Safety & reliability of software-controlled systems. Part 7: Risk & safety

Similar documents
CEE 320. Fall Route Choice

Background. Military aviation and runway incursions. EAPPRI and military. Conclusion

Annual Safety Report 2012

EUROCONTROL IMPACT ASSESSMENT OF PCP IR AF1 ON MILITARY OPERATIONS

RUNWAY OPERATIONS: Computing Runway Arrival Capacity

ASSESSING THE LEVEL OF ACTIVITY OPPORTUNITIES SECURED BY RURAL PUBLIC TRANSPORT SERVICE: THE CAPABILITY APPROACH

Operational Safety Study: Risk of operation without a transponder or with a dysfunctional one

Exeter University of Exeter branch closure 14/06/2018. Help and support for personal and business customers

Cottingham branch closure 29/05/2018. Help and support for personal and business customers

Cardiff University Hospital of Wales branch closure 30/05/2018. Help and support for personal and business customers

Firth Park Sheffield branch closure 11/06/2018. Help and support for personal and business customers

Bristol Blackboy Hill branch closure 21/06/2018. Help and support for personal and business customers

SmartCompliance. Business First Aid Solutions

The Accessibility Changes of Chinese High Speed Railway Network

THE RURAL TERRITORIAL INFRASTRUCTURE, THE SUPPORT FOR RURAL TOURISM ECONOMY IN THE DANUBIAN AREA OF THE SOUTH MUNTENIA REGION

2017 Chinese Youth Camp The University of Texas at Austin Austin, Texas Sunday, July 23 Saturday, July 29 Sunday, July 23 is the FIRST DAY of Camp!

EUROCONTROL RPAS ATM CONOPS. Edition 4.0

A Comparison of Cirque Features in the Sierra Nevada and Trinity Mountains. Iris Surname Benjamin Holt Christopher Surname

Application of queuing theory to the container terminal at Alexandria seaport

Bushfire safety & survival

Appendix F Aircraft Manufacturers

Operational Safety Study: Controller Detection of Potential Runway and Manoeuvring Area Conflicts

ANA HOLDINGS Financial Results for the Year ended March 31, 2017

Operational Safety Study: Landing without ATC clearance

Backpack. Travel Gear for the Avid Golfer. Limited One-Year Warranty

An Investigation for the Fuel Price Escalations on Optimum Speed in Maritime Transportation

South Norwood branch closure 22/05/2018. Help and support for personal and business customers

RECURRENT FLIGHT SCHOOL SECURITY AWARENESS (FSSA) TRAINING

S T R A T E G I C P L A N

Waterloo Court 31 WATERLOO ROAD, WOLVERHAMPTON WV1 4DJ

Available online at ScienceDirect. Transportation Research Procedia 20 (2017 )

EasyRoom. Do-it-yourself sunroom and screen room kits. For more information, visit patioenclosures.com/easyroom or call

INSECT S. DISEASE 'MANAGEMENT

Research Article A QFD-Based Evaluation Method for Business Models of Product Service Systems

READY! SET! GO! YOUR PERSONAL WILDFIRE ACTION PLAN

Linear programming: complicating constraints

DryMax Stern Tube Seal System

re aviation SPRING/SUMMER 13/14

Free Route Airspace developments

Camp Health Services in the State of Michigan

Appendix E Aircraft Operators

The Application of Mathematical Methods to the Determination of Transport Flows Primjena matematičkih metoda kod određivanja prometnih tokova

Theme Park Rides. Global Solutions

Improving Bus Service Reliability: The Singapore Experience

The Heat of the Moment

Ten years as a private company

14th Northeast Lean PROFIT FROM LEAN. October 10-11, 2018 RI Convention Center, Providence RI

MODEL OF OPTIMAL CARGO TRANSPORT STRUCTURE BY FULL CONTAINER SHIP ON PREDEFINED SAILING ROUTE

UNDER NEW OWNERSHIP AND MANAGEMENT

Nonimmigrant and Immigrant Visa Options for Postdoctoral Researchers

INTEGRATED TRANSPORT AND LAND USE POLICIES FOR DEVELOPING COUNTRIES: RELOCATION OF RESIDENCES, ROAD PRICING AND TRANSIT SUBSIDY

Framework for an Airside Vehicle Driver Training Programme. Framework for Manoeuvring Area Vehicle Driver Training Programme

