Accessible Unlicensed Requires Authentication Published by De Gruyter October 23, 2021

Criticality analysis for safety-critical software in nuclear power plant distributed control system

Analyse sicherheitskritischer Software in verteilten Kontroll-systemen von Kernkraftwerken
J. Cui, Y. Cai and Y. Wu
From the journal Kerntechnik

Abstract

Software criticality analysis examines the degree of contribution that each individual failure mode of a software component has on the reliability of software. Higher safety integrity levels are assigned to software modules whose failures cause an unacceptable impact on the operation of the system, and these levels require the implementation of more rigorous software quality assurance measures as defined in IEEE Std 1012 and in the customer’s system requirements specification. In this paper, a novel software criticality analysis method is proposed, the results of which can be used to guide the development of newly developed software and the procurement of Commercial-Off-The-Shelf (COTS) software. The software structure is first analyzed and the software is divided into modules according to their functions. Then the criticality levels of software components are preliminarily classified by means of a safety criticality preliminary analysis tree, followed by their verification through the software hazard and operability analysis (HAZOP). Finally, the target Safety Integrity Level (SIL) of each software module is determined based on its criticality level and the overall safety objective (i. e., SIL) of the system it resides in. As an example, this proposed method is applied to a nuclear power plant safety-critical system to demonstrate the detail application process and to verify the feasibility of the method. Compared with the existing software criticality analysis methods, this method has better operability and verifiability, and can be utilized as a technical guidance for the software criticality analysis of nuclear power plant digital control systems.

Abstract

Die Software-Kritikalitätsanalyse untersucht den Grad des Beitrags, den jeder einzelne Fehlermodus einer Softwarekomponente zur Zuverlässigkeit der Software hat. Höhere Sicherheitsintegritätsstufen werden Softwaremodulen zugewiesen, deren Fehler eine inakzeptable Auswirkung auf den Betrieb des Systems haben, und diese Stufen erfordern die Umsetzung strengerer Softwarequalitätssicherungsmaßnahmen, wie sie in IEEE Std 1012 und in der Systemanforderungsspezifikation des Kunden definiert sind. In diesem Beitrag wird eine neuartige Methode zur Analyse der Softwarekritikalität vorgeschlagen, deren Ergebnisse als Richtschnur für die Entwicklung neu entwickelter Software und die Beschaffung von kommerzieller Software (COTS) dienen können. Zunächst wird die Softwarestruktur analysiert und die Software entsprechend ihrer Funktionen in Module unterteilt. Dann werden die Kritikalitätsstufen der Softwarekomponenten mit Hilfe eines vorläufigen Kritikalitätsanalysebaums vorläufig eingestuft, gefolgt von ihrer Überprüfung durch die Software-Gefahren- und Betriebsfähigkeitsanalyse (HAZOP). Schließ-lich wird der angestrebte Sicherheitsintegritätsgrad (SIL) jedes Softwaremoduls auf der Grundlage seines Kritikalitätsgrads und des Gesamtsicherheitsziels (d. h. SIL) des Systems, in dem es sich befindet, bestimmt. Als Beispiel wird diese Methode auf ein sicherheitskritisches System eines Kernkraftwerks ange-wandt, um den detaillierten Anwendungsprozess zu demonstrieren und die Machbarkeit der Methode zu überprüfen. Im Vergleich zu den bestehenden Methoden der Softwarekritikalitätsanalyse weist diese Methode eine bessere Bedienbarkeit und Verifizierbarkeit auf und kann als technischer Leitfaden für die Softwarekritikalitätsanalyse digitaler Kontrollsysteme in Kernkraftwerken verwendet werden.

Acknowledgements

The authors would like to thank the anonymous reviewers for their constructive feedback, which will help us improve this paper. This work was supported by the Development Foundation of College of Energy, Xiamen University [2017NYFZ01].

