@inproceedings{2a56e99dc53e4168b38b1fe9755bd488,
title = "Verification of Fault-Tolerant System Architectures Using Model Checking",
abstract = "Model checking is a formal method that has proven useful for verifying e.g. logic designs of safety systems used in nuclear plants. However, redundant subsystems are implemented in nuclear plants in order to achieve a certain level of fault-tolerance. A formal system-level analysis that takes into account both the detailed logic design of the systems and the potential failures of the hardware equipment is a difficult challenge. In this work, we have created new methodology for modelling hardware failures, and used it to enable the verification of the fault-tolerance of the plant using model checking. We have used an example probabilistic risk assessment (PRA) model of a fictional nuclear power plant as reference and created a corresponding model checking model that covers several safety systems of the plant. Using the plant-level model we verified several safety properties of the nuclear plant. We also analysed the fault-tolerance of the plant with regard to these properties, and used abstraction techniques to manage the large plant-level model. Our work is a step towards being able to exhaustively verify properties on a single model that covers the entire plant. The developed methodology follows closely the notations of PRA analysis, and serves as a basis for further integration between the two approaches.",
keywords = "Model checking, nuclear power plants, architecture, hardware failure, fault-tolerance",
author = "Jussi Lahtinen",
year = "2014",
doi = "10.1007/978-3-319-10557-4_23",
language = "English",
isbn = "978-3-319-10556-7",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "195--206",
editor = "Andrea Bondavalli and Andrea Ceccarelli and Frank Ortmeier",
booktitle = "Computer Safety, Reliability, and Security",
address = "Germany",
}