Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1109/hpcc.2014.115

2014-01-01

Abstract:With the development of the industrial informatization, the problems of security in field device layer have been gradually exposed, which mainly involves specified industrial communication protocols. Clock synchronization protocol, as one of the most important industrial communication protocols, ensures the real-time performance of industrial control system. Considering that the related researches have not yet formed a mature system, we propose a new method for analyzing the vulnerability of clock synchronization protocol in this article. In this method, SPN(stochastic petri net) is introduced as a modeling tool, while IEEE 1588 PTP clock synchronization protocol is regarded as the research object. An SPN(stochastic petri net) model is strictly built according to the protocol. Then, steady-state probability expressions are obtained by the isomorphic Markov chain. Through changing trigger rate of transitions of several pivotal states which are related to vulnerability, the influences of each parameter has on the model could be quantitatively reflected in the result of simulation in order to analyze vulnerability of clock synchronization protocol by determining the critical factors that affect protocol's vulnerability.

Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Haibin Cai,Hao Wu

DOI: https://doi.org/10.1007/s10586-017-1319-0

2018-01-01

Cluster Computing

Abstract:Modern smart phones are typically equipped with multicore processors. In this paper, we address the problem of determining schedulability of a real-time periodic taskset with fixed release offsets and possible release jitters on a multicore processor with global Fixed-Priority (FP) or EDF (Earliest Deadline First) scheduling algorithms, using the model-checker UPPAAL for Timed Automata. In addition to yes/no schedulability analysis for hard real-time systems, we also apply statistical model checking to estimate the probability of unschedulability for soft real-time systems, described with two statistical parameters (confidence and accuracy).

Yong Huang,Lingdi Ping,Shanping Li,Xuezeng Pan

DOI: https://doi.org/10.4304/jsw.4.1.90-97

2009-01-01

Journal of Software

Abstract:Real-time information flow security properties such as timed noninterference provide assurances that some time dependent information flows may not become possible. However, with transitive noninterference formulation, it is difficult to deal with intransitive flow policies like channel control and secure downgrading of information with time constraints. In this paper, we introduce the notion of trust domain into Timed Secure Process Algebra (tSPA), extending intransitive noninterference to real-time systems. Based on weak timed bisimulation equivalence, some security properties for intransitive flow are reformulated in a realtime setting, in particular one property which is persistent, meaning that if a system is secure then all of its reachable states are secure too. Furthermore, we prove that such persistent intransitive timed property is compositional, which is thus possible to alleviate the state space explosion problem caused by the interleaving of all the possible executions of parallel processes. Finally, we provide one case study showing that it is possible to model and analyze the real-time system through our approach.

Heping Jia,Gregory Levitin,Yi Ding,Yonghua Song

DOI: https://doi.org/10.1002/qre.2401

2018-01-01

Quality and Reliability Engineering International

Abstract:Standby redundancy has been extensively applied to critical engineering systems to enhance system reliability. Researches on reliability evaluation for standby systems focus more on systems with binary-state elements. However, multi-state elements with different performances have played a significant role in engineering systems. This paper presents an approach for reliability analysis of standby systems composed of multi-state elements with constant state transition rates and absorbing failure states. The approach allows modelling different standby systems beyond cold, warm and hot ones by taking into account differences in possible maintenance of elements in standby and operation modes and dependence of elements' operational behavior on their initial state at the time of activation. An iterative algorithm for reliability evaluation based on element state probabilities is suggested. Illustrating examples of evaluating reliability of different types of homogeneous and heterogeneous standby systems are demonstrated.

Xiaohua Li,Gang Wang,Lin Xiao,Maosheng Ding

DOI: https://doi.org/10.1109/TDC.2005.1547134

2005-01-01

Abstract:This paper gives a new more practical software reliability model based on architectures of software components. This model uses semi-Markov chain and can give the quantitative evaluation about the digital protection's software. It analyzes the relation between the material architecture of software's modules and the reliability of software, then changes the model into a semi-Markov one based on the architecture of software's modules. Besides having the characters of the former model, this one have the ability to emulate the reliability in the situation which is the software having complex architecture or the system having the capability about paratactic calculating. Furthermore, the variable parameter method is used to study the sensitivity in order to find the vital factors of reliability. An example is given to demo the proposed techniques. The calculation results prove that the algorithm is viable. © 2005 IEEE.

