Unavailability of K-out-of-N: G Systems with non-identical Components Based on Markov Model

The process industry has always been faced with the challenging tasks of determining the overall unavailability of safety instrumented systems (SISs). The unavailability of the safety instrumented system is quantified by considering the average probability of failure on demand. To mitigate these challenges, the IEC 61508 has established analytical formulas for estimating the average probability of failure on demand for K-out-of-N (KooN) architectures. However, these formulas are limited to the system with identical components and this limitation has not been addressed in many researches. Hence, this paper proposes an unavailability model based on Markov Model for different redundant system architectures with non-identical components and generalised formulas are established for non-identical k-out-of-n and n-out-of-n configurations. Furthermore, the proposed model incorporates undetected failure rate and evaluates its impact on the unavailability quantification of SIS. The accuracy of the proposed model is verified with the existing unavailability methods and it is shown that the proposed approach provides a sufficiently robust result for all system architectures. &nbsp

A CFD-based Approach for Gas Detectors Allocation

PresentationAccidental gas releases are detected by allocating sensors in optimal places to prevent escalation of the incident. Gas release effects are typically assessed based on calculating the dispersion from releasing points. In this work, a CFD-based approach is proposed to estimate gas dispersion and then to obtain optimal gas sensors allocation. The Ansys-Fluent commercial package is used to estimate concentrations in the open air by solving the governing equations of continuity, momentum, and energy combined with the realizable κ-ε model for turbulence viscosity effects and species convection-diffusion. CFD dynamic simulations are carried out for potential gas leaks, assuming worst-case scenarios with F-stability and 2 m/s wind speed during a 4min releasing period and considering 8 wind directions. The result is a scenario-based methodology to allocate gas sensors supported on fluid dynamics models. The three x-y-z geographical coordinates for the sensor allocation are included in this analysis. To highlight the methodology, a case study considers releases from a large container surrounded by different types of geometric units including sections with high obstacles, low obstacles, and no obstacles. A non-redundant set of perfect sensors are firstly allocated to cover 100% detection for all simulations releases. The benefits of redundant detection via a MooN voting arranging scheme is also discussed. Numerical results demonstrate the capabilities of CFD simulations for this application and highlight the dispersion effects through obstacles with different sizes

Average probability of failure on demand estimation for burner management systems

Proper estimation of Safety Integrity Level (SIL) depends largely on accurate estimation of Safety performance in terms of average Probability of Failure on Demand, (PFDavg). For complex architectures of logic solvers, sensors, and valves, this can be calculated by distinguishing combinations of subsystems with basic (K-out-of-N) KooN approach for identical components. In the case of the typical configurations of valves for a burner management systems with non-identical subsystem configurations the KooN approach does not apply. Hence, it becomes an issues to calculate the correct safety performance since some of the established methods give too optimistic results due to lack of Common cause Failure information and data on non-identical components or sub-systems. This paper formulates a Markov model for determination of average probability of failure on demand for non-identical components and also proposes a more conservative lowest failure rate approach and maximum beta factor contrary to pragmatic minimum or average beta for correct estimation of average probability of failure on demand. It can be deduced that the measure of safety performance for components or subsystems with unequal failure rates depends largely on common cause failure, but a single beta factor is not appropriate to model the commonality of the failure. The result revealed that both geometric mean and lowest failure rate approaches result in different values with the lowest failure rate being the most conservative and optimistic result.Keywords: burner management systems, probability of failure on demand, common cause failure, KooN configurations, and lowest failure rate, Markov Analysi

Unavailability model for demand-caused failures of safety components addressing degradation by demand-induced stress, maintenance effectiveness and test efficiency

