical distance measures for monitoring the performance of ML against such distributional shifts. The thesis develops the proposed models, and evaluates them on case studies, highlighting improvements to the state-of-the-art, limitations and future work

A personal history of Hawkes process

This paper is based on an interview with Alan Hawkes about the series of five papers pub�lished 1971–1974 on self-exciting and mutually-exciting point processes that came to be known as Hawkes processes. This is supplemented by additional material describing the background before the papers were published, why it was 40 years before he returned to the subject of Hawkes processes and some of the things that have since been achieved

Multi-criteria decision methods to support the maintenance management of complex systems

[ES] Esta tesis doctoral propone el uso de métodos de toma de decisiones multi-criterio (MCDM, por sus iniciales en inglés) como herramienta estratégica para apoyar la gestión del mantenimiento de sistemas complejos. El desarrollo de esta tesis doctoral se enmarca dentro de un acuerdo de cotutela entre la Università degli Studi di Palermo (UNIPA) y la Universitat Politècnica de València (UPV), dentro de sus respectivos programas de doctorado en 'Ingeniería de Innovación Tecnológica' y 'Matemáticas'. Estos programas están estrechamente vinculados a través del tópico MCDM, ya que proporciona herramientas cruciales para gestionar el mantenimiento de sistemas complejos reales utilizando análisis matemáticos serios. El propósito de esta sinergia es tener en cuenta de forma sólida la incertidumbre al atribuir evaluaciones subjetivas, recopilar y sintetizar juicios atribuidos por varios responsables de la toma de decisiones, y tratar con conjuntos grandes de esos elementos. El tema principal del presente trabajo de doctorado es el gestionamiento de las actividades de mantenimiento para aumentar los niveles de innovación tecnológica y el rendimiento de los sistemas complejos. Cualquier sistema puede ser considerado objeto de estudio, incluidos los sistemas de producción y los de prestación de servicios, entre otros, mediante la evaluación de sus contextos reales. Esta tesis doctoral propone afrontar la gestión del mantenimiento a través del desarrollo de tres líneas principales de investigación estrechamente vinculadas. ¿ La primera es el núcleo, e ilustra la mayoría de los aspectos metodológicos de la tesis. Se refiere al uso de métodos MCDM para apoyar decisiones estratégicas de mantenimiento, y para hacer frente a la incertidumbre que afecta a los datos/evaluaciones, incluso cuando están involucrados varios responsables (expertos en mantenimiento) en la toma de decisiones. ¿ La segunda línea desarrolla análisis de fiabilidad para sistemas complejos reales (también en términos de fiabilidad humana) sobre cuya base se debe implementar cualquier actividad de mantenimiento. Estos análisis consideran la configuración de fiabilidad de los componentes del sistema en estudio y las características específicas del entorno operativo. ¿ La tercera línea de investigación aborda aspectos metodológicos importantes de la gestión de mantenimiento y enfatiza la necesidad de monitorizar el funcionamiento de las actividades de mantenimiento y de evaluar su efectividad utilizando indicadores adecuados. Se ha elaborado una amplia gama de casos de estudio del mundo real para evaluar la eficacia de los métodos MCDM en el mantenimiento y así probar la utilidad del enfoque propuesto.[CA] Aquesta tesi doctoral proposa l'ús de mètodes de presa de decisions multi-criteri (MCDM, per les seves inicials en anglès) com a eina estratègica per donar suport a la gestió del manteniment de sistemes complexos. El desenvolupament d'aquesta tesi doctoral s'emmarca dins d'un acord de cotutela entre la Università degli Studi di Palermo (UNIPA) i la Universitat Politècnica de València (UPV), dins dels seus respectius programes de doctorat en 'Enginyeria d'Innovació Tecnològica' i ' Matemàtiques '. Aquests programes estan estretament vinculats a través del tòpic MCDM, ja que proporciona eines crucials per gestionar el manteniment de sistemes complexos reals utilitzant anàlisis matemàtics profunds. El propòsit d'aquesta sinergia és tenir en compte de forma sòlida la incertesa en atribuir avaluacions subjectius, recopilar i sintetitzar judicis atribuïts per diversos responsables de la presa de decisions, i tractar amb conjunts grans d'aquests elements en els problemes plantejats. El tema principal del present treball de doctorat es la gestió de les activitats de manteniment per augmentar els nivells d'innovació tecnològica i el rendiment dels sistemes complexos. Qualsevol sistema pot ser considerat objecte d'estudi, inclosos els sistemes de producció i els de prestació de serveis, entre d'altres, mitjançant l'avaluació dels seus