Fig 5 - uploaded by Tim Gonschorek
Content may be subject to copyright.
Source publication
When dealing with structural safety analysis, one of the most
popular methodologies is Fault Tree Analysis (FTA). However, one major
critique is the rapid increase of the complexity, and therefore incomprehensibility,
when dealing with realistic systems. One approach to
overcome this are Component Fault Trees (CFT), presenting an extension
to stand...
Context in source publication
Context 1
... own model was very well-suited to represent modifications or to compare the own model with the one received by the other group. sis H2, we analyzed the questions presented in figure 5. We have separated them into two different parts: an internal and an external view and therefore compared them depending on the correlations of the exchanged model. ...
Similar publications
Dans le cadre du projet Maccoy Critical, nous souhaitons former les apprenants à la gestion des situations critiques telles que les dilemmes. Un dilemme correspond à une situation où il n’existe pas de bonne solution, c’est-à-dire à une situation qui mène à des conséquences négatives dans tous les cas. Notre objectif est d’utiliser des modèles de c...
Citations
... The use of models did not result in a number of correct or incorrect solutions that was significantly different, but the subjects considered that the modelling capacities were better in terms of clarity, consistency, and maintainability. Gonschorek et al. [26] have also concluded that Component Fault Trees can be more comprehensible than Fault Trees. When comparing state event fault tree analysis vs. dynamic fault tree analysis and fault tree analysis combined with Markov chains analysis [27], the first was rated as more applicable and the second as more efficient. ...
Context: Critical systems in application domains such as automotive, railway, aerospace, and healthcare are required to comply with safety standards. The understanding of the safety compliance needs specified in these standards can be difficult from their text. A possible solution is to use models.
Objective: We aim to evaluate the use of models to understand safety compliance needs.
Method: We have studied the effectiveness, efficiency, and perceived benefits in understanding these needs, with models and with the text of safety standards, by means of an experiment. The standards considered are DO-178C and EN 50128. We use SPEM-like diagrams to graphically represent the models.
Results: The mean effectiveness of 20 undergraduate students in understanding the needs and the mean efficiency were higher with models (22% and 38%, respectively), and the difference is statistically significant (p-value ≤ 0.02). Most of the students agreed upon the ease of understanding the structure of safety compliance needs with models when compared to the text, but on average, the students were undecided about whether the models are easy to understand or easier to understand than the text.
Conclusions: The results allow us to claim that the use of models can improve the understanding of safety compliance needs. Nonetheless, there seems to be room for improvement in relation to the perceived benefits. It must be noted that our conclusions may differ if the subjects were experienced practitioners.
Interconnected infrastructures are complex due to their temporal evolution, component dependencies and dynamic interdependencies, coupled with the presence of adversaries. Much research has focused on safety and security risk assessments of isolated infrastructures. However, extending these techniques to interconnected infrastructures is infeasible due to their complex interdependencies and the lack of generic modeling tools.
This chapter presents a framework for modeling and analyzing interconnected infrastructures. The framework has a two layers. One is the higher modeling layer that expresses the functional dependencies of infrastructures, where each infrastructure is refined to capture component-level disruptions and is represented using a novel combination of dynamic reliability block diagrams and attack-fault trees. The other is the lower analysis layer based on stochastic timed automata that serves as a semantic framework for the higher layer. While the higher layer graphically represents complex dependencies and interdependencies, and temporal and cascading disruption scenarios, the lower analysis layer provides a rigorous foundation for investigating the relationships using formal verification, in particular, statistical model checking. The lower layer also provides a flexible means for incorporating quantitative system attributes such as probability, time and cost. The efficacy of the framework is demonstrated using a real disruption scenario involving interconnected electric power and industrial communications networks, where an analyst can identify weak links, evaluate alternative protection measures and make transparent decisions about risk management investments
