RIFIT: analyzing hardware and software in safeguarding systems

Currently many systems used to safeguard processes in industry use a combination of hardware and software. Many of the analysis techniques applied in this field, however, quantify aspects of hardware only. This paper presents a technique that is used to quantify the safety of safeguarding systems as a whole, including hardware and software. The techniques used bases itself on a combination of simulation and fault injection techniques. This paper will present this new technique and will demonstrate that it is possible using this “Random Intelligent Failure Injection Technique” to analyze and optimize practical safeguarding systems.     

An approach to maintenance optimization where safety issues are important

The starting point for this paper is a traditional approach to maintenance optimization where an object function is used for optimizing maintenance intervals. The object function reflects maintenance cost, cost of loss of production/services, as well as safety costs, and is based on a classical cost–benefit analysis approach where a value of prevented fatality (VPF) is used to weight the importance of safety. However, the rationale for such an approach could be questioned. What is the meaning of such a VPF figure, and is it sufficient to reflect the importance of safety by calculating the expected fatality loss VPF and potential loss of lives (PLL) as being done in the cost–benefit analyses? Should the VPF be the same number for all type of accidents, or should it be increased in case of multiple fatality accidents to reflect gross accident aversion?In this paper, these issues are discussed. We conclude that we have to see beyond the expected values in situations with high safety impacts. A framework is presented which opens up for a broader decision basis, covering considerations on the potential for gross accidents, the type of uncertainties and lack of knowledge of important risk influencing factors. Decisions with a high safety impact are moved from the maintenance department to the “Safety Board” for a broader discussion. In this way, we avoid that the object function is used in a mechanical way to optimize the maintenance and important safety-related decisions are made implicit and outside the normal arena for safety decisions, e.g. outside the traditional “Safety Board”.A case study from the Norwegian railways is used to illustrate the discussions.     

全机推力试车台推力测量和校准方法

以目前国内唯一可进行发机装机状态下推力测试的试验设备为研究对象,介绍了其全机推力试车台的台架总体结构及飞机装机推力测量方式,重点对推力测量系统及其校准方法进行了详细描述,分析了全机推力测量的影响因素、测量结果修正方法及目前校准方法存在的不足,提出了装机校准、左右平台联合校准、伺服加载校准和原位校准等多种改进措施,提高了全机推力测量系统的校准准确度以及发动机装机推力的测量准确度,对于其他同类设备的校准也具有重要的参考和借鉴价值。     

Combination of finite element and reliability methods in nonlinear fracture mechanics

This paper presents a probabilistic methodology for nonlinear fracture analysis in order to get decisive help for the reparation and functioning optimization of general cracked structures. It involves nonlinear finite element analysis. Two methods are studied for the coupling of finite element with reliability software: the direct method and the quadratic response surface method. To ensure the response surface efficiency, we introduce new quality measures in the convergence scheme. An example of a cracked pipe is presented to illustrate the proposed methodology. The results show that the methodology is able to give accurate probabilistic characterization of the J-integral in elastic–plastic fracture mechanics without obvious time consumption. By introducing an “analysis re-using” technique, we show how the response surface method becomes cost attractive in case of incremental finite element analysis.     

Analyses of robot systems using fault and event trees: case studies

Safety in the use of robotics outside factories or processing plants has become a matter of great international concern. Domestic robots and those intended to assist nurses and surgeons in hospitals are examples of cases where safety and reliability are considered critical. The safe performance of robot systems depends on many factors, including the integrity of the robot's hardware and software, the way it communicates with sensory and other production equipment, the reliable function of the safety features present and the way the robot interacts with its environment. The use of systematic techniques such as Fault and Event Tree analysis to examine the safety and reliability of a given robotic system is presented. Considerable knowledge is needed before the application of such analysis techniques can be translated into safety specifications or indeed ‘fail-safe’ design features of robotic systems. The skill and understanding required for the formulation of such specifications is demonstrated here based on a number of case studies.     

室内发动机试车台推力校准的数值研究

运用数值模拟手段实现了额定状态、最大状态和全加力状态下某室内发动机试车台推力的气动校准,并初步验证了计算准确性。结果表明:数值计算较好地模拟了室内发动机试车台内气流的流动情况,各部分修正阻力在变化趋势和数值范围上合理可信;大流量状态下进气冲量对推力校准的影响最为显著,喷口阻力和进气道附加阻力也有一定的影响。     

Modelling and quantification of dependent repeatable human errors in system analysis and risk assessment

General equations and numerical tables are developed for quantification of the probabilities of sequentially dependent repeatable human errors. Such errors are typically associated with testing, maintenance or calibration (called “pre-accident” or “pre-initiator” tasks) of redundant safety systems. Guidance is presented for incorporating dependent events in large system fault tree analysis using implicit or explicit methods. Exact relationships between these methods as well as numerical tables and simple approximate methods for system analysis are described. Analytical results are presented for a general human error model while the numerical tables are valid for a specific Handbook (THERP) model. Relationships are pointed out with earlier methods and guides proposed for error probability quantification.     