[EN] The reliability, availability and maintainability (RAM) modelling of safety equipment has long been a topic of major concern. Some RAM models have focused on explicitly addressing the effect of component degradation and surveillance and maintenance policies, searching for an optimum level of the safety component RAM by adjusting surveillance and maintenance related parameters. As regards the reliability contribution, these components normally have two main types of failure mode that contribute to the probability of failure on demand (PFD): (1) by demand-caused and (2) standby-related failures. The former is normally associated with a demand failure probability, which is affected by the degradation caused by demand-related stress. Surveillance testing therefore not only introduces a positive effect, but also an adverse one, which it compensates by performing maintenance activities to eliminate or reduce the accumulated degradation. This paper proposes a new model for the demand failure probability that explicitly addresses all aspects of the effect of demand-induced stress (mostly test-induced stress), maintenance effectiveness (PAS or PAR model) and test efficiency. A case study is included on an application to a typical motor-operated valve in a nuclear power plant.The authors are grateful to the Spanish Ministry of Science and Innovation for the financial support received (Research Projects ENE2013-45540-R and ENE2016-80401-R) and the doctoral scholarship awarded (BES-2014-067602). The study also received financial support from the Spanish Research Agency and the European Regional Development Fund.Martorell-Aygues, P.; Martón Lluch, I.; Sánchez Galdón, AI.; Martorell Alsina, SS. (2017). Unavailability model for demand-caused failures of safety components addressing degradation by demand-induced stress, maintenance effectiveness and test efficiency. Reliability Engineering & System Safety. 168:18-27. https://doi.org/10.1016/j.ress.2017.05.044S182716

Space transfer vehicle concepts and requirements study. Volume 1: Executive summary

A description of the study in terms of background, objectives, and issues is provided. NASA is currently studying new initiatives of space exploration involving both piloted and unpiloted missions to destinations throughout the solar system. Many of these missions require substantial improvements in launch vehicle and upper stage capabilities. This study provides a focused examination of the Space Transfer Vehicles (STV) required to perform these missions using the emerging national launch vehicle definition, the Space Station Freedom (SSF) definition, and the latest mission scenario requirements. The study objectives are to define preferred STV concepts capable of accommodating future exploration missions in a cost-effective manner, determine the technology development (if any) required to perform these missions, and develop a decision database of various programmatic approaches for the development of the STV family of vehicles. Special emphasis was given to examining space basing (stationing reusable vehicles at a space station), examining the piloted lunar mission as a primary design mission, and restricting trade studies to the high-performance, near-term cryogenics (LO2/LH2) as vehicle propellant. The study progressed through three distinct 6-month phases. The first phase concentrated on supporting a NASA 3 month definition of exploration requirements (the '90-day study') and during this phase developed and optimized the space-based point-of-departure (POD) 2.5-stage lunar vehicle. The second phase developed a broad decision database of 95 different vehicle options and transportation architectures. The final phase chose the three most cost-effective architectures and developed point designs to carry to the end of the study. These reference vehicle designs are mutually exclusive and correspond to different national choices about launch vehicles and in-space reusability. There is, however, potential for evolution between concepts

