Kazuo Yanoo

Automatic Synthesis of Static Fault Trees from System Models

Fault tree analysis (FTA) is a traditional reliability analysis technique. In practice, the manual development of fault trees could be costly and error-prone, especially in the case of fault tolerant systems due to the inherent complexities such as various dependencies and interactions among components. Some dynamic fault tree gates, such as Functional Dependency (FDEP) and Priority AND (PAND), are proposed to model the functional and sequential dependencies, respectively. Unfortunately, the potential semantic troubles and limitations of these gates have not been well studied before. In this paper, we describe a framework to automatically generate static fault trees from system models specified with SysML. A reliability configuration model (RCM) and a static fault tree model (SFTM) are proposed to embed system configuration information needed for reliability analysis and error mechanism for fault tree generation, respectively. In the SFTM, the static representations of functional and sequential dependencies with standard Boolean AND and OR gates are proposed, which can avoid the problems of the dynamic FDEP and PAND gates and can reduce the cost of analysis based on a combinatorial model. A fault-tolerant parallel processor (FTTP) example is used to demonstrate our approach.

A Static Analysis of Dynamic Fault Trees with Priority-AND Gates

A PAND gate is a special AND gate of Dynamic Fault Trees (DFTs) where the input events must occur in a specific order for the occurrence of its output event. We present a transformation from a PAND gate to an AND gate with some dependent conditioning events, called CAND gate, provided that the dynamic behavior of the system can be modeled by a (semi-)Markov process. With the transformation, a DFT with only static Boolean logic gates and PAND gates can be transformed into a static fault tree, which opens up the way to employ efficient combinatorial analysis for the DFT. In addition, the PAND gate cannot model the priority relations between the events whose occurrences are not necessary for the output event. The inability has not been addressed before and it can be overcome by the proposed CAND gate.

Evaluation of IT systems considering characteristics as system of systems

It is important for IT system integration (SI) to evaluate non-functional requirements (NFR) in design phase. However, since IT systems show system of systems (SoS) characteristics, the evaluation is a difficult work. An IT system consisting of independently developed systems has to be evaluated comprehensively as a whole system. Moreover, the details of some systems are often unknown, i.e., black box. Model-based systems engineering is a promising approach for the evaluation in design phase. This paper describes our in-house tool named CASSI (Computer Aided System model-based System Integration environment). CASSI consists of a repository of “system models” as elements to model an SoS, and tools to evaluate NFR of the SoS. CASSI includes two aspects; modeling as detailed as possible for precise evaluation and including black box as necessary. This paper represents the results and effectiveness of applying CASSI to SI.

Automatic Static Fault Tree Analysis from System Models

The manual development of system reliability models such as fault trees could be costly and error prone in practice. In this paper, we focus on the problems of some traditional dynamic fault trees and present our static solutions to represent dynamic relations such as functional and sequential dependencies. The implementation of a tool for the automatic synthesis of our static fault trees from SysML system models is introduced.

Formal static fault tree analysis

Fault tree analysis (FTA) is a traditional informal reliability and safety analysis technique. FTA is basically a combinational model in which standard Boolean logic constructs, such as AND and OR gates, are used to decompose the fault events. Several dynamic constructs, such as Functional Dependency (FDEP) and Priority AND (PAND) gates, are also proposed to handle dynamic behaviors of system failure mechanisms. In this article, we focus on some paradoxes and constraints of the traditional FDEP and PAND gates, and present our static solutions to these dynamic gates. The proposed static fault tree model is formalized with Maude, an executable algebraic formal specification language. Two example fault tolerant parallel processor (FTPP) configurations are used to demonstrate our static fault tree model.

Template-based, format-extensible authoring for BS digital data broadcast service

This paper describes the outline of a template-based authoring system for BS digital data broadcast service starting from December 2000 in Japan. The system is designed to compose multimedia documents in BML (Broadcast Markup Language) format. BML is an XML based data specification language adopted as Japanese standard for the service. The authoring system provides template functions to combine XML data sources with BML style templates. Also it provides data-binding rules with the templates to generate BML instances automatically. The templates and the rules are extensible so that they can generate multi-format contents written in BML and HTML for cross-media services.

Efficient Analysis of Fault Trees with Voting Gates

The voting gate, or k-out-of-n (k/n) gate, is a standard logic gate used in fault trees modelling fault-tolerant systems. It is traditionally expanded into a combination of AND and OR gates, and this expansion may result in combinatorial explosion problem in the calculation of minimal cut sets (MCSs) of the fault tree for even a not very big n, especially when the voting gate inputs are intermediate rather than basic events. In this paper we propose a set of reduction rules to simplify the voting gates without direct expanding, and also propose a concept of minimal cut vote (MCV) denoting a k/n gate whose inputs are all basic events and whose k-combinations are all MCSs of the fault tree. With the proposed reduction rules and MCV concept, the MCSs of fault trees can be evaluated and weeded more efficiently and the result can be represented in a more compact form. The results of experiments on practical fault trees with voting gates show that our method not only outperforms conventional MCS evaluation methods by several orders of magnitude but also provides performance comparably to that provided by binary decision tree (BDD) based algorithms.

Combinatorial Analysis of Dynamic Fault Trees with Priority-AND Gates

This paper focuses on a sub-class of Dynamic Fault Trees (DFTs), called Priority Fault Trees (PFTs), containing only static Boolean logic gates and Priority-AND (PAND) gates. We present a transformation from a PAND gate to an AND gate with some dependent conditioning events, called CAND gate, provided that the dynamic behavior of the system can be modeled by a (semi-)Markov process. With the CAND transformation, the qualitative analysis of a PFT can be reduced from a permutation problem into a combinatorial problem without resorting to the concept of minimal cut sequence. In addition, we discover that the PAND gate cannot model the priority relations between the events whose occurrences are not necessary for the output event. The inability of the PAND gate can be overcome by the proposed CAND gate.

A model-based method for security configuration verification

Various kinds of access control mechanisms have been employed in todays computer systems to protect confidential information. Since high expertise is required for the system configuration maintenance, detecting vulnerabilities due to configuration errors is a difficult task. In this paper, we propose a model-based configuration verification method that can find complex errors of two major access control mechanisms, network packet filtering and file access control. This method constructs an information flow model using the configurations of the two mechanisms and verifies whether the system is configured to suffice access policies defined by system administrators. Through the development of a prototype system and its experimental use, we confirmed that the proposed method could discover configuration errors of Web servers that might cause information leakage.

Virtualized server infrastructure for resilient voice communication service

The huge earthquake struck Japan on 11th March, 2011, caused a massive congestion of call attempts from mobile phones that resulted in only 5% of accepted connections due to the congestion control by telephone companies. It is an emergent issue to improve resiliency of communication service in anticipation of future disasters and thus communication service infrastructure necessitates the flexibility of its capacity. In this paper, we introduce server virtualization technology to provide a flexible communication service infrastructure and design a communication service controller that provisions additional capacity by virtual machines in response to increased call attempts from mobile phones after a disaster. The communication service controller is designed with constraint programming and performance/availability estimations for deciding the optimum virtual machine placement according to network operators instructions. Through an experimental disaster test, we confirm the capacity of communication service is increased five-fold by virtual machine provisioning with half an hour latency.