Probability Hazard Analysis of the Operation of Pipeline Systems,Tanks, and Pressure Vessels. Part 2. Method for the Evaluation of the Functional Fitness of a Structural Element According to the Restricted Statistical Data

We describe a procedure used for the evaluation of the engineering state of structures according to the “fitness-for-service” criterion based on the application of restricted amounts of statistical data, which can be obtained in the process of operation, testing, or numerical simulation. We propose a quasioptimal sequential statistical criterion capable of making decision concerning the functional fitness of objects with probability errors of the first and second kind that do not exceed specified values. The practical realization of the probability risk analysis of the operation of pipeline systems, reservoirs, and pressure vessel is performed in the form of a software methodical complex of the “Mitsnist’” expert system.__________Translated from Problemy Prochnosti, No. 3, pp. 96 – 103, May – June, 2005.     

Redundancy analysis for repairable multi-state system by using combined stochastic processes methods and universal generating function technique

This paper discusses a type of redundancy that is typical in a multi-state system. It considers two interconnected multi-state systems where one multi-state system can satisfy its own stochastic demand and also can provide abundant resource (performance) to another system in order to improve the assisted system reliability. Traditional methods are usually not effective enough for reliability analysis for such multi-state systems because of the “dimensional curse” problem. This paper presents a new method for reliability evaluation for the repairable multi-state system considering such kind of redundancy. The proposed method is based on the combination of the universal generating function technique and random processes methods. The numerical example is presented to illustrate the proposed method.     

Conceptualizing and communicating organizational risk dynamics in the thoroughness–efficiency space

Organizations that design and/or operate complex systems have to make trade-offs between multiple, interacting, and sometimes conflicting goals at both the individual and organizational levels. Identifying, communicating, and resolving the conflict or tension between multiple organizational goals is challenging. Furthermore, maintaining an appropriate level of safety in such complex environments is difficult for a number of reasons discussed in this paper. The objective of this paper is to propose a set of related concepts that can help conceptualize organizational risk and help managers to understand the implications of various performance and resource pressures and make appropriate trade-offs between efficiency and thoroughness that maintain system safety. The concepts here introduced include (1) the thoroughness–efficiency space for classifying organizational behavior, and the various resource/performance and regulatory pressures that can displace organizations from one quadrant to another within this space, (2) the thoroughness–efficiency barrier and safety threshold, and (3) the efficiency penalty that organizations should accept, and not trade against organizational thoroughness, in order to maintain safety. Unfortunately, many accidents share a conceptual sameness in the way they occur. That sameness can be related to the dynamics conceptualized in this paper and the violation of the safety threshold. This sameness is the sad story of the Bhopal accident, the Piper Alpha accident, and score of others. Finally, we highlight the importance of a positive safety culture as an essential complement to regulatory pressure in maintaining safety. We illustrate the “slippery slope of thoroughness” along which organizational behavior slides under the influence of performance pressure, and suggest that a positive safety culture can be conceived of as “pulling this slippery slope” up and preventing the violation of the safety threshold.     

Effective channel length and parasitic resistance determination in non self-aligned low temperature polycrystalline silicon thin film transistors

The presence of high electric fields at the drain junction in polycrystalline silicon (polysilicon) thin film transistors (TFTs), enhances several undesired effects, such as hot-carrier related instabilities and kink effect. In order to reduce the drain electric field, non-self-aligned (NSA) device architecture can be adopted. In this case, dopant activation and active layer crystallization are achieved at the same time by excimer laser annealing, resulting in a substantial lateral dopant diffusion. The gradual doping profile provides not only a reduction of the drain electric field, but also a channel length shortening. Therefore, an effective channel length (L_eff) has to be determined in such devices, in order to successfully design circuit applications. In this work, L_eff and parasitic resistance (R_p) modulation effects have been investigated in both n- and p-channel NSA polysilicon TFTs. Three different parameter extraction methods, originally proposed for the crystalline MOSFETs technology, have been used and compared in order to extract L_eff and R_p, including: the “channel resistance” method; the “paired V_g” method; the “shift and ratio” method. These methods indicate a channel length reduction up to 1 μm and a non negligible parasitic resistance effect. The reliability of the results of the three methods are discussed in terms of applicability of the underlying assumptions in the case of polysilicon TFTs and numerical simulations are used to support the analysis.     