Re-use of tests and arguments for assesing dependable mixed-critically systems

The safety assessment of mixed-criticality systems (MCS) is a challenging activity due to system heterogeneity, design constraints and increasing complexity. The foundation for MCSs is the integrated architecture paradigm, where a compact hardware comprises multiple execution platforms and communication interfaces to implement concurrent functions with different safety requirements. Besides a computing platform providing adequate isolation and fault tolerance mechanism, the development of an MCS application shall also comply with the guidelines defined by the safety standards. A way to lower the overall MCS certification cost is to adopt a platform-based design (PBD) development approach. PBD is a model-based development (MBD) approach, where separate models of logic, hardware and deployment support the analysis of the resulting system properties and behaviour. The PBD development of MCSs benefits from a composition of modular safety properties (e.g. modular safety cases), which support the derivation of mixed-criticality product lines. The validation and verification (V&V) activities claim a substantial effort during the development of programmable electronics for safety-critical applications. As for the MCS dependability assessment, the purpose of the V&V is to provide evidences supporting the safety claims. The model-based development of MCSs adds more V&V tasks, because additional analysis (e.g., simulations) need to be carried out during the design phase. During the MCS integration phase, typically hardware-in-the-loop (HiL) plant simulators support the V&V campaigns, where test automation and fault-injection are the key to test repeatability and thorough exercise of the safety mechanisms. This dissertation proposes several V&V artefacts re-use strategies to perform an early verification at system level for a distributed MCS, artefacts that later would be reused up to the final stages in the development process: a test code re-use to verify the fault-tolerance mechanisms on a functional model of the system combined with a non-intrusive software fault-injection, a model to X-in-the-loop (XiL) and code-to-XiL re-use to provide models of the plant and distributed embedded nodes suited to the HiL simulator, and finally, an argumentation framework to support the automated composition and staged completion of modular safety-cases for dependability assessment, in the context of the platform-based development of mixed-criticality systems relying on the DREAMS harmonized platform.La dificultad para evaluar la seguridad de los sistemas de criticidad mixta (SCM) aumenta con la heterogeneidad del sistema, las restricciones de diseño y una complejidad creciente. Los SCM adoptan el paradigma de arquitectura integrada, donde un hardware embebido compacto comprende múltiples plataformas de ejecución e interfaces de comunicación para implementar funciones concurrentes y con diferentes requisitos de seguridad. Además de una plataforma de computación que provea un aislamiento y mecanismos de tolerancia a fallos adecuados, el desarrollo de una aplicación SCM además debe cumplir con las directrices definidas por las normas de seguridad. Una forma de reducir el coste global de la certificación de un SCM es adoptar un enfoque de desarrollo basado en plataforma (DBP). DBP es un enfoque de desarrollo basado en modelos (DBM), en el que modelos separados de lógica, hardware y despliegue soportan el análisis de las propiedades y el comportamiento emergente del sistema diseñado. El desarrollo DBP de SCMs se beneficia de una composición modular de propiedades de seguridad (por ejemplo, casos de seguridad modulares), que facilitan la definición de líneas de productos de criticidad mixta. Las actividades de verificación y validación (V&V) representan un esfuerzo sustancial durante el desarrollo de aplicaciones basadas en electrónica confiable. En la evaluación de la seguridad de un SCM el propósito de las actividades de V&V es obtener las evidencias que apoyen las aseveraciones de seguridad. El desarrollo basado en modelos de un SCM incrementa las tareas de V&V, porque permite realizar análisis adicionales (por ejemplo, simulaciones) durante la fase de diseño. En las campañas de pruebas de integración de un SCM habitualmente se emplean simuladores de planta hardware-in-the-loop (HiL), en donde la automatización de pruebas y la inyección de faltas son la clave para la repetitividad de las pruebas y para ejercitar completamente los mecanismos de tolerancia a fallos. Esta tesis propone diversas estrategias de reutilización de artefactos de V&V para la verificación temprana de un MCS distribuido, artefactos que se emplearán en ulteriores fases del desarrollo: la reutilización de código de prueba para verificar los mecanismos de tolerancia a fallos sobre un modelo funcional del sistema combinado con una inyección de fallos de software no intrusiva, la reutilización de modelo a X-in-the-loop (XiL) y código a XiL para obtener modelos de planta y nodos distribuidos aptos para el simulador HiL y, finalmente, un marco de argumentación para la composición automatizada y la compleción escalonada de casos de seguridad modulares, en el contexto del desarrollo basado en plataformas de sistemas de criticidad mixta empleando la plataforma armonizada DREAMS.Kritikotasun nahastuko sistemen segurtasun ebaluazioa jarduera neketsua da beraien heterogeneotasuna dela eta. Sistema hauen oinarria arkitektura integratuen paradigman datza, non hardware konpaktu batek exekuzio plataforma eta komunikazio interfaze ugari integratu ahal dituen segurtasun baldintza desberdineko funtzio konkurrenteak inplementatzeko. Konputazio plataformek isolamendu eta akatsen aurkako mekanismo egokiak emateaz gain, segurtasun arauek definituriko jarraibideak jarraitu behar dituzte kritikotasun mistodun aplikazioen garapenean. Sistema hauen zertifikazio prozesuaren kostua murrizteko aukera bat plataformetan oinarritutako garapenean (PBD) datza. Garapen planteamendu hau modeloetan oinarrituriko garapena da (MBD) non modeloaren logika, hardware eta garapen desberdinak sistemaren propietateen eta portaeraren aurka aztertzen diren. Kritikotasun mistodun sistemen PBD garapenak etekina ateratzen dio moduluetan oinarrituriko segurtasun propietateei, adibidez: segurtasun kasu modularrak (MSC). Modulu hauek kritikotasun mistodun produktu-lerroak ere hartzen dituzte kontutan. Berifikazio eta balioztatze (V&V) jarduerek esfortzu kontsideragarria eskatzen dute segurtasun-kiritikoetarako elektronika programagarrien garapenean. Kritikotasun mistodun sistemen konfiantzaren ebaluazioaren eta V&V jardueren helburua segurtasun eskariak jasotzen dituzten frogak proportzionatzea da. Kritikotasun mistodun sistemen modelo bidezko garapenek zeregin gehigarriak atxikitzen dizkio V&V jarduerari, fase honetan analisi gehigarriak (hots, simulazioak) zehazten direlako. Bestalde, kritikotasun mistodun sistemen integrazio fasean, hardware-in-the-loop (Hil) simulazio plantek V&V iniziatibak sostengatzen dituzte non testen automatizazioan eta akatsen txertaketan funtsezko jarduerak diren. Jarduera hauek frogen errepikapena eta segurtasun mekanismoak egiaztzea ahalbidetzen dute. Tesi honek V&V artefaktuen berrerabilpenerako estrategiak proposatzen ditu, kritikotasun mistodun sistemen egiaztatze azkarrerako sistema mailan eta garapen prozesuko azken faseetaraino erabili daitezkeenak. Esate baterako, test kodearen berrabilpena akats aurkako mekanismoak egiaztatzeko, modelotik X-in-the-loop (XiL)-ra eta kodetik XiL-rako konbertsioa HiL simulaziorako eta argumentazio egitura bat DREAMS Europear proiektuan definituriko arkitektura estiloan oinarrituriko segurtasun kasu modularrak automatikoki eta gradualki sortzeko

