Environmental Engineering Reference
In-Depth Information
at the design stage and are not detected during
testing and verification.
In turn, software anomalies that can be the
cause of I&C system failure are classified into:
1. Technical diagnostics (monitoring and
determination of the cause of a failure or
breakdown), reconfiguration of the structure
and restoration of the computational process
or control process. This method is universal
and by appropriate loading of its constituents
can assure protection from a broad class of
failures. In the I&C system it should be used
for protection from hardware failures.
2. Software, functional or other kinds of di-
versity. The use of diversity is a systems
requirement, which is aimed at protection
from common cause failures and is related
to the use of different kinds of redundancy
in the process of creation (development and
verification) of software and in the final
product, i.e. the software itself. Software
diversity (usage different software versions)
is achieved by using different algorithms, lan-
guages, libraries, programming approaches,
operating systems and so forth. Functional
diversity is assured by using more than one
criterion for identification of each situation
that requires the initiation of control actions.
1. Defects that appear under certain conditions
of the system, its individual components and
sets of input signals.
2. Defects that appear during non-standard
functioning of hardware of the I&C system.
3. Defects caused by incorrect or incomplete
specifications of the software.
4. Defects introduced in development of the
software (at all stages of the lifecycle).
5. Defects related to the use of tools and that
depend on other software and interfaces be-
tween parts of the software or other systems.
The main kinds of influences, resistance to
which should be assured by software are the
following: unintentional or intentional errors of
personnel; unauthorized actions or unauthorized
access to programs, data, operating systems;
malicious software, including viruses, spyware
and trojans, which are sets of instructions that
execute actions not stipulated by the specifications
and that represent a threat to safety; distortions
of incoming information that arise from measure-
ment devices (sensors) and along communication
channels from other systems.
Thus, requirements for software related to reli-
ability and stability consist in that the software
must implement protection from all of the listed
kinds of failures and actions. In this case protection
should be assured from failures by general factors,
which are due to the appearance of intrinsic defects
of the software, by failures and breakdowns of
hardware devices of the I&C system.
Protection against failures:
The following
methods are used to protect from the listed kinds
of failures and influences on software.
It should be emphasized that for software of
safety control systems, which execute emergency
protection functions, the emergency situations
must be discovered by several methods based on
different physically interconnected production
parameters, while the analysis of data on the
values of these parameters should be performed
by different software modules.
For I&C software of safety class 2, in addi-
tion, when using software, functional or other
kinds of diversity, one must: evaluate the degree
of correlation of different versions (analyze the
actual level of diversity), their capability for
joint compensation of software defects; analyze
the substantiation and influence on safety for
additionally introduced components - different
Search WWH ::
Custom Search