Xi Li,Xiaoning Zhu,Guoqiang Cai,Yuan Sun

2008-01-01

Abstract:This paper advanced the solution of Markov state transfer chain to analyze the system reliability. According to the conversion of mutual relations, the paper put forward a method to calculate the life expectancy of top events in Markov quantitative analysis. Afterwards the paper presented the failure mode, failure rate and life expectancy of the top events. Meanwhile, the paper presented the method to calculate probability of important bottom events to top events. Finally the research is verified in the analysis of a city rail traffic automatic train super-vision system.

Gregory Levitin,Heping Jia,Yi Ding,Yonghua Song,Yuanshun Dai

DOI: https://doi.org/10.1016/j.ress.2017.05.003

IF: 7.247

2017-01-01

Reliability Engineering & System Safety

Abstract:The paper presents an approach for evaluating reliability of standby systems composed of multi-state elements with constant state transition rates. Any standby elements can be repaired, whereas no repairs are possible in operation. When an operating element fails the standby element with the best technical state is activated. Time-to-failure distributions of operating elements depend on their states at the time of activation. An iterative algorithm for reliability evaluation based on element state probabilities is suggested. An example of using the algorithm for evaluating reliability of standby system is presented.

Minglei Bao,Yi Ding,Xunhu Yin,Changzheng Shao,Chenjin Ye

DOI: https://doi.org/10.1016/j.ress.2020.107387

2021-01-01

Abstract:Multi-state system (MSS) models have been widely used to represent the reliability of engineering systems that have a finite number of performance levels. The previous studies related to the reliability evaluation of the MSSs generally follow the assumption that the transition among different performance states is instantaneous with no time delay. However, there exist several engineering systems that transit slowly between different states, such as gas supply systems and heating distribution systems. When evaluating the operating reliability of such an engineering system, the neglect of the non-instant state transition process may lead to inaccurate or insufficient evaluation results. To fill the research gap, the traditional MSS model is extended to handle the situation where the non-instant state transition features should be considered. The concepts and features of multi-state systems considering state transition process (MSS-STP) are innovatively proposed. Considering the non-instant state transition process, the traditional reliability evaluation framework for the MSSs is extended to evaluate the operating reliability of MSS-STP. The procedure of transition curve discretization is innovatively proposed to divide the dynamic transition process into a series of discrete states. The developed general MSS-TSP model is applied to the natural gas system (NGS) to demonstrate the effectiveness of the proposed reliability evaluation framework. The proposed technique can provide a useful tool for system operators to accurately evaluate the operating reliability of MSS-STP

Wenbo Zhang,Xiangkun Meng,Jianyuan Wang,Tieshan Li,Qihe Shan,Fei Teng

DOI: https://doi.org/10.1109/iccss53909.2021.9722016

2021-12-10

Abstract:Automatic crane is a complex system affected by the external environment and the internal components of the system, information fusion, software and hardware combination, and man-machine integration. The improvement of its automation and informatization proposes various challenges in the accident model construction and safety analysis. However, the safety analysis methods based on fault types consider that the occurrence of accidents is linear and ignore the correlation among components of the system. This paper adopts the system-theoretic accident model and process (STAMP) and system-theoretic process analysis (STPA) mode is to implement safety analysis of the automatic crane trolley running system (ACTRs). The paper starts from the identification of system-level losses and hazards, clarifies the function and internal logical control relationships of the system’s components, and then finds potential unsafe control actions (UCAs) and loss scenarios during the trolley running. The results show that the control requirements for the regular operation of the trolley running system can be analyzed in detail. Therefore, the STAMP/STPA can apply to the safety investigation of automatic cranes.

Anatoly Lisnianski,Yi Ding

DOI: https://doi.org/10.1016/j.ress.2009.05.006

IF: 7.247

2009-01-01

Reliability Engineering & System Safety

Abstract:This paper discusses a type of redundancy that is typical in a multi-state system. It considers two interconnected multi-state systems where one multi-state system can satisfy its own stochastic demand and also can provide abundant resource (performance) to another system in order to improve the assisted system reliability. Traditional methods are usually not effective enough for reliability analysis for such multi-state systems because of the “dimensional curse” problem. This paper presents a new method for reliability evaluation for the repairable multi-state system considering such kind of redundancy. The proposed method is based on the combination of the universal generating function technique and random processes methods. The numerical example is presented to illustrate the proposed method.

