Septavera Sharvia

An approach to optimization of fault tolerant architectures using HiP-HOPS

New processes for the design of dependable systems must address both cost and dependability concerns. They should also maximize the potential for automation to address the problem of increasing technological complexity and the potentially immense design spaces that need to be explored. In this paper we show a design process that integrates system modelling, automated dependability analysis and evolutionary optimization techniques to achieve the optimization of designs with respect to dependability and cost from the early stages. Computerized support is provided for difficult aspects of fault tolerant design, such as decision making on the type and location of fault detection and fault tolerant strategies. The process is supported by HiP‐HOPS, a scalable automated dependability analysis and optimization tool. The process was applied to a Pre‐collision system for vehicles at an early stage of its design. The study shows that HiP‐HOPS can overcome the limitations of earlier work based on Reliability Block Diagrams by enabling dependability analysis and optimization of architectures that may have a network topology and exhibit multiple failure modes. Copyright

Integrating model checking with HiP-HOPS in model-based safety analysis

The ability to perform an effective and robust safety analysis on the design of modern safety–critical systems is crucial. Model-based safety analysis (MBSA) has been introduced in recent years to support the assessment of complex system design by focusing on the system model as the central artefact, and by automating the synthesis and analysis of failure-extended models. Model checking and failure logic synthesis and analysis (FLSA) are two prominent MBSA paradigms. Extensive research has placed emphasis on the development of these techniques, but discussion on their integration remains limited. In this paper, we propose a technique in which model checking and Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) – an advanced FLSA technique – can be applied synergistically with benefit for the MBSA process. The application of the technique is illustrated through an example of a brake-by-wire system.

Model-based dependability analysis: State-of-the-art, challenges, and future outlook

Abstract Over the past two decades, the study of model-based dependability analysis (MBDA) has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models—typically state automata—to explore system behavior through fault injection. This chapter reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths, and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for MBDA.Over the past two decades, the study of model-based dependability analysis (MBDA) has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models—typically state automata—to explore system behavior through fault injection. This chapter reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths, and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for MBDA.

A synthesis of logic and bio-inspired techniques in the design of dependable systems

Much of the development of model-based design and dependability analysis in the design of dependable systems, including software intensive systems, can be attributed to the application of advances in formal logic and its application to fault forecasting and verification of systems. In parallel, work on bio-inspired technologies has shown potential for the evolutionary design of engineering systems via automated exploration of potentially large design spaces. We have not yet seen the emergence of a design paradigm that effectively combines these two techniques, schematically founded on the two pillars of formal logic and biology, from the early stages of, and throughout, the design lifecycle. Such a design paradigm would apply these techniques synergistically and systematically to enable optimal refinement of new designs which can be driven effectively by dependability requirements. The paper sketches such a model-centric paradigm for the design of dependable systems, presented in the scope of the HiP-HOPS tool and technique, that brings these technologies together to realise their combined potential benefits. The paper begins by identifying current challenges in model-based safety assessment and then overviews the use of meta-heuristics at various stages of the design lifecycle covering topics that span from allocation of dependability requirements, through dependability analysis, to multi-objective optimisation of system architectures and maintenance schedules.

Non-coherent Modelling in Compositional Fault Tree Analysis

Abstract The inclusion of NOT gates in a fault tree creates a “non-coherent” structure in which not only the failure of a component but also the negation of failure, i.e. the working state of the component, can contribute to the undesirable effects on a system. This type of non-coherent modelling remains controversial; its usefulness is still debated among academics, which explains why NOT gates have not been included in the Fault Tree Handbook . In this paper, we review work on non-coherent fault trees and highlight circumstances where non-coherent modelling is appropriate and useful. We then describe an extension to HiP-HOPS (Hierarchically Performed Hazard Origin and Propagation Studies), a recently proposed compositional safety analysis method, that enables model-based synthesis and analysis of non-coherent fault trees. A small example is given to illustrate application of the extended method and demonstrate how this type of non-coherent modelling can give a more precise and ultimately more correct insight into failure behaviour.

IACoB-SA: An approach towards integrated safety assessment

Model-Based Safety Analysis (MBSA) techniques have been introduced to address the challenges arising from the increasing scale and complexity of modern safety critical systems. Focus has been placed on automating the synthesis and analysis of failure-extended models. The two most prominent paradigms in MSBA are the Compositional Safety Analysis (CSA) and Behavioural Safety Analysis (BSA). These techniques have emerged with little integration and often viewed as competing alternatives. In this paper, we propose a technique in which the application of CSA and BSA can be synergistically combined. The results from CSA can provide the basis for systematic construction and refinement of state machines, which can be verified through BSA. The application of the proposed approach is illustrated through an example of an aircraft wheel-brake system.

Integrated Application of Compositional and Behavioural Safety Analysis

The design complexity of modern safety critical systems presents various challenges for its safety assessment process. In recent years, Model-Based Safety Analysis (MBSA) has been proposed to achieve more-robust and effective safety assessment techniques through automation of the synthesis and analysis of predictive models. Two prominent paradigms of MBSA are Compositional Safety Analysis (CSA) and Behavioural Safety Analysis (BSA). These techniques have emerged with little integration. In this chapter, we present a technique which systematically integrates the application of CSA and BSA. The process starts from CSA and utilizes its analysis results to provide a systematic construction and refinement of state machines, which can be subsequently analyzed through BSA. An example of a car brake-by-wire system is presented to illustrate the application of the proposed technique.

Model-Connected Safety Cases

We propose the concept of a model-connected safety case that could simplify certification of complex systems. System design models support the synthesis of both the structure of the safety case and the evidence that supports this structure. The resultant safety case argues that all hazards are adequately addressed through meeting the system safety requirements. This overarching claim is demonstrated via satisfaction of the integrity requirements that are assigned to subsystems and components of the system through a sound process of model-based allocation that respects the system design and follows industry standards. The safety evidence that substantiates claims is supported by evidence which is also auto-constructed from the system model. As the system model evolves during design, the corresponding model-connected safety case can be auto-updated. The approach is underpinned by a data model that connects safety argumentation and safety analysis artefacts, and is facilitated by a software tool.

Safety analysis of clinical workflows: The case of the workflow within a radiology department

Radiology Information Systems (RIS) and Picture Archiving and Communication systems (PACS) are used widely to help in the workflow management in radiology departments. Effective safety analysis tools are needed to ensure the reliability of these high-risk workflows, because errors that may happen through routine workflow propagate within the workflow to result in harmful failures of the systems output. This paper showed how to apply a software technology called Hierarchically-Performed Hazard Origin and Propagation Studies (HiP-HOPS) to analyse the safety of RIS/PACS workflows. The results comprised identification of the root causes of hazardous workflow failures that may put patients life at risk. We concluded that HiP-HOPS is applicable to this area of healthcare and is able to present benefits through the detailed information on possible failures both their causes and effects. Therefore, it has the potential to improve the safety of RIS/PACS workflows and other clinical workflows.