Contents. Editorial. Focus. Stakeholder Forum. Interview. Independent Platform. Review. Datelines. Update. Visits & Agreements

BIOCLIMATIC INTERVENTIONS EVALUATION OF URBAN NEIGHBORHOODS

Airport Master Plan to n n n n n n n n n n n n n n n n

What to do if uncertain of your position on the manoeuvring area

2018 Cub Scout Day Camp Parents Guide Passport to Adventure

CHINA CLIPPER. Education Program

SAFETY STOCK ESTIMATION OF UNIT LOAD DEVICES FOR INTERNATIONAL AIRLINE OPERATIONS

An exclusive development of just six beautifully finished 3 and 4 bedroom homes HEYSHAM

BOARD EXECUTIVE COMMITTEE Thursday, April 6, :30 p.m. EBRPD - Administrative Headquarters 2950 Peralta Oaks Court Oakland, California 94605

CHAPTER FOUR RECOMMENDED NOISE COMPATIBILITY PROGRAM MEASURES

aviation Insight and analysis to help create sustainable value from aviation assets SPRING 2013 In this edition:

CUBA INTERACTIONS. Havana, Cienfuegos & Trinidad

ANNUAL REPORT 2010 OUR APPROACH

Forecasting Tourist Arrivals in Greece and the Impact of Macroeconomic Shocks from the Countries of Tourists Origin

The Impact of Travel Time Reliability and Perceived Service Quality on Airport Ground Access Mode Choice

Research On Reducing The Cost of Stopping Port By Queuing Theory

2020 VISION Creating Tourism for Tomorrow. Explore Minnesota Tourism April 2009

CUBA. The Art & Culture of Havana

PROGRESSING TOWARDS PROSPERITY

ockleston bailey 86 NEWBOROUGH, SCARBOROUGH YO11 1ET PRIME FREEHOLD RETAIL INVESTMENT AND DEVELOPMENT OPPORTUNITY

THE ROYAL OAK FOUNDATION A GRAND VISION. 450 Years of Cuban Art & Architecture. Havana, Matanzas & Cardenas

CUBA INTERACTIONS. Havana, Cienfuegos & Trinidad

Research on water transport in loading-damaged concrete

Legacy Rawhide Hose HOSE. Rawhide 1-Wire 4000 PSI Black Hose. Rawhide 1-Wire 3000 PSI Smooth Non-Marking Hose. Rawhide Smooth Cover Black Hose

Centralised Service 6-4 European Messaging Directory Service

new BSE surveillance programme and propolis from Pitcairn Island

SAFETY. This digital version was purchased at scoutstuff.org. A Scout is Trustworthy. Please don't copy.

Software package WinQSB in the function of automatisation of transport management system

Giving your own firework display

An Indian Journal FULL PAPER ABSTRACT KEYWORDS. Trade Science Inc. Evaluation of tourism ecological environmental carrying capacity of southwest

Spares are readily available to help maximise the working life of every (page 49) Pushbutton. Lever. Water-saving flushing. Close-coupled.

Peace Corps Improved Cookstoves Handbook

Yes, Frederic, from today you rank as a full-blown member of our pirate band.

Multi-Objective Modeling for Airlines Cooperation by Game Theory and Sustainable Development Approaches

Rockford Is Aerospace. m i d-am e r i ca s b e s t i n t e r n at i o n a l ae r o s pac e com m u n i t y

35/37 HIGH STREET, NANTWICH, CW5 5DB ockleston bailey

Planning for a connected future

Control of magnesium transport in the thick ascending limb

Setting the standards for others to follow. Specialist Transport & Lifting Services

OESC 27 th EDITION/2018

Trading of Agricultural Products between Countries from Balkan Region

Camp FRESH. Learn to live a healthy life for yourself and others and then pass those lessons on to your family, friends and people in your comunity.

