The Experts below are selected from a list of 2919 Experts worldwide ranked by ideXlab platform
Hyun Gook Kang - One of the best experts on this subject based on the ideXlab platform.
-
development of a bayesian belief network model for software reliability quantification of digital Protection Systems in nuclear power plants
Annals of Nuclear Energy, 2018Co-Authors: Hyun Gook Kang, Seung Jun Lee, Tsong-lun Chu, Athi Varuttamaseni, Meng Yue, Sang Hoon Lee, Steve Yang, Heung Seop Eom, Jaehyun ChoAbstract:Abstract As the instrumentation and control (I&C) Systems in nuclear power plants (NPPs) have been replaced with digital-based Systems, the need has emerged to not only establish a basis for incorporating software behavior into digital I&C System reliability models, but also to quantify the software reliability used in NPP digital Protection Systems. Therefore, a Bayesian belief network (BBN) model which estimates the number of faults in a software considering its software development life cycle (SDLC) is developed in this study. The model structure and parameters are established based on the information applicable to safety-related Systems and expert elicitation. The evidence used in the model was collected from three stages of expert elicitation. To assess the feasibility of using BBN in NPP digital Protection software reliability quantification, the BBN model was applied to the Integrated Digital Protection System–Reactor Protection System and estimated the number of defects at each SDLC phase and further assessed the software failure probability. The developed BBN model can be employed to estimate the reliability of deployed safety-related NPP software and such results can be used to evaluate the quality of the digital I&C Systems in addition to estimating the potential Reactor risk due to software failure.
-
Study on the Systematic approach of Markov modeling for dependability analysis of complex fault-tolerant features with voting logics
Reliability Engineering and System Safety, 2016Co-Authors: Hyun Gook KangAbstract:The Markov analysis is a technique for modeling System state transitions and calculating the probability of reaching various System states. While it is a proper tool for modeling complex System designs involving timing, sequencing, repair, redundancy, and fault tolerance, as the complexity or size of the System increases, so does the number of states of interest, leading to difficulty in constructing and solving the Markov model. This paper introduces a Systematic approach of Markov modeling to analyze the dependability of a complex fault-tolerant System. This method is based on the decomposition of the System into independent subSystem sets, and the System-level failure rate and the unavailability rate for the decomposed subSystems. A Markov model for the target System is easily constructed using the System-level failure and unavailability rates for the subSystems, which can be treated separately. This approach can decrease the number of states to consider simultaneously in the target System by building Markov models of the independent subSystems stage by stage, and results in an exact solution for the Markov model of the whole target System. To apply this method we construct a Markov model for the Reactor Protection System found in nuclear power plants, a System configured with four identical channels and various fault-tolerant architectures. The results show that the proposed method in this study treats the complex architecture of the System in an efficient manner using the merits of the Markov model, such as a time dependent analysis and a sequential process analysis.
-
fault detection coverage quantification of automatic test functions of digital i c System in npps
Nuclear Engineering and Technology, 2012Co-Authors: Jong-gyun Choi, Seop Hur, Seung Jun Lee, Hyun Gook Kang, Young Jun Lee, Seungcheol JangAbstract:Analog instrument and control Systems in nuclear power plants have recently been replaced with digital Systems for safer and more efficient operation. Digital instrument and control Systems have adopted various fault-tolerant techniques that help the System correctly and safely perform the specific required functions regardless of the presence of faults. Each fault-tolerant technique has a different inspection period, from real-time monitoring to monthly testing. The range covered by each faulttolerant technique is also different. The digital instrument and control System, therefore, adopts multiple barriers consisting of various fault-tolerant techniques to increase the total fault detection coverage. Even though these fault-tolerant techniques are adopted to ensure and improve the safety of a System, their effects on the System safety have not yet been properly considered in most probabilistic safety analysis models. Therefore, it is necessary to develop an evaluation method that can describe these features of digital instrument and control Systems. Several issues must be considered in the fault coverage estimation of a digital instrument and control System, and two of these are addressed in this work. The first is to quantify the fault coverage of each fault-tolerant technique implemented in the System, and the second is to exclude the duplicated effect of fault-tolerant techniques implemented simultaneously at each level of the System’s hierarchy, as a fault occurring in a System might be detected by one or more fault-tolerant techniques. For this work, a fault injection experiment was used to obtain the exact relations between faults and multiple barriers of faulttolerant techniques. This experiment was applied to a bistable processor of a Reactor Protection System.
