• Nuclear Engineering and Technology
• /
• v.31 no.1
• /
• pp.49-57
• /
• 1999

It has been a critical issue to predict the safety critical software reliability in nuclear engineering area. For many years, many researches have focused on the quantification of software reliability and there have been many models developed to quantify software reliability. Most software reliability models estimate the reliability with the failure data collected during the test assuming that the test environments well represent the operation profile. User's interest is however on the operational reliability rather than on the test reliability. The experiences show that the operational reliability is higher than the test reliability. With the assumption that the difference in reliability results from the change of environment, from testing to operation, testing environment factors comprising the aging factor and the coverage factor are developed in this paper and used to predict the ultimate operational reliability with the failure data in testing phase. It is by incorporating test environments applied beyond the operational profile into testing environment factors. The application results show that the proposed method can estimate the operational reliability accurately.

• Nuclear Engineering and Technology
• /
• v.40 no.5
• /
• pp.397-408
• /
• 2008

This paper describes the application of a software fault tree analysis (FTA) as one of the analysis techniques for a software safety analysis (SSA) at the design phase and its analysis results for the safety-critical software of a digital reactor protection system, which is called the KNICS RPS, being developed in the KNICS (Korea Nuclear Instrumentation & Control Systems) project. The software modules in the design description were represented by function blocks (FBs), and the software FTA was performed based on the well-defined fault tree templates for the FBs. The SSA, which is part of the verification and validation (V&V) activities, was activated at each phase of the software lifecycle for the KNICS RPS. At the design phase, the software HAZOP (Hazard and Operability) and the software FTA were employed in the SSA in such a way that the software HAZOP was performed first and then the software FTA was applied. The software FTA was applied to some critical modules selected from the software HAZOP analysis.

• Journal of Aerospace System Engineering
• /
• v.13 no.1
• /
• pp.62-68
• /
• 2019

The software installed on an aircraft is directly related to its safety. Therefore, it shall comply with the standards of the airworthiness certification to ensure safety of flight. Airborne software should be developed in accordance with the DO-178 (Software Consideration in Airborne Systems and Equipment Certification) to comply with the airworthiness certification criterion. However, the military airborne software has been developed in accordance with the DAPA weapons system software development and management manual. In this paper, we completed a questionnaire survey of software experts. We also suggest a military airborne software development/certification process based on DO-178.

• Journal of the Korean Society of Systems Engineering
• /
• v.14 no.2
• /
• pp.49-57
• /
• 2018

The main objective of this paper is come up with methodology approach for FPGA-based system in verification and validation lifecycle regarding software reliability using system engineering approach. The steps of both reverse engineering and re-engineering are carried out to implement an FPGA-based of safety critical system in Nuclear Power Plant. The reverse engineering methodology is applied to elicit the requirements of the system as well as gain understanding of the current life cycle and V&V activities of FPGA based-system. The re-engineering method is carried out to get a new methodology approach of software reliability, particularly Software Reliability Growth Model. For measure the software reliability of a given FPGA-based system, the following steps are executed as; requirements definition and measurement, evaluation of candidate reliability model, and the validation of the selected system. As conclusion, a new methodology approach for software reliability measurement using software reliability growth model is developed.

• Proceedings of the Korean Nuclear Society Conference
• /
• 2004.05a
• /
• pp.228-228
• /
• 2004

• Nuclear Engineering and Technology
• /
• v.41 no.6
• /
• pp.849-858
• /
• 2009

Risk caused by safety-critical instrumentation and control (I&C) systems considerably affects overall plant risk. As digitalization of safety-critical systems in nuclear power plants progresses, a risk model of a digitalized safety system is required and must be included in a plant safety model in order to assess this risk effect on the plant. Unique features of a digital system cause some challenges in risk modeling. This article aims at providing an overview of the issues related to the development of a static fault-tree-based risk model. We categorize the complicated issues of digital system probabilistic risk assessment (PRA) into four groups based on their characteristics: hardware module issues, software issues, system issues, and safety function issues. Quantification of the effect of these issues dominates the quality of a developed risk model. Recent research activities for addressing various issues, such as the modeling framework of a software-based system, the software failure probability and the fault coverage of a self monitoring mechanism, are discussed. Although these issues are interrelated and affect each other, the categorized and systematic approach suggested here will provide a proper insight for analyzing risk from a digital system.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.16 no.6
• /
• pp.267-276
• /
• 2021

