Kaiser,B, P Liggesmeyer, O Mäckel (2003). A new component concept for fault trees.
Proceedings of the 8th Australian Workshop on Safety Critical Systems and Software
(SCS'03), Canberra Conferences in Research and Practice in Information Technology, Vol 33.
Abstract:The decomposition of complex systems into manageable parts
is an essential principle when dealing with complex technical systems. However, many safety and reliability
modelling techniques do not support hierarchical decomposition in the desired way. Fault tree analysis (FTA)
offers decomposition into modules, a breakdown with regard to the hierarchy of failure influences rather than
to the system architecture. In this paper we propose a compositional extension of the FTA technique. Each technical
component is represented by an extended fault tree. Besides the internal basic events and gates, each component
can have input and output ports. By connecting these ports, components can be integrated into a higher-level system
model. All components can be developed independently and stored in separate files or component libraries.
Mathematically, each component fault tree (CFT) represents a logical function from its input ports and internal events
to its output ports. As in traditional FTA, both qualitative and quantitative analyses are possible. Known algorithms
e.g. based on binary decision diagrams (BDDs) can still be applied. The Windows-based safety analysis tool UWG3 was
developed to prove this concept in practice. It allows creating component libraries in an exchangeable XML format.
We have carried out some case studies in order to show that the new concept improves clearness and intuitive modelling
while obtaining the same results as traditional FTA.
Keywords: Fault trees, Safety, Reliability
Kaiser, Bernhard (2002). Integration von Sicherheits- und Zuverlässigkeitsmodellen in den Entwicklungsprozess eingebetteter Systeme.
Softwaretechnik-Trends 22(4), Gesellschaft für Informatik (Hg.) 2002.
Zusammenfassung: Zur Unterstützung von Analyse und Entwurf
eingebetteter Systeme wurde eine Vielzahl formalisierter Modelle vorgeschlagen. Davon weitgehend isoliert stehen Modelle
und Verfahren, die zur kausalen und quantitativen Analyse der Zuverlässigkeit und Sicherheit eingesetzt werden [FMcD].
In diesem Artikel wird ein Rahmenwerk zur Integration verschiedener Modelle der Sicherheits- und Zuverlässigkeitsanalyse
sowohl untereinander als auch mit Entwicklungs- Modellen vorgestellt. Quantitative Analysen erfolgen weiterhin mit den
Verfahren der Teilmodelle, das Werkzeug des Rahmenwerks steuert den Gesamtablauf. Da das Rahmenwerk sich nicht nur für
zwei oder drei spezifische Techniken eignen soll, muss es in der Lage sein, alle relevanten Aussageformen in einer
Rahmensprache beschreiben zu können und so zwischen den Modellen zu übersetzen. In der Praxis soll dafür eine XML-Sprache
und eine Hierarchie von XML-Schemata zum Einsatz kommen.
Keywords:Eingebettete Systeme, Betriebssicherheit,
Fehlerbaumanalyse, Zustandsautomaten, Modellbasierte Entwicklung, XML.
Kaiser, B (2003). A fault-tree semantics to model software-controlled systems.
Softwaretechnik-Trends 23(3), Gesellschaft für Informatik (Hg.) 2003.
Abstract :Fault tree analysis is a well-known technique to assess safety
and reliability of technical systems. However, being a combinatorial model, fault trees can only express which combinations of failures
contribute to a certain hazard or accident. There is no means to model sequences of actions and temporal orders of states and events.
Since today technical systems are often controlled by software that executes over time, the traditional fault tree model is no longer
sufficient. Moreover, integration of software modelling techniques with safety assessment techniques is hampered by the lack of semantically
equivalent entities in both domains. To overcome these drawbacks, we propose an extended fault tree semantics that distinguishes events that
happen at a point in time from states that last over a period of time. Typed fault tree gates are introduced and calculation rules for
quantitative analysis are given. We address the integration of this new concept into our safety and reliability analysis tools UWG3 and ESSaRel.
Keywords: Safety and reliability analysis, Fault tree analysis, Embedded Systems
Kaiser, B, C Gramlich, M Förster (2007). State/event fault trees - A safety analysis model for software-controlled systems.
Reliability Engineering and System Safety 92 (2007), 1521-1537 (DOI:
Abstract : Safety models for software-controlled systems should be intuitive, compositional
and have the expressive power to model both software and hardware behaviour. Moreover, they should provide quantitative results for failure or hazard
probabilities. Fault trees are an accepted and intuitive model for safety analysis, but they are incapable of expressing state dependencies or temporal
order of events. We propose to combine fault trees with an explicit State/Event semantics, using a graphical notation that is similar to Statecharts.
Our new model, named State/Event Fault Trees (SEFTs), subsumes both deterministic state machines suited to describe software behaviour, and Markov
chains that model probabilistic failures, while keeping the visualisation of causal chains known from fault trees. We allow exponentially distributed
probabilistic events, deterministic delays, and triggered events. The model provides a component concept, where components are connected by typed ports.
Quantitative evaluation is achieved by translating the component models to Deterministic and Stochastic Petri Nets (DSPNs) and using an existing tool
for analysis or simulation. This paper revisits the model elements and the analysis procedure and provides a small case study of a fire alarm system,
completed by an outlook on our tool project ESSaRel.
Keywords: Safety and reliability analysis, Fault tree analysis, SEFT, Embedded systems
Adler, R, M Förster, M Trapp (2007). Determining configuration probabilities of safety-critical adaptive systems.
Proceedings of the 21st International Conference on Advanced Information Networking and Applications,
AINA 2007, Vol 2, 548-555.
Abstract : This article presents a novel technique to calculate the probability that an adaptive
system assumes a configuration. An important application area of dynamic adaptation is the cost-efficient development of dependable embedded
systems. Dynamic adaptation exploits implicitly available redundancy, reducing the need for hardware redundancy, to make systems more available,
reliable, survivable and, ultimately, more safe. Knowledge of configuration probabilities of a system is an essential requirement for the optimization
of safety efforts in development. In perspective, it is also a prerequisite for dependability assessment. Our approach is based on a modeling language
for complex reconfiguration behavior. We transform the adaptation model into a probabilistic target model that combines a compositional fault tree
with Markov chains. This hybrid model can be evaluated efficiently using a modified BDD-based algorithm. The approach is currently being implemented in ESSaRel.
Keywords: Dependability, Adaptive systems, Fault tree analysis, Markov chains, Safety