-
reliability assessment method for npp digital i c Systems considering the effect of automatic periodic tests
Annals of Nuclear Energy, 2010Co-Authors: Seung Jun Lee, Jong-gyun Choi, Hyun Gook Kang, Seungcheol JangAbstract:Abstract Since digital technologies have been improved, the analog Systems in nuclear power plants (NPPs) have been replaced with digital Systems. Recently, new NPPs have adapted various kinds of digital instrumentation and control (I&C) Systems. Even though digital I&C Systems have various fault-tolerant techniques for enhancing the System availability and safety compared to conventional analog I&C Systems, the effects of these fault-tolerant techniques on System safety have not been properly considered yet in most probabilistic safety assessment models. Therefore, it is necessary to develop the safety evaluation method for digital I&C Systems with consideration of fault-tolerant techniques. Among the various issues in the safety model for digital I&C Systems, one of the important issues is how to exclude the duplicated effect of fault-tolerant techniques implemented at each hierarchy level of the System. The exact relation between faults and fault-tolerant techniques should be identified in order to exclude this duplicated effect. In this work, the relation between faults and fault-tolerant techniques are identified using fault injection experiments. As an application, the proposed method was applied to a module of a digital Reactor Protection System.
P A Khand - One of the best experts on this subject based on the ideXlab platform.
-
attack tree based cyber security analysis of nuclear digital instrumentation and control Systems
Nucleus, 2020Co-Authors: P A KhandAbstract:To maintain the cyber security, nuclear digital Instrumentation and Control (I&C) Systems must be analyzed for security risks because a single security breach due to a cyber attack can cause System failure, which can have catastrophic consequences on the environment and staff of a Nuclear Power Plant (NPP). Attack trees have been widely used to analyze the cyber security of digital Systems due to their ability to capture System specific as well as attacker specific details. Therefore, a methodology based on attack trees has been proposed to analyze the cyber security of the Systems. The methodology has been applied for the Cyber Security Analysis (CSA) of a Bistable Processor (BP) of a Reactor Protection System (RPS). Threats have been described according to their source. Attack scenarios have been generated using the attack tree and possible counter measures according to the Security Risk Level (SRL) of each scenario have been suggested. Moreover, cyber Security Requirements (SRs) have been elicited, and suitability of the requirements has been checked.
Dong Young Lee - One of the best experts on this subject based on the ideXlab platform.
-
The Fault Tolerant Evaluation Model due to the Periodic Automatic Fault Detection Function of the Safety-critical I&C Systems in the Nuclear Power Plants
The Transactions of The Korean Institute of Electrical Engineers, 2013Co-Authors: Seop Hur, Dong-hoon Kim, Jong-gyun Choi, Chang-hwoi Kim, Dong Young LeeAbstract:This study suggests a generalized availability and safety evaluation model to evaluate the influences to the System`s fault tolerant capabilities depending on automatic fault detection function such as the automatic periodic testings. The conventional evaluation model of automatic fault detection function deals only with the self diagnostics, and supposes that the fault detection coverage of self diagnostics is always constant. But all of the fault detection methods could be degraded. For example, the periodic surveillance test has the potential human errors or test equipment errors, the self diagnostics has the potential degradation of built-in logics, and the automatic periodic testing has the potential degradation of automatic test facilities. The suggested evaluation models have incorporated the loss or erroneous behaviors of the automatic fault detection methods. The availability and the safety of each module of the safety grade platform have been evaluated as they were applied the automatic periodic test methodology and the fault tolerant evaluation models. The availability and safety of the safety grade platform were improved when applied the automatic periodic testing. Especially the fault tolerant capability of the processor module with a weak self-diagnostics and the process parameter input modules were dramatically improved compared to the conventional cases. In addition, as a result of the safety evaluation of the digital Reactor Protection System, the System safety of the digital parts was improved about 4 times compared to the conventional cases.
-
a cyber security risk assessment for the design of i c Systems in nuclear power plants
Nuclear Engineering and Technology, 2012Co-Authors: Jae-gu Song, Jung-woon Lee, Cheol-kwon Lee, Kee-choon Kwon, Dong Young LeeAbstract:The applications of computers and communication System and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control Systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control Systems have become more crucial in the development of new Systems and in the operation of existing Systems. Although the nstrumentation and control Systems of nuclear power plants are similar to industrial control Systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control Systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control Systems are discussed. For cyber security risk assessments of instrumentation and control Systems, the activities and considerations necessary for assessments during the System design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital Reactor Protection System are described.
