14 research outputs found
Generalized Fault Trees: from reliability to security
Fault Trees (FT) are widespread models in the reliability \ufb01eld, but they lack of modelling power. So, in the literature, several extensions have been proposed and introduced speci\ufb01c new modelling primitives. Attack Trees (AT) have gained acceptance in the \ufb01eld of security. They follow the same notation of standard FT,but they represent the combinations of actions necessary for the success of an attack to a computing system. In this paper, we extend the AT formalism by exploiting the new primitives introduced in speci\ufb01c FT extensions. This leads to more accurate models. The approach is applied to a case study: the AT is exploited to represent the attack mode and compute speci\ufb01c quantitative measures about the system security
One Net Fits All: A unifying semantics of Dynamic Fault Trees using GSPNs
Dynamic Fault Trees (DFTs) are a prominent model in reliability engineering.
They are strictly more expressive than static fault trees, but this comes at a
price: their interpretation is non-trivial and leaves quite some freedom. This
paper presents a GSPN semantics for DFTs. This semantics is rather simple and
compositional. The key feature is that this GSPN semantics unifies all existing
DFT semantics from the literature. All semantic variants can be obtained by
choosing appropriate priorities and treatment of non-determinism.Comment: Accepted at Petri Nets 201
A compositional semantics for Repairable Fault Trees with general distributions
Fault Tree Analysis (FTA) is a prominent technique in industrial and
scientific risk assessment. Repairable Fault Trees (RFT) enhance the classical
Fault Tree (FT) model by introducing the possibility to describe complex
dependent repairs of system components. Usual frameworks for analyzing FTs such
as BDD, SBDD, and Markov chains fail to assess the desired properties over RFT
complex models, either because these become too large, or due to cyclic
behaviour introduced by dependent repairs. Simulation is another way to carry
out this kind of analysis. In this paper we review the RFT model with Repair
Boxes as introduced by Daniele Codetta-Raiteri. We present compositional
semantics for this model in terms of Input/Output Stochastic Automata, which
allows for the modelling of events occurring according to general continuous
distribution. Moreover, we prove that the semantics generates (weakly)
deterministic models, hence suitable for discrete event simulation, and
prominently for Rare Event Simulation using the FIG tool
Non deterministic Repairable Fault Trees for computing optimal repair strategy
In this paper, the Non deterministic Repairable Fault Tree (NdRFT) formalism is proposed: it allows to model failure modes of complex systems as well as their repair processes. The originality of this formalism
with respect to other Fault Tree extensions is that it allows to face repair strategies optimization problems: in an NdRFT model, the decision on whether to start or not a given repair action is non deterministic, so
that all the possibilities are left open. The formalism is rather powerful allowing to specify which failure events are observable, whether local repair or global repair can be applied, and the resources needed to start
a repair action. The optimal repair strategy can then be computed by solving an optimization problem on a Markov Decision Process (MDP) derived from the NdRFT. A software framework is proposed in order to perform in automatic way the derivation of an MDP from a NdRFT model, and to deal with the solution of the MDP
Parametric fault tree for the dependability analysis of redundant systems and its high-level petri net semantics
Abstract—In order to cope efficiently with the dependability analysis of redundant systems with replicated units, a new, more compact fault-tree formalism, called Parametric Fault Tree (PFT), is defined. In a PFT formalism, replicated units are folded and indexed so that only one representative of the similar replicas is included in the model. From the PFT, a list of parametric cut sets can be derived, where only the relevant patterns leading to the system failure are evidenced regardless of the actual identity of the component in the cut set. The paper provides an algorithm to convert a PFT into a class of High-Level Petri Nets, called SWN. The purpose of this conversion is twofold: to exploit the modeling power and flexibility of the SWN formalism, allowing the analyst to include statistical dependencies that could not have been accommodated into the corresponding PFT; to exploit the capability of the SWN formalism to generate a lumped Markov chain, thus alleviating the state explosion problem. The search for the minimal cut sets (qualitative analysis) can be often performed by a structural T-invariant analysis on the generated SWN. The advantages that can be obtained from the translation of a PFT into a SWN are investigated considering a fault-tolerant multiprocessor system example. Index Terms—Dependability analysis, parametric fault tree, stochastic well-formed nets.
Parametric Fault-Tree for the Dependability Analysis of Redundant Systems and its High Level Petri Net Semantics
In order to cope efficiently with the dependability analysis of redundant systems with replicated units, a new, more compact
fault-tree formalism, called Parametric Fault Tree (PFT), is defined. In a PFT formalism, replicated units are folded and indexed so that
only one representative of the similar replicas is included in the model. From the PFT, a list of parametric cut sets can be derived,
where only the relevant patterns leading to the system failure are evidenced regardless of the actual identity of the component in the
cut set. The paper provides an algorithm to convert a PFT into a class of High-Level Petri Nets, called SWN. The purpose of this
conversion is twofold: to exploit the modeling power and flexibility of the SWN formalism, allowing the analyst to include statistical
dependencies that could not have been accommodated into the corresponding PFT and to exploit the capability of the SWN formalism
to generate a lumped Markov chain, thus alleviating the state explosion problem. The search for the minimal cut sets (qualitative
analysis) can be often performed by a structural T-invariant analysis on the generated SWN. The advantages that can be obtained
from the translation of a PFT into a SWN are investigated considering a fault-tolerant multiprocessor system example