contextos reals. Aquesta tesi doctoral proposa afrontar la gestió del manteniment mitjançant el desenvolupament de tres línies principals d'investigació estretament vinculades. ¿ La primera és el nucli, i il·lustra la majoria dels aspectes metodològics de la tesi. Es refereix a l'ús de mètodes MCDM per donar suport a decisions estratègiques de manteniment, i per fer front a la incertesa que afecta les dades/avaluacions, fins i tot quan estan involucrats diversos responsables (experts en manteniment) en la presa de decisions. ¿ La segona línia desenvolupa anàlisis de fiabilitat per a sistemes complexos reals (també en termes de fiabilitat humana) sobre la qual base s'ha d'implementar qualsevol activitat de manteniment. Aquestes anàlisis consideren la configuració de fiabilitat dels components del sistema en estudi i les característiques específiques de l'entorn operatiu. ¿ La tercera línia d'investigació aborda aspectes metodològics importants de la gestió de manteniment i emfatitza la necessitat de monitoritzar el funcionament de les activitats de manteniment i d'avaluar la seva efectivitat utilitzant indicadors adequats. S'ha elaborat una àmplia gamma de casos d'estudi del món real per avaluar l'eficàcia dels mètodes MCDM en el manteniment i així provar la utilitat de l'enfocament proposat.[EN] This doctoral thesis proposes using multi-criteria decision making (MCDM) methods as a strategic tool to support maintenance management of complex systems. The development of this doctoral thesis is framed within a cotutelle (co-tutoring) agreement between the Università degli Studi di Palermo (UNIPA) and the Universitat Politècnica de València (UPV), within their respective programmes of doctorates in 'Technological Innovation Engineering' and 'Mathematics'. Regarding this thesis, these programmes are closely linked through the topic of MCDM, providing crucial tools to manage maintenance of real complex systems by applying in-depth mathematical analyses. The purpose of this connection is to robustly take into account uncertainty in attributing subjective evaluations, collecting and synthetizing judgments attributed by various decision makers, and dealing with large sets of elements characterising the faced issue. The main topic of the present doctoral work is the management of maintenance activities to increase the levels of technological innovation and performance of the analysed complex systems. All kinds of systems can be considered as objects of study, including production systems and service delivery systems, among others, by evaluating their real contexts. Thus, this doctoral thesis proposes facing maintenance management through the development of three tightly linked main research lines. ¿ The first is the core and illustrates most of the methodological aspects of the thesis. It refers to the use of MCDM methods for supporting strategic maintenance decisions, and dealing with uncertainty affecting data/evaluations even when several decision makers are involved (experts in maintenance). ¿ The second line develops reliability analyses for real complex systems (also in terms of human reliability analysis) on the basis of which any maintenance activity must be implemented. These analyses are approached by considering the reliability configuration of both the components belonging to the system under study and the specific features of the operational environment. ¿ The third research line focuses on important methodological aspects to support maintenance management, and emphasises the need to monitor the performance of maintenance activities and evaluate their effectiveness using suitable indicators. A wide range of real real-world case studies has been faced to evaluate the effectiveness of MCDM methods in maintenance and then prove the usefulness of the proposed approach.Carpitella, S. (2019). Multi-criteria decision methods to support the maintenance management of complex systems [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/11911

Methodologies synthesis

This deliverable deals with the modelling and analysis of interdependencies between critical infrastructures, focussing attention on two interdependent infrastructures studied in the context of CRUTIAL: the electric power infrastructure and the information infrastructures supporting management, control and maintenance functionality. The main objectives are: 1) investigate the main challenges to be addressed for the analysis and modelling of interdependencies, 2) review the modelling methodologies and tools that can be used to address these challenges and support the evaluation of the impact of interdependencies on the dependability and resilience of the service delivered to the users, and 3) present the preliminary directions investigated so far by the CRUTIAL consortium for describing and modelling interdependencies

