杨仕平,熊光泽,桑楠

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.08.028

2003-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:After analyzing status quo of high dependability safeguard mechanism, an integrated high dependability safeguard systematic framework supporting multilevel criticality in which several subsystems share the same system resources is brought forward. In order to avoid deleterious interferences between subsystems with different criticality, a kind of high dependability temporal isolation mechanism based on two level scheduling approach is brought forward. In order to realize this mechanism, integrated high dependability safeguard mechanism supporting multilevel criticality based on single node computer is emphatically researched. The scheduling model is constructed. The schedulability of tasks and subsystems are analyzed. The correctness of time isolation mechanism is proved by several samples. The conclusion of researching on high dependability safeguard may be applied to the other no safety-related areas, and has great practicability.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

杨仕平,熊光泽,桑楠

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.05.028

2003-01-01

Computer Science

Abstract:In order to improve dependability of safety critical systems, whose safeguard technologies are researched inthis paper. Firstly, origins and meanings of dependability are expatiated, afterwards, respective meaning of and rela-tions among fault、error、failure are analyzed. In succession, how to apply with fault prevention、fault tolerance、faultremoval、fault forecasting to enhance dependability of safety critical systems are expounded concisely by diagrams. Be-cause error detecting is very important in fault tolerant systems, an error detecting technology based on safety kernelis proposed in this paper. Future trends of research in safety critical field are listed at the end.

杨仕平,熊光泽,桑楠,吴新勇

DOI: https://doi.org/10.3969/j.issn.1000-7024.2004.02.001

2004-01-01

Abstract:On the basis of analyzing the necessity of safety testing and evaluation for safety critical software, the safety evaluation criteria fitted for testing and evaluating safety critical software are proposed and the relations between safety evaluation criteria and reliability evaluation criteria are presented. Followed this, the limitations of the four classical testing and evaluation approaches used to evaluate the software with high safety requirements are summarized. The feasibility of safety testing and evaluation based on the technology of importance sampling and stress testing is researched, and the concrete implement process about this approach is discussed in detail, during the course of doing this, the safety critical control system of the nuclear power plant is used in a practical example in order to exemplify the correctness of the proposed approach. Finally, the related work and future trends of the research in this field are listed.

Xiangxian Chen,Gongshuang Zhou,Yi Yang,Hai Huang

DOI: https://doi.org/10.1109/tits.2012.2230258

IF: 8.5

2013-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Applications of advanced electronic technologies have greatly increased the efficiency and performance of safety-critical computer systems. In addition, the architectural flexibility of these systems reduces the types of printed circuit boards they can use, thereby reducing difficulties with maintenance. A newly developed safety-critical computer system is presented in this paper. The system uses some advanced electronic technologies and can be reconfigured to be a triple-modular-redundant system or a dual-modular-duplex-redundant system for different applications. The system's architecture and fail-safe technologies are discussed, and its reliability, availability, maintainability, and safety (RAMS) are evaluated based on the Markov method. Based on these evaluations, the safety-critical computer system developed herein demonstrates great potential for rail use.

黎忠文,熊光泽,李乐民

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.04.020

2003-01-01

Abstract:Security and safety are important and related factors that baffle the development and practicality of modern distributed system.However,most of researches on distributed system focus on security.Unfortunately,since software is being used largely in the complex distributed systems,the possibility of serious damage resulting from a software defect is considerable and growing,and then the complex distributed systems are plunging into safety crisis.In fact,distributed systems are in urgent need of new safety assurance technologies.After analyzing security and safety requirements of distributed system,we put forward new ideas for setting up the security and safety assurance structure of distributed system.We also analyze characteristics,designing aims for this structure.Since there are a lot of shortcomings in the current methods of realizing safety kernel (that is a new concept of safety assurance) in distributed system,we advance a program for RTOS to supply safety kernel mechanism.Based on all of these,we set up SADS (security and safety assurance structure of distributed system).At last,taking the control system in the traffic lights as example,prototype experiment of SADS has been done on the RT-Linux platform in the lab,and this experiment has proved the validity of SADS.

