• 정보처리학회논문지:소프트웨어 및 데이터공학
• /
• 제2권10호
• /
• pp.661-668
• /
• 2013

Safety Critical 시스템은 시스템의 기능적인 실패 또는 예기치 못한 상황의 발생으로 인해 인명피해, 재산피해, 환경 피해와 같은 치명적인 사고를 초래할 수 있는 시스템을 의미한다. 그러므로 Safety Critical 시스템의 안전을 보장하기 위해서는 시스템 설계 단계에서 시스템에 존재할 수 있는 위험성들이 충분히 고려되어야 하며, 사고가 발생했을 시 피해를 최소화시키기 위한 일련의 예방 동작들이 설계되어야 한다. 현재에는 Safety Critical 시스템의 설계 단계에서 위험성을 식별하고 분석하기 위한 많은 방법들이 연구되었으며, 이 중에는 예기치 못한 사건으로 인한 피해를 예방하는 동작들의 성공 여부를 분석하는 기법도 존재한다. 본 연구에서는 위의 예방 동작들의 성공 여부에 대한 분석뿐만 아니라 기존 연구들에서 언급하지 못한 예방 동작들 간의 충돌과 이로 인해 발생할 수 있는 피해를 분석하는 방법을 제시하고자 한다. 제안한 방법을 통해 Safety Critical 시스템의 안전성이 견고해지고 피해 예방을 위한 동작들의 올바른 설계에 도움이 될 수 있을 것이다.

• Nuclear Engineering and Technology
• /
• 제51권1호
• /
• pp.138-145
• /
• 2019

With the application of digital technology to safety-critical infrastructures, cyber-attacks have emerged as one of the new dangerous threats. In safety-critical infrastructures such as a nuclear power plant (NPP), a cyber-attack could have serious consequences by initiating dangerous events or rendering important safety systems unavailable. Since a cyber-attack is conducted intentionally, numerous possible cases should be considered for developing a cyber security system, such as the attack paths, methods, and potential target systems. Therefore, prior to developing a risk-informed cyber security strategy, the importance of cyber-attacks and significant critical digital assets (CDAs) should be analyzed. In this work, an importance analysis method for cyber-attacks on an NPP was proposed using the probabilistic safety assessment (PSA) method. To develop an importance analysis framework for cyber-attacks, possible cyber-attacks were identified with failure modes, and a PSA model for cyber-attacks was developed. For case studies, the quantitative evaluations of cyber-attack scenarios were performed using the proposed method. By using quantitative importance of cyber-attacks and identifying significant CDAs that must be defended against cyber-attacks, it is possible to develop an efficient and reliable defense strategy against cyber-attacks on NPPs.

• 대한전기학회:학술대회논문집
• /
• 대한전기학회 1999년도 하계학술대회 논문집 A
• /
• pp.471-473
• /
• 1999

Recently, the computer based control systems instead of conventional relays circuitry are widely used to industrial applications, and also those technology is available to railway signaling which are safety-critical systems. However, the safety and reliability of software for those systems are harder to demonstrate than in traditional relays circuitry because the faults or errors can not be analyzed and predicted to those systems. So, the safety problems are crucial more and more in computer based control system. In this paper, the GRAFCET(GRAphe Fonctionnel do Commande Etape/Transition) language is used as a analysis and verification tool for safety-critical interlocking logic. The general description for Grafcet notation are provided and the general modeling for interlocking logic is presented.

• Journal of Electrical Engineering and Technology
• /
• 제2권3호
• /
• pp.386-390
• /
• 2007

At recent times, an essential issue in the replacement of the old analogue I&C to computer-based digital systems in nuclear power plants becomes the quantitative software reliability assessment. Software reliability models have been successfully applied to many industrial applications, but have the unfortunate drawback of requiring data from which one can formulate a model. Software that is developed for safety critical applications is frequently unable to produce such data for at least two reasons. First, the software is frequently one-of-a-kind, and second, it rarely fails. Safety critical software is normally expected to pass every unit test producing precious little failure data. The basic premise of the rare events approach is that well-tested software does not fail under normal routine and input signals, which means that failures must be triggered by unusual input data and computer states. The failure data found under the reasonable testing cases and testing time for these conditions should be considered for the quantitative reliability assessment. We presented the quantitative reliability assessment methodology of safety critical software for rare failure cases in this paper.

• 품질경영학회지
• /
• 제41권4호
• /
• pp.725-735
• /
• 2013

Purpose: The purpose of this study is to propose an Integrated Safety Evaluation Process (ISEP) that can enhances the safety aspect of the safety-critical system. This process utilizes the advantages of the iterative Systems Engineering process combined with the safety assessment process that is commonly and well defined in many standards and/or guidelines for railway, aerospace, and other safety-critical systems. Methods: The proposed process model is based on the predefined system lifecycle, in each phase of which the appropriate safety assessment activities and the safety data are identified. The interfaces between Systems Engineering process and the safety assessment process are identified before the two processes are integrated. For the integration, the elements at lower level of Systems Engineering process are combined with the relevant elements of safety assessment process. This combined process model is represented as Enhanced Functional Flow Block Diagram (EFFBD) by using CORE(R) that is commercial modelling tool. Results: The proposed model is applied to the lifecycle and management process of the United States aircraft system. The US aircraft systems engineering process are composed of twelve key elements, among which the requirements management, functional analysis, and Synthesis processes are considered for examplenary application of the proposed process. To synchronize the Systems Engineering process and the safety assessment process, the Systems Engineering milestones are utilized, where the US aircraft system has thirteen milestones. Taking into account of the nine steps in the maturity level, the integrated process models are proposed in some phases of lifecycle. The flows of processes are simulated using CORE(R), confirming the flows are timelined without any conflict between the Systems Engineering process and the safety assessment process. Conclusion: ISEP allows the timeline analysis for identifying activity and data flows. Also, the use of CORE(R) is shown to be effective in the management and change of process data, which helps for the ISEP to apply for the development of safety critical system. In this study, only the first few phases of lifecyle are considered, however, the implementation through operation phases can be revised by combining the elements of safety activities regarding those phases.

