On Qualitative Analysis of Fault Trees Using Structurally Persistent - PowerPoint PPT Presentation

On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets Ricardo J. Rodr´ ıguez rj.rodriguez@unileon.es Research Institute of Applied Sciences in Cybersecurity University of Le´ on, Spain June 10, 2015 XXIII Jornadas de Concurrencia y Sistemas Distribuidos M´ alaga (Spain) To appear in IEEE Trans. on Systems, Man, and Cybernetics: Systems doi: 10.1109/TSMC.2015.2437360

Agenda Introduction 1 Definitions 2 Model Transformation 3 Fault Tree Analysis using P-Semiflows 4 Case Study: A Pressure Tank System 5 Related Work 6 Conclusions and Future Work 7 R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 2 / 29

Agenda Introduction 1 Definitions 2 Model Transformation 3 Fault Tree Analysis using P-Semiflows 4 Case Study: A Pressure Tank System 5 Related Work 6 Conclusions and Future Work 7 R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 3 / 29

Introduction (I) Definition of Fault Tree Fault Tree Event-driven failure logic Top Event: undesired state (@ the root) Gates: describe logic that relates events Event: different kind (next slide) R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 4 / 29

Introduction (I) Definition of Fault Tree Fault Tree Event-driven failure logic Top Event: undesired state (@ the root) Gates: describe logic that relates events Event: different kind (next slide) Coherent Fault Tree: logic restricted to AND/OR formulae R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 4 / 29

Introduction (II) A bit more of Fault Trees. . . AND gate OR gate TRANSFER IN TRANSFER OUT BASIC CONDITIONING EXTERNAL UNDEVELOPED INTERMEDIATE event event event event event Graphical symbols AND / OR gates Event type: Basic: component/human fault; failure & repair data available Conditioning: gate triggered by an event External (or house): normally expected to occur Undeveloped: no further developed (e.g., no consequence, lack of data) Intermediate: middle/top event, generated by combination of others Transfer: to divide large FTs into smaller ones, or reduce duplication R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 5 / 29

Introduction (III) Fault Tree Analysis Find event combinations out that leads to an undesired state Top-down deductive analysis technique, from the early 60s Used in safety and reliability engineering R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 6 / 29

Introduction (III) Fault Tree Analysis Find event combinations out that leads to an undesired state Top-down deductive analysis technique, from the early 60s Used in safety and reliability engineering (Minimal) Cut Sets Set of basic events whose occurrence causes a system to fail Minimal Cut Set : it cannot be further reduced, and still leads to an undesired state R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 6 / 29

Introduction (III) Fault Tree Analysis Find event combinations out that leads to an undesired state Top-down deductive analysis technique, from the early 60s Used in safety and reliability engineering (Minimal) Cut Sets Set of basic events whose occurrence causes a system to fail Minimal Cut Set : it cannot be further reduced, and still leads to an undesired state (Minimal) Path Sets Set of basic events whose nonoccurrence assures the nonoccurrence of TE Minimal Path Set : it cannot be further reduced, and still leads to an undesired state MPS are a dual set of MCS R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 6 / 29

Introduction (IV) Recall the example. . . Six path sets: PS 1 = { E 1 , E 2 , E 3 , E 4 , E 5 } PS 2 = { E 1 , E 2 , E 3 , E 5 , E 6 } PS 3 = { E 1 , E 2 , E 3 , E 5 , E 7 } PS 4 = { E 1 , E 2 , E 3 , E 4 , E 5 , E 6 } PS 5 = { E 1 , E 2 , E 3 , E 6 } PS 6 = { E 1 , E 2 , E 3 , E 6 , E 7 } R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 7 / 29

Introduction (IV) Recall the example. . . Six path sets: PS 1 = { E 1 , E 2 , E 3 , E 4 , E 5 } PS 2 = { E 1 , E 2 , E 3 , E 5 , E 6 } PS 3 = { E 1 , E 2 , E 3 , E 5 , E 7 } PS 4 = { E 1 , E 2 , E 3 , E 4 , E 5 , E 6 } PS 5 = { E 1 , E 2 , E 3 , E 6 } PS 6 = { E 1 , E 2 , E 3 , E 6 , E 7 } Not minimal! PS 2 ⊃ PS 5 , PS 4 ⊃ PS 5 (or PS 4 ⊃ PS 1 ) , PS 6 ⊃ PS 5 R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 7 / 29

