6.1 Dependability Modeling. General Rules. Analysis
|
|
- Dorcas Simon
- 5 years ago
- Views:
Transcription
1 Dependable Systems Winter term 2018/2019 Dependable Systems 6 th Chapter Quantitative Analysis - Structural Models Christine Jakobs Professur Betriebssysteme Dependability is an umbrella term for a set of non-functional demands Questions about the planned / existing system When will it fail? How often will it fail? Are there weak parts in my architecture? What happens in an error situation? Real systems are way to complex to answer these questions directly Creation of a model for reduction of information A model is always of something and for something WS 2018/19 C. Jakobs 2 / 57 osg.informatik.tu-chemnitz.de Analysis General Rules Inductive analysis Starting from a special case ( temperature-related bit flip in memory ) Goal is a general conclusion ( system reliability in 2 years is 0.87 ) Deductive analysis Starting from failure ( Airplane crashed, 200 people dead ) Backward reasoning about root causes ( frozen speed sensor? ) Qualitative analysis Investigate only structural properties, ignore model parameters Quantitative analysis Assign numerical values to model parameters, calculation of results Numerical representation of dependability Event probability for a given point in time Event probability for any given point in time Parameter(s) for the distribution function of the random event Components are either fully working or completely failed Events are typically pair-wisely stochastically independent one-fault-at-a-time assumption WS 2018/19 C. Jakobs 3 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 4 / 57 osg.informatik.tu-chemnitz.de
2 Structural and State-based Models Success Space and Failure Space [Vesely] Quantitative analysis with structural models Reflect functional dependencies of the real system Easiest approach: Every component failure is a system failure Realistic models represent potential error propagation chains Alternative: Quantitative analysis with state models Reflect state dependencies in the real system Easiest approach: There is one outage state reached on failure Realistic models consider multiple error states and degradation modes WS 2018/19 C. Jakobs 5 / 57 osg.informatik.tu-chemnitz.de Success Space and Failure Space [Vesely] (cont.) Structural and state models might be in failure or success space Failure space is more common Easier for engineers to agree on potential failures Example: Long delay in server roundtrip time Less unacceptable system states than normal states smaller model Failure models don t need to cover all system parts explicitly WS 2018/19 C. Jakobs 7 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 6 / 57 osg.informatik.tu-chemnitz.de Serial Case Help from probability theory: The probability of an event expressed as the intersection of independent events is the product of the probabilities of the independent events. Example: Chain of web server (a=0.9), application server (a=0.95) and database server (a=0.99) Benefit of replacing the database with an expensive model (a=0.999)? Benefit of replacing the web server with a new model (a=0.95)? WS 2018/19 C. Jakobs 8 / 57 osg.informatik.tu-chemnitz.de
3 Combination Parallel Case I Parallel case I Search engine, cluster node a=0.85 (around 2 months outage / year) I How many servers to reach 5 nines of site availability? AS = 1 Palldown φs = clb (cw S1 cw S2 ) (cdb1 cdb2 ) AS = 1 ((1 a1 ) (1 a2 )... (1 an )) n Y AS = 1 (1 ai ) Asite = alb AW Sset ADBset = alb [1 (1 aw S )nw S ] [1 (1 adb )ndb ] i=1 nmin = d ln(1 AS ) e ln(1 a) WS 2018/19 C. Jakobs 9 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 10 / 57 osg.informatik.tu-chemnitz.de Combination (cont.) Combination (cont.) I Online brokerage site to be designed choice of components needed I Site availability aimed at 99.99% I Setup: Load balancer, similar web server hardware, replicated database I Question: What is the least expensive configuration that reaches 99.99%? I Choice between low-end (a=0.85) and high-end (a=0.999) servers I Must also consider purchase and maintenance costs per setup WS 2018/19 C. Jakobs 11 / 57 Load Balancer Web Servers DB Servers osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 12 / 57 osg.informatik.tu-chemnitz.de
4 k-out-of-n Generalization of serial and parallel structure is the k-out-of-n case At least k components, out of N components, must work k=1: Parallel case k=n: Serial case R S (t, k, N, R c ) = N i=k ( ) N R c (t) i (1 R c (t)) N i i k-out-of-n (cont.) For different component reliabilities [Jakobs]: e i =event with index i, for i = 1... N n =the set of numbers from 1 to n, N N = 1, 2,..., n N j =the set of all combinations of N n with j elements, N j {I : I N n, I = j} R i (t) =probability of occurrence of the event e i, i N n R I (t) =event that all components with an index out of I failed, F I (t) i I F i (t) R(t, k, n) = n ( 1) i k i=k ( ) i 1 k 1 I N j R i (t) i I XOR WS 2018/19 C. Jakobs 13 / 57 osg.informatik.tu-chemnitz.de Exclusive OR states that only one input event may occur For two possible events: F (t) = F 1 (t) + F 2 (t) 2 (F 1 (t) F 2 (t)); for n = 2 For more than two possible events: WS 2018/19 C. Jakobs 14 / 57 osg.informatik.tu-chemnitz.de 6.2 Reliability Block Diagram (RBD) 6.2 Reliability Block Diagram (RBD) Model logical interaction for success-oriented analysis of system reliability Building blocks: series structure, parallel structure, k-out-of-n structure System is available only if there is a path between s and t Granularity based on data availability and lowest actionable item concept Structure formula can be obtained from RBD by identifying the subset of nodes that disconnects s from t if removed F (t) = n F n i(t) (1 F j (t)) i=1 j=1 j i WS 2018/19 C. Jakobs 15 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 16 / 57 osg.informatik.tu-chemnitz.de