TABLE OF CONTENTS REFRIGERATOR SAFETY

HAVANA EXPLORATION March 22 to 29, 2014

Semantic Contours in Tracks Based on Emotional Tags

The evaluation on comprehensive risks for enterprises knowledge management by theory of matter-element model and extension set

Programmable Safety Systems PSS-Range

Folk Culture and Tourism Resources valuation of the Validity of Rural Tourism Development in Three Gorges Reservoir Area Analysis

Transcription:

Safety & reliability of software-cotrolled systems Part 7: Ris & safety Prof. Dr.-Ig. Stefa Kowalewsi Chair Iformati 11, Embedded Software Laboratory RWTH ache Uiversity Summer term 2014

Remider: Termiology Safety: The property of a situatio i which the ris of operatig/usig a system does ot exceed the limit ris. Ris: measure comprisig the probability of a evet leadig to damage the expected amout of damage if the evet occurs If quatificatio is possible: R = P damage damage Part 7: Ris & safety, Slide 2

Remider: Termiology R = P damage damage Part 7: Ris & safety, Slide 3

Damage to life/health of people to the eviromet to property Part 7: Ris & safety, Slide 4

Limit ris = biggest justifiable ris What determies justifiability? 1. Idividual ad social perceptio of ris Part 7: Ris & safety, Slide 5

Limit ris = biggest justifiable ris What determies justifiability? 2. Legal ad social orms Part 7: Ris & safety, Slide 6

Compare the followig defiitios Barbacci et al., SEI: Safety is the o-occurece of catastrophic cosequeces of the system s behavior o the eviromet Leveso, MIT: Safety is freedom from damage. Part 7: Ris & safety, Slide 7

Ris reductio (1) Ofte, operatig a aed system without ay safetyrelated additios is above the limit ris: Part 7: Ris & safety, Slide 8

Ris reductio (2) For a large class of systems, ris reductio ca be achieved by protective devices. Examples? Part 7: Ris & safety, Slide 9

Ris cceptace Priciples Priciples to fid out acceptable riss: MEM (Germay) GMB (Frace) LRP (Great Britai) Part 7: Ris & safety, Slide 10

MEM MEM: Miimale Edogee Mortalität (Miimum Edogeous Mortality) Bacgroud of MEM: Various age-depedet death rates i society portio of each death rate is caused by techological systems The age-depedet ris to die for such a reaso is called Edogeous Mortality R I well-developed coutries R is miimal for the group of the 5 to 15 year-olds Miimum Edogeous Mortality: R m = 2 x 10-4 death/perso x year Part 7: Ris & safety, Slide 11

acceptable idividual ris MEM Rule: sigificat icrease of R m caused by a ew techical system is ot acceptable Sigificat meas: 5% of R m : 10-5 death/perso x year Taig ito accout the umber of deaths: Itroduce differetial ris aversio (DR) 1,E-02 1,E-03 1,E-04 1,E-05 1,E-06 1,E-07 1,E-08 1,E-09 R m 1,E-10 1,E+0 1,E+1 1,E+2 1,E+3 1,E+4 1,E+5 1,E+6 umber of deaths Part 7: Ris & safety, Slide 12

GMB GMB: Globalemet u Mois ussi Bo (Globally at least as good) ssumptio: There already exists a comparable system Requiremet: The ew system shall i total be at least equally good. Trade-off possible: Worseig oe ris while overcompesatig by decreasig aother ris Part 7: Ris & safety, Slide 13

Icreasig ris LRP LRP: s Low s Reasoably Practicable Uacceptable Regio Ris caot be justified (except i exceptioal circumstaces). Tolerable Regio Ris is oly acceptable if the ris caot be decreased or if the costs are out of proportio to the improvemet. Broadly cceptable Regio Ris is isigificat. Part 7: Ris & safety, Slide 14

LRP bove upper limit Uacceptable ris No commissioig if ris reductio impossible Tolerable regio Showig that ris is withi tolerable regio is ot sufficiet Fid level where it is ot worth the cost to reduce further How to defie the upper ad lower limit? Part 7: Ris & safety, Slide 15

Example: Qualitative Ris ssessmet Class frequet probable occasioal rare improbable icoceivable Frequecy of Hazard Defiitio Will occur frequetly. Hazard is costatly preset. Will occur several times. Hazard is expected to occur ofte. Ca occur several times. Hazard is expected to occur several times. Ca occur sometimes durig life cycle. It maes sese to tae the hazard ito accout. The occurrece is improbable, but possible. Hazard is expected to occur i exceptioal cases oly. The occurrece is a very rare case. It may be accepted that the hazard will ot occur. Part 7: Ris & safety, Slide 16

Example: Qualitative Ris ssessmet Class Catastrophic Critical Margial Isigificat mout of Damage Cosequeces for People or Eviromet Fatalities ad/or several ijured persos ad/or serious damage to the eviromet Sigle fatality ad/or ijured perso ad/or cosiderable damage to the eviromet Small ijury ad/or cosiderable threat to eviromet Potetial, mior ijury Part 7: Ris & safety, Slide 17

