Towards an Accurate Probabilistic Modeling and Statistical Analysis of Temporal Faults via Temporal Dynamic Fault-Trees (TDFTs)

Fault tree (FT) is a standardized notation for representing relationships between a system's reliability and the faults and/or the events associated with it. However, the existing FT fault models are only capable of portraying permanent events in the system. This is a major hindrance since these models fail to reflect accurately the other classes of faults, such as soft-faults, which are often temporary events that usually disappear after the source of the interference is no longer present. This paper proposes a new fault tree modeling paradigm, to capture the impact of temporal events in systems, called temporal dynamic fault trees (TDFTs). TDFTs are utilized to model the characteristics and dependencies between different temporal events, soft-faults, and permanent faults. These features are integrated into the proposed probabilistic models of the temporal gates, which are modeled as priced-timed automata. This paper also proposes a new FT analysis methodology, based on statistical model checking, designed to circumvent the state-explosion problem that is inherent to other model-checking approaches. The proposed analysis is able to evaluate the impact of temporal faults in systems, as well as to estimate the reliability and availability of the system over extended periods of time. The experiments reported in this paper demonstrate the versatility and scalability of the proposed approach. For instance, the results display the impact that temporal events may have in a digital system. Our observations indicate that while regular soft-fault analyses tend to underestimate metrics such as system reliability, TDFT analysis shows remarkable consistency with radiation testing, with differences of under 2%, in the conducted analysis

High-Level Analysis of the Impact of Soft-Faults in Cyberphysical Systems

As digital systems grow in complexity and are used in a broader variety of safety-critical applications, there is an ever-increasing demand for assessing the dependability and safety of such systems, especially when subjected to hazardous environments. As a result, it is important to identify and correct any functional abnormalities and component faults as early as possible in order to minimize performance degradation and to avoid potential perilous situations. Existing techniques often lack the capacity to perform a comprehensive and exhaustive analysis on complex redundant architectures, leading to less than optimal risk evaluation. Hence, an early analysis of dependability of such safety-critical applications enables designers to develop systems that meets high dependability requirements. Existing techniques in the field often lack the capacity to perform full system analyses due to state-explosion limitations (such as transistor and gate-level analyses), or due to the time and monetary costs attached to them (such as simulation, emulation, and physical testing). In this work we develop a system-level methodology to model and analyze the effects of Single Event Upsets (SEUs) in cyberphysical system designs. The proposed methodology investigates the impacts of SEUs in the entire system model (fault tree level), including SEU propagation paths, logical masking of errors, vulnerability to specific events, and critical nodes. The methodology also provides insights on a system's weaknesses, such as the impact of each component to the system's vulnerability, as well as hidden sources of failure, such as latent faults. Moreover, the proposed methodology is able to identify and categorize the system's components in order of criticality, and to evaluate different approaches to the mitigation of such criticality (in the form of different configurations of TMR) in order to obtain the most efficient mitigation solution available. The proposed methodology is also able to model and analyze system components individually (system component level), in order to more accurately estimate the component's vulnerability to SEUs. In this case, a more refined analysis of the component is conducted, which enables us to identify the source of the component's criticality. Thereafter, a second mitigation mechanic (internal to the component) takes place, in order to evaluate the gains and costs of applying different configurations of TMR to the component internally. Finally, our approach will draw a comparison between the results obtained at both levels of analysis in order to evaluate the most efficient way of improving the targeted system design