180 likes | 363 Views
NASA OSMA SAS '03. Fault Tree Analysis Application for Safety and Reliability. Massood Towhidnejad Embry-Riddle University Dolores Wallace & Al Gallo NASA Goddard, SATC. Overview. FTA Background SFTA and the System Life Cycle SFTA Examples and Diagrams Modeling System Behavior
E N D
NASA OSMA SAS '03 Fault Tree Analysis Application for Safety and Reliability Massood Towhidnejad Embry-Riddle University Dolores Wallace & Al Gallo NASA Goddard, SATC
Overview • FTA Background • SFTA and the System Life Cycle • SFTA Examples and Diagrams • Modeling System Behavior • Advantages & Disadvantages of SFTA • Impact of Our Research • Summary
General Hazard Analysis technique started in the 1960s Attributes: Graphical Top Down Analytical Qualitative Quantitative Goal:To identify all conditions that put system in a Hazardous States FTA applied to software Little work has been done to date SFTA focuses on the code and requirements Generally applied to “small” projects (<2000 LOC) Observations: SFTA impractical at code level Should be applied to Systems at the early stages of life cycle Need to address the quantitative analysis Fault Tree Analysis
Requirements Phase Design Phase . . . Coding & Test Highlight requirements for Safety concerns & hazards Perform analysis on elements of the design (i.e., Activity, Sequence, and State diagram) Adjust design to eliminate /mitigate hazardous states . .. Increase reviews and walkthroughs effectiveness Applied only to critical code Adjust design to eliminate /mitigate hazardous states SFTA Applied to System Life Cycle
SFTA Road Map Use fault tree diagrams as a graphical communication vehicle for developers, testers, designers, managers and customers Requirements, Design, Code and Test Fault Tree Verify and Modify Verify/add missing Customer/Domain expert Software Engineer
User modifies profile Display security screen User enter securitydata Update priority: Update name: System validatePermission Update Address: Security access denied System validate entry System update profile Fault Tree Example(Activity Diagram) Yes Try > 3 Valid Access No No Reenter Yes Mod. Accept Yes Try <=3 No
Fault Tree Example(State Diagram) Source: Smart Draw
Reliability S/W H/W t = release 0 Modeling System Behavior • Hardware • Large sample size • Large collections of historic data • Classification of failure types • Degradation (increase failure rate) • Software • Limited sample size (usually one) • Limited availability of software failure data • Classification of cause more relevant • Improvement!!!! (decrease failure rate) • Probability values not available, though subject of research efforts Time
Advantages: Easy to learn Graphical Representation Communication vehicle with customer Partial automatic conversion possible (but not desirable) Disadvantages: Conversion is labor intensive Automatic conversion is not attractive Lack of software reliability data Timing and Loops need special attention No dedicated SFTA tool Assessing SFTA
Impact of Our Research • Technology Transfer, Infusion, Recognition & Commercialization • SATC collaborating with commercial vendor of commercial FTA tool • Enhancing product to accommodate software uniquenesses • Planning to build in paradigm features • GSFC Center Director and SMA Director tracking through center’s Tech Transfer Office • SFTA activity and a safety-related tool • Assisting in the collaboration / licensing
Summary • Applied Fault Tree (FT) to Object Oriented design • In addition to fault detection, FT can serve as a communication medium with customer • Lack of reliability data reduces the quantitative analysis of the FT • Seeking alternative sources of data for quantitative analysis • Collaborating with a FT tool vendor to develop software fault tree tool