Design Development Test and Evaluation (DDT and E) Considerations for Safe and Reliable Human Rated Spacecraft Systems

A team directed by the NASA Engineering and Safety Center (NESC) collected methodologies for how best to develop safe and reliable human rated systems and how to identify the drivers that provide the basis for assessing safety and reliability. The team also identified techniques, methodologies, and best practices to assure that NASA can develop safe and reliable human rated systems. The results are drawn from a wide variety of resources, from experts involved with the space program since its inception to the best-practices espoused in contemporary engineering doctrine. This report focuses on safety and reliability considerations and does not duplicate or update any existing references. Neither does it intend to replace existing standards and policy

Advancing automation and robotics technology for the Space Station and for the US economy, volume 2

In response to Public Law 98-371, dated July 18, 1984, the NASA Advanced Technology Advisory Committee has studied automation and robotics for use in the Space Station. The Technical Report, Volume 2, provides background information on automation and robotics technologies and their potential and documents: the relevant aspects of Space Station design; representative examples of automation and robotics; applications; the state of the technology and advances needed; and considerations for technology transfer to U.S. industry and for space commercialization

Radiation Tolerant Electronics, Volume II

Research on radiation tolerant electronics has increased rapidly over the last few years, resulting in many interesting approaches to model radiation effects and design radiation hardened integrated circuits and embedded systems. This research is strongly driven by the growing need for radiation hardened electronics for space applications, high-energy physics experiments such as those on the large hadron collider at CERN, and many terrestrial nuclear applications, including nuclear energy and safety management. With the progressive scaling of integrated circuit technologies and the growing complexity of electronic systems, their ionizing radiation susceptibility has raised many exciting challenges, which are expected to drive research in the coming decade.After the success of the first Special Issue on Radiation Tolerant Electronics, the current Special Issue features thirteen articles highlighting recent breakthroughs in radiation tolerant integrated circuit design, fault tolerance in FPGAs, radiation effects in semiconductor materials and advanced IC technologies and modelling of radiation effects