Introduction (IV) Recall the example. . . Six path sets: PS 1 = { E 1 , E 2 , E 3 , E 4 , E 5 } PS 2 = { E 1 , E 2 , E 3 , E 5 , E 6 } PS 3 = { E 1 , E 2 , E 3 , E 5 , E 7 } PS 4 = { E 1 , E 2 , E 3 , E 4 , E 5 , E 6 } PS 5 = { E 1 , E 2 , E 3 , E 6 } PS 6 = { E 1 , E 2 , E 3 , E 6 , E 7 } Not minimal! PS 2 ⊃ PS 5 , PS 4 ⊃ PS 5 (or PS 4 ⊃ PS 1 ) , PS 6 ⊃ PS 5 MPS: PS 1 , PS 3 , and PS 5 R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 7 / 29

Introduction (IV) Recall the example. . . Six path sets: PS 1 = { E 1 , E 2 , E 3 , E 4 , E 5 } PS 2 = { E 1 , E 2 , E 3 , E 5 , E 6 } PS 3 = { E 1 , E 2 , E 3 , E 5 , E 7 } PS 4 = { E 1 , E 2 , E 3 , E 4 , E 5 , E 6 } PS 5 = { E 1 , E 2 , E 3 , E 6 } PS 6 = { E 1 , E 2 , E 3 , E 6 , E 7 } Not minimal! PS 2 ⊃ PS 5 , PS 4 ⊃ PS 5 (or PS 4 ⊃ PS 1 ) , PS 6 ⊃ PS 5 MPS: PS 1 , PS 3 , and PS 5 Five MCS: MCS 1 = { E 1 } , MCS 2 = { E 2 } MCS 3 = { E 3 } , MCS 4 = { E 5 , E 6 } MCS 5 = { E 4 , E 6 , E 7 } R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 7 / 29

Introduction (V) Fault Tree Assessment Qualitative analysis: extraction of MCS/MPS Enables to characterize a TE by a logic formula Quantitative analysis: for given data values, compute occurrence probability of the TE R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 8 / 29

Introduction (V) Fault Tree Assessment Qualitative analysis: extraction of MCS/MPS Enables to characterize a TE by a logic formula Quantitative analysis: for given data values, compute occurrence probability of the TE Contributions Computation of MCS/MPS of a FT is equal to compute minimal p-semiflows of a Petri net, obtained by model transformation Minimal p-semiflows are computable in polynomial time (for the subclass of PN obtained) R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 8 / 29

Agenda Introduction 1 Definitions 2 Model Transformation 3 Fault Tree Analysis using P-Semiflows 4 Case Study: A Pressure Tank System 5 Related Work 6 Conclusions and Future Work 7 R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 9 / 29

Definitions (I) Formally defining a coherent Fault Tree Coherent fault tree F = �E , G , G + , G ∗ , T � , where: E , |E| ≥ 1: set of basic, undeveloped, or external events ; G , |G| ≥ 1 , G ∩ E = ∅ : set of intermediate events ; G + : G × ( E ∪ G ) → { 0 , 1 } : OR relationship between events G ∗ : G × ( E ∪ G ) → { 0 , 1 } : AND relationship between events T = { g } , g ∈ G : top event R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 10 / 29

Definitions (I) Formally defining a coherent Fault Tree Coherent fault tree F = �E , G , G + , G ∗ , T � , where: E , |E| ≥ 1: set of basic, undeveloped, or external events ; G , |G| ≥ 1 , G ∩ E = ∅ : set of intermediate events ; G + : G × ( E ∪ G ) → { 0 , 1 } : OR relationship between events G ∗ : G × ( E ∪ G ) → { 0 , 1 } : AND relationship between events T = { g } , g ∈ G : top event Some notes. . . We denote G + , G ∗ , in matrix form, i.e., G + , G ∗ ∈ { 0 , 1 } |G|× ( |E| + |G| ) An event g ∈ G has only non-null components in either G + or G ∗ , and not both Self-feedback is not allowed in intermediate events R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 10 / 29

Definitions (II) On Petri nets Petri nets A Petri net (PN) is a 4–tuple N = � P , T , Pre , Post � , where: P and T are disjoint non-empty sets of places and transitions ; and Pre ( Post ) are the pre–(post–)incidence non-negative integer matrices of size | P | × | T | R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 11 / 29

Definitions (II) On Petri nets Petri nets A Petri net (PN) is a 4–tuple N = � P , T , Pre , Post � , where: P and T are disjoint non-empty sets of places and transitions ; and Pre ( Post ) are the pre–(post–)incidence non-negative integer matrices of size | P | × | T | A Petri net system S = �N , m 0 � is a Petri net N with an initial marking m 0 Reachability Set and Boundedness RS ( N , m 0 ): set of markings reachable from m 0 in N A place p ∈ P is k − bounded if ∀ m ∈ RS ( N , m 0 ) , m ( p ) ≤ k A net system S is k-bounded if each place is k -bounded A net system is bounded if ∃ some k for which it is k -bounded R. J. Rodr´ ıguez On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets JCSD 2015 11 / 29