JIAN Hong-wei,LEI Hang

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.09.026

2010-01-01

Abstract:When some environment of safety-critical system changes,there will be some changes in the safety policy to the certain critical equipment .This paper took the nuclear power control system as the example and studied a safety policy that based on FSM and realized it used QuO(Quality Objects).This safety policy could be used in other safety-critical system that be consisted of different safety-critical devices.

MA Bolin,ZHANG Zheng,REN Quan,ZHANG Gaofei,WU Jiangxing

DOI: https://doi.org/10.11959/j.issn.1000−436x.2021176

2021-01-01

Abstract:Software-based redundant execution (SRE) is a popular fault-tolerant design method which makes use of faults occurring randomly to achieve fault-tolerance.Software-based heterogeneous redundant execution (SHRE) uses heterogeneous redundant software replicas with identical function based on SRE and diversity of software.By comparing the results of heterogeneous redundant software replicas, SHRE can resist threats from software vulnerabilities and homogenization.The classification method of SHRE was proposed, and the security capability of SHRE was introduced.Based on N-modular redundancy, I/O operation mode and the recovery capability of attacked software replica, resistance to attack of different structures were analyzed.The analysis shows that the security capability of SHRE performs best when it is triple-mode redundancy architecture and attacked software replica can be recovered.Besides, by shortening the recovery time of attacked software replica, security to SHRE can be improved.

Jingjing Hu,Yu Li,Zhaozhao Li,Qinrang Liu,Jiangxing Wu

DOI: https://doi.org/10.1109/tnsm.2024.3387725

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:The Dynamic Heterogeneous Redundancy (DHR) architecture presents a novel approach to system design and organization, aiming to enhance system security by integrating dynamicity and heterogeneity into its structure. Despite its practical efficacy, the theoretical underpinnings elucidating the mechanisms through which DHR enhances security remain unestablished. This study endeavors to bridge this gap by conducting a theoretical analysis and modeling of the DHR architecture, focusing on its intrinsic characteristics and their implications for system security. Employing static game theory, our research uncovers the unique Nash equilibrium within DHR architecture. Expanding upon this mathematical framework, we delve into how factors such as dynamicity, heterogeneity, and failure rates influence these equilibria, subsequently shaping system security. To validate our findings, we conduct a case study involving a triply redundant DHR system and simulate the offense-defense interplay using the Adam optimization algorithm within boundedly rational static games. Our results affirm the variations in system security under diverse initial conditions and model states, thereby establishing a robust theoretical foundation for DHR architectures and laying the groundwork for their broader comprehension and application across various domains.

Yingsai Cao,Panfei Wang,Wenjie Xv,Wenjie Dong

DOI: https://doi.org/10.1016/j.cie.2024.110395

IF: 7.18

2024-07-20

Computers & Industrial Engineering

Abstract:This paper develops a comprehensive framework of criticality analysis for all the failure inducing factors in continuous degrading systems subject to multi-level failure dependences. Dependence within component is specified as random shocks make the components become more vulnerable to inherent degradation processes. Interaction among components refers to the fact that degradation of a particular component can be accelerated by others. By introducing the Gamma process, compound Poisson process and Monte Carlo simulation technique, system reliability is evaluated under the above multi-level dependences. A novel framework of criticality analysis is proposed to specify the adverse influences of failure inducing factors in different levels. In system level, time-dependent contributions of components to system degradation are calculated. For dependence among components, dependence strength levels are ranked. In component level, how the suffered failure processes contribute to component degradation is specified. At last, an illustrative example is presented to show how the proposed method can be applied to engineering practice

computer science, interdisciplinary applications,engineering, industrial

ZHANG Yu,HE Tao

DOI: https://doi.org/10.3969/j.issn.1671-0428.2011.03.023

IF: 5.105

2011-01-01

Computers & Security

Abstract:This paper describes the reliability of software based on relex2008,establishment of fault tree and analysis of single system reliability of electric switch machines.The reliability and safety index of the Dual module hot stand-by,Triple Modular Redundancy and Double 2-vote-2 redundant structure system made of different tolerant structure are analyzed and compared.The results show that the Double 2-vote-2 redundant system is more security and can largely reduce the risk of the probability of occurrence in order to ensure traffic safety.

Bei-bei WENG,Shu-ping MA,Hao ZHANG

DOI: https://doi.org/10.3969/j.issn.1009-0665.2007.06.007

2007-01-01

Abstract:Considering the critical situations of the modern power grid,this article discusses the stability requirements of the system,and the reason for system errors that is a chance factor is presented at one time.And then the measures of prevention control,self-corrector control,emergency control and restorative control must be taken,and a four defensive line scheme is presented in order to ensure the stability of the system.The article focuses on discussing emergency control,and introduces the importance and feasibility of emergency control,and introduces the goals and means of it,and in the end this paper introduces the design principles and examples of emergency control system.

Chao Guo,Huasheng Xiong,Xiaojin Huang,Duo Li

DOI: https://doi.org/10.1155/2017/2981943

IF: 0.849

2017-01-01

Science and Technology of Nuclear Installations

Abstract:With the development of information technology, the instrumentation and control system of nuclear power plant nowadays rely heavily on the massive and complex software to ensure the safe and efficient operation of the power plant. The improvement of the software design and development for the safety systems has been a research focus for its decisive impact on the nuclear safety. The framework of the software design and development for reactor protection system in High Temperature Gas-Cooled Reactor-Pebble bed Module was introduced in this paper. Firstly, during the design period, in addition to multichannel redundancy, grouping of protection variables and diverse 2-out-of-4 logics were adopted by different subsystems of each channel in case of common cause failure. Then a series of development characteristics together with strict software verification and validation were performed. Thirdly, during the software test period, an improved software reliability growth model based on the Goel-Okumoto model according to the analysis of fault severity was proposed to help in estimating the reliability of the software product and identifying the software release time.

YANG Shi-ping,SANG Nan,XIONG Guang-ze,LIU Xiao-shi

DOI: https://doi.org/10.3969/j.issn.1001-0548.2006.01.030

2006-01-01

Abstract:To buildup the safety of real time operating system, after status quo of existing scheduling mechanism analyzed, brought forward a kind of novel safety scheduling mechanism based on Maximum Criticality First (MCF). MCF is a hybrid priorities real time scheduling algorithm which consisting of three parts, the first two parts are the assignment of the importance and user priority, which is done statically, the second part is the assignment of the dynamic priority based on minimum laxity first scheduling algorithm. MCF synthesizes the strongpoint of the fixed priority scheduling algorithm and the dynamic priority scheduling algorithm. By this way, MCF not only takes full advantage of resources such as CPU, also make critical task not suffer from other non critical tasks at transient overload. The safety of real time operating system is improved with MCF.

Li Wei,Mingwei Xu

DOI: https://doi.org/10.1007/978-981-10-8890-2_27

2017-01-01

Abstract:In modern life, software plays an increasingly important role and ensuring the reliability of software is of particular importance. In space, a Single Event Upset occurs because of the strong radiation effects of cosmic rays, which can lead to errors in software. In order to guarantee the reliability of software, many software-based fault tolerance methods have been proposed. The majority of them are based on data redundancy, which duplicates all data to prevent data corruption during the software execution. But this fault tolerant approach will make the data redundant and increase memory overhead and time overhead. Duplicating critical variables only can significantly reduce the memory and performance overheads, while still guaranteeing very high reliable results in terms of fault-tolerance improvement. In this paper, we propose an analysis model, named CDM (Critical Data Model), which can compute the critical of variables in the programs and achieve the purpose of reducing redundancy for the reliable program. According to the experimental results, the model proposed in this paper can enhance the reliability of the software, reduce the time and memory cost, and improve the efficiency of the reliable program.

杨仕平,桑楠,陈慧,熊光泽

2004-01-01

Abstract:To design highly dependable safety critical real time operating system CRTOS 2.0,the status quo of dependability safeguard mechanisms of existing operating systems is firstly analyzed. Since safety critical systems requires that both temporal and spatial isolation safeguard among different processes be maintained,a novel approach for designing CRTOS 2.0 is put forward,which is based on temporal and spatial isolation safeguard mechanism. The spatial isolation safeguard mechanism uses hardware memory protection to isolate and protect kernel itself and user tasks from incorrect operation caused by accidental errors or malicious tampering,and the memory protection provides support for multiple protected virtual address spaces designed for worst-case performance. However,the purpose of temporal isolation safeguard mechanism is to prevent an application from overrunning its allocated quota of resource usage and delay the progress of other integrated application tasks. In order to realize temporal isolation safeguard mechanism,the traditional approach based on processor capacity reservation is improved,and a novel implementation approach based on two-level hierachical scheduling approach is brought forward and discussed in detail. The dependability of CRTOS 2.0 is enhanced with temporal and spatial isolation safeguard mechanisms.

Xiaoyue Wang,Ru Ning,Xian Zhao,Jian Zhou

DOI: https://doi.org/10.1016/j.cie.2022.108409

2022-09-01

Abstract:In engineering fields, the breakdown of a critical system can result in irreparable consequences, including task failures and even heavy casualties. Equipping systems with protective devices is an effective method to alleviate system failure risk in practical applications. However, existing research primarily focuses on single-component systems supported by a binary-state protective device. Moreover, existing studies assume that system deterioration is only caused by external shocks. For the first time, a multi-state k-out-of-n: F system containing m subsystems with multi-state protective devices is established in this study. In the proposed model, the deterioration of system and protective devices is caused not only by external shocks, but also by internal degradation. In the j-th subsystem, the corresponding protective device activates to work when the number of failed components reaches a threshold. During the operation of the protective device, the degradation rates of components, as well as the impacts and probabilities of adverse shocks on them decrease. The j-th subsystem breaks down once the number of failed components exceeds a critical value kj. Based on the number of failed subsystems, the entire system is categorized into multiple states. Ultimately, the entire system fails when the number of failed subsystems reaches a predetermined value. A combination of the Markov process imbedding approach and finite Markov chain imbedding approach is employed to derive the probabilistic indices for the proposed system. Furthermore, a case study based on an aero-engine turbine system is presented to validate the proposed reliability model.

computer science, interdisciplinary applications,engineering, industrial

Xiao LIU,Long-biao ZHANG,W ZHANG,Y TU

DOI: https://doi.org/10.3321/j.issn:1007-9807.2009.06.012

2009-01-01

Abstract:Critical infrastructure(CI)safety system is a complex and highly inter-dependent and networked social-technical system which,if disrupted or destroyed,would have a serious impact on the health,safety,security,or economic well-being of people and/or the effective functioning of governments.This paper is devoted to the study of the architecture of the CI safety system and problems in its management.We present the architecture of the networked CI system along with its disaster management system,in which the system is described with the notion of view,and the generic process of the disaster management.Also,it discusses how to apply the systems engineering approach to analyze and simulate the networked CI system,and how to find the underlying weak parts and efficient ways to improve them.Finally,we show the usefulness of the architecture by outlining a general procedure for disaster management which is systematic and rational.

Wang Shuai,Ji Yindong,Dong Wei,Yang Shiyuan

DOI: https://doi.org/10.1016/s1007-0214(07)70095-0

2007-01-01

Tsinghua Science & Technology

Abstract:This paper presents a fault-tolerant computer system. It is designed as a double 2-out-of-2 architecture based on component redundant technique. Also, a quantitative probabilistic model is presented for evaluating the reliability, availability, maintainability and safety （RAMS） of this architecture. Hierarchical modeling method and Markov modeling method are used in RAMS analysis to evaluate the system characteristics. The double 2-out-of-2 system is compared with the other two systems, all voting triple modular redundancy （AVTMR） system and dual-duplex system. According to the result, the double 2-out-of-2 system has the highest dependability. Especially, the system can satisfy the safety integrity level （SIL） 4, which means the system’s probability of catastrophic failure less than or equal to 10-8 per hour, therefore, it can be applied to life critical systems such as high-speed railway systems.