Ji-liang LUO,Hui SHAO,Wei-min WU,Hong-ye SU

DOI: https://doi.org/10.7641/CTA.2017.60929

2018-01-01

Abstract:More and more control elements are incorporated into a single system by the information technology such as internet of things.Consequently,the scale of a control system increases quickly,and the control specification becomes more and more complicated.Any logic mistake that violates a given control specification may lead to a serious industrial failure and even security issue.Besides,there is a"state space explosion"for discrete event systems.These make a challenge for designing and debugging programs running in programmable logic controllers(PLCs)or field programmable gate arrays (FPGAs).The supervisory control theory of discrete event systems is to implement a given complicated logic specification by formal methods. The specification such as interlock,sequence,mutual exclusion,and language is expressed by a Petri net or automata.It is in turn translated into codes that can be executed by a PLC or FPGA.This paper surveys these formal methods for synthesis of logical controller,which are to shorten the costed time for control programs,to ease the reuse of them,and to increase the safety and reliability of them.

Sijuan Chen,Zhijian Zhang,He Wang,Min Zhang,Huazhi Zhang,Anqi Xu,Yingfei Ma,Gangyang Zheng

DOI: https://doi.org/10.1115/icone26-82563

2018-07-22

Abstract:In the continuous operation process of Nuclear Power Plant (NPP), its configuration is full of variety over time because of the system’s dynamic characteristics. There is a great need to update the risk/safety analysis models when it becomes necessary to reflect those dynamic characteristics of the system/component. Most of the current methods for risk/safety analysis belong to the scope of safety pre-analyzing, which analyzes the system risk/safety before system being in service. The main purpose of these safety pre-analyzing is to guide system design and optimization, but the real-time operational risk/safety analysis of NPPs is considered little. In order to know well the real-time risk/safety for system, a System Safety Analysis Method based on Real-time Online Risk Monitoring Technology is proposed. The safety risk model is established based on the modular fault tree that is used to represent logic structure of system. The real-time risk/safety is monitored according to the correspondence monitoring signal or data of component/system. Simultaneously the method can account for the change of risks based on the established mapping relationship between the state transition rules and corresponding risk/safety model updating rules. Finally, a case monitoring the safety for the system of two redundant pumps was used to demonstrate the effectiveness of the method.

Lian-chuan Ma,Dongmei Huang,Jian-cheng Mu,Yuan Cao

DOI: https://doi.org/10.2991/AIEA-16.2016.61

2016-11-12

Abstract:Commercial off-the-shelf (COTS) software and hardware components are widely used in the design of train control system. In order to satisfy the application requirements of the safety computer in train control system, it is necessary to analyze its safety properties. In this paper, a method of safety analysis for the safety computer is proposed. The safety properties of the safety computer in train control system are verified by establishing the system model of safety mechanism, and establishing a safety base in safety computer management units (SCMU), and measuring the safety of each part of the system step by step, and then establishing a safety chain. Finally, tests are carried out through a designed software fault injection tool to demonstrate the effectiveness of the proposed method.

Computer Science,Engineering

Peng Li,Qing Gu,Keqiang Cao,Daoxu Chen,Jiangmin Zhu

2006-01-01

Abstract:The schedulability analysis is important in workflow modeling. This paper presents a new approach to the schedulability analysis of individual transition or transition sequences in Time constraint Petri nets (TCPNs). The reachability of markings can also be checked based on the schedulability analysis. If a specific transition sequence is schedulable, the corresponding task sequence can complete its execution successfully; otherwise, nonschedulable transitions should be pinpointed to help adjust timing constraints. A technique for compositional timing analysis is also proposed to deal with complex transition sequences, which improves efficiency of analysis. We have also constructed an automated tool: TCPN-PIPE2 to facilitate the schedulability analysis of workflow.

Asim Abdulkhaleq,Stefan Wagner,Nancy Leveson

DOI: https://doi.org/10.48550/arXiv.1612.03109

2016-12-09

Software Engineering

Abstract:Formal verification and testing are complementary approaches which are used in the development process to verify the functional correctness of software. However, the correctness of software cannot ensure the safe operation of safety-critical software systems. The software must be verified against its safety requirements which are identified by safety analysis, to ensure that potential hazardous causes cannot occur. The complexity of software makes defining appropriate software safety requirements with traditional safety analysis techniques difficult. STPA (Systems-Theoretic Processes Analysis) is a unique safety analysis approach that has been developed to identify system hazards, including the software-related hazards. This paper presents a comprehensive safety engineering approach based on STPA, including software testing and model checking approaches for the purpose of developing safe software. The proposed approach can be embedded within a defined software engineering process or applied to existing software systems, allow software and safety engineers integrate the analysis of software risks with their verification. The application of the proposed approach is illustrated with an automotive software controller.