5 6.2 Reliability Block Diagram (RBD) RBD: k-of-n for Nonidentical Components Example: 2-out-of-3 different hard drives must remain functional Different manufacturers with different device reliability A S = a 1 a 2 a 3 + (1 a 1 )a 2 a 3 + a 1 (1 a 2 )a 3 + a 1 a 2 (1 a 3 Complex RBDs 6.2 Reliability Block Diagram (RBD) Break down into serial and parallel sections not always obvious, for example: A or B or C must work If A works, D must work If B works, than D or E must work If C works, E must work Decomposition method: Identify key component B, calculate system reliability with R B = 1 and R B = 0 and combine both results (total probability) Event space method: System reliability is the probability of the union (=sum) of all mutually exclusive events (probabilities) that lead to system success Path Tracing method: Calculate probability of all possible paths through the RBD, combine for system survival probability WS 2018/19 C. Jakobs 17 / 57 osg.informatik.tu-chemnitz.de 6.2 Reliability Block Diagram (RBD) Complex RBDs (cont.) WS 2018/19 C. Jakobs 18 / 57 osg.informatik.tu-chemnitz.de Invented 1961 by H. Watson (Bell Telephone Laboratories): Analysis of the launch control system of the intercontinental Minuteman missile Used by Boeing since 1966, meanwhile adopted by different industries Root cause analysis, risk assessment, safety assessment Basic idea Technique for describing the possible ways in which an undesired system state can occur Complex system failures are broken down into basic events WS 2018/19 C. Jakobs 19 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 20 / 57 osg.informatik.tu-chemnitz.de
6 Fault Trees (cont.) Static Fault Trees Basic events (faults) can be associated with component hardware failures, human errors, software errors, or any other pertinent events Probability of a higher-level event can be calculated by lower level probabilities Graphical representation of structure formula, helps to identify fault classes Includes only faults that contribute to the top event In itself not a quantitative model, but can be evaluated as one Events and gates are not system components! A Fails A D Fails G1 B Fails B B OR C Fail G2 C Fails C WS 2018/19 C. Jakobs 21 / 57 osg.informatik.tu-chemnitz.de Static Fault Trees (cont.) WS 2018/19 C. Jakobs 22 / 57 osg.informatik.tu-chemnitz.de Fault Tree construction Define FTA Scope Identify FTA Objective Define FT Top Event Define FTA Resolution Construct FT Evaluate FT Interpret/ Present Results Define FTA Ground Rules Objective should be phrased in terms of a system failure to be analyzed Define scope (design version, components to be included), resolution (based on available probability data) and ground rules (naming scheme for events and gates) Focus on necessary and sufficient immediate events WS 2018/19 C. Jakobs 23 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 24 / 57 osg.informatik.tu-chemnitz.de
7 Fault Tree construction (cont.) Fault Tree construction (cont.) Step 1: Define the undesired event to be analyzed what, where, when Step 2: Define boundary conditions for the analysis Physical boundaries What constitutes the system? Environmental stress boundaries - What is included (earthquake, bombs,... )? Level of resolution - How detailed should be the analysis for potential reasons? Step 3: Identify and evaluate fault events Primary failures as basic event, secondary failures as intermediate event Step 4: Complete the gates All inputs should be completely defined before further analysis of them Complete fault tree level by level Common mistakes [Misra] Ambiguous TOP event: Too general TOP event makes FTA unmanageable, too specific TOP event cannot provide a sufficient system analysis with FTA Ignoring significant environment conditions: External stress might be relevant Inconsistent fault tree event names - Same name for same fault event or condition Inappropriate level of resolution: Detail level of the fault tree should match the detail level of the available information Proper and consistent naming is very important (what failed and how) Statistically independent initiators, immediate contributors to an event Logic can be tested in success domain by inverting all statements and gates Analyze no further down than is necessary to enter probability data with confidence WS 2018/19 C. Jakobs 25 / 57 osg.informatik.tu-chemnitz.de Example: AND Gate WS 2018/19 C. Jakobs 26 / 57 osg.informatik.tu-chemnitz.de Example: OR Gate WS 2018/19 C. Jakobs 27 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 28 / 57 osg.informatik.tu-chemnitz.de
8 Example: INHIBIT Gate / Conditioning Event Example [Jakobs] Server Failure Power Network CPU Failure Mainboard RAID 15 Supply Card Failure Failure Failure Failure λ= λ= Power Power CPU1 CPU2 CPU3 RAID HDD Failure Supply Supply λ= λ= λ= Controller Failure Failure Failure λ= λ= λ= k=2 HDD 1 HDD 2 HDD 3 HDD 4 HDD 5 HDD 6 λ= λ= λ= λ= λ= λ= WS 2018/19 C. Jakobs 29 / 57 osg.informatik.tu-chemnitz.de Example [Jakobs] (cont.) WS 2018/19 C. Jakobs 30 / 57 osg.informatik.tu-chemnitz.de Two kinds of evaluation Qualitative evaluation Identify event sets which cause failure Quantitative evaluation Determine failure probability Quantitative evaluation depends on qualitative evaluation WS 2018/19 C. Jakobs 31 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 32 / 57 osg.informatik.tu-chemnitz.de
