The quantitative safety assessment for safety-critical computer systems.

摘要

The current methodologies for the quantitative safety assessment for safety-critical computer systems have various limitations. For example, the Markov chain modeling technique is limited to model small size systems because of the well-known Markov chain state explosion problem. Also, some unrealistic assumptions are often tied to the safety assessment for safety-critical computer systems. For example, the assumption made for the Therac-25 assessment was the system had a perfect software design. The purpose of this dissertation is to develop and demonstrate improvements for the quantitative safety assessment for safety-critical computer systems by applying more realistic modeling assumptions and by developing new modeling techniques.; Two design fault parameters, the design fault failure rate and the design fault coverage, are now joining the physical fault parameters, the physical fault failure rate and the physical fault coverage, to be used to estimate safety and MTTUF. Design faults are included to avoid the over-optimistic estimations of safety and MTTUF. The techniques used to estimate the four input parameters are reviewed. Due to the statistically non-increasing property of the design fault failure rate, a piecewise solution is applied to a non-homogenous Markov chain model to quantitatively assess safety and MTTUF using a three-state homogenous Markov model.; For systems where a failure causes the system to cease operation, combinatorial modeling techniques provide pessimistic safety estimations. Markov chain models are more comprehensive and flexible in dependency modeling. However, because Markov chain models experience the state explosion problem as the number of components becomes large, we develop and present the Markov Chain Modular (MCM) approach as a way to represent and solve large-scale models. An alternative modular approach, the TDD modular approach, is developed and presented as a means to estimate the upper bound and the lower bound of safety with modeling assumptions.; An application of the techniques presented in this dissertation is given in the case study of the quantitative safety assessment for the Digital Feed-Water Control System (DFWCS). Safety sensitivity analysis is conducted on the system to identify possible ways to improve the safety of the DFWCS system.