Xingya Dai,Wei Dong,Xinya Sun

DOI: https://doi.org/10.1109/itnec.2016.7560348

2016-01-01

Abstract:The Safety Computing System is a kind of system which asks for high safety and reliability. In order to rigorously analyze the safety and reliability of the M out of N system, abstracting running states of the system, and constructing a state transition model based on Markov Process. At the same time, the safety and reliability of the M out of N system are calculated on the basis of Markov Model. Finally comparing the M out of N system with the existing safety computing systems based on the computation of the safety and reliability. According to our results, the M out of N system has higher safety and reliability compared to the existing safety computing systems under the same average failure rate of the calculating cell. Especially, the system can satisfy the safety integrity level (SIL) 4, which means the system's probability of catastrophic failure is less than or equal to 10e-8 per hour. So, it can be applied to the high-speed railway systems.

GUAN Ai-ai,QIU Xin-xi,WANG Dong,CHEN Xiang-xian,HUANG Hai,LIU Ji-quan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.03.001

2013-01-01

Abstract:Automatic Train Protection(ATP) system is a safety-critical system to ensure the train running safety.The system has various functions and complex logic,which makes the development difficult.To this end,a model-based method is presented to develop ATP application software,in which interface models,status models,and control flow models are used to clearly and correctly describe application software functions and their implementation processes.The functions of the developed software are further verified by simulations and tests.The obtained results confirm that the function logic is simplified effectively with this method,making the software development easy.What’s more,human errors and faults are also reduced in this process.

Haiyang Che,Kehui Li,Shengkui Zeng,Changbo Yv,Jianbin Guo

DOI: https://doi.org/10.1002/qre.3552

2024-04-05

Quality and Reliability Engineering International

Abstract:Multitasking is increasingly common in highly complex and safety‐critical systems, especially under abnormal situations. Mental overload (MOL) may occur and result in forgetting/mistaking tasks uncertainly. Such probabilistic errors could have catastrophic consequences and contribute greatly to the multitasking risk of man‐machine systems. In this paper, to better identify the risks of safety‐critical multitasking situations, MOL mechanism is investigated and a risk analysis method considering MOL is proposed. MOL occurs when the demand for resources estimated by Multiple Resources Model exceeds an operator's ability. Then, the operator's performance degrades, and s/he tends to mistake or abandon parts of tasks. Based on the MOL mechanism, a MOL‐performance dependency (MOL‐PDEP) gate is proposed to incorporate MOL into risk analysis. Its inputs are concurrent tasks, and it triggers the related hazardous human behavior events with certain probabilities if MOL occurs. Through this gate, the dependence among these events and their nondeterministic cause relationships to MOL are added to traditional fault tree (FT), which presents a challenge issue to FT analysis. An implicit method is proposed to analyze the FT with MOL‐PDEP gate and calculate the accident probability. A case study on a helicopter crash accident demonstrates the effectiveness of the proposed method.

engineering, industrial, multidisciplinary,operations research & management science

X. Yang,T. Zhou,X.Y. Zhou,W.J. Zhang,C.R. Mu,S. Xu

DOI: https://doi.org/10.1016/j.ocecoaman.2023.107003

IF: 4.295

2024-01-13

Ocean & Coastal Management

Abstract:The dynamic autonomy resulting from control mode transitions in the Maritime Autonomous Surface Ships (MASS) poses a significant risk to its navigation safety. While Systems-Theoretic Process Analysis (STPA) has proven effective in the hazard identification of autonomous ships, the safety challenges inherent in the dynamic autonomy of MASS with seafarers onboard controlled by three possible controllers have not been addressed much. This study proposes a three-phase framework that combines STPA, state machines and Sequentially Timed Events Plotting (STEP) diagram aiming at identifying failure scenarios in the transition process. Findings from a case study highlight the need for such a framework to understand the triggering events for mode transition, the transition process, how transition failure may occur, and refine safety constraints to ensure smooth and safe transitions. The results lay the groundwork for future research into test case generation methods that focus on these identified transition failure scenarios, intending to ensure safe and secure navigation for the progressive introduction of MASS.

water resources,oceanography