9 Cut Sets Cut set: Any group of basic events which, if all occur at the same time, cause the TOP event Minimal cut set (mincut): Minimal combination of basic events that induce TOP,Minimal All basic events are needed to let the TOP event occur A long mincut shows low vulnerability, a short mincut shows high vulnerability A singleton cut set shows a single point (of) failure Path set: Set of basic events whose nonoccurence at the same time ensures that TOP does not occur Cut Sets (cont.) Analysze cut set for Weak points in the design Bypass of intended safety features Common cause problems Methods for cut set finding: Boolean reduction, bottom-up reduction, top-down reduction, mapping to binary decision diagram, Shannon decomposition, genetic algorithms,... WS 2018/19 C. Jakobs 33 / 57 osg.informatik.tu-chemnitz.de Method for Obtaining Cut Sets (MOCUS) [Rausand] WS 2018/19 C. Jakobs 34 / 57 osg.informatik.tu-chemnitz.de Boolean Reduction Example Start at the TOP event OR gate: Each input to the gate is written in separate rows AND gate: Each input to the gate is written in separate columns Iteratively replace gates in rows and columns Each resulting row forms a cut set B G3 C G1 A G4 C G2 A G4 B (A B) (C D) = (A C) (A D) (B C) (B D) A A = A A A = A A (A B) = A T OP =(B C A) (C A B) =(B C) (B A B) (C C) (C A B) (A C) (A A B) =(B C) (A B) C (C A B) (A C) (A B) =(B C) (A B) C (C A B) (A C) =A B C 2 resulting minimal cut sets (== all cut sets?) WS 2018/19 C. Jakobs 35 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 36 / 57 osg.informatik.tu-chemnitz.de
10 Qualitative Analysis Set of minimal cut sets describes all ways to cause the TOP event minimal failure set Set of minimal cut sets can also be determined for any intermediate event Can help with quantitative analysis Finding the dominant minimal cut set: Calculate the probability of each minimal cut set, sort by probability Identification of event importance: Calculate importance measure per event Event contribution to top event probability Decrease in top event probability if event would be removed Increase in top event probability if event was assured to occur Also known as sensitivity test Fixing Cut Sets AND gates can be protected by disallowing one of the inputs Exhaustive testing or formal proof to show that the component cannot fail Test for failure condition and recovery routine OR gates can be protected by disallowing all inputs or by providing error recovery Example Protect G3 by preventing failure of A4 Protect G2 by preventing failure of A3 preventing failure of both A1 and A2 providing fault tolerance for G4 WS 2018/19 C. Jakobs 37 / 57 osg.informatik.tu-chemnitz.de Dynamic Fault Trees (DFT) Failure criteria of a system might depend not only on logical combination of basic events in the same time frame sequence-dependent failure Dynamic fault tree gates support sequences and dynamic probability changes Dynamic sub parts of the fault tree are typically analyzed by Markov model Example Failure of switch only relevant if it happens before outage of primary server What is the probability of switch fails before primary? Make analysis in closed form impossible Omitted in this lecture WS 2018/19 C. Jakobs 39 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 38 / 57 osg.informatik.tu-chemnitz.de FTA Report WS 2018/19 C. Jakobs 40 / 57 osg.informatik.tu-chemnitz.de
11 FTA-based Decision Making RBD vs. FTA Use FTA to... understand the logic leading to the top event, especially in complex systems prioritize the contributors leading to the top event (typically 10% - 20%) proactively prevent the TOP event by applying targeted upgrades minimize and optimize resources identify what is unimportant assist the system design monitor the performance of the system by FTA re-evalutation, based on former defects and failures gain input data for FME(C)A WS 2018/19 C. Jakobs 41 / 57 osg.informatik.tu-chemnitz.de RBD vs. FTA (cont.) Convert fault tree to reliability block diagram Start from TOP event, replace gates successively Logical AND gate <-> parallel structure of the inputs of the gate Logical OR gate <-> serial structure of the inputs of the gate Elements in the fault tree: Failure events, blocks in the RBD: Functioning blocks Some FTA and RBD extensions are not convertible Example: Sequence-dependent gates in fault trees WS 2018/19 C. Jakobs 42 / 57 osg.informatik.tu-chemnitz.de Inductive analytical diagram in failure space, based on Boolean logic Developed during the WASH-1400 nuclear power plant safety study (1974) Fault trees became to large for proper analysis Condensation of system analysis into a manageable picture Make sure that the accident cases are sufficiently controlled Shows event sequences and accident progression in inductive analysis Popular approach in nuclear reactor safety engineering Starts with specific initiator (critical component failure) Companion to fault tree analysis, same stochastic foundation WS 2018/19 C. Jakobs 43 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 44 / 57 osg.informatik.tu-chemnitz.de
12 Event Tree Analysis Event Tree Analysis (cont.) Accident scenario: Series of events that result in an accident Initiating event: Technical failure / human error that starts an accident scenario May be identified by other risk analysis technique Often already identified and anticipated in the design phase Pivotal events: Intermediate events from the safety methods, to stop the accident Split to positive or negative progress, sometimes more than two outcomes Frequency of pivotal events in system parts can be obtained from fault tree analysis WS 2018/19 C. Jakobs 45 / 57 osg.informatik.tu-chemnitz.de Event Tree Analysis (cont.) WS 2018/19 C. Jakobs 46 / 57 osg.informatik.tu-chemnitz.de Event Tree Analysis (cont.) WS 2018/19 C. Jakobs 47 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 48 / 57 osg.informatik.tu-chemnitz.de