Computer aided reliability, availability, and safety modeling for fault-tolerant computer systems with commentary on the HARP program

Many of the most challenging reliability problems of our present decade involve complex distributed systems such as interconnected telephone switching computers, air traffic control centers, aircraft and space vehicles, and local area and wide area computer networks. In addition to the challenge of complexity, modern fault-tolerant computer systems require very high levels of reliability, e.g., avionic computers with MTTF goals of one billion hours. Most analysts find that it is too difficult to model such complex systems without computer aided design programs. In response to this need, NASA has developed a suite of computer aided reliability modeling programs beginning with CARE 3 and including a group of new programs such as: HARP, HARP-PC, Reliability Analysts Workbench (Combination of model solvers SURE, STEM, PAWS, and common front-end model ASSIST), and the Fault Tree Compiler. The HARP program is studied and how well the user can model systems using this program is investigated. One of the important objectives will be to study how user friendly this program is, e.g., how easy it is to model the system, provide the input information, and interpret the results. The experiences of the author and his graduate students who used HARP in two graduate courses are described. Some brief comparisons were made with the ARIES program which the students also used. Theoretical studies of the modeling techniques used in HARP are also included. Of course no answer can be any more accurate than the fidelity of the model, thus an Appendix is included which discusses modeling accuracy. A broad viewpoint is taken and all problems which occurred in the use of HARP are discussed. Such problems include: computer system problems, installation manual problems, user manual problems, program inconsistencies, program limitations, confusing notation, long run times, accuracy problems, etc

Integrated Software Architecture-Based Reliability Prediction for IT Systems

With the increasing importance of reliability in business and industrial IT systems, new techniques for architecture-based software reliability prediction are becoming an integral part of the development process. This dissertation thesis introduces a novel reliability modelling and prediction technique that considers the software architecture with its component structure, control and data flow, recovery mechanisms, its deployment to distributed hardware resources and the system\u27s usage profile

Resilience of an embedded architecture using hardware redundancy

In the last decade the dominance of the general computing systems market has being replaced by embedded systems with billions of units manufactured every year. Embedded systems appear in contexts where continuous operation is of utmost importance and failure can be profound. Nowadays, radiation poses a serious threat to the reliable operation of safety-critical systems. Fault avoidance techniques, such as radiation hardening, have been commonly used in space applications. However, these components are expensive, lag behind commercial components with regards to performance and do not provide 100% fault elimination. Without fault tolerant mechanisms, many of these faults can become errors at the application or system level, which in turn, can result in catastrophic failures. In this work we study the concepts of fault tolerance and dependability and extend these concepts providing our own definition of resilience. We analyse the physics of radiation-induced faults, the damage mechanisms of particles and the process that leads to computing failures. We provide extensive taxonomies of 1) existing fault tolerant techniques and of 2) the effects of radiation in state-of-the-art electronics, analysing and comparing their characteristics. We propose a detailed model of faults and provide a classification of the different types of faults at various levels. We introduce an algorithm of fault tolerance and define the system states and actions necessary to implement it. We introduce novel hardware and system software techniques that provide a more efficient combination of reliability, performance and power consumption than existing techniques. We propose a new element of the system called syndrome that is the core of a resilient architecture whose software and hardware can adapt to reliable and unreliable environments. We implement a software simulator and disassembler and introduce a testing framework in combination with ERA’s assembler and commercial hardware simulators

Integrated Software Architecture-Based Reliability Prediction for IT Systems

With the increasing importance of reliability in business and industrial IT systems, new techniques for architecture-based software reliability prediction are becoming an integral part of the development process. This dissertation thesis introduces a novel reliability modelling and prediction technique that considers the software architecture with its component structure, control and data flow, recovery mechanisms, its deployment to distributed hardware resources and the system´s usage profile