References

1 Rudakov, S.; Dickerson, C. E.: Harmonization of IEEE 1012 and IEC 60880 standards regarding verification and validation of nuclear power plant safety systems software using model-based methodology. Progress in Nuclear Energy 99 (2017) 86–95, DOI:10.1016/j.pnucene.2017.04.00310.1016/j.pnucene.2017.04.003Search in Google Scholar

2 Jung, S.; Kim, E. S.; Yoo, J.; et al.: An evaluation and acceptance of COTS software for FPGA-based controllers in NPPS. Annals of Nuclear Energy 94 (2016) 338–349, DOI:10.1016/j.anucene.2016.03.02610.1016/j.anucene.2016.03.026Search in Google Scholar

3 Yang, M.;Wang, J.; Chen, S.; et al.: Development of NPP digital I&C system closed-loop online test system based on signal transmission array. Progress in Nuclear Energy 108 (2018) 270–280, DOI:10.1016/j.pnucene.2018.05.02110.1016/j.pnucene.2018.05.021Search in Google Scholar

4 Gu, P. F.; Liu, Z. M.; Liang, H. H.; et al.: Evaluation Measures About Software V&Vof the Safety Digital I&C System in Nuclear Power Plant. Lecture Notes in Electrical Engineering 455 (2018) 233–239, DOI:10.1007/978-981-10-7416-5_2810.1007/978-981-10-7416-5_28Search in Google Scholar

5 Vinod, G.; Santosh, T. V.; Saraf, R. K.; et al.: Integrating Safety Critical Software System in Probabilistic Safety Assessment. Nuclear Engineering and Design 238 (2008) 2392–2399, DOI:10.1016/j.nucengdes.2008.02.02810.1016/j.nucengdes.2008.02.028Search in Google Scholar

6 International Atomic Energy Agency: IAEA Nuclear Energy Series No. NP-T-1.4 Implementing Digital Instrumentation and Control Systems in the Modernization of Nuclear Power Plants. Vienna, Austria. 2009Search in Google Scholar

7 Electric Power Research Institute (EPRI): Guidelines on the Use of Field Programmable Gate Arrays (FPGAs) in Nuclear Power Plant I&C Systems. California, USA, 2009Search in Google Scholar

8 International Electrotechnical Commission: Nuclear power plants – Instrumentation and control systems important to safety – Software aspects for computer-based systems performing category A functions. IEC Std 60880–2006, (2006) Geneva, SwitzerlandSearch in Google Scholar

9 IEEE: Software engineering standards committee of the IEEE computer society. IEEE 1012, IEEE standard for System and Software Verification and Validation. New York: Institute of Electrical and Electronics Engineers (2016)Search in Google Scholar

10 Wu, Y.; Shui, X.; Cai, Y.; et al.: Development, verification and validation of an FPGA-based core heat removal protection system for a PWR. Nuclear Engineering and Design 301 (2016) 311–319, DOI:10.1016/j.nucengdes.2016.03.01810.1016/j.nucengdes.2016.03.018Search in Google Scholar

11 Jharko. E P.: Safety functions in the software quality assurance of NPP safety important systems. 2019 International Conference on Industrial Engineering, Applications and Manufacturing, ICIEAM 2019, IEEE, 2019: 1–6, DOI:10.1109/ICIEAM.2019.874294510.1109/ICIEAM.2019.8742945Search in Google Scholar

12 U.S. Nuclear Regulatory Commission (NRC): Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants. Regulatory Guide (RG) 1.168, Revision 2,Washington, DC (2013).Search in Google Scholar

13 Lin, M.; Hou, D.; Liu, P.; et al.: Main control system verification and validation of NPP digital I&C system based on engineering simulator. Nuclear Engineering and Design 240 (2010) 1887–1896, DOI:10.1016/j.nucengdes.2010.03.01110.1016/j.nucengdes.2010.03.011Search in Google Scholar