13 Event Tree Analysis (cont.) Possible event chains and the safety functions will be affected by hazard contribution factors Explosion or no explosion, time of the day, wind direction,... For a sequence of n events, there will be 2 n branches Possible to split the outcomes into categories, based on severity Outcome frequency, loss of lives, material damage, environmental damage Reliability assessment of a safety function comes from FTA or RBD analysis Missing Data Quantitative dependability analysis is very hard in real life Ever-increasing complexity of software and hardware Faster product cycles, significant time-to-market constraints Imprecise architectural details Final component choices happen very late No budget for in-depth analysis, just a,side activity Trustworthy reliability data is an uncertainty factor Common solution: Qualitative-only analysis (FMEA) WS 2018/19 C. Jakobs 49 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 50 / 57 osg.informatik.tu-chemnitz.de Configurability + Missing Data IT systems constantly become more complex More systems become an IT system IT systems tend to be very flexible What is the best-possible redundancy mode here? Use proven slow component, or the new faster version of it?... System configurability also becomes a major factor for modeling What to add, what to leave out? Cost / dependability tradeoff? Typical solution:,copy-and-paste modeling Ignorance - No option in safety-critical systems Reduction Increasing effort, while having decreasing budgets Demands new concepts for system understanding Explizit statement Make ambiguity and uncertainty explicit New concepts for describing systems WS 2018/19 C. Jakobs 51 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 52 / 57 osg.informatik.tu-chemnitz.de
14 Example: Structural ambiguity Example: Structural ambiguity (cont.) WS 2018/19 C. Jakobs 53 / 57 osg.informatik.tu-chemnitz.de Example: Parameter uncertainty WS 2018/19 C. Jakobs 54 / 57 osg.informatik.tu-chemnitz.de Example: Parameter uncertainty (cont.) WS 2018/19 C. Jakobs 55 / 57 osg.informatik.tu-chemnitz.de WS 2018/19 C. Jakobs 56 / 57 osg.informatik.tu-chemnitz.de
15 Literature [Eri99] [Eri+15] [JTW16] [Lap92] [RA04] [Ves+81] Clifton A Ericson. Fault tree analysis. In: System Safety Conference, Orlando, Florida. Vol , pp. 1 9 Clifton A Ericson et al. Hazard analysis techniques for system safety. John Wiley & Sons, 2015 Christine Jakobs, Peter Tröger, and Matthias Werner. Configurable Fault Trees. In: Software Engineering for Resilient Systems: 8th International Workshop, SERENE 2016, Gothenburg, Sweden, September 5-6, 2016, Proceedings. Ed. by Ivica Crnkovic and Elena Troubitsyna. Springer International Publishing, 2016, pp Jean-Claude Laprie. Dependability: Basic concepts and terminology. Springer, 1992 Marvin Rausand and HÃ Arnljot. System reliability theory: models, statistical methods, and applications. Vol John Wiley & Sons, 2004 William E Vesely et al. Fault tree handbook. Tech. rep. Nuclear Regulatory Commission Washington dc, 1981 WS 2018/19 C. Jakobs 57 / 57 osg.informatik.tu-chemnitz.de
Risk Analysis of Highly-integrated Systems
Risk Analysis of Highly-integrated Systems RA II: Methods (FTA, ETA) Fault Tree Analysis (FTA) Problem description It is not possible to analyse complicated, highly-reliable or novel systems as black box
More informationSafety and Reliability of Embedded Systems
(Sicherheit und Zuverlässigkeit eingebetteter Systeme) Fault Tree Analysis Mathematical Background and Algorithms Prof. Dr. Liggesmeyer, 0 Content Definitions of Terms Introduction to Combinatorics General
More informationB.H. Far
SENG 637 Dependability, Reliability & Testing of Software Systems Chapter 3: System Reliability Department of Electrical & Computer Engineering, University of Calgary B.H. Far (far@ucalgary.ca) http://www.enel.ucalgary.ca/people/far/lectures/seng637/
More information12 - The Tie Set Method
12 - The Tie Set Method Definitions: A tie set V is a set of components whose success results in system success, i.e. the presence of all components in any tie set connects the input to the output in the
More informationSafety analysis and standards Analyse de sécurité et normes Sicherheitsanalyse und Normen
Industrial Automation Automation Industrielle Industrielle Automation 9.6 Safety analysis and standards Analyse de sécurité et normes Sicherheitsanalyse und Normen Prof Dr. Hubert Kirrmann & Dr. B. Eschermann
More informationQuantitative Reliability Analysis
Quantitative Reliability Analysis Moosung Jae May 4, 2015 System Reliability Analysis System reliability analysis is conducted in terms of probabilities The probabilities of events can be modelled as logical
More informationModule No. # 03 Lecture No. # 11 Probabilistic risk analysis
Health, Safety and Environmental Management in Petroleum and offshore Engineering Prof. Dr. Srinivasan Chandrasekaran Department of Ocean Engineering Indian Institute of Technology, Madras Module No. #
More information9. Reliability theory
Material based on original slides by Tuomas Tirronen ELEC-C720 Modeling and analysis of communication networks Contents Introduction Structural system models Reliability of structures of independent repairable
More informationB.H. Far
SENG 521 Software Reliability & Software Quality Chapter 8: System Reliability Department of Electrical & Computer Engineering, University of Calgary B.H. Far (far@ucalgary.ca) http://www.enel.ucalgary.ca/people/far/lectures/seng521
More informationDependable Systems. ! Dependability Attributes. Dr. Peter Tröger. Sources:
Dependable Systems! Dependability Attributes Dr. Peter Tröger! Sources:! J.C. Laprie. Dependability: Basic Concepts and Terminology Eusgeld, Irene et al.: Dependability Metrics. 4909. Springer Publishing,
More informationReliability of Technical Systems
Reliability of Technical Systems Main Topics. Short Introduction, Reliability Parameters: Failure Rate, Failure Probability, etc. 2. Some Important Reliability Distributions 3. Component Reliability 4.
More informationCausal & Frequency Analysis
Causal & Frequency Analysis Arshad Ahmad arshad@utm.my Fishbone Diagram 2 The Cause and Effect (CE) Diagram (Ishikawa Fishbone) Created in 1943 by Professor Kaoru Ishikawa of Tokyo University Used to investigate
More informationChapter 5. System Reliability and Reliability Prediction.
