Reliability Analysis of Safety-Related Communication Architectures
In this paper we describe a novel concept for reliability analysis of communication architectures in safety-critical systems. This concept has been motivated by applications in the railway control systems domain, where transitions into stable safe state are usually considered as undesired events because they cause a severe deterioration of the service reliability expected by end users. We introduce a domain-specific language for modelling communication architectures, the protocols involved and the fault hypotheses about anticipated deviations of communication channels and possibly other components from expected behaviour. From such model, a generator creates mutant models associated with probability formulae expressing each mutant’s probability of occurrence. Each mutant is analysed with respect to its unreliability, that is, whether it contains paths leading into stable safe state. Then the system reliability can be conservatively estimated by calculating an upper bound of the probability for the system to perform a transition into stable safe state within a given operational period. Our approach deliberately refrains from utilising probabilistic model checking, in order to avoid the state space explosions typically occurring when considering all possible erroneous behaviours within a single model. Instead, we analyse many different models, each only containing a restricted variant of deviations, which leads to faster evaluation times. In addition, several models can be evaluated in parallel in a distributed multi-core environment.
KeywordsModel Check Occurrence Probability Communication Architecture Outgoing Transition State Space Explosion
Unable to display preview. Download preview PDF.
- 1.CENELEC: En 50159-1. railway applications -communication, signalling and processing systems part 1: Safety-related communication in closed transmission systems (2001)Google Scholar
- 2.CENELEC: En 50159-2. railway applications -communication, signalling and processing systems part 2: Safety related communication in open transmission systems (2001)Google Scholar
- 3.IEC: Iec 60050-191-am1 ed1.0 amendment 1 - international electrotechnical vocabulary. ch. 191, Dependability and quality of service (1999)Google Scholar
- 4.Alur, R., Dill, D.: A Theory of Timed Automata. Theoretical Computer Science (126), 183–235 (1994)Google Scholar
- 6.Kelly, S., Lyytinen, K., Rossi, M.: Metaedit+ a fully configurable multi-user and multi-tool case and came environment. In: Constantopoulos, P., Vassiliou, Y., Mylopoulos, J. (eds.) CAiSE 1996. LNCS, vol. 1080, pp. 1–21. Springer, Heidelberg (1996)Google Scholar
- 7.Esposito, R., Sanseviero, A., Lazzaro, A., Marmo, P.: Formal verification of ertms euroradio safety critical protocol. In: Proceedings of FORMS 2003, Budapest, Hungary, May 15-16 (2003)Google Scholar
- 8.Peleska, J., Große, D., Haxthausen, A.E., Drechsler, R.: Automated verification for train control systems. In: Schnieder, E., Tarnai, G. (eds.) Proceedings of the FORMS/FORMAT 2004 - Formal Methods for Automation and Safety in Railway and Automotive Systems, Technical University of Braunschweig, pp. 252–265 (December 2004) ISBN 3-9803363-8-7Google Scholar
- 9.Schlingloff, F.: Barthel: Verifikation und test des profisafe-sicherheitsprofils (2007)Google Scholar
- 10.Maxemchuk, N.F., Sabnani, K.K.: Probabilistic verification of communication protocols. In: PSTV, pp. 307–320 (1987)Google Scholar
- 11.Duflot, M., Fribourg, L., Hérault, T., Lassaigne, R., Magniette, F., Messika, S., Peyronnet, S., Picaronny, C.: Probabilistic model checking of the CSMA/CD protocol using PRISM and APMC. In: Proc. 4th Workshop on Automated Verification of Critical Systems (AVoCS 2004). Electronic Notes in Theoretical Computer Science, vol. 128(6), pp. 195–214. Elsevier Science, Amsterdam (2004)Google Scholar
- 12.metacase.com: Metaedit+ workbench (2009)Google Scholar
- 13.Kähloer, M.: The european train control system in thales signalling solutions. Mechanics Transport Communications 3, VIII–8–VIII–12 (2008)Google Scholar