Optimal Design of Dependable Control System Architectures Using Temporal Sequences of Failures

Designing a dependable control system requires accurate methods to evaluate efficiently the dependability level of one given component architecture. This evaluation is crucial to determine the risks associated with system failures, and the remaining properties after fault occurrences. The dependability level of a control system depends not only on the kind of component failures that may occur, but also on the ordered sequences of the failure appearance. Classical evaluation methods, i.e. fault trees or failure mode and effect analysis, are not appropriate to handle these sequences. Our paper contributes on this aspect, and proposes a complete design methodology for dependable systems. This methodology uses ordered sequences of multiple failures to evaluate accurately the dependability level of all possible system´s equipment architectures. Starting with the hierarchical functional decomposition of the system, the first step is to identify the dreaded events. Thus, the faulty behaviors of all possible system architectures are characterized with temporal operators. The set of system´s operational architectures is finally determined by solving an optimization problem that considers both dependability objectives, and cost constraints. This methodology is applied to design a fire detection system for a railroad transportation system. In this paper, a complete methodology to design dependable control systems is presented. The innovative feature of this methodology is that it attempts to take into account time ordered sequences of failures. A new representation, called improved multi-fault tree, is defined. This tool allows us first to model failure relationships between functions, and second to evaluate the dependability level of a set of equipment architectures by the use of time ordered sequences of failures. Our design method provides a set of optimal architectures with given costs, and dependability levels. The designer can choose among these solutions trading amon- the costs, and dependability level specifications. The comparison between the new approach and the classical dependability method shows that the set of solutions for the multi-fault tree is smaller than the set of solutions for the classical one. The set is smaller, but the solutions are better because the new approach integrates temporal functions, and evaluates more precisely the level of dependability than with the traditional one.