14 Xi,W.; Bai,T.; Gu, P.-F.; et al.: An accident scenario-based statistical test method for RPS in nuclear power plant. Nuclear Engineering and Design 349 (2019) 109–117, DOI:10.1016/j.nucengdes.2019.04.02610.1016/j.nucengdes.2019.04.026Search in Google Scholar

15 Gabriel, A.; Ozansoy, C.; Shi, J.: Developments in SIL determination and calculation. Reliability Engineering and System Safety 177 (2018) 148–161, DOI:10.1016/j.ress.2018.04.02810.1016/j.ress.2018.04.028Search in Google Scholar

16 Ye, F.; Kelley, T.: Criticality analysis for software components. In Proceedings of the 22nd International System Safety Conference (ISSSC’04), Providence, Rhode Island, USA, 2004Search in Google Scholar

17 Paulsen, C.; Boyens, J.; Bartol, N.; et al.: Criticality Analysis Process Model. No. NIST Interagency/Internal Report (NISTIR)-8179, 2018, 1–4Search in Google Scholar

18 International Electrotechnical Commission: Functional safety of electrical/electronic/programmable electronic safety-related systems, parts 1–7. (2010) IEC Std 61508 Ed 2.0, Switzerland: International Electrotechnical Commission, Geneva.Search in Google Scholar

19 King, A. G.: SIL determination: Recognising and handling high demand mode scenarios. Process Safety and Environmental Protection 92 (2014) 324–328, DOI:10.1016/j.psep.2014.01.00210.1016/j.psep.2014.01.002Search in Google Scholar

20 Bishop, P.; Bloomfield, R.; Clement, T.; et al.: Software criticality analysis of COTS/SOUP. Reliability Engineering and System Safety 81 (2003) 291–301, DOI:10.1016/S0951-8320(03)00093-010.1016/S0951-8320(03)00093-0Search in Google Scholar

21 Ye, F.: Justifying the Use of COTS Components within Safety Critical Applications. Submitted for the degree of doctor of Philosophy, University of York, September 2005Search in Google Scholar

22 Xie, M.; Goh, T. N.: Failure mode and effects analysis. Master thesis, September 1997Search in Google Scholar

23 Jou, Y. T., Yang, K. H.; Liao, M. L.; et al.: Multi-criteria failure mode effects and criticality analysis method: A comparative case study on aircraft braking system. International Journal of Reliability and Safety 10 (2016) 1–21, DOI:10.1504/IJRS.2016.07633810.1504/IJRS.2016.076338Search in Google Scholar

24 Renjith, V. R.; Kalathil, M. J.; Kumar, P. H.; et al.: Fuzzy FMECA (failure mode effect and criticality analysis) of LNG storage facility. Journal of Loss Prevention in the Process Industries 56 (2018) 537–547, DOI:10.1016/j.jlp.2018.01.00210.1016/j.jlp.2018.01.002Search in Google Scholar

25 Brom, A. E.; Omelchenko, I. N.; Belova, O. V.: Lifecycle Costs for Energy Equipment FMECA for Gas Turbine. Procedia Engineering 152 (2016) 177–181, DOI:10.1016/j.proeng.2016.07.68810.1016/j.proeng.2016.07.688Search in Google Scholar

26 Giardina, M.; Morale, M.: Safety study of an LNG regasification plant using an FMECA and HAZOP integrated methodology. Journal of Loss Prevention in the Process Industries 35 (2015) 35–45, DOI:10.1016/J.JLP.2015.03.01310.1016/J.JLP.2015.03.013Search in Google Scholar

27 Department of Defense: DoD Standard Practice System Safety. (2002)Search in Google Scholar

28 Pessoney, M.; Stump, S.: Software System Safety, Software Criticality, and Software Hazard Control Categories for Information Systems. (2013), A-P-T ResearchSearch in Google Scholar

29 Park, G. Y.; Lee, J. S.; Cheon, S. W.; et al.: Safety analysis of safety-critical software for nuclear digital protection system. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2007, 148–161, DOI:10.1007/978-3-540-75101-4_1510.1007/978-3-540-75101-4_15Search in Google Scholar