Business community views

Three tasks must be included when considering the broad topic of urban security. The first is to define the term “critical infrastructure.” Second, security must be viewed from a systems perspective when looking at cities and the infrastructure that serves them. Third, careful scrutiny must be given to heretofore not-considered vulnerabilities that exist in every major city.In the hours and days immediately following the attacks on September 11, everything from foot bridges to tall buildings were considered to be critical infrastructure. But, clearly, not everything in such a broad definition can be defended. So then, what is today’s definition of critical infrastructure? One might be a new version of the “3 R’s”—resist, respond, recover. In those terms, “critical infrastructure” could be defined as: (a) systems whose rapid failure would lead to a catastrophic loss of life; (b) systems whose failure or significant degradation would lead to unacceptable economic consequences; (c) systems whose rapid failure would significantly impact rescue and response efforts; and (d) systems whose significant degradation severely impact recovery efforts.Resist? It would be impossible for a city to resist everything, everywhere. The ability to respond to some events would require efforts that are above and beyond the realistic capability of any city. That moves the scenario to recovery and rebuilding.     

An effective technique for the software requirements analysis of NPP safety-critical systems, based on software inspection, requirements traceability, and formal specification

A thorough requirements analysis is indispensable for developing and implementing safety-critical software systems such as nuclear power plant (NPP) software systems because a single error in the requirements can generate serious software faults. However, it is very difficult to completely analyze system requirements. In this paper, an effective technique for the software requirements analysis is suggested. For requirements verification and validation (V&V) tasks, our technique uses software inspection, requirement traceability, and formal specification with structural decomposition. Software inspection and requirements traceability analysis are widely considered the most effective software V&V methods. Although formal methods are also considered an effective V&V activity, they are difficult to use properly in the nuclear fields as well as in other fields because of their mathematical nature. In this work, we propose an integrated environment (IE) approach for requirements, which is an integrated approach that enables easy inspection by combining requirement traceability and effective use of a formal method. The paper also introduces computer-aided tools for supporting IE approach for requirements. Called the nuclear software inspection support and requirements traceability (NuSISRT), the tool incorporates software inspection, requirement traceability, and formal specification capabilities. We designed the NuSISRT to partially automate software inspection and analysis of requirement traceability. In addition, for the formal specification and analysis, we used the formal requirements specification and analysis tool for nuclear engineering (NuSRS).     

Sensitivity analysis practices: Strategies for model-based inference

Fourteen years after Science's review of sensitivity analysis (SA) methods in 1989 (System analysis at molecular scale, by H. Rabitz) we search Science Online to identify and then review all recent articles having “sensitivity analysis” as a keyword. In spite of the considerable developments which have taken place in this discipline, of the good practices which have emerged, and of existing guidelines for SA issued on both sides of the Atlantic, we could not find in our review other than very primitive SA tools, based on “one-factor-at-a-time” (OAT) approaches. In the context of model corroboration or falsification, we demonstrate that this use of OAT methods is illicit and unjustified, unless the model under analysis is proved to be linear. We show that available good practices, such as variance based measures and others, are able to overcome OAT shortcomings and easy to implement. These methods also allow the concept of factors importance to be defined rigorously, thus making the factors importance ranking univocal. We analyse the requirements of SA in the context of modelling, and present best available practices on the basis of an elementary model. We also point the reader to available recipes for a rigorous SA.     

Methodology for identifying near-optimal interdiction strategies for a power transmission system

Previous methods for assessing the vulnerability of complex systems to intentional attacks or interdiction have either not been adequate to deal with systems in which flow readjusts dynamically (such as electricity transmission systems), or have been complex and computationally difficult. We propose a relatively simple, inexpensive, and practical method (“Max Line”) for identifying promising interdiction strategies in such systems. The method is based on a greedy algorithm in which, at each iteration, the transmission line with the highest load is interdicted. We apply this method to sample electrical transmission systems from the Reliability Test System developed by the Institute of Electrical and Electronics Engineers, and compare our method and results with those of other proposed approaches for vulnerability assessment. We also study the effectiveness of protecting those transmission lines identified as promising candidates for interdiction. These comparisons shed light on the relative merits of the various vulnerability assessment methods, as well as providing insights that can help to guide the allocation of scarce resources for defensive investment.     