• Nuclear Engineering and Technology
• /
• 제44권6호
• /
• pp.663-672
• /
• 2012

As software based digital I&C (Instrumentation and Control) systems are used more prevalently in nuclear plants, enhancement of software dependability has become an important issue in the area of nuclear I&C systems. Critical attributes of software dependability are safety and reliability. These attributes are tightly related to software failures caused by faults. Software testing and V&V (Verification and Validation) activities are hence important for enhancing software dependability. If the risky modules of safety-critical software can be predicted, it will be possible to focus on testing and V&V activities more efficiently and effectively. It should also make it possible to better allocate resources for regulation activities. We propose a prediction technique to estimate risky software modules by adopting machine learning models based on software complexity metrics. An empirical study with various machine learning algorithms was executed for comparing the prediction performance. Experimental results show SVMs (Support Vector Machines) perform as well or better than the other methods.

• International Journal of Safety
• /
• 제7권2호
• /
• pp.27-30
• /
• 2008

In the 21st century, safety issues in the strained silicon industry, such as dislocation injection, should be carefully considered. This is because a microelectronic device usually contains sharp features (e.g., edges and corners) that may intensify stresses, inject dislocations into silicon, and ultimately cause the failure of the device. In this paper, critical residual stresses in various strained structures are calculated. It is confirmed that this model correctly predicts trends and the order of magnitude of critical residual stresses.

• 전기전자학회논문지
• /
• 제16권2호
• /
• pp.145-152
• /
• 2012

This paper is the Software Hazard Analysis (SWHA) which will study the managerial process and the technical methode and techniques inherent in the performance of software safety task within the Military Aircraft System Safety program. This SWHA identifies potential hazardous effects on the software intensive systems and provides a comprehensive and qualitative assessment of the software safety. The purpose of this paper is to identify safety critical functions of software in Military A/C. The identified software hazards associated with the design or function will be evaluated for risks and operational constraint to further improve the software design requirement, analysis and testing efforts for safety critical software. This common SWHA, the first time analysis in KOREA, was review all avionics OFP(Operational Flight Program), and focus only on software segments which are safety critical. This paper provides a important understanding between the customer and developer as to how the software safety for the Military A/C will be accomplished. It will also provide the current best solution which may as one consider the necessary step in establishing a credible and cost-effective software safety program.

• Journal of Information Processing Systems
• /
• 제8권2호
• /
• pp.213-240
• /
• 2012

Safety critical systems, real time systems, and event-based systems have a complex set of events and their own interdependency, which makes them difficult to test ma Safety critic Safety critical systems, real time systems, and event-based systems have a complex set of events and their own interdependency, which makes them difficult to test manually. In order to cut down on costs, save time, and increase reliability, the model based testing approach is the best solution. Such an approach does not require applications or codes prior to generating test cases, so it leads to the early detection of faults, which helps in reducing the development time. Several model-based testing approaches have used different UML models but very few works have been reported to show the generation of test cases that use events. Test cases that use events are an apt choice for these types of systems. However, these works have considered events that happen at a user interface level in a system while other events that happen in a system are not considered. Such works have limited applications in testing the GUI of a system. In this paper, a novel model-based testing approach is presented using business events, state events, and control events that have been captured directly from requirement specifications. The proposed approach documents events in event templates and then builds an event-flow model and a fault model for a system. Test coverage criterion and an algorithm are designed using these models to generate event sequence based test scenarios and test cases. Unlike other event based approaches, our approach is able to detect the proposed faults in a system. A prototype tool is developed to automate and evaluate the applicability of the entire process. Results have shown that the proposed approach and supportive tool is able to successfully derive test scenarios and test cases from the requirement specifications of safety critical systems, real time systems, and event based systems.

• 제어로봇시스템학회논문지
• /
• 제15권3호
• /
• pp.337-345
• /
• 2009

The dependence of numerous systems on electronic devices is causing rapidly increasing concern over fault tolerance because of safety issues of safety critical system. As an example, a vehicle with electronics-controlled system such as x-by-wire systems, which are replacing rigid mechanical components with dynamically configurable electronic elements, should be fault￢tolerant because a devastating failure could arise without warning. Fault-tolerant systems have been studied in detail, mainly in the field of aeronautics. As an alternative to solve these problems, this paper presents the fuzzy hybrid redundancy system that can remove most erroneous faults with fuzzy fault detection algorithm. In addition, several numerical simulation results are given where the fuzzy hybrid redundancy outperforms with general voting method.