Chapter 5. System Reliability and Reliability Prediction. Problems & Solutions. Problem 1. Estimate the individual part failure rate given a base failure rate of 0.0333 failure/hour, a quality factor of
More informationSafety and Reliability of Embedded Systems. (Sicherheit und Zuverlässigkeit eingebetteter Systeme) Fault Tree Analysis Obscurities and Open Issues
(Sicherheit und Zuverlässigkeit eingebetteter Systeme) Fault Tree Analysis Obscurities and Open Issues Content What are Events? Examples for Problematic Event Semantics Inhibit, Enabler / Conditioning
More informationThe Applications of Inductive Method in the Construction of Fault Trees MENG Qinghe 1,a, SUN Qin 2,b
The Applications of Inductive Method in the Construction of Fault Trees MENG Qinghe 1,a, SUN Qin 2,b 1 School of Aeronautics, Northwestern Polytechnical University, Xi an 710072, China 2 School of Aeronautics,
More informationCommon Cause Failure (CCF)
Common Cause Failure (CCF) 건국대학교컴퓨터공학과 UC Lab. 정혁준 & 박경식 amitajung@naver.com, kyeongsik@konkuk.ac.kr Contents Common Cause Failure (CCF) Types of CCF Examples Reducing CCF Common Cause Failure (CCF) Definition
More informationReliability Analysis of Electronic Systems using Markov Models
Reliability Analysis of Electronic Systems using Markov Models István Matijevics Polytechnical Engineering College, Subotica, Serbia and Montenegro, matistvan@yahoo.com Zoltán Jeges Polytechnical Engineering
More informationApplication of Common Cause Failure Methodology to Aviation Safety Assessment Model
Application of Common Cause Failure Methodology to Aviation Safety Assessment Model Seungwon Noh Systems Engineering and Operations Research George Mason University Fairfax, VA, USA snoh2@gmu.edu Abstract
More informationPROBABILISTIC AND POSSIBILISTIC FAULT TREE ANALYSIS
PROBABILISTIC AD POSSIBILISTIC FAULT TREE AALYSIS M. Ragheb 12/28/2017 ITRODUCTIO In the design of nuclear power plants, it is important to analyze the probable and possible mechanisms of failure. Fault
More informationDevelopment of Multi-Unit Dependency Evaluation Model Using Markov Process and Monte Carlo Method
Development of Multi-Unit Dependency Evaluation Model Using Markov Process and Monte Carlo Method Sunghyon Jang, and Akira Yamaguchi Department of Nuclear Engineering and Management, The University of
More informationUNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Fault Tolerant Computing ECE 655
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Fault Tolerant Computing ECE 655 Part 1 Introduction C. M. Krishna Fall 2006 ECE655/Krishna Part.1.1 Prerequisites Basic courses in
More informationEvaluating the Core Damage Frequency of a TRIGA Research Reactor Using Risk Assessment Tool Software
Evaluating the Core Damage Frequency of a TRIGA Research Reactor Using Risk Assessment Tool Software M. Nematollahi and Sh. Kamyab Abstract After all preventive and mitigative measures considered in the
More informationChapter 6. a. Open Circuit. Only if both resistors fail open-circuit, i.e. they are in parallel.
Chapter 6 1. a. Section 6.1. b. Section 6.3, see also Section 6.2. c. Predictions based on most published sources of reliability data tend to underestimate the reliability that is achievable, given that
More informationReliability of Technical Systems
Reliability of Technical Systems Main Topics 1. Short Introduction, Reliability Parameters: Failure Rate, Failure Probability, etc. 2. Some Important Reliability Distributions 3. Component Reliability
More informationA New Reliability Allocation Method Based on FTA and AHP for Nuclear Power Plant!
A New Reliability Allocation Method Based on FTA and AHP for Nuclear Power Plant! Presented by Rongxiang Hu Contributed by FDS Team Institute of Nuclear Energy Safety Technology (INEST) Chinese Academy
More informationReliability of Technical Systems
Main Topics 1. Introduction, Key Terms, Framing the Problem 2. Reliability Parameters: Failure Rate, Failure Probability, etc. 3. Some Important Reliability Distributions 4. Component Reliability 5. Software
More informationRisk Analysis for Assessment of Vegetation Impact on Outages in Electric Power Systems. T. DOKIC, P.-C. CHEN, M. KEZUNOVIC Texas A&M University USA
21, rue d Artois, F-75008 PARIS CIGRE US National Committee http : //www.cigre.org 2016 Grid of the Future Symposium Risk Analysis for Assessment of Vegetation Impact on Outages in Electric Power Systems
More informationChapter 8. Calculation of PFD using FTA
Chapter 8. Calculation of PFD using FTA Mary Ann Lundteigen Marvin Rausand RAMS Group Department of Mechanical and Industrial Engineering NTNU (Version 0.1) Lundteigen& Rausand Chapter 8.Calculation of
More informationAvailability and Reliability Analysis for Dependent System with Load-Sharing and Degradation Facility
International Journal of Systems Science and Applied Mathematics 2018; 3(1): 10-15 http://www.sciencepublishinggroup.com/j/ijssam doi: 10.11648/j.ijssam.20180301.12 ISSN: 2575-5838 (Print); ISSN: 2575-5803
More informationDVClub Europe Formal fault analysis for ISO fault metrics on real world designs. Jörg Große Product Manager Functional Safety November 2016
DVClub Europe Formal fault analysis for ISO 26262 fault metrics on real world designs Jörg Große Product Manager Functional Safety November 2016 Page 1 11/27/2016 Introduction Functional Safety The objective
More informationBuilding a Computer Adder
Logic Gates are used to translate Boolean logic into circuits. In the abstract it is clear that we can build AND gates that perform the AND function and OR gates that perform the OR function and so on.
More informationTerminology and Concepts
Terminology and Concepts Prof. Naga Kandasamy 1 Goals of Fault Tolerance Dependability is an umbrella term encompassing the concepts of reliability, availability, performability, safety, and testability.
More informationR E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.
R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. 5 S O F T W A R E E N G I N E E R I N G B Y S O M M E R V I L L E S E
More informationof an algorithm for automated cause-consequence diagram construction.
