Environmental Engineering Reference
In-Depth Information
INTRODUCTION
pilot, flight control systems), railway automat-
ics (signalling and blocking systems), service
oriented architecture (SOA)-based web-systems
(e-science) etc. (Pullum, 2001; Wood et al., 2009;
Gorbenko et al., 2009; Kharchenko et al., 2010;
Sommerville, 2011).
To guarantee required level of dependability, safety
and security of computer-based systems for criti-
cal (safety-critical, mission-critical and business-
critical) applications a diversity approach is used.
This approach implies development, choice and
implementation of a few diverse design options of
redundant channels for created system. Probability
of CCF of safety-critical systems may be essen-
tially decreased due to selection and deployment
of different diversity types on the assumption of
maximal independence of redundant channels
realizing software-hardware versions.
Risk of CCF is the main factor of reducing
redundant I&C systems dependability. Diversity
and defense-in-depth is the required principle of
development for NPP I&C systems important for
safety, first of all, reactor trip systems (Jonson,
2010).
Diversity is the general approach used for
decreasing CCF risks of I&C systems, because
differences in hardware and software components,
development and verification technologies, imple-
mented functions, etc. can mitigate the potential
for common faults (Jonson, 2010, NUREG/CR-
6303, 1994).
One of the key theoretical and practical prob-
lems is diversity estimation and optimization of
used version redundancy capacity. Diversity re-
lated decisions should be made at the first design
stages, because ones affect safety and cost of NPP
I&C system. There are risks of the inaccurate or
untrustworthy assessment of diversity and I&C
system safety as a whole.
If diversity indicator is overstated, it causes
increasing risks of CCF. If result of assessment is
understated, it increases costs unreasonably at the
production, implementation and operation stages.
This circumstance calls for that a lot of in-
ternational and national standards and guides
contain the requirements to use diversity in safety-
critical systems, first of all, in NPP I&Cs (RTS),
aerospace on-board equipment (automatic/robot
BACKGROUND
In a modern world, there are many various regu-
lations, which, in general case, cover the most
important areas widely used by the mankind. It
is possible to distinguish those related (in some
way) to safety important I&C systems, grouped
into several sets to cover general issues of critical
I&C systems at various lifecycle stages (including
their development, operation and maintenance),
security, as well as covering various technology-
related aspects.
Application of the modern information and
electronic technologies and component-based
approaches to development in critical areas, on
the one hand, improve reliability, availability,
maintainability and safety characteristics of digi-
tal I&Cs. On the other hand, these technologies
cause additional risks or so-called safety deficits.
Microprocessor (software)-based systems are
typical example in that sense. Advantages of this
technology are well-known, however a program
realization may increase CCF probability of
complex software-based I&Cs. Software faults
and design faults as a whole are the most prob-
able reason of CCFs. These faults are replicated
in redundant channels and cause a fatal failure of
computer-based systems. It allows to conclude that
“fault-tolerant” system with identical channels
may be “non-tolerant” or “not enough tolerant” to
design faults. For example, software design faults
caused more than 80% failures of computer-based
rocket-space systems, which were fatal in 1990
years (Kharchenko et al., 2003) and caused 13%
emergencies of space systems and 22% emergen-
cies of carrier rockets (Tarasyuk et al., 2011).
Search WWH ::
Custom Search