Quantitative analysis of dynamic safety-critical systems using temporal fault trees

Abstract

Emerging technological systems present complexities that pose new risks and hazards. Some of these systems, called safety-critical systems, can have very disastrous effects on human life and the environment if they fail. For this reason, such systems may feature multiple modes of operation, which may make use of redundant components, parallel architectures, and the ability to fall back to a degraded state of operation without failing completely. However, the introduction of such features poses new challenges for systems analysts, who need to understand how such systems behave and estimate how reliable and safe they really are.

Fault Trees Analysis (FTA) is a technique widely accepted and employed for analysing the reliability of safety-critical systems. With FTA, analysts can perform both qualitative and quantitative analyses on safety-critical systems. Unfortunately, traditional FTA is unable to efficiently capture some of the dynamic features of modern systems. This problem is not new; various efforts have been made to develop techniques to solve it. Pandora is one such technique to enhance FTA. It uses new 'temporal' logic gates, in addition to some existing ones, to model dynamic sequences of events and eventually produce combinations of basic events necessary and sufficient to cause a system failure. Until now, Pandora was not able to quantitatively evaluate the probability of a system failure. This is the motivation for this thesis.

This thesis proposes and evaluates various techniques for the probabilistic evaluation of the temporal gates in Pandora, enabling quantitative temporal fault tree analysis. It also introduces a new logical gate called the 'parameterised Simultaneous-AND' (pSAND) gate. The proposed techniques include both analytical and simulation-based approaches. The analytical solution supports only component failures with exponential distribution whilst the simulation approach is not restricted to any specific component failure distribution. Other techniques for evaluating higher order component combinations, which are results of the propagation of individual gates towards a system failure, have also been formulated. These mathematical expressions for the evaluation of individual gates and combinations of components have enabled the evaluation of a total system failure and importance measures, which are of great interest to system analysts.