Modelling, reduction and analysis of Markov automata (extended version)

Markov automata (MA) constitute an expressive continuous-time compositional modelling formalism. They appear as semantic backbones for engineering frameworks including dynamic fault trees, Generalised Stochastic Petri Nets, and AADL. Their expressive power has thus far precluded them from effective analysis by probabilistic (and statistical) model checkers, stochastic game solvers, or analysis tools for Petri net-like formalisms. This paper presents the foundations and underlying algorithms for efficient MA modelling, reduction using static analysis, and most importantly, quantitative analysis. We also discuss implementation pragmatics of supporting tools and present several case studies demonstrating feasibility and usability of MA in practice

Analysis of Timed and Long-Run Objectives for Markov Automata

Markov automata (MAs) extend labelled transition systems with random delays and probabilistic branching. Action-labelled transitions are instantaneous and yield a distribution over states, whereas timed transitions impose a random delay governed by an exponential distribution. MAs are thus a nondeterministic variation of continuous-time Markov chains. MAs are compositional and are used to provide a semantics for engineering frameworks such as (dynamic) fault trees, (generalised) stochastic Petri nets, and the Architecture Analysis & Design Language (AADL). This paper considers the quantitative analysis of MAs. We consider three objectives: expected time, long-run average, and timed (interval) reachability. Expected time objectives focus on determining the minimal (or maximal) expected time to reach a set of states. Long-run objectives determine the fraction of time to be in a set of states when considering an infinite time horizon. Timed reachability objectives are about computing the probability to reach a set of states within a given time interval. This paper presents the foundations and details of the algorithms and their correctness proofs. We report on several case studies conducted using a prototypical tool implementation of the algorithms, driven by the MAPA modelling language for efficiently generating MAs.Comment: arXiv admin note: substantial text overlap with arXiv:1305.705

Extending Markov Automata with State and Action Rewards

This presentation introduces the Markov Reward Automaton (MRA), an extension of the Markov automaton that allows the modelling of systems incorporating rewards in addition to nondeterminism, discrete probabilistic choice and continuous stochastic timing. Our models support both rewards that are acquired instantaneously when taking certain transitions (action rewards) and rewards that are based on the duration that certain conditions hold (state rewards). In addition to introducing the MRA model, we extend the process-algebraic language MAPA to easily specify MRAs. Also, we provide algorithms for computing the expected reward until reaching one of a certain set of goal states, as well as the long-run average reward. We extended the MAMA tool chain (consisting of the tools SCOOP and IMCA) to implement the reward extension of MAPA and these algorithms

Time dependent analysis with dynamic counter measure trees

The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack. Formalisms such as Reliability block diagrams, Reliability graphs and Attack Countermeasure trees provide quantitative information about attack scenarios, but they are provably insufficient to model dependent actions which involve costs, skills, and time. In this presentation, we extend the Attack Countermeasure trees with a notion of time; inspired by the fact that there is a strong correlation between the amount of resources in which the attacker invests (in this case time) and probability that an attacker succeeds. This allows for an effective selection of countermeasures and rank them according to their resource consumption in terms of costs/skills of installing them and effectiveness in preventing an attack

Fault maintenance trees: reliability centered maintenance via statistical model checking

The current trend in infrastructural asset management is towards risk-based (a.k.a. reliability centered) maintenance, promising better performance at lower cost. By maintaining crucial components more intensively than less important ones, dependability increases while costs decrease.\ud \ud This requires good insight into the effect of maintenance on the dependability and associated costs. To gain these insights, we propose a novel framework that integrates fault tree analysis with maintenance. We support a wide range of maintenance procedures and dependability measures, including the system reliability, availability, mean time to failure, as well as the maintenance and failure costs over time, split into different cost components.\ud \ud Technically, our framework is realized via statistical model checking, a state-of-the-art tool for flexible modelling and simulation. Our compositional approach is flexible and extendible. We deploy our framework to two cases from industrial practice: insulated joints, and train compressors

Modelling and analysis of Markov reward automata (extended version)

Costs and rewards are important ingredients for cyberphysical systems, modelling critical aspects like energy consumption, task completion, repair costs, and memory usage. This paper introduces Markov reward automata, an extension of Markov automata that allows the modelling of systems incorporating rewards (or costs) in addition to nondeterminism, discrete probabilistic choice and continuous stochastic timing. Rewards come in two flavours: action rewards, acquired instantaneously when taking a transition; and state rewards, acquired while residing in a state. We present algorithms to optimise three reward functions: the expected accumulative reward until a goal is reached; the expected accumulative reward until a certain time bound; and the long-run average reward. We have implemented these algorithms in the SCOOP/IMCA tool chain and show their feasibility via several case studies

