Analyzing Dynamic Fault Trees Derived from Model-based System Architectures

Dependability-critical systems require the engineering techniques and tools to provide high assurances of their safety and reliability. Similarly, software-intensive systems are increasingly becoming essential to dependabilitycritical infrastructure requiring dependability engineering techniques to sufficiently analyze the impact of the hardware and software (as well as their interactions and interfaces) on its overall reliability and safety. Despite the acknowledged need for high assurance in dependabilitycritical infrastructure software systems, such as the Digital Feed-Water Control System (DFWCS) for a nuclear reactor used in this work [1], the engineering for these systems focus design and development efforts on the functional behavior required of the system under normal operating conditions and given environmental assumptions such that consideration of failure scenarios may be delayed until after the design is completed. Dependability engineering entails calculating module and system failure rates [2-5]; modeling fault and failure propagations [6-8]; determining failure modes and contingencies; developing diagnostic, prognostic and system health monitoring and management mechanisms [9-12]; and designing for recovery, reconfiguration and reconstitution strategies to handle operational faults and failures [13]. Such dependability engineering technologies need to be developed and incorporated early in design and development process to allow for ample consideration of possible failures, mitigation strategies, tradeoff analyses and economic considerations. Dependability engineers typically perform the dependability analysis manually based on informal software engineering assets including design models, architecture diagrams and requirements documents. This manual process places the onus of creating and analyzing the dependability engineering assets and on the dependability engineers and thus is subject to the skill and expertise of the engineer [4] [14]. Fault tree analysis is a common dependability engineering technique that is subject to inconsistency since engineers can develop differing, but accurate, fault trees for the same system [4] [14-15]. To resolve differences among engineers, a system’s final fault tree often must be resolved through review and consensus building among dependability and system engineers to ensure that the fault tree reflects the actual system [14]. Further, the burden of manually identifying and exposing the potential failure modes in the interactions Dependability-critical systems, such as digital instrumentation and control systems in nuclear power plants, necessitate engineering techniques and tools to provide assurances of their safety and reliability. Determining system reliability at the architectural design phase is important since it may guide design decisions and provide crucial information for trade-off analysis and estimating system cost. Despite this, reliability and system engineering remain separate disciplines and engineering processes by which the dependability analysis results may not represent the designed system. In this article we provide an overview and application of our approach to build architecture-based, dynamic system models for dependability-critical systems and then automatically generate dynamic fault trees (DFT) for comprehensive, toolsupported reliability analysis. Specifically, we use the Architectural Analysis and Design Language (AADL) to model the structural, behavioral and failure aspects of the system in a composite architecture model. From the AADL model, we seek to derive the DFT(s) and use Galileo’s automated reliability analyses to estimate system reliability. This approach alleviates the dependability engineering – systems engineering knowledge expertise gap, integrates the dependability and system engineering design and development processes and enables a more formal, automated and consistent DFT construction. We illustrate this work using an example based on a dynamic digital feed-water control system for a nuclear reactor.