Context in the Risk Assessment of Digital Systems

Risk Analysis - 1999
Chris Garrett1, George Apostolakis1
1Department of Nuclear Engineering, Massachusetts Institute of Technology, Cambridge

Tóm tắt

As the use of digital computers for instrumentation and control of safety-critical systems has increased, there has been a growing debate over the issue of whether probabilistic risk assessment techniques can be applied to these systems. This debate has centered on the issue of whether software failures can be modeled probabilistically. This paper describes a “context-based” approach to software risk assessment that explicitly recognizes the fact that the behavior of software is not probabilistic. The source of the perceived uncertainty in its behavior results from both the input to the software as well as the application and environment in which the software is operating. Failures occur as the result of encountering some context for which the software was not properly designed, as opposed to the software simply failing “randomly.” The paper elaborates on the concept of “error-forcing context” as it applies to software. It also illustrates a methodology which utilizes event trees, fault trees, and the Dynamic Flowgraph Methodology (DFM) to identify “error-forcing contexts” for software in the form of fault tree prime implicants.

Từ khóa


Tài liệu tham khảo

G. Apostolakis and N. Siu, ''Foreword,'' in Proceedings of the International Topical Meeting on Probabilistic Safety Assessment, PSA '96(Park City, Utah, Sept. 29- Oct. 3, 1996).

H. Kumamoto and E. J. Henley, Probabilistic Risk Assessment and Management for Engineers and Scientists(IEEE Press, Piscataway, NJ, 1996).

N. Leveson, ''Software Safety in Embedded Computer Systems,'' Commun.ACM 3434–46 (February 1991).

National Research Council, Digital Instrumentation and Control Systems in Nuclear Power Plants: Safety and Reliability Issues(National Academy Press, Washington, D.C., 1997).

ANSI/IEEE, Standard Glossary of Software Engineering Terminology(STD-729-1991, ANSI/IEEE, 1991).

N. Leveson, Safeware: System Safety and Computers(Addison-Wesley, Reading, MA, 1995).

P. G. Nuemann, ''SomeComputer-related Disasters and Other Egregious Horrors,'' ACM Software Engin.Notes 106–7 (January 1985).

S. E. Cooper, A. M. Ramey-Smith, J. Wreathall, G. W. Parry, D. C. Bley, W. J. Luckas, J. H. Taylor, and M. T. Barriere, A Technique for Human Error Analysis (ATHEANA)(NUREG/CR-6350, Brookhaven National Laboratory, 1996).

E. Hollnagel, Human Reliability Analysis: Context and Control(Academic Press, San Diego, CA, 1993).

J. T. Reason, Human Error(Cambridge University Press, Cambridge, MA, 1990).

P. Boenhert, Memorandum to H. Lewis, Chairman, Computers in Nuclear Power Plant Operations Subcommittee, Advisory Committee on Reactor Safeguards, U.S. Nuclear Regulatory Commission, Washington, D.C. (September 25, 1990).

N. G. Leveson and P. R. Harvey, ''Analyzing Software Safety,'' IEEE Trans.Software Engin. 9(1983).

F. Redmill, M. F. Chudleigh, and J. R. Catmur, ''Principles Underlying aGuideline for Applying HAZOP to Programmable Electronic Systems,'' Rel.Engin.Syst.Safety 55283–293 (1997).

C. Garrett, S. Guarro, and G. Apostolakis, ''The Dynamic Flowgraph Methodology for Assessing the Dependability of Embedded Systems,'' IEEE Trans.Syst.Man Cybernet. 25824–840 (May 1995).

M. Yau, S. Guarro, and G. Apostolakis, ''Demonstration of the Dynamic Flowgraph Methodology Using the Titan II Space Launch Vehicle Digital Flight Control System,'' Reli.Engin.Syst.Safety 49335–353 (1995).

S. B. Guarro, M. K. Yau, and M. E. Motamed, Development of Tools for Safety Analysis of Control Software in Advanced Reactors(NUREG/CR-6465, U.S. Nuclear Regulatory Commission, Washington, D.C., 1996).

M. Yau, G. Apostolakis, and S. Guarro, ''The Use of Prime Implicants in Dependability Analysis of Software Controlled Systems,'' Rel.Engin.Syste.Safety 6223–32 (1998).

R. C. Bertucio and J. A. Julius, Analysis of Core Damage Frequency: Surry, Unit 1 Internal Events(NUREG/CR-4550, U.S. Nuclear Regulatory Commission, Washington, D.C., 1990).

Thông tin
Thông tin xuất bản

Risk Analysis

Thông tin tác giả