Diversity requirements for safety critical software-based automation systems

Jukka Korhonen, Urho Pulkkinen, Pentti Haapanen

Research output: Book/ReportReportProfessional

Abstract

System vendors nowadays propose software-based systems even for the most critical safety functions in nuclear power plants. Due to the nature and mechanisms of influence of software faults new methods are needed for the safety and reliability evaluation of these systems. In the research project "Programmable atuomation systems in nuclear power plants (OHA)", financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. A well known fact is that it in practice is almost impossible to produce totally fault-free software. Software faults are design faults introduced in the systems during the design and implementation process. Redundant channels containg identical software (with its faults) may therefore fail simultaneously i.e. the softwre faults can be a source of Common Cause Failures (CCF's). In safety critcal applications some kind of diversity is usually required to protect the systems safety functions against Common Cause protect the systems safety functions against Common Cause Failures. The diversity can be realized at harware, software of functional level or as a Common Cause Failures. The diversity can be realized at hardware, software or functional level or as a combination of these. For licensing purposes it is important to understand the influence of different approaches on the system reliability and safety and to adjust the diversity requirements to a proper level. This report firstly discusses the (common cause) failure mechanisms in software-based systems, then defines fault-tolerant system architectures to avoid common cause failures, then studies the various alternatives to apply diversity and their influence on system reliability. Finally, a method for the assessment of diversity is described. Other recently published reports in OHA-report series handle the statistical reliability assessment of software based (STUK-YTO-TR 119), usage models in reliability assessment of software-based systems (STUK-YTO-TR 128) and handling of programmable automation in plant PSA-studies (STUK-YTO TR 129).
Original languageEnglish
Place of PublicationHelsinki
PublisherRadiation and Nuclear Safety Authority STUK
Number of pages48
ISBN (Print)951-712-246-2
Publication statusPublished - 1998
MoE publication typeNot Eligible

Publication series

NameSTUK-YTO-TR
PublisherRadiation and Nuclear Safety Authority STUK
No.142
ISSN (Print)0785-9325

Fingerprint

Automation
Security systems
Nuclear power plants
Hardware
Radiation
Industry

Keywords

  • safety
  • safety analysis
  • reliability analysis
  • diversity
  • automation
  • programmable systems
  • reactor protection systems
  • nuclear reactor safety

Cite this

Korhonen, J., Pulkkinen, U., & Haapanen, P. (1998). Diversity requirements for safety critical software-based automation systems. Helsinki: Radiation and Nuclear Safety Authority STUK. STUK-YTO-TR, No. 142
Korhonen, Jukka ; Pulkkinen, Urho ; Haapanen, Pentti. / Diversity requirements for safety critical software-based automation systems. Helsinki : Radiation and Nuclear Safety Authority STUK, 1998. 48 p. (STUK-YTO-TR; No. 142).
@book{742268efcef74fdc84d6a1c0bdbd53bb,
title = "Diversity requirements for safety critical software-based automation systems",
abstract = "System vendors nowadays propose software-based systems even for the most critical safety functions in nuclear power plants. Due to the nature and mechanisms of influence of software faults new methods are needed for the safety and reliability evaluation of these systems. In the research project {"}Programmable atuomation systems in nuclear power plants (OHA){"}, financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. A well known fact is that it in practice is almost impossible to produce totally fault-free software. Software faults are design faults introduced in the systems during the design and implementation process. Redundant channels containg identical software (with its faults) may therefore fail simultaneously i.e. the softwre faults can be a source of Common Cause Failures (CCF's). In safety critcal applications some kind of diversity is usually required to protect the systems safety functions against Common Cause protect the systems safety functions against Common Cause Failures. The diversity can be realized at harware, software of functional level or as a Common Cause Failures. The diversity can be realized at hardware, software or functional level or as a combination of these. For licensing purposes it is important to understand the influence of different approaches on the system reliability and safety and to adjust the diversity requirements to a proper level. This report firstly discusses the (common cause) failure mechanisms in software-based systems, then defines fault-tolerant system architectures to avoid common cause failures, then studies the various alternatives to apply diversity and their influence on system reliability. Finally, a method for the assessment of diversity is described. Other recently published reports in OHA-report series handle the statistical reliability assessment of software based (STUK-YTO-TR 119), usage models in reliability assessment of software-based systems (STUK-YTO-TR 128) and handling of programmable automation in plant PSA-studies (STUK-YTO TR 129).",
keywords = "safety, safety analysis, reliability analysis, diversity, automation, programmable systems, reactor protection systems, nuclear reactor safety",
author = "Jukka Korhonen and Urho Pulkkinen and Pentti Haapanen",
year = "1998",
language = "English",
isbn = "951-712-246-2",
series = "STUK-YTO-TR",
publisher = "Radiation and Nuclear Safety Authority STUK",
number = "142",
address = "Finland",

}

Korhonen, J, Pulkkinen, U & Haapanen, P 1998, Diversity requirements for safety critical software-based automation systems. STUK-YTO-TR, no. 142, Radiation and Nuclear Safety Authority STUK, Helsinki.