-
Software FMEA Analysis for Safety Software
Volume 5: Fuel Cycle and High and Low Level Waste Management and Decommissioning; Computational Fluid Dynamics (CFD) Neutronics Methods and Coupled Co, 2009Co-Authors: Gee-Yong Park, Sup Hur, Dong H. Kim, Dong Young Lee, Kee C. KwonAbstract:This paper describes a software safety analysis for a software code that is installed at an Automatic Test and Interface Processor (ATIP) in a digital Reactor Protection System. For the ATIP software safety analysis, an overall safety analysis is at first performed over the ATIP software architecture and modules, and then a detailed safety analysis based on the software FMEA (Failure Modes and Effect Analysis) method is applied to the ATIP program. For an efficient analysis, the software FMEA is carried out based on the so-called failure-mode template extracted from the function blocks used in the function block diagram (FBD) for the ATIP software. The software safety analysis by the software FMEA, being applied to the ATIP software code which has been integrated and passed through a very rigorous System test procedure, is proven to be able to provide very valuable results (i.e., software defects) which could not be identified during various System tests.Copyright © 2009 by ASME
-
A Safety Assessment Methodology for a Digital Reactor Protection System
International Journal of Control Automation and Systems, 2006Co-Authors: Dong Young Lee, Jong-gyun Choi, Joon LyouAbstract:The main function of a Reactor Protection System is to maintain the Reactor core integrity and the Reactor coolant System pressure boundary. Generally, the Reactor Protection System adopts the 2-out-of-m redundant architecture to assure a reliable operation. This paper describes the safety assessment of a digital Reactor Protection System using the fault tree analysis technique. The fault tree technique can be expressed in terms of combinations of the basic event failures such as the random hardware failures, common cause failures, operator errors, and the fault tolerance mechanisms implemented in the Reactor Protection System. In this paper, a prediction method of the hardware failure rate is suggested for a digital Reactor Protection System, and applied to the Reactor Protection System being developed in Korea to identify design weak points from a safety point of view.
Sungdeok Cha - One of the best experts on this subject based on the ideXlab platform.
-
automated test case generation for fbd programs implementing Reactor Protection System software
Software Testing Verification & Reliability, 2014Co-Authors: Eunkyoung Jee, Donghwan Shin, Sungdeok Cha, Jangsoo Lee, Doohwan BaeAbstract:Automated and effective testing for function block diagram FBD programs has become an important issue, as FBD is increasingly used in implementing safety-critical Systems. This work describes an automated test case generation technique for FBD programs and its associated tool-FBDTester. Given an FBD program and desired test coverage criteria, FBDTester generates test requirements and invokes the Satisfiability Modulo Theories solver iteratively to derive a set of test cases. An industrial case study using Reactor Protection System software shows that the automatically generated test suites detected at least 82% of the known faults, whereas manually generated test cases only detected approximately 35%. Mutation analysis revealed that the automatically generated test suites substantially outperformed manually generated ones. Although test sequence generation requires some manual effort in the current FBDTester, it is apparent that the proposed approach significantly improves the efficiency and the reliability of FBD testing. Copyright © 2014 John Wiley & Sons, Ltd.
-
automated test coverage measurement for Reactor Protection System software implemented in function block diagram
Departmental Papers (CIS), 2012Co-Authors: Eunkyoung Jee, Sungdeok Cha, Suin Kim, Insup LeeAbstract:We present FBDTestMeasurer, an automated test coverage measurement tool for function block diagram (FBD) programs which are increasingly used in implementing safety critical Systems such as nuclear Reactor Protection Systems. We have defined new structural test coverage criteria for FBD programs in which dataflow-centric characteristics of FBD programs were well reflected. Given an FBD program and a set of test cases, FBDTestMeasurer produces test coverage score and uncovered test requirements with respect to the selected coverage criteria. Visual representation of uncovered data paths enables testers to easily identify which parts of the program need to be tested further. We found many aspects of the FBD logic that were not tested sufficiently when conducting a case study using test cases prepared by domain experts for Reactor Protection System software. Domain experts found this technique and tool highly intuitive and useful to measure the adequacy of FBD testing and generate additional test cases.
-
formal modeling and verification of safety critical software
IEEE Software, 2009Co-Authors: Junbeom Yoo, Eunkyoung Jee, Sungdeok ChaAbstract:Rigorous quality demonstration is important when developing safety-critical software such as a Reactor Protection System (RPS) for a nuclear power plant. Although using formal methods such as formal modeling and verification is strongly recommended, domain experts often reject formal methods for four reasons: there are too many candidate techniques, the notations appear complex, the tools often work only in isolation, and output is often too difficult for domain experts to understand. A formal-methods-based process that supports development, verification and validation, and safety analysis can help domain experts overcome these obstacles. Nuclear engineers can also use CASE tools to apply formal methods without having to know details of the underlying formalism. The authors spent more than seven years working with nuclear engineers in developing RPS software and applying formal methods. The engineers and regulatory personnel found the process effective and easy to apply with the integrated tool support.