Loughborough University Institutional Repository Development of an algorithm for automated cause-consequence diagram construction. This item was submitted to Loughborough University's Institutional Repository
More information1. Wind turbines are designed to operate within specified design criteria. Often the operating environment extends beyond these limits and causes
1 2 1. Wind turbines are designed to operate within specified design criteria. Often the operating environment extends beyond these limits and causes outages. How these outages are classified can be challenging
More informationReliability Engineering I
Happiness is taking the reliability final exam. Reliability Engineering I ENM/MSC 565 Review for the Final Exam Vital Statistics What R&M concepts covered in the course When Monday April 29 from 4:30 6:00
More informationLecture 5 Probability
Lecture 5 Probability Dr. V.G. Snell Nuclear Reactor Safety Course McMaster University vgs 1 Probability Basic Ideas P(A)/probability of event A 'lim n64 ( x n ) (1) (Axiom #1) 0 # P(A) #1 (1) (Axiom #2):
More informationReliability of Safety-Critical Systems Chapter 8. Probability of Failure on Demand using fault trees
Reliability of Safety-Critical Systems Chapter 8. Probability of Failure on Demand using fault trees Mary Ann Lundteigen and Marvin Rausand mary.a.lundteigen@ntnu.no &marvin.rausand@ntnu.no RAMS Group
More informationComputer Science 324 Computer Architecture Mount Holyoke College Fall Topic Notes: Digital Logic
Computer Science 324 Computer Architecture Mount Holyoke College Fall 2007 Topic Notes: Digital Logic Our goal for the next few weeks is to paint a a reasonably complete picture of how we can go from transistor
More informationSection 5. TADS Data Reporting Instruction Manual DRAFT Section 5 and Associated Appendices With Proposed Event Type Numbers
Section 5 TADS Data Reporting Instruction Manual DRAFT Section 5 and Associated Appendices With Proposed Event Type Numbers Rev. 5/10/2010 1 Section 5 Form for Event ID and Event Type Number Data TO s
More informationAdvanced Testing. EE5375 ADD II Prof. MacDonald
Advanced Testing EE5375 ADD II Prof. MacDonald Functional Testing l Original testing method l Run chip from reset l Tester emulates the outside world l Chip runs functionally with internally generated
More informationBasic notions of probability theory
Basic notions of probability theory Contents o Boolean Logic o Definitions of probability o Probability laws Objectives of This Lecture What do we intend for probability in the context of RAM and risk
More informationNEC PerforCache. Influence on M-Series Disk Array Behavior and Performance. Version 1.0
NEC PerforCache Influence on M-Series Disk Array Behavior and Performance. Version 1.0 Preface This document describes L2 (Level 2) Cache Technology which is a feature of NEC M-Series Disk Array implemented
More informationFrontiers of Risk and Reliability Engineering Research
Frontiers of Risk and Reliability Engineering Research Mohammad Modarres Department of Mechanical Engineering Kececioglu Lecture April 14, 2016 Department of Aerospace and Mechanical Engineering University
More informationChapter Finding parse trees
Chapter 16 NP Some tasks definitely require exponential time. That is, we can not only display an exponential-time algorithm, but we can also prove that the problem cannot be solved in anything less than
More informationEECS 579: Logic and Fault Simulation. Simulation
EECS 579: Logic and Fault Simulation Simulation: Use of computer software models to verify correctness Fault Simulation: Use of simulation for fault analysis and ATPG Circuit description Input data for
More informationRISK-INFORMED OPERATIONAL DECISION MANAGEMENT (RIODM): RISK, EVENT TREES AND FAULT TREES
22.38 PROBABILITY AND ITS APPLICATIONS TO RELIABILITY, QUALITY CONTROL AND RISK ASSESSMENT Fall 2005, Lecture 1 RISK-INFORMED OPERATIONAL DECISION MANAGEMENT (RIODM): RISK, EVENT TREES AND FAULT TREES
More informationLatches. October 13, 2003 Latches 1
Latches The second part of CS231 focuses on sequential circuits, where we add memory to the hardware that we ve already seen. Our schedule will be very similar to before: We first show how primitive memory
More informationAssessing system reliability through binary decision diagrams using bayesian techniques.
Loughborough University Institutional Repository Assessing system reliability through binary decision diagrams using bayesian techniques. This item was submitted to Loughborough University's Institutional
More informationChapter 18 Section 8.5 Fault Trees Analysis (FTA) Don t get caught out on a limb of your fault tree.
Chapter 18 Section 8.5 Fault Trees Analysis (FTA) Don t get caught out on a limb of your fault tree. C. Ebeling, Intro to Reliability & Maintainability Engineering, 2 nd ed. Waveland Press, Inc. Copyright
More informationOverview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?
Computer Engineering and Networks Overview Discrete Event Systems Verification of Finite Automata Lothar Thiele Introduction Binary Decision Diagrams Representation of Boolean Functions Comparing two circuits
More informationELE 491 Senior Design Project Proposal
ELE 491 Senior Design Project Proposal These slides are loosely based on the book Design for Electrical and Computer Engineers by Ford and Coulston. I have used the sources referenced in the book freely
More informationReliability of Technical Systems
Reliability of Technical Systems Main Topics 1. Short Introduction, Reliability Parameters: Failure Rate, Failure Probability, etc. 2. Some Important Reliability Distributions 3. Component Reliability
More informationA BAYESIAN SOLUTION TO INCOMPLETENESS
A BAYESIAN SOLUTION TO INCOMPLETENESS IN PROBABILISTIC RISK ASSESSMENT 14th International Probabilistic Safety Assessment & Management Conference PSAM-14 September 17-21, 2018 Los Angeles, United States
More informationChapter Finding parse trees
Chapter 16 NP Some tasks definitely require exponential time. That is, we can not only display an exponential-time algorithm, but we can also prove that the problem cannot be solved in anything less than
More informationSoSe 2018 M. Werner 2 / 29 osg.informatik.tu-chemnitz.de
