Leïla Kloul

The AltaRica 3.0 project for model-based safety assessment

“Traditional” risk modeling formalisms (e.g. FMEA, Fault Trees, Markov Processes, etc.) are well mastered by safety analysts. Efficient algorithms and tools are available. However, models designed with these formalisms are far from the specifications of the systems under study. They are consequently hard to design and to maintain throughout the life cycle of systems. The high-level modeling language AltaRica has been created to tackle this problem. The objective of the AltaRica 3.0 project is to design a new version of AltaRica, and to develop a complete set of authoring, simulation and assessment tools to perform safety analyses: virtual experiments on systems, via models, calculation of different kinds of reliability indicators, etc. AltaRica 3.0 improves significantly the expressive power of AltaRica Data-Flow without decreasing the efficiency of its assessment algorithms. Prototypes of a Fault Tree compiler, a stochastic and a stepwise simulators have been already developed. Other tools are under specification or implementation.

Modeling systems with mobile components: a comparison between AltaRica and PEPA nets:

Assessing the reliability of systems with mobile components, that is components whose locations and interactions change during the mission of the system, raises a number of specific modeling issues. In this article, we compare two candidate modeling formalisms to do so: AltaRica and PEPA nets. We study their respective advantages and drawbacks and we show benefits of a cross fertilization.

Production trees: A new modeling methodology for production availability analyses

Abstract In this article, we propose a new modeling methodology for production availability analyses. These analyses are typically carried out by means of flow network models and Monte-Carlo simulations. The design of flow network models is often delicate because the production of a unit may depend on the states of other units located downstream and upstream in the production line. We show here how to handle this problem by means of operators working on three flows: a capacity flow moving forward from source to target units, a demand flow moving backward from target units to source units, and finally a production flow moving forward from source to target units. The production depends on the demand which itself depends on the capacity. Models designed according to this scheme caneventually be seen either as flow networks or as an extension of (Dynamic) Fault Trees to production availability analyses. We present the AltaRica 3.0 library of modeling patterns we designed to represent the different operators. We report results of experiments we performed on models designed using this library.

Modeling patterns for reliability assessment of safety instrumented systems

Abstract Safety Instrumented Systems (SIS) act as crucial safety barriers for preventing hazardous accidents in the industrial systems. It is therefore of primary importance to study their reliability, i.e. eventually to design probabilistic reliability assessment models. SIS have common behaviors such as the periodic test policies to reveal the dangerous undetected failures. These common behaviors can be captured in models via modeling patterns. By reusing modeling patterns, the modeling process can be simplified and made more efficient. In this paper, we propose a versatile set of modeling patterns implemented in AltaRica 3.0 language. We apply them to assess the reliability of SIS described in ISO technical report ISO/TR 12489. Comparisons are performed between the results obtained from AltaRica models and those reported in ISO/TR 12489. We show that the set of proposed modeling patterns can serve as an effective tool to model SIS in a modular way.

Modeling the CBTC Railway System of Siemens with ScOLa

Considering their increasing complexity, industrial systems are, in general, specified in a natural language. In railway systems, the design phase results an ambiguous and laborious system specification. The objective of this paper is to present ScOLa, a formal modeling language based on scenarios and built for railway system specifications. Its novelty resides in its restriction to a small set of concepts and its multiple representations (textual and graphical). The language offers means to understand what the system is supposed to do and to be as well as to support a dialog with experts so to be sure that they got everything correctly. The language is depicted on the railway automation solution Trainguard MT CBTC of Siemens.

A scenario-based FMEA method and its evaluation in a railway context

Safety analysis of railway CBTC systems aims at finding and validating failure scenarios. In this article we present a scenario-based FMEA method based on ScOLA, a scenario oriented modeling language dedicated to the analysis and formalization of complex systems. The specifications of such systems are usually spread in documents of thousands of pages written in a natural language. These documents are the basis for the safety analysis and validations activities. Therefore, we propose the scenario-based FMEA method to perform safety analysis that is more efficient than the paper-based analysis. The method retrieves and evaluates failure scenarios using functional ones. The article aims at presenting the method and its application on a railway system.

Incremental Modeling Methodology of Railway System Specifications

Specification of complex systems is a set of large documents written in natural language. Due to their complexity, they are often hard to understand and even harder to maintain. We designed the domain specific language ScOLa (Scenario Oriented Language) to model the architecture and behavior of systems using a set of formalized concepts in order to support the dialog between experts. In this article, we present a reverse engineering methodology to formalize complex system specifications using scenarios. It starts from an informal description of the system and results in a hierarchical view of the system description. This article aims both at introducing ScOLa and at presenting its application on the railway systems.

Safety Analysis of a Data Center’s Electrical System Using Production Trees

In this paper, we investigate the production availability of a data center’s power system using Production Trees, a new modeling methodology for availability analysis of production systems. Production Trees (PT) allow modeling the relationship between the units of a production system with a particular attention to the production levels of the units located upstream and downstream a production line. For that new modeling operators have been introduced allowing to gather or to split the flows upstream or downstream a PT. Our results include the reliability level of the power system configuration in terms of load interruption, load loss probability and related frequency indices, and the importance factor of components to identify the critical parts of the system.

Spécification et analyse de systèmes ferroviaires à l'aide d'un langage de scénarios

Les systèmes industriels tels que les systèmes ferroviaires sont de plus en plus complexes. Cependant, leur spécification demeure manuelle et rédigée en langage naturel, source d’ambigüités et d’erreurs. Ces erreurs se répercutent sur l’ensemble du cycle de vie du système, notamment l’analyse de sûreté qui repose sur l’expertise des ingénieurs sûreté et l’analyse effectuée sur d’anciens projets. Dans cet article, nous proposons une approche basée sur les scénarios afin de modéliser l’architecture et le comportement de ce type de système. A partir de cette vue fonctionnelle, nous proposons une méthode de propagation de fautes afin de générer des scénarios défaillants et évaluer leur impact sur le système. Summary Due to their complexity, industrial systems as railway systems are hard to specify, validate and even harder to maintain. Still, the specification of such systems is written in a natural language, which is source of ambiguity and errors. These errors may have an impact on the overall system life-cycle, especially safety analysis that is based on the expertise of safety engineers that rely on the previous projects analyses. In this article, we propose a scenario-based approach to specify the architecture and behavior of these systems. Therefore, we implement a fault propagation technique to generate failure scenarios based on the system behavior and evaluate the impact of such failures on the system.

A Model-Based Methodology to Formalize Specifications of Railway Systems

In this article, we propose a modeling methodology for the formalization of the specifications of railway systems. Most of the railway systems are actually still specified in natural language. It results lengthly and ambiguous descriptions, which is obviously a concern regarding safety and security. Hence the current trend to move to the model based approach, i.e. to translate textual specifications into models. To achieve this goal, the choice of a suitable modeling formalism and modeling methodology is of paramount importance. The modeling formalism should be close enough to the practitioners way of thinking so to facilitate the acceptance of the approach. It should be also formal enough to avoid ambiguity. We discuss here these issues based on experiments we made on railway automation solution Trainguard©Mass Transit Communication Based Train Control of Siemens.