The automotive industry and academic research have been continuously conducting research on standardization such as AUTOSAR (AUTomotive Open System ARchitecture) and ISO26262 to solve problems such as safety and efficiency caused by the complexity of electric/electronic architecture of automotive. AUTOSAR is an automotive standard software platform that has a layered structure independent of MCU (Micro Controller Unit) hardware, and improves product reliability through software modularity and reusability. And, ISO26262, an international standard for automotive functional safety and suggests a method to minimize errors in automotive ECU (Electronic Control Unit)s by defining the development process and results for the entire life cycle of automotive electrical/electronic systems. These design methods are variously applied in representative automotive safety-critical systems. However, since the functional and safety requirements are different according to the characteristics of the safety-critical system, it is essential to research the AUTOSAR functional safety design method specialized for each application domain. In this paper, a software functional safety mechanism design method using AUTOSAR is proposed, and a new failure management framework is proposed to ensure the high reliability of the product. The AUTOSAR functional safety mechanism consists of memory partitioning protection, timing monitoring protection, and end-to-end protection. The fault management framework is composed of several safety SWCs to maintain the minimum function and performance even if a fault occurs during the operation of a safety-critical system. Finally, the proposed method is applied to the Shift-by-Wire system design to prove the validity of the proposed method.

• Proceedings of the Korean Nuclear Society Conference
• /
• 1997.05a
• /
• pp.233-238
• /
• 1997

본 논문에서는 Safety-critical 소프트웨어를 위한 V'||'&'||'V 지침서(guideline) 개발 방법론을 제시한다. 즉, 기존의 산업계 표준인 IEEE Std-1012, IEEE Std-1059에서 논의되고 있는 개념을 근간으로 "독립성(independence)", "소프트웨어 안전성 분석(software safety analysis)", "COTS 평가(evaluation) 기준", "다른 보증(assurance) 조직들간의 관련성(relationship)" 등의 필수 안전 항목들을 추가하여 원전 안전성 시스템(NPP safety system)을 위한 V'||'&'||'V 지침서 개발 방법론을 제시하였다 제시된 방법론에는 V'||'&'||'V 지침서의 범위(scope), 승인기준(acceptance criteria) 부분인 지침서 프레임(guideline framework), V'||'&'||'V activities 및 methods 부분인 타스크(task) entrance 및 exit 기준(criteria), 리뷰 및 감사(review and audit), 테스팅 그리고 V'||'&'||'V material의 QA 레코드(records) 및 형상관리, 소프트웨어 검증 및 확인 계획서(Software Verification and Validation Plan : SVVP) 생성 등의 내용을 기술하고, Safety-critical 소프트웨어 V'||'&'||'V 방법론도 함께 제시하였다.

• Proceedings of the KSR Conference
• /
• 2008.06a
• /
• pp.378-383
• /
• 2008

One of the main concerns of railway system is to secure safety. Nowadays digital technology has been rapidly applied to safety critical system. The digital system performs more varying and highly complex functions efficiently compared to the existing analog system because software can be flexibly designed and implemented. The flexible design makes it difficult to predict the software failures. For this reason, the safety criteria are suggested to secure the software safety for the field of railway system. Following them, the railway software have to be examined whether it is properly developed according to the safety criteria and certification process. Because the articles suggested in safety criteria are written in legal term, it is difficult to apply the criteria to develop railway software. This paper suggests and discusses a development and assessment procedure to solve these issues for railway software with more detail description.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.6
• /
• pp.435-439
• /
• 2009

Software used in safety-critical system must have high dependability. Software testing and V&V (Verification and Validation) activities are very important for assuring high software quality. If we can predict the risky modules of safety-critical software, we can focus testing activities and regulation activities more efficiently such as resource distribution. In this paper, we classified the estimated risk class which can be used for deep testing and V&V. We predicted the risk class for each module using support vector machines. We can consider that the modules classified to risk class 5 and 4 are more risky than others relatively. For all classification error rates, we expect that the results can be useful and practical for software testing, V&V, and activities for regulatory reviews.