Dependability Analysis of Control Systems using SystemC and Statistical Model Checking

Stochastic Petri nets are commonly used for modeling distributed systems in order to study their performance and dependability. This paper proposes a realization of stochastic Petri nets in SystemC for modeling large embedded control systems. Then statistical model checking is used to analyze the dependability of the constructed model. Our verification framework allows users to express a wide range of useful properties to be verified which is illustrated through a case study

Safety‐oriented discrete event model for airport A‐SMGCS reliability assessment

A detailed analysis of State of the Art Technologies and Procedures into Airport Advanced-Surface Movement Guidance and Control Systems has been provided in this thesis, together with the review ofStatistical Monte Carlo Analysis, Reliability Assessment and Petri Nets theories. This practical and theoretical background has lead the author to the conclusion that there is a lack of linkage in between these fields. At the same of time the rapid increasing of Air Traffic all over the world, has brought in evidence the urgent need of practical instruments able to identify and quantify the risks connected with Aircraft operations on the ground, since the Airport has shown to be the actual ‘bottle neck’ of the entire Air Transport System. Therefore, the only winning approach to such a critical matter has to be multi-disciplinary, sewing together apparently different subjects, coming from the most disparate areas of interest and trying to fulfil the gap. The result of this thesis work has come to a start towards the end, when a Timed Coloured Petri Net (TCPN) model of a ‘sample’ Airport A-SMGCS has been developed, that is capable of taking into account different orders of questions arisen during these recent years and tries to give them some good answers. The A-SMGCS Airport model is, in the end, a parametric tool relying on Discrete Event System theory, able to perform a Reliability Analysis of the system itself, that: • uses a Monte Carlo Analysis applied to a Timed Coloured Petri Net, whose purpose is to evaluate the Safety Level of Surface Movements along an Airport • lets the user to analyse the impact of Procedures and Reliability Indexes of Systems such as Surface Movement Radars, Automatic Dependent Surveillance-Broadcast, Airport Lighting Systems, Microwave Sensors, and so on… onto the Safety Level of Airport Aircraft Transport System • not only is a valid instrument in the Design Phase, but it is useful also into the Certifying Activities an in monitoring the Safety Level of the above mentioned System with respect to changes to Technologies and different Procedures.This TCPN model has been verified against qualitative engineering expectations by using simulation experiments and occupancy time schedules generated a priori. Simulation times are good, and since the model has been written into Simulink/Stateflow programming language, it can be compiled to run real-time in C language (Real-time workshop and Stateflow Coder), thus relying on portable code, able to run virtually on any platform, giving even better performances in terms of execution time. One of the most interesting applications of this work is the estimate, for an Airport, of the kind of A-SMGCS level of implementation needed (Technical/Economical convenience evaluation). As a matter of fact, starting from the Traffic Volume and choosing the kind of Ground Equipment to be installed, one can make predictions about the Safety Level of the System: if the value is compliant with the TLS required by ICAO, the A-SMGCS level of Implementation is sufficiently adequate. Nevertheless, even if the Level of Safety has been satisfied, some delays due to reduced or simplified performances (even if Safety is compliant) of some of the equipment (e.g. with reference to False Alarm Rates) can lead to previously unexpected economical consequences, thus requiring more accurate systems to be installed, in order to meet also Airport economical constraints. Work in progress includes the analysis of the effect of weather conditions and re-sequencing of a given schedule. The effect of re-sequencing a given schedule is not yet enough realistic since the model does not apply inter arrival and departure separations. However, the model might show some effect on different sequences based on runway occupancy times. A further developed model containing wake turbulence separation conditions would be more sensitive for this case. Hence, further work will be directed towards: • The development of On-Line Re-Scheduling based on the available actual runway/taxiway configuration and weather conditions. • The Engineering Safety Assessment of some small Italian Airport A-SMGCSs (Model validation with real data). • The application of Stochastic Differential Equations systems in order to evaluate the collision risk on the ground inside the Place alone on the Petri Net, in the event of a Short Term Conflict Alert (STCA), by adopting Reich Collision Risk Model. • Optimal Air Traffic Control Algorithms Synthesis (Adaptive look-ahead Optimization), by Dynamically Timed Coloured Petri Nets, together with the implementation of Error-Recovery Strategies and Diagnosis Functions

The safety case and the lessons learned for the reliability and maintainability case

This paper examine the safety case and the lessons learned for the reliability and maintainability case

Applications of Bayesian networks and Petri nets in safety, reliability, and risk assessments: A review

