452,936 research outputs found
Integrating model checking with HiP-HOPS in model-based safety analysis
The ability to perform an effective and robust safety analysis on the design of modern safety–critical systems is crucial. Model-based safety analysis (MBSA) has been introduced in recent years to support the assessment of complex system design by focusing on the system model as the central artefact, and by automating the synthesis and analysis of failure-extended models. Model checking and failure logic synthesis and analysis (FLSA) are two prominent MBSA paradigms. Extensive research has placed emphasis on the development of these techniques, but discussion on their integration remains limited. In this paper, we propose a technique in which model checking and Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) – an advanced FLSA technique – can be applied synergistically with benefit for the MBSA process. The application of the technique is illustrated through an example of a brake-by-wire system
Model-based dependability analysis : state-of-the-art, challenges and future outlook
Abstract: Over the past two decades, the study of model-based dependability analysis has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models - typically state automata - to explore system behaviour through fault injection. This paper reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for model-based dependability analysis
Machine Protection and Interlock Systems for Circular Machines - Example for LHC
This paper introduces the protection of circular particle accelerators from
accidental beam losses. Already the energy stored in the beams for accelerators
such as the TEVATRON at Fermilab and Super Proton Synchrotron (SPS) at CERN
could cause serious damage in case of uncontrolled beam loss. With the CERN
Large Hadron Collider (LHC), the energy stored in particle beams has reached a
value two orders of magnitude above previous accelerators and poses new threats
with respect to hazards from the energy stored in the particle beams. A single
accident damaging vital parts of the accelerator could interrupt operation for
years. Protection of equipment from beam accidents is mandatory. Designing a
machine protection system requires an excellent understanding of accelerator
physics and operation to anticipate possible failures that could lead to
damage. Machine protection includes beam and equipment monitoring, a system to
safely stop beam operation (e.g. extraction of the beam towards a dedicated
beam dump block or stopping the beam at low energy) and an interlock system
providing the glue between these systems. This lecture will provide an overview
of the design of protection systems for accelerators and introduce various
protection systems. The principles are illustrated with examples from LHC.Comment: 23 pages, contribution to the 2014 Joint International Accelerator
School: Beam Loss and Accelerator Protection, Newport Beach, CA, USA , 5-14
Nov 201
Engineering failure analysis and design optimisation with HiP-HOPS
The scale and complexity of computer-based safety critical systems, like those used in the transport and manufacturing industries, pose significant challenges for failure analysis. Over the last decade, research has focused on automating this task. In one approach, predictive models of system failure are constructed from the topology of the system and local component failure models using a process of composition. An alternative approach employs model-checking of state automata to study the effects of failure and verify system safety properties. In this paper, we discuss these two approaches to failure analysis. We then focus on Hierarchically Performed Hazard Origin & Propagation Studies (HiP-HOPS) - one of the more advanced compositional approaches - and discuss its capabilities for automatic synthesis of fault trees, combinatorial Failure Modes and Effects Analyses, and reliability versus cost optimisation of systems via application of automatic model transformations. We summarise these contributions and demonstrate the application of HiP-HOPS on a simplified fuel oil system for a ship engine. In light of this example, we discuss strengths and limitations of the method in relation to other state-of-the-art techniques. In particular, because HiP-HOPS is deductive in nature, relating system failures back to their causes, it is less prone to combinatorial explosion and can more readily be iterated. For this reason, it enables exhaustive assessment of combinations of failures and design optimisation using computationally expensive meta-heuristics. (C) 2010 Elsevier Ltd. All rights reserved
Resilience markers for safer systems and organisations
If computer systems are to be designed to foster resilient
performance it is important to be able to identify contributors to resilience. The
emerging practice of Resilience Engineering has identified that people are still a
primary source of resilience, and that the design of distributed systems should
provide ways of helping people and organisations to cope with complexity.
Although resilience has been identified as a desired property, researchers and
practitioners do not have a clear understanding of what manifestations of
resilience look like. This paper discusses some examples of strategies that
people can adopt that improve the resilience of a system. Critically, analysis
reveals that the generation of these strategies is only possible if the system
facilitates them. As an example, this paper discusses practices, such as
reflection, that are known to encourage resilient behavior in people. Reflection
allows systems to better prepare for oncoming demands. We show that
contributors to the practice of reflection manifest themselves at different levels
of abstraction: from individual strategies to practices in, for example, control
room environments. The analysis of interaction at these levels enables resilient
properties of a system to be ‘seen’, so that systems can be designed to explicitly
support them. We then present an analysis of resilience at an organisational
level within the nuclear domain. This highlights some of the challenges facing
the Resilience Engineering approach and the need for using a collective
language to articulate knowledge of resilient practices across domains
Assessing the effectiveness of multi-touch interfaces for DP operation
Navigating a vessel using dynamic positioning (DP) systems close to offshore installations is a challenge. The operator's only possibility of manipulating the system is through its interface, which can be categorized as the physical appearance of the equipment and the visualization of the system. Are there possibilities of interaction between the operator and the system that can reduce strain and cognitive load during DP operations? Can parts of the system (e.g. displays) be physically brought closer to the user to enhance the feeling of control when operating the system? Can these changes make DP operations more efficient and safe? These questions inspired this research project, which investigates the use of multi-touch and hand gestures known from consumer products to directly manipulate the visualization of a vessel in the 3D scene of a DP system. Usability methodologies and evaluation techniques that are widely used in consumer market research were used to investigate how these interaction techniques, which are new to the maritime domain, could make interaction with the DP system more efficient and transparent both during standard and safety-critical operations. After investigating which gestures felt natural to use by running user tests with a paper prototype, the gestures were implemented into a Rolls-Royce DP system and tested in a static environment. The results showed that the test participants performed significantly faster using direct gesture manipulation compared to using traditional button/menu interaction. To support the results from these tests, further tests were carried out. The purpose is to investigate how gestures are performed in a moving environment, using a motion platform to simulate rough sea conditions. The key results and lessons learned from a collection of four user experiments, together with a discussion of the choice of evaluation techniques will be discussed in this paper
Federated Robust Embedded Systems: Concepts and Challenges
The development within the area of embedded systems (ESs) is moving rapidly, not least due to falling costs of computation and communication equipment. It is believed that increased communication opportunities will lead to the future ESs no longer being parts of isolated products, but rather parts of larger communities or federations of ESs, within which information is exchanged for the benefit of all participants. This vision is asserted by a number of interrelated research topics, such as the internet of things, cyber-physical systems, systems of systems, and multi-agent systems. In this work, the focus is primarily on ESs, with their specific real-time and safety requirements.
While the vision of interconnected ESs is quite promising, it also brings great challenges to the development of future systems in an efficient, safe, and reliable way. In this work, a pre-study has been carried out in order to gain a better understanding about common concepts and challenges that naturally arise in federations of ESs. The work was organized around a series of workshops, with contributions from both academic participants and industrial partners with a strong experience in ES development.
During the workshops, a portfolio of possible ES federation scenarios was collected, and a number of application examples were discussed more thoroughly on different abstraction levels, starting from screening the nature of interactions on the federation level and proceeding down to the implementation details within each ES. These discussions led to a better understanding of what can be expected in the future federated ESs. In this report, the discussed applications are summarized, together with their characteristics, challenges, and necessary solution elements, providing a ground for the future research within the area of communicating ESs
- …