Verification of fault tolerant safety I&C systems using model checking

Antti Pakonen; Igor Buzhinsky

doi:10.1109/ICIT.2019.8755014

Verification of fault tolerant safety I&C systems using model checking

BA1616 Systems engineering and simulation

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

2 Downloads (Pure)

Abstract

Model checking has been successfully used for detailed formal verification of instrumentation and control (IC) systems, as long as the focus has been on the application logic, alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing IC hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion, and prohibitively long processing times. In this paper, we present a method for adding hardware component failures and communication delays into IC application logic models for the NuSMV symbolic model checker. Based on a case study built around a semi-fictitious, four-redundant nuclear power plant protection system, we demonstrate how even detailed system designs can be verified, if the focus is kept on single failure tolerance.

Original language	English
Title of host publication	Proceedings of the IEEE International Conference on Industrial Technology, ICIT 2019
Publisher	Institute of Electrical and Electronic Engineers IEEE
Pages	969 - 974
Number of pages	6
ISBN (Electronic)	978-1-5386-6376-9
DOIs	https://doi.org/10.1109/ICIT.2019.8755014
Publication status	Published - 2019
MoE publication type	A4 Article in a conference publication
Event	2019 IEEE International Conference on Industrial Technology, ICIT 2019 - Melbourne, Australia Duration: 13 Feb 2019 → 15 Feb 2019

Conference

Conference	2019 IEEE International Conference on Industrial Technology, ICIT 2019
Country	Australia
City	Melbourne
Period	13/02/19 → 15/02/19

Fingerprint

Model checking

Hardware

Fault tolerance

Failure modes

Nuclear power plants

Explosions

Systems analysis

Control systems

Communication

Processing

Costs

Keywords

Fault tolerance
Formal verification
Model checking

Cite this

Pakonen, A., & Buzhinsky, I. (2019). Verification of fault tolerant safety I&C systems using model checking. In Proceedings of the IEEE International Conference on Industrial Technology, ICIT 2019 (pp. 969 - 974). Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ICIT.2019.8755014

Pakonen, Antti ; Buzhinsky, Igor. / Verification of fault tolerant safety I&C systems using model checking. Proceedings of the IEEE International Conference on Industrial Technology, ICIT 2019. Institute of Electrical and Electronic Engineers IEEE, 2019. pp. 969 - 974

@inproceedings{f77dcc6e0b7741b39f70971a475cef7d,

title = "Verification of fault tolerant safety I&C systems using model checking",

abstract = "Model checking has been successfully used for detailed formal verification of instrumentation and control (IC) systems, as long as the focus has been on the application logic, alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing IC hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion, and prohibitively long processing times. In this paper, we present a method for adding hardware component failures and communication delays into IC application logic models for the NuSMV symbolic model checker. Based on a case study built around a semi-fictitious, four-redundant nuclear power plant protection system, we demonstrate how even detailed system designs can be verified, if the focus is kept on single failure tolerance.",

keywords = "Fault tolerance, Formal verification, Model checking",

author = "Antti Pakonen and Igor Buzhinsky",

year = "2019",

doi = "10.1109/ICIT.2019.8755014",

language = "English",

pages = "969 -- 974",

booktitle = "Proceedings of the IEEE International Conference on Industrial Technology, ICIT 2019",

publisher = "Institute of Electrical and Electronic Engineers IEEE",

address = "United States",

}

Pakonen, A & Buzhinsky, I 2019, Verification of fault tolerant safety I&C systems using model checking. in Proceedings of the IEEE International Conference on Industrial Technology, ICIT 2019. Institute of Electrical and Electronic Engineers IEEE, pp. 969 - 974, 2019 IEEE International Conference on Industrial Technology, ICIT 2019, Melbourne, Australia, 13/02/19. https://doi.org/10.1109/ICIT.2019.8755014

Verification of fault tolerant safety I&C systems using model checking. / Pakonen, Antti; Buzhinsky, Igor.

Proceedings of the IEEE International Conference on Industrial Technology, ICIT 2019. Institute of Electrical and Electronic Engineers IEEE, 2019. p. 969 - 974.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Verification of fault tolerant safety I&C systems using model checking

AU - Pakonen, Antti

AU - Buzhinsky, Igor

PY - 2019

Y1 - 2019

N2 - Model checking has been successfully used for detailed formal verification of instrumentation and control (IC) systems, as long as the focus has been on the application logic, alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing IC hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion, and prohibitively long processing times. In this paper, we present a method for adding hardware component failures and communication delays into IC application logic models for the NuSMV symbolic model checker. Based on a case study built around a semi-fictitious, four-redundant nuclear power plant protection system, we demonstrate how even detailed system designs can be verified, if the focus is kept on single failure tolerance.

AB - Model checking has been successfully used for detailed formal verification of instrumentation and control (IC) systems, as long as the focus has been on the application logic, alone. In safety-critical applications, fault tolerance is also an important aspect, but introducing IC hardware failure modes to the formal models comes at a significant computational cost. Previous attempts have led to state space explosion, and prohibitively long processing times. In this paper, we present a method for adding hardware component failures and communication delays into IC application logic models for the NuSMV symbolic model checker. Based on a case study built around a semi-fictitious, four-redundant nuclear power plant protection system, we demonstrate how even detailed system designs can be verified, if the focus is kept on single failure tolerance.

KW - Fault tolerance

KW - Formal verification

KW - Model checking

UR - http://www.scopus.com/inward/record.url?scp=85069054364&partnerID=8YFLogxK

U2 - 10.1109/ICIT.2019.8755014

DO - 10.1109/ICIT.2019.8755014

M3 - Conference article in proceedings

SP - 969

EP - 974

BT - Proceedings of the IEEE International Conference on Industrial Technology, ICIT 2019

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Pakonen A, Buzhinsky I. Verification of fault tolerant safety I&C systems using model checking. In Proceedings of the IEEE International Conference on Industrial Technology, ICIT 2019. Institute of Electrical and Electronic Engineers IEEE. 2019. p. 969 - 974 https://doi.org/10.1109/ICIT.2019.8755014

Access to Document

10.1109/ICIT.2019.8755014

Pakonen_ICIT_preprintSubmitted manuscript, 407 KB

Link to publication in Scopus