Model checking as a protective method against spurious actuation of industrial control systems

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    9 Citations (Scopus)
    82 Downloads (Pure)

    Abstract

    A spurious actuation of an industrial Instrumentation and Control (I&C) system is a failure mode where a system component inadvertently performs a function without a justified reason to do so. Design issues leading to such failures are very difficult to analyze, but pose a high risk for safety. Model checking is a formal verification method, that can enable—through exhaustive analysis against stated properties - 100% coverage against spurious actuation scenarios, as well. In this paper, we introduce a modeling approach for the verification of I&C system application logic design. We then discuss the verification of properties related to spurious actuation, in particular. Finally, we present data collected from customer projects VTT has carried out in the Finnish nuclear industry. About 37% of the design issues we have identified are related to spurious actuation, proving that model checking can effectively be used as a protective method against such scenarios.

    Original languageEnglish
    Title of host publicationSafety and Reliability
    Subtitle of host publicationTheory and Applications
    EditorsMarko Cepin, Radim Briš
    PublisherCRC Press
    Pages3189-3196
    Number of pages8
    ISBN (Electronic)978-1-351-80973-3
    ISBN (Print)978-1-138-62937-0
    DOIs
    Publication statusPublished - 1 Jan 2017
    MoE publication typeNot Eligible
    Event27th European Safety and Reliability Conference, ESREL 2017 - Portoroz, Slovenia
    Duration: 18 Jun 201722 Jun 2017

    Conference

    Conference27th European Safety and Reliability Conference, ESREL 2017
    Abbreviated titleESREL 2017
    Country/TerritorySlovenia
    CityPortoroz
    Period18/06/1722/06/17

    Fingerprint

    Dive into the research topics of 'Model checking as a protective method against spurious actuation of industrial control systems'. Together they form a unique fingerprint.

    Cite this