Fault Tree Analysis: a survey of the state-of-the-art in modeling, analysis and tools

Fault tree analysis (FTA) is a very prominent method to analyze the risks related to safety and economically critical assets, like power plants, airplanes, data centers and web shops. FTA methods comprise of a wide variety of modelling and analysis techniques, supported by a wide range of software tools. This paper surveys over 150 papers on fault tree analysis, providing an in-depth overview of the state-of-the-art in FTA. Concretely, we review standard fault trees, as well as extensions such as dynamic FT, repairable FT, and extended FT. For these models, we review both qualitative analysis methods, like cut sets and common cause failures, and quantitative techniques, including a wide variety of stochastic methods to compute failure probabilities. Numerous examples illustrate the various approaches, and tables present a quick overview of results

Fault maintenance trees: reliability centered maintenance via statistical model checking

The current trend in infrastructural asset management is towards risk-based (a.k.a. reliability centered) maintenance, promising better performance at lower cost. By maintaining crucial components more intensively than less important ones, dependability increases while costs decrease.\ud \ud This requires good insight into the effect of maintenance on the dependability and associated costs. To gain these insights, we propose a novel framework that integrates fault tree analysis with maintenance. We support a wide range of maintenance procedures and dependability measures, including the system reliability, availability, mean time to failure, as well as the maintenance and failure costs over time, split into different cost components.\ud \ud Technically, our framework is realized via statistical model checking, a state-of-the-art tool for flexible modelling and simulation. Our compositional approach is flexible and extendible. We deploy our framework to two cases from industrial practice: insulated joints, and train compressors

Modelling and analysis of Markov reward automata (extended version)

Costs and rewards are important ingredients for cyberphysical systems, modelling critical aspects like energy consumption, task completion, repair costs, and memory usage. This paper introduces Markov reward automata, an extension of Markov automata that allows the modelling of systems incorporating rewards (or costs) in addition to nondeterminism, discrete probabilistic choice and continuous stochastic timing. Rewards come in two flavours: action rewards, acquired instantaneously when taking a transition; and state rewards, acquired while residing in a state. We present algorithms to optimise three reward functions: the expected accumulative reward until a goal is reached; the expected accumulative reward until a certain time bound; and the long-run average reward. We have implemented these algorithms in the SCOOP/IMCA tool chain and show their feasibility via several case studies

Better railway engineering through statistical model checking

Maintenance is essential to ensuring the dependability of a technical system. Periodic inspections, repairs, and renewals can prevent failures and extend a system’s lifespan. At the same time, maintenance incurs cost and planned downtime. It is therefore important to find a maintenance policy that balances cost and dependability.\ud \ud This paper presents a framework, fault maintenance trees (FMTs), integrating maintenance into the industry-standard formalism of fault trees. By translating FMTs to priced timed automata and applying statistical model checking, we can obtain system dependability metrics such as system reliability and mean time to failure, as well as costs of maintenance and failures over time, for different maintenance policies.\ud \ud Our framework is flexible and can be extended to include effects specific to the system being analysed. We demonstrate that our framework can be used in practice using two case studies from the railway industry: electrically insulated joints, and pneumatic compressors

Uniform analysis of fault trees through model transformations

As the critical systems we rely on every day, such as nuclear power plants and airplanes, become ever more complex, the need to rigorously verify the safety and dependability of these systems is becoming very clear. Furthermore, deliberate attacks have become a prominent cause of concern for safety and reliability. One of the most prominent techniques for analyzing such systems is fault tree analysis (FTA), and a whole forest of variants, extensions, and analysis tools have been developed. In the security field, FTA was the inspiration for attack trees, used to analyze systems for vulnerability to malicious attacks. These formalisms are rarely compatible, making it difficult to exploit their different strengths in analyzing the same system. The key contribution of this paper is a meta-model describing many varieties of fault and attack trees, and well as combined attack-fault trees. We provide translations to and from different formalisms, as well as our own analysis engine for combined models. We demonstrate this framework on three case studies

Reliability-Centered Maintenance of the Electrically Insulated Railway Joint via Fault Tree Analysis: A Practical Experience Report

Maintenance is an important way to increase system dependability: timely inspections, repairs and renewals can significantly increase a system’s reliability, availability and life time. At the same time, maintenance incurs costs and planned downtime. Thus, good maintenance planning has to balance between these factors.\ud \ud In this paper, we study the effect of different maintenance strategies on the electrically insulated railway joint (EI-joint), a critical asset in railroad tracks for train detection, and a relative frequent cause for train disruptions. Together with experts in maintenance engineering, we have modeled the EI-joint as a fault maintenance tree (FMT), i.e. a fault tree augmented with maintenance aspects. We show how complex maintenance concepts, such as condition-based maintenance with periodic inspections, are naturally modeled by FMTs, and how several key performance indicators, such as the system reliability, number of failures, and costs, can be analysed.\ud \ud The faithfulness of quantitative analyses heavily depend on the accuracy of the parameter values in the models. Here, we have been in the unique situation that extensive data could be collected, both from incident registration databases, as well as from interviews with domain experts from several companies. This made that we could construct a model that faithfully predicts the expected number of failures at system level.\ud \ud Our analysis shows that that the current maintenance policy is close to cost-optimal. It is possible to increase joint reliability, e.g. by performing more inspections, but the additional maintenance costs outweigh the reduced cost of failures