Design of software for safety critical systems

In this paper, we provide an overview of the use of formal methods in the development of safety critical systems and the notion ofsafety in the context. Our attempt would be to draw lessons from the various research efforts that have gone in towards the development of robust/reliable software for safety-critical systems. In the context of India leaping into hi-tech areas, we argue for the need of a thrust in the development of quality software and also discuss the steps to be initiated towards such a goal. “If only we could learn the right lessons from the successes of the past, we would not need to learn from our failures” C.A.R. Hoare An earlier version was presented as an Invited paper at the ISRO Conference on Software Engineering, VSSC, Trivandrum, 29–30 July 1994.     

离心-温度复合装置的自学习切换控制方法研究

在发动机试验中,推力室脉动压力数据是研究发动机性能、判断不稳定燃烧的重要依据。针对发动机试验脉动压力数据的特点和传统傅里叶变换在时频分析领域的不足,根据经验模态分解（Empirical Mode Decomposition, EMD）方法良好的自适应特征、瞬时频率的精确定位能力、局部瞬时表达能力以及提取信号分量的优点,对发动机试验脉动压力数据进行分析。介绍了采用EMD方法对脉动压力数据进行分析的方法和步骤。分别采用FFT方法、EMD分解和基于不同小波基函数的小波分析方法分析脉动压力数据,总结了FFT和小波分析两种方法对非线性非平稳数据进行分析的不足。研究的结果显示,EMD方法能够较好地分析非线性非平稳脉动压力数据,且对研究、分析发动机试验脉动压力数据的频谱特征和不稳定燃烧具有重要的应用和推广价值。     

Test interval optimization of safety systems of nuclear power plant using fuzzy-genetic approach

Probabilistic safety assessment (PSA) is the most effective and efficient tool for safety and risk management in nuclear power plants (NPP). PSA studies not only evaluate risk/safety of systems but also their results are very useful in safe, economical and effective design and operation of NPPs. The latter application is popularly known as “Risk-Informed Decision Making”. Evaluation of technical specifications is one such important application of Risk-Informed decision making. Deciding test interval (TI), one of the important technical specifications, with the given resources and risk effectiveness is an optimization problem. Uncertainty is inherently present in the availability parameters such as failure rate and repair time due to the limitation in assessing these parameters precisely. This paper presents a solution to test interval optimization problem with uncertain parameters in the model with fuzzy-genetic approach along with a case of application from a safety system of Indian pressurized heavy water reactor (PHWR).     

Classification of environmentally assisted fatigue crack growth behavior

Fatigue crack growth is represented using fracture mechanics parameters, ΔK and K_max. Environmental effects that depend on time and stress affect the fatigue behavior predominantly through K_max parameter. The superimposed effects of environment and stress are seemingly complex. We have developed a methodology for classifying and separating the effects of environment on fatigue crack growth. A “crack growth trajectory map” is constructed from the behavior of ΔK versus K_max for various constant crack growth rate curves. A “pure fatigue” behavior is defined, in terms of environment-free behavior, such as in high vacuum. Deviation from this “pure fatigue” reference of the trajectory map is associated with either monotonic mode of fracture or to the superimposed environmental effects on crack growth. Using such an approach, called “Unified Damage Approach”, we classify the environmental effects in almost all materials into only five types. Each of these types shows the combination of time and stress affecting the crack tip driving force, and thus ΔK and K_max. The trajectory map depicts the changing material resistance due to the changing crack growth mechanisms with increasing crack growth rate, as reflected in terms of the applied stress intensities, ΔK and K_max. Thus the trajectory map provides a useful tool to separate the contributions from pure fatigue and superimposed monotonic modes and the governing crack growth mechanisms as a function of load-ratio, crack growth rate and environment. Understanding and quantification of the governing mechanisms would help in developing a more fundamental and reliable life prediction method.     

Text mining applied to patent mapping: a practical business case

Professional patent searchers are traditionally rather suspicious of the alleged “black box” effect inherently attached to intelligent software engines relying upon linguistic technologies for patent analysis and mapping. In this article, the authors propose that such prejudices can be overcome by setting a realistic business objective while experimenting with these new linguistic tools, as well as by applying serious methodology for validating the results of the analysis. The strengths and weaknesses of a particular text mining tool are assessed with reference to a practical business case in the field of packaging technology, and a comparison of the outcome of such an analysis with a traditional one, carried out using conventional patent classifications, is also described.