YesSystem safety, reliability and risk analysis are important tasks that are performed throughout the system lifecycle to ensure the dependability of safety-critical systems. Probabilistic risk assessment (PRA) approaches are comprehensive, structured and logical methods widely used for this purpose. PRA approaches include, but not limited to, Fault Tree Analysis (FTA), Failure Mode and Effects Analysis (FMEA), and Event Tree Analysis (ETA). Growing complexity of modern systems and their capability of behaving dynamically make it challenging for classical PRA techniques to analyse such systems accurately. For a comprehensive and accurate analysis of complex systems, different characteristics such as functional dependencies among components, temporal behaviour of systems, multiple failure modes/states for components/systems, and uncertainty in system behaviour and failure data are needed to be considered. Unfortunately, classical approaches are not capable of accounting for these aspects. Bayesian networks (BNs) have gained popularity in risk assessment applications due to their flexible structure and capability of incorporating most of the above mentioned aspects during analysis. Furthermore, BNs have the ability to perform diagnostic analysis. Petri Nets are another formal graphical and mathematical tool capable of modelling and analysing dynamic behaviour of systems. They are also increasingly used for system safety, reliability and risk evaluation. This paper presents a review of the applications of Bayesian networks and Petri nets in system safety, reliability and risk assessments. The review highlights the potential usefulness of the BN and PN based approaches over other classical approaches, and relative strengths and weaknesses in different practical application scenarios.This work was funded by the DEIS H2020 project (Grant Agreement 732242)

Use of Petri Nets to Manage Civil Engineering Infrastructures

Over the last years there has been a shift, in the most developed countries, in investment and efforts within the construction sector. On the one hand, these countries have built infrastructures able to respond to current needs over the last decades, reducing the need for investments in new infrastructures now and in the near future. On the other hand, most of the infrastructures present clear signs of deterioration, making it fundamental to invest correctly in their recovery. The ageing of infrastructure together with the scarce budgets available for maintenance and rehabilitation are the main reasons for the development of decision support tools, as a mean to maximize the impact of investments. The objective of the present work is to develop a methodology for optimizing maintenance strategies, considering the available information on infrastructure degradation and the impact of maintenance in economic terms and loss of functionality, making possible the implementation of a management system transversal to different types of civil engineering infrastructures. The methodology used in the deterioration model is based on the concept of timed Petri nets. The maintenance model was built from the deterioration model, including the inspection, maintenance and renewal processes. The optimization of maintenance is performed through genetic algorithms. The deterioration and maintenance model was applied to components of two types of infrastructure: bridges (pre-stressed concrete decks and bearings) and buildings (ceramic claddings). The complete management system was used to analyse a section of a road network. All examples are based on Portuguese data

Entwicklung und Analyse eines Zug-zentrischen Entfernungsmesssystems mittels Colored Petri Nets

Based on the technology trends, the train control system should weaken the proportion of ground facilities, and give trains more individual initiative than in the past. As a result, the safety and flexibility of the train control system can be further improved. In this thesis, an enhanced movement authority system is proposed, which combines advantages of the train-centric communication with current movement authority mechanisms. To obtain the necessary train distance interval data, the onboard equipment and a new train-to-train distance measurement system (TTDMS) are applied as normal and backup strategies, respectively. While different location technologies have been used to collect data for trains, the development and validation of new systems remain challenges. In this thesis, formal approaches are presented for developing and verifying TTDMS. To assist the system development, the Colored Petri nets (CPNs) are used to formalize and evaluate the system structure and its behavior. Based on the CPN model, the system structure is validated. Additionally, a procedure is proposed to generate a Code Architecture from the formal model. The system performance is assessed in detection range and accuracy. Therefore both mathematical simulation and practical measurements validation are implemented. The results indicate that the system is feasible to carry out distance measurements both in metropolitan and railway lines, and the formal approaches are reusable to develop and verify other systems. As the target object, TTDMS is based on a spread-spectrum technology to accomplish distance measurement. The measurement is carried out by applying Time of Arrival (TOA) to calculate the distance between two trains, and requires no synchronized time source of transmission. It can calculate the time difference by using the autocorrelation of Pseudo Random Noise (PRN) code. Different from existing systems in air and maritime transport, this system does not require any other localization unit, except for communication architecture. To guarantee a system can operate as designed, it needs to be validated before its application. Only when system behaviors have been validated other relative performances' evaluations make sense. Based on the unambiguous definition of formal methods, TTDMS can be described much clearer by using formal methods instead of executable codes.Basierend auf technologischen Trends sollte das Zugbeeinflussungssystem den Anteil der Bodenanlagen reduzieren und den Zügen mehr Eigeninitiative geben als in der Vergangenheit, da so die funktionale Sicherheit und die Flexibilität des Zugbeeinflussungssystems erhöht werden können. In dieser Arbeit wird ein verbessertes System vorgeschlagen, das die Vorteile der zugbezogenen Kommunikation mit den aktuellen Fahrbefehlsmechanismen kombiniert. Um die notwendigen Daten des Zugabstandsintervalls zu erhalten, werden die Bordausrüstung und ein neues Zug-zu-Zug-Entfernungsmesssystem (TTDMS) als normale bzw. Backup-Strategien angewendet. Während verschiedene Ortungstechnolgien zur Zugdatenerfassung genutzt wurden, bleibt die Entwicklung und Validierung neuer Systeme eine Herausforderung. In dieser Arbeit werden formale Ansätze zur Entwicklung und Verifikation von TTDMS vorgestellt. Zur Unterstützung der Systementwicklung werden CPNs zur Formalisierung und Bewertung der Systemstruktur und ihres Verhaltens eingesetzt. Basierend auf dem CPN-Modell wird die Systemstruktur validiert. Zusätzlich wird eine Methode vorgeschlagen, mit der eine Code-Architektur aus dem formalen Modell generiert werden kann. Die Systemleistung wird im Erfassungsbereich und in der Genauigkeit beurteilt. Daher werden sowohl eine mathematische Simulation als auch eine praktische Validierung der Messungen implementiert. Die Ergebnisse zeigen, dass das System in der Lage ist, Entfernungsmessungen in Metro- und Eisenbahnlinien durchzuführen. Zudem sind die formalen Ansätze bei der Entwicklung und Verifikation anderer Systeme wiederverwendbar. Die Abstandsmessung mit TTDMS basiert auf einem Frequenzspreizungsverfahren. Die Messung wird durchgeführt, indem die Ankunftszeit angewendet wird, um den Abstand zwischen zwei Zügen zu berechnen. Dieses Verfahren erfordert keine Synchronisierung der Zeitquellen der Übertragung. Der Zeitunterschied kann damit berechnet werden, indem die Autokorrelation des Pseudo-Random-Noise-Codes verwendet wird. Im Unterschied zu Systemen im Luft- und Seeverkehr benötigt dieses System keine andere Lokalisierungseinheit als die Kommunikationsarchitektur. Um zu gewährleisten, dass ein System wie vorgesehen funktioniert, muss es validiert werden. Nur wenn das Systemverhalten validiert wurde, sind Bewertungen anderer relativer Leistungen sinnvoll. Aufgrund ihrer eindeutigen Definition kann das TTDMS mit formalen Methoden klarer beschrieben werden als mit ausführbaren Codes