30 Medoff, D. M.; Faller R. I.: Functional Safety-An IEC61508 SIL3 Compliant Development Process. 3rd. Sellersville, PA, USA: LLC, 2014, 978–193497708–8.Search in Google Scholar

31 Jung, S.; Yoo, J.; Lee, Y. J.: A Software Fault Tree Analysis Technique for Formal Requirement Specifications of Nuclear Reactor Protection Systems. Reliability Engineering and System Safety 203 (2020) 107064, DOI:10.1016/j.ress.2020.10706410.1016/j.ress.2020.107064Search in Google Scholar

32 Kabir, S.: An overview of fault tree analysis and its application in model based dependability analysis. Expert Systems with Applications 77 (2017) 114–135, DOI:10.1016/j.eswa.2017.01.05810.1016/j.eswa.2017.01.058Search in Google Scholar

33 Huang, C.; Li, L.: Architectural design and analysis of a steer-by-wire system in view of functional safety concept. Reliability Engineering and System Safety 198 (2020) 106822, DOI:10.1016/j.ress.2020.10682210.1016/j.ress.2020.106822Search in Google Scholar

34 Han. B.; Shorthill, T.; Zhang, H.: Hazard analysis for identifying common cause failures of digital safety systems using a redundancy-guided systems-theoretic approach. Annals of Nuclear Energy 148 (2020) 107686, DOI:10.1016/j.anucene.2020.10768610.1016/j.anucene.2020.107686Search in Google Scholar

35 Baybutt, P.: On the need for system-theoretic hazard analysis in the process industries. Journal of Loss Prevention in the Process Industries 69 (2021) 104356, DOI:10.1016/j.jlp.2020.10435610.1016/j.jlp.2020.104356Search in Google Scholar

36 Rimkevičius, S.; Vaišnoras, M.; Babilas, E.; et al.: HAZOP application for the nuclear power plants decommissioning projects. Annals of Nuclear Energy 94 (2016) 461–471, DOI:10.1016/j.anucene.2016.04.02710.1016/j.anucene.2016.04.027Search in Google Scholar

37 Baybutt, P.: A critique of the Hazard and Operability (HAZOP) study. Journal of Loss Prevention in the Process Industries 33 (2015) 52–58, DOI:10.1016/j.jlp.2014.11.01010.1016/j.jlp.2014.11.010Search in Google Scholar

38 Silvianita; Khamidi, M. F.; Rochani, I.; et al.: Hazard and Operability Analysis (HAZOP) of Mobile Mooring System. Procedia Earth and Planetary Science 14 (2015) 208–212, DOI:10.1016/j.proeps.2015.07.10310.1016/j.proeps.2015.07.103Search in Google Scholar

39 Hadef, H.; Negrou, B.; Ayuso, T. G.; et al.: Preliminary hazard identification for risk assessment on a complex system for hydrogen production. International Journal of Hydrogen Energy 45 (2020) 11855–11865, DOI:10.1016/j.ijhydene.2019.10.16210.1016/j.ijhydene.2019.10.162Search in Google Scholar

40 Li, H.; Li, K.; Liu, B.; et al.: Study on the passive refrigeration for main control room of nuclear power plant in power outage accident. Nuclear Engineering and Design 326 (2018) 183–189, DOI:10.1016/j.nucengdes.2017.11.02210.1016/j.nucengdes.2017.11.022Search in Google Scholar

41 Mayaka, J.; Jung, J. C.: Complexity reduction of the Engineered Safety Features Component Control System. Nuclear Engineering and Design 331 (2018) 194–203, DOI:10.1016/j.nucengdes.2018.01.00310.1016/j.nucengdes.2018.01.003Search in Google Scholar

Received: 2021-04-17
Published Online: 2021-10-23

© 2021 Walter de Gruyter GmbH, Berlin/Boston, Germany