Real-Time Systems Summer term 2018 Real-Time Systems 2 nd Chapter Requirements Prof. Matthias Werner For a system to be designed, a specification has to be provided Specifications (and the resulting system)
More informationLecture 5 Fault Modeling
Lecture 5 Fault Modeling Why model faults? Some real defects in VLSI and PCB Common fault models Stuck-at faults Single stuck-at faults Fault equivalence Fault dominance and checkpoint theorem Classes
More informationECE 1767 University of Toronto
Applications Why Two Fault Simulators Never Agree General Techniques Parallel Pattern Simulation Inactive Fault Removal Critical Path Tracing Fault Sampling Statistical Fault Analysis ECE 767 Fault grading
More informationTime Dependent Analysis with Common Cause Failure Events in RiskSpectrum
Time Dependent Analysis with Common Cause Failure Events in RiskSpectrum Pavel Krcal a,b and Ola Bäckström a a Lloyd's Register Consulting, Stockholm, Sweden b Uppsala University, Uppsala, Sweden Abstract:
More informationIntegration and Higher Level Testing
Integration and Higher Level Testing Software Testing and Verification Lecture 11 Prepared by Stephen M. Thebaut, Ph.D. University of Florida Context Higher-level testing begins with the integration of
More informationC.K. Ken Yang UCLA Courtesy of MAH EE 215B
Decoders: Logical Effort Applied C.K. Ken Yang UCLA yang@ee.ucla.edu Courtesy of MAH 1 Overview Reading Rabaey 6.2.2 (Ratio-ed logic) W&H 6.2.2 Overview We have now gone through the basics of decoders,
More informationFault-Tolerant Computer System Design ECE 60872/CS 590. Topic 2: Discrete Distributions
Fault-Tolerant Computer System Design ECE 60872/CS 590 Topic 2: Discrete Distributions Saurabh Bagchi ECE/CS Purdue University Outline Basic probability Conditional probability Independence of events Series-parallel
More informationFor smaller NRE cost For faster time to market For smaller high-volume manufacturing cost For higher performance
University of California at Berkeley College of Engineering Department of Electrical Engineering and Computer Sciences EECS5 J. Wawrzynek Spring 22 2/22/2. [2 pts] Short Answers. Midterm Exam I a) [2 pts]
More informationReliability Analysis of Hydraulic Steering System with DICLFL Considering Shutdown Correlation Based on GO Methodology
2015 ICRSE&PHM-Beijing Reliability Analysis of Hydraulic Steering System with DICLFL Considering Shutdown Correlation Based on GO Methodology YI Xiaojian, SHI Jian, MU Huina, DONG Haiping, GUO Shaowei
More information1 Algebraic Methods. 1.1 Gröbner Bases Applied to SAT
1 Algebraic Methods In an algebraic system Boolean constraints are expressed as a system of algebraic equations or inequalities which has a solution if and only if the constraints are satisfiable. Equations
More informationChapter 1 (Basic Probability)
Chapter 1 (Basic Probability) What is probability? Consider the following experiments: 1. Count the number of arrival requests to a web server in a day. 2. Determine the execution time of a program. 3.
More informationDependable Computer Systems
Dependable Computer Systems Part 3: Fault-Tolerance and Modelling Contents Reliability: Basic Mathematical Model Example Failure Rate Functions Probabilistic Structural-Based Modeling: Part 1 Maintenance
More informationOutline Fault Simulation
K.T. Tim Cheng, 4_fault_sim, v. Outline Fault Simulation Applications of fault simulation Fault coverage vs product quality Fault simulation scenarios Fault simulation algorithms Fault sampling K.T. Tim
More informationCommon Cause Failures: Extended Alpha Factor method and its Implementation
Common Cause Failures: Extended Alpha Factor method and its Implementation Alexandra Sitdikova Reactor Engineering Division, Jožef Stefan Institute Jamova 39, SI-1000 Ljubljana, Slovenia Institute of Physics
More informationReliability of sequential systems using the causeconsequence diagram method
Loughborough University Institutional Repository Reliability of sequential systems using the causeconsequence diagram method This item was submitted to Loughborough University's Institutional Repository
More informationFault Modeling. 李昆忠 Kuen-Jong Lee. Dept. of Electrical Engineering National Cheng-Kung University Tainan, Taiwan. VLSI Testing Class
Fault Modeling 李昆忠 Kuen-Jong Lee Dept. of Electrical Engineering National Cheng-Kung University Tainan, Taiwan Class Fault Modeling Some Definitions Why Modeling Faults Various Fault Models Fault Detection
More information1.10 (a) Function of AND, OR, NOT, NAND & NOR Logic gates and their input/output.
Chapter 1.10 Logic Gates 1.10 (a) Function of AND, OR, NOT, NAND & NOR Logic gates and their input/output. Microprocessors are the central hardware that runs computers. There are several components that
More informationPSA Quantification. Analysis of Results. Workshop Information IAEA Workshop
IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making PSA Quantification. Analysis of Results Lecturer Lesson Lesson IV IV 3_7.3 3_7.3 Workshop Information IAEA Workshop City, XX
More informationRELIABILITY ANALYSIS OF PISTON MANUFACTURING SYSTEM
Journal of Reliability and Statistical Studies; ISSN (Print): 0974-8024, (Online):2229-5666 Vol. 4, Issue 2 (2011): 43-55 RELIABILITY ANALYSIS OF PISTON MANUFACTURING SYSTEM Amit Kumar and Sneh Lata School
More informationLecture 4. Adders. Computer Systems Laboratory Stanford University
Lecture 4 Adders Computer Systems Laboratory Stanford University horowitz@stanford.edu Copyright 2006 Mark Horowitz Some figures from High-Performance Microprocessor Design IEEE 1 Overview Readings Today
More informationBEST ESTIMATE PLUS UNCERTAINTY SAFETY STUDIES AT THE CONCEPTUAL DESIGN PHASE OF THE ASTRID DEMONSTRATOR
BEST ESTIMATE PLUS UNCERTAINTY SAFETY STUDIES AT THE CONCEPTUAL DESIGN PHASE OF THE ASTRID DEMONSTRATOR M. Marquès CEA, DEN, DER F-13108, Saint-Paul-lez-Durance, France Advanced simulation in support to
More informationField data reliability analysis of highly reliable item
Field data reliability analysis of highly reliable item David Vališ & Zdeněk Vintr Faculty of Military Technologies University of Defence 612 00 Brno Czech Republic david.valis@unob.cz Miroslav Koucký
More information2.6 Complexity Theory for Map-Reduce. Star Joins 2.6. COMPLEXITY THEORY FOR MAP-REDUCE 51