Diversity requirements for safety critical software-based automation systems. / Korhonen, Jukka; Pulkkinen, Urho; Haapanen, Pentti.

Helsinki : Radiation and Nuclear Safety Authority STUK, 1998. 48 p. (STUK-YTO-TR; No. 142).

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - Diversity requirements for safety critical software-based automation systems

AU - Korhonen, Jukka

AU - Pulkkinen, Urho

AU - Haapanen, Pentti

PY - 1998

Y1 - 1998

N2 - System vendors nowadays propose software-based systems even for the most critical safety functions in nuclear power plants. Due to the nature and mechanisms of influence of software faults new methods are needed for the safety and reliability evaluation of these systems. In the research project "Programmable atuomation systems in nuclear power plants (OHA)", financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. A well known fact is that it in practice is almost impossible to produce totally fault-free software. Software faults are design faults introduced in the systems during the design and implementation process. Redundant channels containg identical software (with its faults) may therefore fail simultaneously i.e. the softwre faults can be a source of Common Cause Failures (CCF's). In safety critcal applications some kind of diversity is usually required to protect the systems safety functions against Common Cause protect the systems safety functions against Common Cause Failures. The diversity can be realized at harware, software of functional level or as a Common Cause Failures. The diversity can be realized at hardware, software or functional level or as a combination of these. For licensing purposes it is important to understand the influence of different approaches on the system reliability and safety and to adjust the diversity requirements to a proper level. This report firstly discusses the (common cause) failure mechanisms in software-based systems, then defines fault-tolerant system architectures to avoid common cause failures, then studies the various alternatives to apply diversity and their influence on system reliability. Finally, a method for the assessment of diversity is described. Other recently published reports in OHA-report series handle the statistical reliability assessment of software based (STUK-YTO-TR 119), usage models in reliability assessment of software-based systems (STUK-YTO-TR 128) and handling of programmable automation in plant PSA-studies (STUK-YTO TR 129).

AB - System vendors nowadays propose software-based systems even for the most critical safety functions in nuclear power plants. Due to the nature and mechanisms of influence of software faults new methods are needed for the safety and reliability evaluation of these systems. In the research project "Programmable atuomation systems in nuclear power plants (OHA)", financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. A well known fact is that it in practice is almost impossible to produce totally fault-free software. Software faults are design faults introduced in the systems during the design and implementation process. Redundant channels containg identical software (with its faults) may therefore fail simultaneously i.e. the softwre faults can be a source of Common Cause Failures (CCF's). In safety critcal applications some kind of diversity is usually required to protect the systems safety functions against Common Cause protect the systems safety functions against Common Cause Failures. The diversity can be realized at harware, software of functional level or as a Common Cause Failures. The diversity can be realized at hardware, software or functional level or as a combination of these. For licensing purposes it is important to understand the influence of different approaches on the system reliability and safety and to adjust the diversity requirements to a proper level. This report firstly discusses the (common cause) failure mechanisms in software-based systems, then defines fault-tolerant system architectures to avoid common cause failures, then studies the various alternatives to apply diversity and their influence on system reliability. Finally, a method for the assessment of diversity is described. Other recently published reports in OHA-report series handle the statistical reliability assessment of software based (STUK-YTO-TR 119), usage models in reliability assessment of software-based systems (STUK-YTO-TR 128) and handling of programmable automation in plant PSA-studies (STUK-YTO TR 129).

KW - safety

KW - safety analysis

KW - reliability analysis

KW - diversity

KW - automation

KW - programmable systems

KW - reactor protection systems

KW - nuclear reactor safety

M3 - Report

SN - 951-712-246-2

T3 - STUK-YTO-TR

BT - Diversity requirements for safety critical software-based automation systems

PB - Radiation and Nuclear Safety Authority STUK

CY - Helsinki

ER -

Korhonen J, Pulkkinen U, Haapanen P. Diversity requirements for safety critical software-based automation systems. Helsinki: Radiation and Nuclear Safety Authority STUK, 1998. 48 p. (STUK-YTO-TR; No. 142).