11 research outputs found
Advancing Dynamic Fault Tree Analysis
This paper presents a new state space generation approach for dynamic fault
trees (DFTs) together with a technique to synthesise failures rates in DFTs.
Our state space generation technique aggressively exploits the DFT structure
--- detecting symmetries, spurious non-determinism, and don't cares. Benchmarks
show a gain of more than two orders of magnitude in terms of state space
generation and analysis time. Our approach supports DFTs with symbolic failure
rates and is complemented by parameter synthesis. This enables determining the
maximal tolerable failure rate of a system component while ensuring that the
mean time of failure stays below a threshold
Model-based Safety and Security Co-analysis: a Survey
We survey the state-of-the-art on model-based formalisms for safety and
security analysis, where safety refers to the absence of unintended failures,
and security absence of malicious attacks. We consider ten model-based
formalisms, comparing their modeling principles, the interaction between safety
and security, and analysis methods. In each formalism, we model the classical
Locked Door Example where possible. Our key finding is that the exact nature of
safety-security interaction is still ill-understood. Existing formalisms merge
previous safety and security formalisms, without introducing specific
constructs to model safety-security interactions, or metrics to analyze trade
offs
Characterizing the Identity of Model-based Safety Assessment: A Systematic Analysis
Model-based safety assessment has been one of the leading research thrusts of
the System Safety Engineering community for over two decades. However, there is
still a lack of consensus on what MBSA is. The ambiguity in the identity of
MBSA impedes the advancement of MBSA as an active research area. For this
reason, this paper aims to investigate the identity of MBSA to help achieve a
consensus across the community. Towards this end, we first reason about the
core activities that an MBSA approach must conduct. Second, we characterize the
core patterns in which the core activities must be conducted for an approach to
be considered MBSA. Finally, a recently published MBSA paper is reviewed to
test the effectiveness of our characterization of MBSA
A compositional semantics for Repairable Fault Trees with general distributions
Fault Tree Analysis (FTA) is a prominent technique in industrial and
scientific risk assessment. Repairable Fault Trees (RFT) enhance the classical
Fault Tree (FT) model by introducing the possibility to describe complex
dependent repairs of system components. Usual frameworks for analyzing FTs such
as BDD, SBDD, and Markov chains fail to assess the desired properties over RFT
complex models, either because these become too large, or due to cyclic
behaviour introduced by dependent repairs. Simulation is another way to carry
out this kind of analysis. In this paper we review the RFT model with Repair
Boxes as introduced by Daniele Codetta-Raiteri. We present compositional
semantics for this model in terms of Input/Output Stochastic Automata, which
allows for the modelling of events occurring according to general continuous
distribution. Moreover, we prove that the semantics generates (weakly)
deterministic models, hence suitable for discrete event simulation, and
prominently for Rare Event Simulation using the FIG tool
One Net Fits All: A unifying semantics of Dynamic Fault Trees using GSPNs
Dynamic Fault Trees (DFTs) are a prominent model in reliability engineering.
They are strictly more expressive than static fault trees, but this comes at a
price: their interpretation is non-trivial and leaves quite some freedom. This
paper presents a GSPN semantics for DFTs. This semantics is rather simple and
compositional. The key feature is that this GSPN semantics unifies all existing
DFT semantics from the literature. All semantic variants can be obtained by
choosing appropriate priorities and treatment of non-determinism.Comment: Accepted at Petri Nets 201
A Hierarchical Approach for Dynamic Fault Trees Solution Through Semi-Markov Process
Dynamic fault tree (DFT) is a top-down deductive technique extended to model systems with complex failure behaviors and interactions. In two last decades, different methods have been applied to improve its capabilities, such as computational complexity reduction, modularization, intricate failure distribution, and reconfiguration. This paper uses semi-Markov process (SMP) theorem for DFT solution with the motivation of obviating the model state-explosion, considering nonexponential failure distribution through a hierarchical solution. In addition, in the proposed method, a universal SMP for static and dynamic gates is introduced, which can generalize dynamic behaviors like functional dependencies, sequences, priorities, and spares in a single model. The efficiency of the method regarding precision and competitiveness with commercial tools, repeated events consideration, computational complexity reduction, nonexponential failure distribution consideration, and repairable events in DFT is studied by a number of examples, and the results are then compared to those of the selected existing methods
Model-based Joint Analysis of Safety and Security:Survey and Identification of Gaps
We survey the state-of-the-art on model-based formalisms for safety and security joint analysis, where safety refers to the absence of unintended failures, and security to absence of malicious attacks. We conduct a thorough literature review and - as a result - we consider fourteen model-based formalisms and compare them with respect to several criteria: (1) Modelling capabilities and Expressiveness: which phenomena can be expressed in these formalisms? To which extent can they capture safety-security interactions? (2) Analytical capabilities: which analysis types are supported? (3) Practical applicability: to what extent have the formalisms been used to analyze small or larger case studies? Furthermore, (1) we present more precise definitions for safety-security dependencies in tree-like formalisms; (2) we showcase the potential of each formalism by modelling the same toy example from the literature and (3) we present our findings and reflect on possible ways to narrow highlighted gaps. In summary, our key findings are the following: (1) the majority of approaches combine tree-like formal models; (2) the exact nature of safety-security interaction is still ill-understood and (3) diverse formalisms can capture different interactions; (4) analyzed formalisms merge modelling constructs from existing safety- and security-specific formalisms, without introducing ad hoc constructs to model safety-security interactions, or (5) metrics to analyze trade offs. Moreover, (6) large case studies representing safety-security interactions are still missing
Rare Event Simulation for non-Markovian repairable Fault Trees
Dynamic Fault Trees (DFT) are widely adopted in industry to assess the
dependability of safety-critical equipment. Since many systems are too large to
be studied numerically, DFTs dependability is often analysed using Monte Carlo
simulation. A bottleneck here is that many simulation samples are required in
the case of rare events, e.g. in highly reliable systems where components fail
seldomly. Rare Event Simulation (RES) provides techniques to reduce the number
of samples in the case of rare events. We present a RES technique based on
importance splitting, to study failures in highly reliable DFTs. Whereas RES
usually requires meta-information from an expert, our method is fully
automatic: by cleverly exploiting the fault tree structure we extract the
so-called importance function. We handle DFTs with Markovian and non-Markovian
failure and repair distributions (for which no numerical methods exist) and
show the efficiency of our approach on several case studies