Probability Example: Qualitative Ris ssessmet Oly acceptable if ris reductio impossible Ris Level frequet uwated itolerable itolerable itolerable probable tolerable uwated itolerable itolerable occasioal tolerable uwated uwated itolerable rare egligible tolerable uwated uwated improbable egligible egligible tolerable tolerable icoceivable egligible egligible egligible egligible isigificat margial critical catastrophic mout of Damage Must be excluded cceptable cceptable whe implemetig suitable precautio Part 7: Ris & safety, Slide 18

Fuctio of protective ad moitorig devices i process automatio Part 7: Ris & safety, Slide 19

ctive ad passive failures Protective devices have two mai fuctios: 1. Brig system to a safe state if dager arises. 2. Do othig if o dager is preset. We have to distiguish betwee 1. Failure to fulfil fuctio 1. 2. Failure to fulfil fuctio 2. Part 7: Ris & safety, Slide 20

Possible M-o-o-N evets critical evet protectio is ecessary o critical evet o protectio ecessary protectio activated No failure but failure of overall system active failure but failure of overall system o protectio activated passive failure but failure of overall system No failure o failure of overall system Part 7: Ris & safety, Slide 21

ew loo at redudacy structures Redudace i protective devices m-oo-: m systems must agree that the system has to be shut dow Two ids of availabilities: 1. Safety-related availability s : Probability that the system will be shut dow i case of a dagerous fault 2. Operatio-related availability o : Probability that the system will ot be shut dow uecessarily Part 7: Ris & safety, Slide 22

Part 7: Ris & safety, Slide 23 Safety-related availability vs operatio-related availability s s m s moo ) (1, o o m o moo ) (1 1,

Coflictig Goals Qualities ted to coflict with each other! e.g. Safety Reliability Costs Performace Part 7: Ris & safety, Slide 24

Reliability vs. Safety Reliability Safety Overlappig but ot idetical Part 7: Ris & safety, Slide 25

s ad o for homogeous redudacy: example Part 7: Ris & safety, Slide 26

vailability for passive failures _moo,s 1 2 3 4 5 6 m 1 0,900000 0,990000 0,999000 0,999900 0,999990 0,999999 2 0,810000 0,972000 0,996300 0,999540 0,999945 3 0,729000 0,947700 0,991440 0,998730 4 0,656100 0,918540 0,984150 5 0,590490 0,885735 6 0,531441 moo, s s (1 s ) m Part 7: Ris & safety, Slide 27

vailability for passive failures _moo,o 1 2 3 4 5 6 m 1 0,900000 0,810000 0,729000 0,656100 0,590490 0,531441 2 0,990000 0,972000 0,947700 0,918540 0,885735 3 0,999000 0,996300 0,991440 0,984150 4 0,999900 0,999540 0,998730 5 0,999990 0,999945 6 0,999999 moo, o o (1 o ) m1 Part 7: Ris & safety, Slide 28

Part 7: Ris & safety, Slide 29 Optimizatio for passive ad active failures s s m s moo ) (1, o o m o moo ) (1 1, ) ( ) (1 ) ( ) (,,,, max arg m m m m o s o s ) (,, m s moo s ) (,, m o moo o o o m s s m m m o s ) (1 ) (1 ) (1 ) ( 1,, max arg

Cosequeces IF Example for α =0.5: s is importat: high o is importat: low m 1 m both are importat: 0.5 m 2 (If s = o) Part 7: Ris & safety, Slide 30

Safety-related system / compoet requiremets (1) Fail-safe: Property of a system to remai i or move to a safe state i case of a failure Example: Trai braes eed eergy to be released. If power supply is iterrupted, they brae. Part 7: Ris & safety, Slide 31

Safety-related system / compoet requiremets (2) Fail-silet: Property of a subsystem to remai i or move to a state i which it does ot affect the other subsystems i case of a failure Silece = safe state of the subsystem Examples: Faulty bus user (couterexample: Babblig Idiot i Ca Bus) Faulty SW process i a soud operatig system Part 7: Ris & safety, Slide 32

Safety-related system / compoet requiremets (3) Fail-operatioal: Property of a system to eep up its fuctio or a degraded mode of fuctioality i case of a fault Example: ir plae cotroller Fault-tolerat Part 7: Ris & safety, Slide 33

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback