Non coherent fault tree analysis

Beeson, Sally C.

January 2002

The aim of this thesis is to extend the current techniques available for the analysis of non-coherent fault trees. At present importance analysis of non-coherent systems is extremely limited. The majority of measures of importance that have been developed can only be used to analyse coherent fault trees. If these measures are used to analyse non-coherent fault trees the results obtained are inaccurate and misleading. Extensions for seven of the most commonly used measures of importance have been proposed to enable accurate analysis of non-coherent systems. The Binary Decision Diagram technique has been shown to provide an accurate and efficient means of analysing coherent fault trees. The application of this technique for the qualitative analysis of non-coherent fault trees has demonstrated the gains to be made in terms of efficiency and accuracy. Procedures for quantifying a non-coherent fault tree using this technique have been developed; these techniques enable significantly more efficient and accurate analysis than the conventional techniques for Fault Tree Analysis. Although the Binary Decision Diagram technique provides an efficient and accurate means of analysing coherent and non-coherent fault trees, large trees with many repeated events cannot always be analysed exactly. In such circumstances partial analysis must be performed if any conclusions regarding system safety and reliability are to be drawn. Culling techniques employed in conjuncfion with the Binary Decision Diagram method have been developed for the partial analysis of both coherent and non-coherent fault trees.

620

Fault trees

Fuzzy temporal fault tree analysis of dynamic systems

Kabir, Sohag, Walker, M., Papadopoulos, Y., Rüde, E., Securius, P.

18 October 2019

Yes / Fault tree analysis (FTA) is a powerful technique that is widely used for evaluating system safety and reliability. It can be used to assess the effects of combinations of failures on system behaviour but is unable to capture sequence dependent dynamic behaviour. A number of extensions to fault trees have been proposed to overcome this limitation. Pandora, one such extension, introduces temporal gates and temporal laws to allow dynamic analysis of temporal fault trees (TFTs). It can be easily integrated in model-based design and analysis techniques. The quantitative evaluation of failure probability in Pandora TFTs is performed using exact probabilistic data about component failures. However, exact data can often be difficult to obtain. In this paper, we propose a method that combines expert elicitation and fuzzy set theory with Pandora TFTs to enable dynamic analysis of complex systems with limited or absent exact quantitative data. This gives Pandora the ability to perform quantitative analysis under uncertainty, which increases further its potential utility in the emerging field of model-based design and dependability analysis. The method has been demonstrated by applying it to a fault tolerant fuel distribution system of a ship, and the results are compared with the results obtained by other existing techniques.

Reliability analysis

Fault tree analysis

Dynamic fault trees

Temporal fault trees

Uncertainty analysis

Fuzzy set theory

Dynamic system safety analysis in HiP-HOPS with Petri Nets and Bayesian Networks

Kabir, Sohag, Walker, M., Papadopoulos, Y.

18 October 2019

Yes / Dynamic systems exhibit time-dependent behaviours and complex functional dependencies amongst their components. Therefore, to capture the full system failure behaviour, it is not enough to simply determine the consequences of different combinations of failure events: it is also necessary to understand the order in which they fail. Pandora temporal fault trees (TFTs) increase the expressive power of fault trees and allow modelling of sequence-dependent failure behaviour of systems. However, like classical fault tree analysis, TFT analysis requires a lot of manual effort, which makes it time consuming and expensive. This in turn makes it less viable for use in modern, iterated system design processes, which requires a quicker turnaround and consistency across evolutions. In this paper, we propose for a model-based analysis of temporal fault trees via HiP-HOPS, which is a state-of-the-art model-based dependability analysis method supported by tools that largely automate analysis and optimisation of systems. The proposal extends HiP-HOPS with Pandora, Petri Nets and Bayesian Networks and results to dynamic dependability analysis that is more readily integrated into modern design processes. The effectiveness is demonstrated via application to an aircraft fuel distribution system. / Partly funded by the DEIS H2020 project (Grant Agreement 732242).

Fault tree analysis

Reliability analysis

Model-based safety analysis

Dynamic fault trees

Temporal fault trees

HiP-HOPS

Petri Nets

Bayesian Networks

Safety system design optimisation

Pattison, Rachel Lesley

January 2000

This thesis investigates the efficiency of a design optimisation scheme that is appropriate for systems which require a high likelihood of functioning on demand. Traditional approaches to the design of safety critical systems follow the preliminary design, analysis, appraisal and redesign stages until what is regarded as an acceptable design is achieved. For safety systems whose failure could result in loss of life it is imperative that the best use of the available resources is made and a system which is optimal, not just adequate, is produced. The object of the design optimisation problem is to minimise system unavailability through manipulation of the design variables, such that limitations placed on them by constraints are not violated. Commonly, with mathematical optimisation problem; there will be an explicit objective function which defines how the characteristic to be minimised is related to the variables. As regards the safety system problem, an explicit objective function cannot be formulated, and as such, system performance is assessed using the fault tree method. By the use of house events a single fault tree is constructed to represent the failure causes of each potential design to overcome the time consuming task of constructing a fault tree for each design investigated during the optimisation procedure. Once the fault tree has been constructed for the design in question it is converted to a BDD for analysis. A genetic algorithm is first employed to perform the system optimisation, where the practicality of this approach is demonstrated initially through application to a High-Integrity Protection System (HIPS) and subsequently a more complex Firewater Deluge System (FDS). An alternative optimisation scheme achieves the final design specification by solving a sequence of optimisation problems. Each of these problems are defined by assuming some form of the objective function and specifying a sub-region of the design space over which this function will be representative of the system unavailability. The thesis concludes with attention to various optimisation techniques, which possess features able to address difficulties in the optimisation of safety critical systems. Specifically, consideration is given to the use of a statistically designed experiment and a logical search approach.

519.5

Risk management approach for the life cycle of a lined tailings dam

Otto, Hendrik Johannes Hertzog

04 June 2012

M. Ing. / Managing the risks to life and limb and to the environment due to potential accidents and structural failures during the lifecycle phases of a TD is a complex, intricate and dynamic process, because of the sheer number of hazards that are involved. Fault and event trees enable one to systematically identify these hazards within the context of their intricate relationships. An internationally accepted qualitative scale enables one to assign probabilities in terms of engineering judgement to the sub-causes in the fault trees and the probabilities of the top faults to be calculated. Mine and industry accident statistics enable one to assign relevant frequencies to the subtended event trees and to determine the resulting probabilities of fatal injury or environmental damage. An internationally accepted relationship between lifetime probability of failure causing death and the potential number of fatalities enables one to determine whether the resulting probability of fatal injury is acceptable. If such resulting probability of fatal injury is not acceptable, the biggest contributing subcauses in the underlying fault tree can be identified and mitigating measures considered on an optimal cost benefit basis. The fault trees for the different life cycle phases of the TD also enable one to take cognisance of the dynamic changes in the frequencies of the sub-causes in the various phases and how the risk management focus may change over the life of a TD although the overall threat may not necessarily vary very much. During investigation of the causative modes for personal injury due to mine accidents/hazards at or on the TD it was found that the probabilities associated with fatal injury during the life cycle phases considered were acceptable. The sensitivity of the factors was however investigated further to provide confidence, and event and consequence trees were developed for TD road accidents which were identified as having the highest probabilities of occurrence. The most efficient risk management intervention measure evaluated was found to be increasing compliance with the mine’s road traffic safety regulations. Investigation of the causative modes for personal injury due to structural failure of the TD determined that the probabilities associated with fatal injury were acceptable and no risk mitigation measures were thus required. The causative modes for environmental damage due to mine accidents/hazards were examined next and the probabilities associated with environmental damage were found to be unacceptably high for the life cycle phases considered. Risk management intervention 57 measures were thus required to lower the associated risks to acceptable levels based on relevant and realistic environmental protection guidelines. No mitigation measures were developed as part of the study. Causative modes for environmental damage due to structural failure of the TD were investigated last. The probabilities associated with environmental damage during the life cycle phases considered were also found to be unacceptably high. Risk mitigation measures were thus required but none were developed as part of the study. Fault and event tree methodology as employed in this study can thus be used as valuable supporting instruments for investigating the causative failure modes of a complex system, the identification of potential risk mitigation measures, and for evaluation of the effectiveness of the proposed risk management measures.

Tailings dams

Risk management

Risk assessment

Fault trees

Industrial safety

Mine safety

Secure hypervisor versus trusted execution environment : Security analysis for mobile fingerprint identification applications

Sundblad, Anton, Brunberg, Gustaf

January 2017

Fingerprint identification is becoming increasingly popular as a means of authentication for handheld devices of different kinds. In order to secure such an authentication solution it is common to use a TEE implementation. This thesis examines the possibility of replacing a TEE with a hypervisor-based solution instead, with the intention of keeping the same security features that a TEE can offer. To carry out the evaluation a suitable method is constructed. This method makes use of fault trees to be able to find possible vulnerabilities in both systems, and these vulnerabilities are then documented. The vulnerabilities of both systems are also compared to each other to identify differences in how they are handled. It is concluded that if the target platform has the ability to implement a TEE solution, it can also implement the same solution using a hypervisor. However, the authors recommend against porting a working TEE solution, as TEEs often offer finished APIs for common operations that would require re-implementation in the examined hypervisor.

tee

information security

hypervisor

attack trees

fault trees

Information Systems

EVALUATING THE RELIABILITY OF COUPLED CONVEYORS

Kuruvilla, Saju A.

January 2007

No description available.

CONVEYORS

Fault Trees

Conveyor systems

RELIABILITY

Failure Rate

Fault

COUPLED CONVEYORS

A hybrid modular approach for dynamic fault tree analysis

Kabir, Sohag, Aslansefat, K., Sorokos, I., Papadopoulos, Y., Konur, Savas

04 August 2020

Yes / Over the years, several approaches have been developed for the quantitative analysis of dynamic fault trees (DFTs). These approaches have strong theoretical and mathematical foundations; however, they appear to suffer from the state-space explosion and high computational requirements, compromising their efficacy. Modularisation techniques have been developed to address these issues by identifying and quantifying static and dynamic modules of the fault tree separately by using binary decision diagrams and Markov models. Although these approaches appear effective in reducing computational effort and avoiding state-space explosion, the reliance of the Markov chain on exponentially distributed data of system components can limit their widespread industrial applications. In this paper, we propose a hybrid modularisation scheme where independent sub-trees of a DFT are identified and quantified in a hierarchical order. A hybrid framework with the combination of algebraic solution, Petri Nets, and Monte Carlo simulation is used to increase the efficiency of the solution. The proposed approach uses the advantages of each existing approach in the right place (independent module). We have experimented the proposed approach on five independent hypothetical and industrial examples in which the experiments show the capabilities of the proposed approach facing repeated basic events and non-exponential failure distributions. The proposed approach could provide an approximate solution to DFTs without unacceptable loss of accuracy. Moreover, the use of modularised or hierarchical Petri nets makes this approach more generally applicable by allowing quantitative evaluation of DFTs with a wide range of failure rate distributions for basic events of the tree. / This work was supported in part by the Dependability Engineering Innovation for Cyber Physical Systems (CPS) (DEIS) H2020 Project under Grant 732242, and in part by the LIVEBIO: Light-weight Verification for Synthetic Biology Project under Grant EPSRC EP/R043787/1.

Reliability analysis

Fault tree analysis

Dynamic fault trees

Modularisation

Petri nets

A fuzzy data-driven reliability analysis for risk assessment and decision making using Temporal Fault Trees

Kabir, Sohag

30 August 2023

Yes / Fuzzy data-driven reliability analysis has been used in different safety-critical domains for risk assessment and decision-making where precise failure data is non-existent. Expert judgements and fuzzy set theory have been combined with different variants of fault trees as part of fuzzy data-driven reliability analysis studies. In such fuzzy fault tree analyses, different people represented failure data using different membership functions for the fuzzy set, and different parameters were set differently in the expert opinion elicitation process. Due to the availability of a wide variety of options, it is possible to obtain different outcomes when choosing one option over another. This article performed an analysis in the context of fuzzy data-based temporal fault tree analysis to investigate the effect of choosing different membership functions on the estimated system reliability and criticality ranking of different failure events. Moreover, the effect of using different values for the relaxation factor, a parameter set during the expert elicitation process, was studied on the system reliability and criticality evaluation. The experiments on the fuel distribution system case study show system reliability did not vary when triangular and trapezoidal fuzzy numbers were used with the same upper and lower bounds. However, it was seen that the criticality rankings of a couple of events were changed due to choosing different membership functions and different values of relaxation factor

Reliability

Uncertainty

Temporal Fault Trees

Fuzzy set theory

Sensitivity

Triangular and trapezoidal fuzzy numbers

Safety + AI: A novel approach to update safety models using artificial intelligence

Gheraibia, Y., Kabir, Sohag, Aslansefat, K., Sorokos, I., Papadopoulos, Y.

16 September 2019

Yes / Safety-critical systems are becoming larger and more complex to obtain a higher level of functionality. Hence, modeling and evaluation of these systems can be a difficult and error-prone task. Among existing safety models, Fault Tree Analysis (FTA) is one of the well-known methods in terms of easily understandable graphical structure. This study proposes a novel approach by using Machine Learning (ML) and real-time operational data to learn about the normal behavior of the system. Afterwards, if any abnormal situation arises with reference to the normal behavior model, the approach tries to find the explanation of the abnormality on the fault tree and then share the knowledge with the operator. If the fault tree fails to explain the situation, a number of different recommendations, including the potential repair of the fault tree, are provided based on the nature of the situation. A decision tree is utilized for this purpose. The effectiveness of the proposed approach is shown through a hypothetical example of an Aircraft Fuel Distribution System (AFDS). / DEIS H2020 Project under Grant 732242

Safety

Fault trees

Machine learning

Reliability

Analytical models

Accidents

Logic gates

Artificial intelligence