A new modeling approach to the safety evaluation of N-modular redundant computer systems in presence of imperfect maintenance

TL;DR

This paper introduces a novel modeling approach combining Bayesian Networks and Continuous Time Markov Chains to evaluate the safety of N-modular redundant systems considering imperfect maintenance effects.

Contribution

It presents a compositional multiformalism modeling framework that integrates failure and maintenance models for safety assessment of redundant systems.

Findings

Effective modeling of imperfect maintenance impacts

Enhanced model reuse and tool interchangeability

Improved safety evaluation accuracy for redundant systems

Abstract

A large number of safety-critical control systems are based on N-modular redundant architectures, using majority voters on the outputs of independent computation units. In order to assess the compliance of these architectures with international safety standards, the frequency of hazardous failures must be analyzed by developing and solving proper formal models. Furthermore, the impact of maintenance faults has to be considered, since imperfect maintenance may degrade the safety integrity level of the system. In this paper we present both a failure model for voting architectures based on Bayesian Networks and a maintenance model based on Continuous Time Markov Chains, and we propose to combine them according to a compositional multiformalism modeling approach in order to analyze the impact of imperfect maintenance on the system safety. We also show how the proposed approach promotes the reuse and the interchange of models as well the interchange of solving tools.