Verification of fault tolerant safety I&C systems using model checking

Antti Pakonen; Igor Buzhinsky

doi:10.1109/ICIT.2019.8755014

Verification of fault tolerant safety I&C systems using model checking

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

4 Citations (Scopus)

109 Downloads (Pure)

Abstract

Model checking has been successfully used for detailed formal verification of instrumentation and control (IC) systems, as long as the focus has been on the application logic, alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing IC hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion, and prohibitively long processing times. In this paper, we present a method for adding hardware component failures and communication delays into IC application logic models for the NuSMV symbolic model checker. Based on a case study built around a semi-fictitious, four-redundant nuclear power plant protection system, we demonstrate how even detailed system designs can be verified, if the focus is kept on single failure tolerance.

Original language	English
Title of host publication	2019 IEEE International Conference on Industrial Technology (ICIT)
Publisher	IEEE Institute of Electrical and Electronic Engineers
Pages	969-974
Number of pages	6
ISBN (Electronic)	978-1-5386-6376-9, 978-1-5386-6375-2
ISBN (Print)	978-1-5386-6377-6
DOIs	https://doi.org/10.1109/ICIT.2019.8755014
Publication status	Published - 1 Feb 2019
MoE publication type	A4 Article in a conference publication
Event	2019 IEEE International Conference on Industrial Technology, ICIT 2019 - Melbourne, Australia Duration: 13 Feb 2019 → 15 Feb 2019

Publication series

Series	IEEE International Conference on Industrial Technology
ISSN	2641-0184

Conference

Conference	2019 IEEE International Conference on Industrial Technology, ICIT 2019
Country/Territory	Australia
City	Melbourne
Period	13/02/19 → 15/02/19

Keywords

Fault tolerance
Formal verification
Model checking

Access to Document

10.1109/ICIT.2019.8755014

Pakonen_ICIT_preprintAccepted author manuscript, 408 KB

Cite this

@inproceedings{f77dcc6e0b7741b39f70971a475cef7d,

title = "Verification of fault tolerant safety I&C systems using model checking",

abstract = "Model checking has been successfully used for detailed formal verification of instrumentation and control (IC) systems, as long as the focus has been on the application logic, alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing IC hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion, and prohibitively long processing times. In this paper, we present a method for adding hardware component failures and communication delays into IC application logic models for the NuSMV symbolic model checker. Based on a case study built around a semi-fictitious, four-redundant nuclear power plant protection system, we demonstrate how even detailed system designs can be verified, if the focus is kept on single failure tolerance.",

keywords = "Fault tolerance, Formal verification, Model checking",

author = "Antti Pakonen and Igor Buzhinsky",

year = "2019",

month = feb,

day = "1",

doi = "10.1109/ICIT.2019.8755014",

language = "English",

isbn = "978-1-5386-6377-6",

series = "IEEE International Conference on Industrial Technology",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

pages = "969--974",

booktitle = "2019 IEEE International Conference on Industrial Technology (ICIT)",

address = "United States",

note = "2019 IEEE International Conference on Industrial Technology, ICIT 2019 ; Conference date: 13-02-2019 Through 15-02-2019",

}

Pakonen, A & Buzhinsky, I 2019, Verification of fault tolerant safety I&C systems using model checking. in 2019 IEEE International Conference on Industrial Technology (ICIT). IEEE Institute of Electrical and Electronic Engineers, IEEE International Conference on Industrial Technology, pp. 969-974, 2019 IEEE International Conference on Industrial Technology, ICIT 2019, Melbourne, Australia, 13/02/19. https://doi.org/10.1109/ICIT.2019.8755014

Verification of fault tolerant safety I&C systems using model checking. / Pakonen, Antti; Buzhinsky, Igor.

2019 IEEE International Conference on Industrial Technology (ICIT). IEEE Institute of Electrical and Electronic Engineers, 2019. p. 969-974 (IEEE International Conference on Industrial Technology).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Verification of fault tolerant safety I&C systems using model checking

AU - Pakonen, Antti

AU - Buzhinsky, Igor

PY - 2019/2/1

Y1 - 2019/2/1

N2 - Model checking has been successfully used for detailed formal verification of instrumentation and control (IC) systems, as long as the focus has been on the application logic, alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing IC hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion, and prohibitively long processing times. In this paper, we present a method for adding hardware component failures and communication delays into IC application logic models for the NuSMV symbolic model checker. Based on a case study built around a semi-fictitious, four-redundant nuclear power plant protection system, we demonstrate how even detailed system designs can be verified, if the focus is kept on single failure tolerance.

AB - Model checking has been successfully used for detailed formal verification of instrumentation and control (IC) systems, as long as the focus has been on the application logic, alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing IC hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion, and prohibitively long processing times. In this paper, we present a method for adding hardware component failures and communication delays into IC application logic models for the NuSMV symbolic model checker. Based on a case study built around a semi-fictitious, four-redundant nuclear power plant protection system, we demonstrate how even detailed system designs can be verified, if the focus is kept on single failure tolerance.

KW - Fault tolerance

KW - Formal verification

KW - Model checking

UR - http://www.scopus.com/inward/record.url?scp=85069054364&partnerID=8YFLogxK

U2 - 10.1109/ICIT.2019.8755014

DO - 10.1109/ICIT.2019.8755014

M3 - Conference article in proceedings

AN - SCOPUS:85069054364

SN - 978-1-5386-6377-6

T3 - IEEE International Conference on Industrial Technology

SP - 969

EP - 974

BT - 2019 IEEE International Conference on Industrial Technology (ICIT)

PB - IEEE Institute of Electrical and Electronic Engineers

T2 - 2019 IEEE International Conference on Industrial Technology, ICIT 2019

Y2 - 13 February 2019 through 15 February 2019

ER -

Verification of fault tolerant safety I&C systems using model checking

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this