Dynamic Fault Tree Analysis: State-of-the-Art in Modeling, Analysis, and Tools

YesSafety and reliability are two important aspects of dependability that are needed to be rigorously evaluated throughout the development life-cycle of a system. Over the years, several methodologies have been developed for the analysis of failure behavior of systems. Fault tree analysis (FTA) is one of the well-established and widely used methods for safety and reliability engineering of systems. Fault tree, in its classical static form, is inadequate for modeling dynamic interactions between components and is unable to include temporal and statistical dependencies in the model. Several attempts have been made to alleviate the aforementioned limitations of static fault trees (SFT). Dynamic fault trees (DFT) were introduced to enhance the modeling power of its static counterpart. In DFT, the expressiveness of fault tree was improved by introducing new dynamic gates. While the introduction of the dynamic gates helps to overcome many limitations of SFT and allows to analyze a wide range of complex systems, it brings some overhead with it. One such overhead is that the existing combinatorial approaches used for qualitative and quantitative analysis of SFTs are no longer applicable to DFTs. This leads to several successful attempts for developing new approaches for DFT analysis. The methodologies used so far for DFT analysis include, but not limited to, algebraic solution, Markov models, Petri Nets, Bayesian Networks, and Monte Carlo simulation. To illustrate the usefulness of modeling capability of DFTs, many benchmark studies have been performed in different industries. Moreover, software tools are developed to aid in the DFT analysis process. Firstly, in this chapter, we provided a brief description of the DFT methodology. Secondly, this chapter reviews a number of prominent DFT analysis techniques such as Markov chains, Petri Nets, Bayesian networks, algebraic approach; and provides insight into their working mechanism, applicability, strengths, and challenges. These reviewed techniques covered both qualitative and quantitative analysis of DFTs. Thirdly, we discussed the emerging trends in machine learning based approaches to DFT analysis. Fourthly, the research performed for sensitivity analysis in DFTs has been reviewed. Finally, we provided some potential future research directions for DFT-based safety and reliability analysis

Methodologies synthesis

This deliverable deals with the modelling and analysis of interdependencies between critical infrastructures, focussing attention on two interdependent infrastructures studied in the context of CRUTIAL: the electric power infrastructure and the information infrastructures supporting management, control and maintenance functionality. The main objectives are: 1) investigate the main challenges to be addressed for the analysis and modelling of interdependencies, 2) review the modelling methodologies and tools that can be used to address these challenges and support the evaluation of the impact of interdependencies on the dependability and resilience of the service delivered to the users, and 3) present the preliminary directions investigated so far by the CRUTIAL consortium for describing and modelling interdependencies

Dagstuhl News January - December 2000

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic