Qualitative Analysis of State/Event Fault Trees Based on Interface Automata

State/Event Fault Tree (SEFT) can be used for safety modeling and assessment. However, SEFT does not provide adequate semantics for analyzing the minimal scenarios leading to system failures. In this paper, we propose a novel qualitative analysis method for SEFT based on interface automata. Firstly, we propose the concept of guarded interface automata by adding guards on interface automata transitions. Based on this model, we can describe the triggers and guards of SEFT simultaneously. Then, a weak bisimilarity operation is defined to alleviate the state space explosion problem. Based on the proposed guarded interface automata and the weak bisimilarity operation, the semantics of SEFT can be precisely determined. After that, a qualitative analysis process is presented on the basis of the formal semantics of SEFT, and the analyzing result is the minimal cut sequence set representing the causes of system failures. Finally, a fire protection system case study is illustrated step by step to demonstrate the effectiveness of our method.

RISK ANALYSIS OF OFFSHORE TRANSPORTATION ACCIDENT IN ARCTIC WATERS

A methodology for risk analysis applicable to shipping in arctic waters is introduced. This methodology uses the Bowtie relationship to represent an accident causes and consequences. It is further used to quantify the probability of a ship accident and also the related accident consequences during navigation in arctic waters. Detailed fault trees for three possible ship accident scenarios in arctic transits are developed and represented as bowties. Factors related to cold and harsh conditions and their effects on grounding, foundering, and collision are considered as part of this study. To illustrate the application of the methodology, it is applied to a case of an oil-tanker navigating on the Northern Sea Route (NSR). The methodology is implemented in a Markov Chain Monte Carlo framework to assess the uncertainties arisen from historical data and expert judgments involved in the risk analysis.

A framework of safety analysis with temporal feature based on MBSA and case study for ACC system

The safety of automotive Adaptive Cruise Control (ACC) system is of great significance to prevent fatigue driving, improve driving comfort, reduce accident rate and promote the development of intelligent transportation and autonomous driving technology. However, the current safety analysis of ACC lacks consideration of the temporal dynamic property, so it is necessary to establish a set of safety analysis methods to consider the temporal characteristics. This paper proposes a new safety analysis method based on MBSA framework and introduces temporal features. Altarica3.0 is a high-level modeling language for safety analysis, and its basic mathematical form is Guardian Transformation System (GTS). In this paper we outline an analysis approach that converts failure behavioral models (GTS) to temporal fault trees (TFTs), which can be analyzed using Pandora a recent technique for introducing temporal logic to fault trees. However, like classical fault tree analysis, TFT analysis requires a lot of manual effort, which makes it time consuming and expensive. In order to improve the safety of the system, the proposal extends Bayesian Networks with Pandora and results to dependability analysis with temporal relationships to provide more reliable basis for safety design. As a typical case study, the safety analysis method proposed in this paper is applied to the safety analysis of adaptive cruise system, and the results show the effectiveness of the proposed method. Furthermore, it also provides new technologies for the automation and intelligence of safety analysis for Smart Internet of Vehicle.

Dynamic Blackout Probability Monitoring System for Cruise Ship Power Plants

Stringent environmental regulations and efforts to improve the shipping operations sustainability have resulted in designing and employing more complex configurations for the ship power plants systems and the implementation of digitalised functionalities. Due to these systems complexity, critical situations arising from the components and subsystem failures, which may lead to accidents, require timely detection and mitigation. This study aims at enhancing the safety of ship complex systems and their operation by developing the concept of an integrated monitoring safety system that employs existing safety models and data fusion from shipboard sensors. Detailed Fault Trees that model the blackout top event, representing the sailing modes of a cruise ship and the operating modes of its plant, are employed. Shipboard sensors’ measurements acquired by the cruise ship alarm and monitoring system are integrated with these Fault Trees to account for the acquired shipboard information on the investigated power plant configuration and its components operating conditions, thus, facilitating the estimation of the blackout probability time variation as well as the dynamic criticality assessment of the power plant components. The proposed concept is verified by using a virtual simulation environment developed in Matlab/Simulink. This study supports the dynamic assessment of the ship power plants and therefore benefits the decision-making for enhancing the plant safety during operations.

Parametric Analyses of Attack-fault Trees*

Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i. e., absence of unintentional failures) and security (i. e., no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to consider these problems is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we define and implement the translation of attack-fault trees (AFTs) to a new extension of timed automata, called parametric weighted timed automata. This allows us to parameterize constants such as time and discrete costs in an AFT and then, using the model-checker IMITATOR, to compute the set of parameter values such that a successful attack is possible. Moreover, we add the possibility to define counter-measures. Using the different sets of parameter values computed, different attack and fault scenarios can be deduced depending on the budget, time or computation power of the attacker, providing helpful data to select the most efficient counter-measure.

Application of Dynamic Fault Tree Analysis to Prioritize Electric Power Systems in Nuclear Power Plants

Because the scope of risk assessments at nuclear power plants (NPPs) is being extended both spatially and temporally, conventional, or static fault trees might not be able to express failure mechanisms, or they could be unnecessarily conservative in their expression. Therefore, realistic assessment techniques are needed to adequately capture accident scenarios. In multi-unit probabilistic safety assessment (PSA), fault trees naturally become more complex as the number of units increases. In particular, when considering a shared facility between units of the electric power system (EPS), static fault trees (SFTs) that prioritize a specific unit are limited in implementing interactions between units. However, dynamic fault trees (DFTs) can be available without this limitation by using dynamic gates. Therefore, this study implements SFTs and DFTs for an EPS of two virtual NPPs and compares their results. In addition, to demonstrate the dynamic characteristics of the shared facilities, a station blackout (SBO), which causes the power system to lose its function, is assumed—especially with an inter-unit shared facility, AAC DG (Alternate AC Diesel Generator). To properly model the dynamic characteristics of the shared EPS in DFTs, a modified dynamic gate and algorithm are introduced, and a Monte Carlo simulation is adopted to quantify the DFT models. Through the analysis of the DFT, it is possible to confirm the actual connection priority of AAC DG according to the situation of units in a site. In addition, it is confirmed that some conservative results presented by the SFT can be evaluated from a more realistic perspective by reflecting this.