• Nuclear Engineering and Technology
• /
• v.40 no.5
• /
• pp.365-374
• /
• 2008

Dependability-critical systems, such as digital instrumentation and control systems in nuclear power plants, necessitate engineering techniques and tools to provide assurances of their safety and reliability. Determining system reliability at the architectural design phase is important since it may guide design decisions and provide crucial information for trade-off analysis and estimating system cost. Despite this, reliability and system engineering remain separate disciplines and engineering processes by which the dependability analysis results may not represent the designed system. In this article we provide an overview and application of our approach to build architecture-based, dynamic system models for dependability-critical systems and then automatically generate dynamic fault trees (DFT) for comprehensive, tool-supported reliability analysis. Specifically, we use the Architectural Analysis and Design Language (AADL) to model the structural, behavioral and failure aspects of the system in a composite architecture model. From the AADL model, we seek to derive the DFT(s) and use Galileo's automated reliability analyses to estimate system reliability. This approach alleviates the dependability engineering - systems engineering knowledge expertise gap, integrates the dependability and system engineering design and development processes and enables a more formal, automated and consistent DFT construction. We illustrate this work using an example based on a dynamic digital feed-water control system for a nuclear reactor.

• Nuclear Engineering and Technology
• /
• v.51 no.2
• /
• pp.444-452
• /
• 2019

To assess the availability of a nuclear power plant's dynamic systems, it is necessary to consider the impact of dynamic interactions, such as components, software, and operating processes. However, there is currently no simple, easy-to-use tool for assessing the availability of these dynamic systems. The existing method, such as Markov chains, derives an accurate solution but has difficulty in modeling the system. When using conventional fault trees, the reliability of a system with dynamic characteristics cannot be evaluated accurately because the fault trees consider reliability of a specific operating configuration of the system. The dynamic reliability graph with general gates (DRGGG) allows an intuitive modeling similar to the actual system configuration, which can reduce the human errors that can occur during modeling of the target system. However, because the current DRGGG is able to evaluate the dynamic system in terms of only reliability without repair, a new evaluation method that can calculate the availability of the dynamic system with repair is proposed through this study. The proposed method extends the DRGGG by adding the repair condition to the dynamic gates. As a result of comparing the proposed method with Markov chains regarding a simple verification model, it is confirmed that the quantified value converges to the solution.

• Nuclear Engineering and Technology
• /
• v.54 no.12
• /
• pp.4560-4570
• /
• 2022

Dynamic fault tree (DFT) and its related research methods have received extensive attention in safety analysis and reliability engineering. DFT can perform reliability modelling for systems with sequential correlation, resource sharing, and cold and hot spare parts. A technical modelling method of DFT is proposed for modelling ship collision accidents and loss-of-coolant accidents (LOCAs). Qualitative and quantitative analyses of DFT were carried out using the cutting sequence (CS)/extended cutting sequence (ECS) method. The results show nine types of dynamic fault failure modes in ship collision accidents, describing the fault propagation process of a dynamic system and reflect the dynamic changes of the entire accident system. The probability of a ship collision accident is 2.378 × 10^-9 by using CS. This failure mode cannot be expressed by a combination of basic events within the same event frame after an LOCA occurs in a marine nuclear reactor because the system contains warm spare parts. Therefore, the probability of losing reactor control was calculated as 8.125 × 10^-6 using the ECS. Compared with CS, ECS is more efficient considering expression and processing capabilities, and has a significant advantage considering cost.

• The KIPS Transactions:PartA
• /
• v.15A no.3
• /
• pp.151-154
• /
• 2008

A middleware in grid computing environment is required to support seamless on-demand services over diverse resource situations in order to meet various user requirements [1]. Since grid computing applications need situation-aware middleware services in this environment. In this paper, we propose a semantic middleware architecture to support dynamic software component reconfiguration based fault and service ontology to provide fault-tolerance in a grid computing environment. Our middleware includes autonomic management to detect faults, analyze causes of them, and plan semantically meaningful strategies to recover from the failure using pre-defined fault and service ontology trees. We implemented a referenced prototype, Web-service based Application Execution Environment(Wapee), as a proof-of-concept, and showed the efficiency in runtime recovery.

• Korean System Dynamics Review
• /
• v.16 no.3
• /
• pp.5-29
• /
• 2015

The importance of the concept of safety culture has increased in the security of high-risk facility after Chernobyl accident in 1986. This paper elaborated the concept of safety culture and its main factors by Causal Loop Diagram. Due to the decline of safety culture, the occurrence of incidents and accidents require more and more corrective actions to the members of high-risk facilities and thereby increasing their workloads. Employees who must complete the task within the given time have to have time pressures and don't comply with the rules and procedures. Also, a schedule pressure is a big stress for employees, causing mistakes in precision work. In order to improve these problems, CLD of the safety culture in this paper suggests hiring more workers, re-allocation of given workloads and strengthen the learning, communication capabilities and safety leadership. In addition, the two real accident cases were analyzed to test the feasibility of the System Dynamic simulation model through the process of structuring the fault trees on the stationary black out accident in Kori unit 1 in South Korea and Kleen Energy power station explosion in US. The simulation results show that the various safety factors cause the serious accident combined with mechanical failure and safety culture will reduce the possibility of the accidents in these high-risk organizations. This simulation model can contribute to analyzing the impact of the organizational and human factors of safety culture and can provide the alternatives in high-risk facilities.

• Journal of KIISE:Information Networking
• /
• v.34 no.2
• /
• pp.120-133
• /
• 2007

A multicast tree includes several, possibly a large number of, paths connecting source-receiver pairs, and network failure may disable part of the multicast tree. Reconstruction of the entire multicast tree to recover from a component failure is highly undesirable, because some group members have to suffer service disruptions even though the communication paths to/from them are not affected by the failure. To limit reconfiguration region and to maximize the likelihood of successful reconfiguration, we propose and evaluate a pre-planned reconfiguration policy for QoS multicast sessions. Specifically, we equip a reconfiguration path (RP) with each end-to-end path that connects a source-receiver pair in the multicast tree, and reserve resources in advance along the RPs. Efficient resource-sharing techniques are applied to reduce the amount of resources reserved for RPs but not used in the absence of failures. This way, we prevent uncontrolled competition among different multicast sessions which may simultaneously try to recover from failures. We evaluate the performance of the proposed scheme using simulation on randomly-generated networks. We use the shortest-path routing for QoS multicast sessions, and simulate both source-based and shared multicast trees. The evaluation results indicates that successful pre-planned reconfiguration can be achieved for all group members with reasonable overhead. Our scheme is also shown to adapt well to dynamic changes of group membership.