2.6. COMPLEXITY THEORY FOR MAP-REDUCE 51 Star Joins A common structure for data mining of commercial data is the star join. For example, a chain store like Walmart keeps a fact table whose tuples each
More informationProbability Year 9. Terminology
Probability Year 9 Terminology Probability measures the chance something happens. Formally, we say it measures how likely is the outcome of an event. We write P(result) as a shorthand. An event is some
More informationThe Failure-tree Analysis Based on Imprecise Probability and its Application on Tunnel Project
463 A publication of CHEMICAL ENGINEERING TRANSACTIONS VOL. 59, 2017 Guest Editors: Zhuo Yang, Junjie Ba, Jing Pan Copyright 2017, AIDIC Servizi S.r.l. ISBN 978-88-95608-49-5; ISSN 2283-9216 The Italian
More informationIncompatibility Paradoxes
Chapter 22 Incompatibility Paradoxes 22.1 Simultaneous Values There is never any difficulty in supposing that a classical mechanical system possesses, at a particular instant of time, precise values of
More informationTechnology Mapping for Reliability Enhancement in Logic Synthesis
Technology Mapping for Reliability Enhancement in Logic Synthesis Zhaojun Wo and Israel Koren Department of Electrical and Computer Engineering University of Massachusetts,Amherst,MA 01003 E-mail: {zwo,koren}@ecs.umass.edu
More informationReliability and Quality Mathematics
Reliability and Quality Mathematics. Introduction Since mathematics has played a pivotal role in the development of quality and reliability fields, it is essential to have a clear understanding of the
More informationPractical Applications of Reliability Theory
Practical Applications of Reliability Theory George Dodson Spallation Neutron Source Managed by UT-Battelle Topics Reliability Terms and Definitions Reliability Modeling as a tool for evaluating system
More informationEECS150 - Digital Design Lecture 26 Faults and Error Correction. Recap
EECS150 - Digital Design Lecture 26 Faults and Error Correction Nov. 26, 2013 Prof. Ronald Fearing Electrical Engineering and Computer Sciences University of California, Berkeley (slides courtesy of Prof.
More informationCSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2018
CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis Ruth Anderson Winter 2018 Today Algorithm Analysis What do we care about? How to compare two algorithms Analyzing Code Asymptotic Analysis
More informationDepartment of Electrical and Computer Engineering University of Wisconsin Madison. Fall Final Examination
Department of Electrical and Computer Engineering University of Wisconsin Madison ECE 553: Testing and Testable Design of Digital Systems Fall 2013-2014 Final Examination CLOSED BOOK Kewal K. Saluja Date:
More informationCSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2018
CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis Ruth Anderson Winter 2018 Today Algorithm Analysis What do we care about? How to compare two algorithms Analyzing Code Asymptotic Analysis
More informationMath 381 Midterm Practice Problem Solutions
Math 381 Midterm Practice Problem Solutions Notes: -Many of the exercises below are adapted from Operations Research: Applications and Algorithms by Winston. -I have included a list of topics covered on
More informationQuantum Computing Approach to V&V of Complex Systems Overview
Quantum Computing Approach to V&V of Complex Systems Overview Summary of Quantum Enabled V&V Technology June, 04 Todd Belote Chris Elliott Flight Controls / VMS Integration Discussion Layout I. Quantum
More informationFault Tolerance. Dealing with Faults
Fault Tolerance Real-time computing systems must be fault-tolerant: they must be able to continue operating despite the failure of a limited subset of their hardware or software. They must also allow graceful
More informationNUCLEAR SAFETY AND RELIABILITY WEEK 3
Nuclear Safety and Reliability Dan Meneley Page 1 of 10 NUCLEAR SAFETY AND RELIABILITY WEEK 3 TABLE OF CONTENTS - WEEK 1 1. Introduction to Risk Analysis...1 Conditional Probability Matrices for Each Step
More informationCSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2019
CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis Ruth Anderson Winter 2019 Today Algorithm Analysis What do we care about? How to compare two algorithms Analyzing Code Asymptotic Analysis
More informationModeling Common Cause Failures in Diverse Components with Fault Tree Applications
Modeling Common Cause Failures in Diverse s with Fault Tree Applications Joseph R. Belland, Isograph Inc. Key Words: Common Cause Failures, Fault Trees, Beta Factor SUMMARY & CONCLUSIONS A common cause
More informationDesign for Testability
Design for Testability Outline Ad Hoc Design for Testability Techniques Method of test points Multiplexing and demultiplexing of test points Time sharing of I/O for normal working and testing modes Partitioning
More informationLet s now begin to formalize our analysis of sequential machines Powerful methods for designing machines for System control Pattern recognition Etc.
Finite State Machines Introduction Let s now begin to formalize our analysis of sequential machines Powerful methods for designing machines for System control Pattern recognition Etc. Such devices form
More informationMore on Input Distributions
More on Input Distributions Importance of Using the Correct Distribution Replacing a distribution with its mean Arrivals Waiting line Processing order System Service mean interarrival time = 1 minute mean
More informationEvaluation and Validation
Evaluation and Validation Peter Marwedel TU Dortmund, Informatik 12 Germany Graphics: Alexandra Nolte, Gesine Marwedel, 2003 2011 06 18 These slides use Microsoft clip arts. Microsoft copyright restrictions
More informationEECS150 - Digital Design Lecture 26 - Faults and Error Correction. Types of Faults in Digital Designs
EECS150 - Digital Design Lecture 26 - Faults and Error Correction April 25, 2013 John Wawrzynek 1 Types of Faults in Digital Designs Design Bugs (function, timing, power draw) detected and corrected at
More informationNetwork analysis. A project is a temporary endeavor undertaken to create a "unique" product or service
Network analysis Introduction Network analysis is the general name given to certain specific techniques which can be used for the planning, management and control of projects. One definition of a project
More information