-
control and data flow testing on function block diagrams
International Conference on Computer Safety Reliability and Security, 2005Co-Authors: Eunkyoung Jee, Junbeom Yoo, Sungdeok ChaAbstract:As programmable logic controllers(PLCs) have been used in safety-critical applications, testing of PLC applications has become important. The previous PLC-based software testing technique generates intermediate code, such as C, from function block diagram(FBD) networks and uses the intermediate code for testing purposes. In this paper, we propose a direct testing technique on FBD without generating intermediate code. In order to test FBD, we define testing granularity in terms of function blocks and propose an algorithm that transforms an FBD network to a flow graph. We apply existing control and data flow testing coverage criteria to the flow graph in order to generate test cases. To demonstrate the effectiveness of the proposed method, we use a trip logic of BP(Bistable Processor) at RPS(Reactor Protection System) in DPPS(Digital Plant Protection System) which is currently being developed at KNICS[1] in Korea.
-
a formal software requirements specification method for digital nuclear plant Protection Systems
Component-Based Software Engineering, 2005Co-Authors: Junbeom Yoo, Sungdeok Cha, Jangsoo Lee, Tai-hyo Kim, Han Seong SonAbstract:This article describes NuSCR, a formal software requirements specification method for digital plant Protection System in nuclear power plants. NuSCR improves the readability and specifiability by providing graphical or tabular notations depending on the type of operations. NuSCR specifications can be formally analyzed for completeness, consistency, and against the properties specified in temporal logic. We introduce the syntax and semantics of NuSCR and demonstrate the effectiveness of the approach using Reactor Protection System, digital Protection System being developed in Korea, as a case study.
Ming Yang - One of the best experts on this subject based on the ideXlab platform.
-
module level reliability performance evaluation of digital Reactor Protection System considering the repair and common cause failure
Annals of Nuclear Energy, 2017Co-Authors: Hidekazu Yoshikawa, Ming YangAbstract:Abstract The Reactor Protection System (RPS) is designed and installed in the nuclear power plants (NPPs) to ensure both safety and economy. Nowadays the RPS adopts the digital techniques which consist of different digital modules. Therefore, this paper focuses on evaluating the reliability performance of the digital RPS using the Colored Petri Net (CPN) considering the module repair time whenever it fails and the Common Cause Failure (CCF). The module repair is considered as it takes some time to repair or replace the failed module and during the repair duration the digital RPS is operated in the degraded configuration and the common cause failure would severely impact the System in the event of occurrence. By studying the failure phenomenon and mechanism, the random probability shock model is adopted for CCF. Using the proposed model, the Monte Carlo simulation is carried out. Consequently, the indicators such as Mean Time To Repair (MTTR), Mean Time Between Failures (MTBF), Probability of Failure on Demand (PFD) and Probability of Spurious Trip (PST) are calculated. Following main conclusions are drawn i.e., i) the CCF is the main contribution to the PFD and PST. So the countermeasure for the CCF must be designed for the digital RPS; ii) the CCF has no effect on the MTTFF, MTBF, MTTR and subSystem unavailability; iii) the failure detection time has adverse effect on the System. Therefore, the digital System should shorten the detection time or decrease the coverage for the failures that take long time to be detected.
-
reliability model of the digital Reactor Protection System considering the repair time and common cause failure
Journal of Nuclear Science and Technology, 2017Co-Authors: Hidekazu Yoshikawa, Ming YangAbstract:ABSTRACTReliability of the digital Reactor Protection System (RPS) is intensively researched as it is designed and installed to ensure the safety and economy which can be measured respectively by the probability of failure on demand (PFD) and probability of spurious trip (PST). Meanwhile, by analyzing the failure modes of the digital RPS, the failure on demand and spurious trip are the two main modes that should be evaluated for the reliability of digital RPS. Therefore, this paper develops the PFD and PST calculation formulas considering the module repair time as the repair takes some time, and during the repair duration, the digital System is operated in the degraded configuration and the common cause failure (CCF) which would severely impact the System in the event of occurrence. Considering the failure phenomenon of the digital RPS, the binomial failure rate (BFR) model is adopted for CCF. And the fault-tolerance techniques and their fault coverage are considered when calculating the PFD and PST. The ...
