Presentation is loading. Please wait.

Presentation is loading. Please wait.

TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY

Published byDonald Brokenshire Modified over 10 years ago

Similar presentations

Presentation on theme: "TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY"— Presentation transcript:

1 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› http://www.syslog.com/~jwilson/pics-i-like/kurios119.jpg

2 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› ball@mitre.ARPA Thu, 08 Jan 87 11:29:37 -0500 […] I question whether assigning a monetary value to human life would provide additional insight into the management of risks. I am not convinced that we know how to predict risks, particularly unlikely ones, with any degree of confidence. I would hate to see a $500K engineering change traded off against a loss of 400 lives @ $1M with a 10E-9 expected probability. I'm afraid reducing the problem to dollars could tend to obscure the real issues. Moreover, even if the analyses were performed correctly, the results could be socially unacceptable. I suspect that in the case of a spacecraft, or even a military aircraft, the monetary value of the crew's lives would be insignificant in comparison with other program costs, even with a relatively high hazard probability. In the case of automobile recalls, where the sample size is much larger, the manufacturers may already be trading off the cost of a recall against the expected cost of resulting lawsuits, although I hope not. http://catless.ncl.ac.uk/Risks/4.38.html#subj7

3 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Making it work

4 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Failures Catastrophic –Serious consequences Major –Incorrect operation –Possibly recoverable Minor –Inconvenience Not noticed

5 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Fault Tolerance Steps 1/3 Fault Detection –The process of determining that a fault has occurred Diagnosis –The process of determining what caused the fault, or exactly which subsystem or component is faulty Containment –The process that prevents the propagation of faults from their origin at one point in a system to a point where it can have an effect on the service to the user Source: http://hissa.ncsl.nist.gov/chissa/SEI_Framework/framework_16.html

6 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Fault Tolerance Steps 2/3 Masking –The process of insuring that only correct values get passed to the system boundary in spite of a failed component. Compensation –If a fault occurs and is confined to a subsystem, it may be necessary for the system to provide a response to compensate for output of the faulty subsystem. Source: http://hissa.ncsl.nist.gov/chissa/SEI_Framework/framework_16.html

7 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Fault Tolerance Steps 3/3 Repair –The process in which faults are removed from a system. In well-designed fault tolerant systems, faults are contained before they propagate to the extent that the delivery of system service is affected. This leaves a portion of the system unusable because of residual faults. If subsequent faults occur, the system may be unable to cope because of this loss of resources, unless these resources are reclaimed through a recovery process which insures that no faults remain in system resources or in the system state. Source: http://hissa.ncsl.nist.gov/chissa/SEI_Framework/framework_16.html

8 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Buzzwords Fault Tolerance Robust Computing Fail-Safe Intrinsically safe

9 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Mechanisms Defensive Design –Prevent faults in the first place Fault tolerance/Robustness –Can operate in an imperfect situation Fail-Safe –Limit the consequences of a failure

10 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Redundancy Design the system with multiple instances of critical units in such a manner that the failure of some of these units does not directly fail the entire system. –No single point of failure

11 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Limits When a range of values is physically possible, use a subset for safety –Soft Indicator when recommended values are exceeded –Hard for use when exceeding the limits would damage the system

12 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Interlocks Mechanical –one part cannot move until another does Software –semaphores

13 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Sanity checks A mechanism for the system to ensure correct operation Related to Interlocks and Limits ’does this make sense here’

14 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Safe start-up and shutdown When electronic devices devices are activated, they are by nature in a random state until forced into a desired state Be proactive and make sure instead of just assuming things to be as needed

15 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Calibration Factory calibration is useful only for a limited time Instruments drift due to: –temperature –loading –pressure –age Self calibration –useful in a controlled fashion

16 TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY olli.seppala@hut.fi‹#› Testing You cannot test enough You can test too much You can test wrong You can think wrong But you must test

Download ppt "TEKNILLINEN KORKEAKOULU HELSINKI UNIVERSITY OF TECHNOLOGY"

Similar presentations

An advanced weapon and space systems company 1 23 rd ISSC/NWSSS Conference 23 rd ISSC/NWSSS Conference C. Forni, B. Blake – 08-23-2005 Remote Controlled.

An advanced weapon and space systems company 1 23 rd ISSC/NWSSS Conference 23 rd ISSC/NWSSS Conference C. Forni, B. Blake – Remote Controlled.
Assumptions underlying regression analysis

Assumptions underlying regression analysis
Principles of Engineering System Design Dr T Asokan

Principles of Engineering System Design Dr T Asokan
Chapter 8 Fault Tolerance

Chapter 8 Fault Tolerance
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University.

Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University.
CS 603 Failure Models April 12, 2002. Fault Tolerance in Distributed Systems Perfect world: No Failures –W–We don’t live in a perfect world Non-distributed.

CS 603 Failure Models April 12, Fault Tolerance in Distributed Systems Perfect world: No Failures –W–We don’t live in a perfect world Non-distributed.
Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Soft. Eng. II, Spr. 2002Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 9 Title : Reliability Reading: I. Sommerville, Chap. 16, 17 and 18.

Soft. Eng. II, Spr. 2002Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 9 Title : Reliability Reading: I. Sommerville, Chap. 16, 17 and 18.
7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.

7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.
Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.

Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 2 Slide 1 Systems engineering 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 2 Slide 1 Systems engineering 1.
SAFE 605: Principles of Safety Engineering Overview of Safety Engineering Safety Engineering Concepts.

SAFE 605: Principles of Safety Engineering Overview of Safety Engineering Safety Engineering Concepts.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Software faults & reliability Presented by: Presented by: Pooja Jain Pooja Jain.

Software faults & reliability Presented by: Presented by: Pooja Jain Pooja Jain.
Software Reliability Categorising and specifying the reliability of software systems.

Software Reliability Categorising and specifying the reliability of software systems.
2. Fault Tolerance. 2 Fault - Error - Failure Fault = physical defect or flow occurring in some component (hardware or software) Error = incorrect behavior.

2. Fault Tolerance. 2 Fault - Error - Failure Fault = physical defect or flow occurring in some component (hardware or software) Error = incorrect behavior.
1 Chapter 2 Socio-technical Systems (Computer-based System Engineering)

1 Chapter 2 Socio-technical Systems (Computer-based System Engineering)
LSST Workshop Bremerton, WA August, 20151 LSST Workshop Bremerton, WA August, 2015 Camera Protection System Martin Nordby Chief Mechanical Engineer LSST.

LSST Workshop Bremerton, WA August, LSST Workshop Bremerton, WA August, 2015 Camera Protection System Martin Nordby Chief Mechanical Engineer LSST.

Similar presentations

Ads by Google