Smart railroad maintenance engineering with stochastic model checking

RAMS (reliability, availability, maintenance and safety) requirements are of utmost important for safety-critical systems like railroad infrastructure and signaling systems. Fault tree analysis (FTA) is a widely applied industry standard for RAMS analysis and is often one of the techniques preferred by railways organizations. FTA yields system availability and reliability, and can be used for critical path analysis. It can however not yet deal with a pressing aspect of railroad engineering: maintenance. While railroad infrastructure providers are focusing more and more on managing cost/performance ratios, RAMS can be considered as the performance specification, and maintenance the main cost driver. Methods facilitating the management of this ratio are still very uncommon. This paper presents a powerful, flexible and transparent technique to incorporate maintenance aspects in fault tree analysis, based on stochastic model checking. The analysis and comparison of different maintenance strategies (such as age-based, clockbased and condition-dependent maintenance) and their impact on reliability and availability metrics are thus enabled. Thus, the trade off between cost and RAMS performance is facilitated. To keep the underlying state space small, two aggressive state space reduction techniques are employed namely: compositional aggregation and smart semantics. The approach presented is illustrated using several existing, large fault tree models in a case study from Movares, a major RAMS consultancy firm in the Netherlands

DFTCalc: a tool for efficient fault tree analysis (extended version)

Effective risk management is a key to ensure that our nuclear power plants, medical equipment, and power grids are dependable; and is often required by law. Fault Tree Analysis (FTA) is a widely used methodology here, computing important dependability measures like system reliability. This paper presents DFTCalc, a powerful tool for FTA, providing (1) efficient fault tree modelling via compact representations; (2) effective analysis, allowing a wide range of dependability properties to be analysed (3) efficient analysis, via state-of-the-art stochastic techniques; and (4) a flexible and extensible framework, where gates can easily be changed or added. Technically, DFTCalc is realised via stochastic model checking, an innovative technique offering a wide plethora of pow- erful analysis techniques, including aggressive compression techniques to keep the underlying state space small

Reliable systems: fault tree analysis via Markov reward automata

Today's society is characterised by the ubiquitousness of hardware and software systems on which we rely on day in, day out. They reach from transportation systems like cars, trains and planes over medical devices at a hospital to nuclear power plants. Moreover, we can observe a trend of automation and data exchange in today's society and economy, including among others the integration of cyber-physical systems, internet of things, and cloud computing. All theses systems have one common denominator: they have to operate safe and reliable. But how can we trust that they operate safe and reliable? Model checking is a technique to check if a system fulfils a given requirement. To check if the requirements hold, a model of the system has to be created, while the requirements are stated in terms of some logic formula w.r.t. the model. Then, the model and formula are given to a model checker, which checks if the formula holds on the model. If this is the case the model checker provides a positive answer, otherwise a counterexample is provided. Note that model checking can be used to verify hardware as well as software systems and has been successfully applied to a wide range of different applications like aerospace systems, or biological systems. Reliability engineering is a well-established field with the purpose of developing methods and tools to ensure reliability, availability, maintainability and safety (RAMS) of complex systems, as well as to support engineers during the development, production, and maintenance to maintain these characteristics. However, with the advancements and ubiquitousness of new hardware and software systems in our daily life, also methods and tools for reliability engineering have to be adapted. This thesis contributes to the realm of model checking as well as reliability engineering. On the one hand we introduce a reward extension to Markov automata and present algorithms for different reward properties. On the other hand we extend fault trees with maintenance procedures. In the first half of the thesis, we introduce Markov reward automata (MRAs), supporting non-deterministic choices, discrete as well as continuous probability distributions and timed as well as instantaneous rewards. Moreover we introduce algorithms for reachability objectives for MRAs. In particular we define expected reward objectives for goal and time bounded rewards as well as for long-run average rewards. In the second half of the thesis we introduce fault maintenance trees (FMTs). They extend dynamic fault trees (DFTs) with corrective and preventive maintenance models. The advantage of FMTs is that the maintenance strategies are directly defined on the level of the fault tree. Therefore the effect of maintenance is directly translated into the analysis and enables us to take a step towards finding smarter maintenance procedures. In the end we introduce a tool-chain implementing our approach. Moreover we perform an industrial case study evaluating the capabilities of FMTs for modelling and analysing a realistic scenario. In particular we focus on a RAMS analysis for a railway trajectory in the Netherlands by investigating different corrective as well as preventive maintenance strategies

Time dependent analysis with dynamic counter measure trees

The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack. Formalisms such as Reliability block diagrams, Reliability graphs and Attack Countermeasure trees provide quantitative information about attack scenarios, but they are provably insufficient to model dependent actions which involve costs, skills, and time. In this presentation, we extend the Attack Countermeasure trees with a notion of time; inspired by the fact that there is a strong correlation between the amount of resources in which the attacker invests (in this case time) and probability that an attacker succeeds. This allows for an effective selection of countermeasures and rank them according to their resource consumption in terms of costs/skills of installing them and effectiveness in preventing an attack