• Proceedings of the KSR Conference
• /
• 2011.05a
• /
• pp.1414-1419
• /
• 2011

In this paper we study the modeling to quantitatively assess the failure rate of USN system designed for fault-tolerant architecture, aiming at applying the world's best domestic USN technology to safety-critical railways. In order to apply the USN system to the safety-critical field like a train control sector that the failures of controllers may cause severe railway accidents such as train collision and derailment, the quantitative reliability and safety evaluation recommended in IEC 62278 must be preceded. We also develop the evaluation model for overall system failure rate for the distributed network structure, which is the characteristics of USN system. Especially, we allocate reliability targets to component units, and present an availability evaluation plan through the plan on the quantitative achievement of failure rate for sensor nodes, gateways, radio-communication network and servers, along with the failure rate model of the overall system considering network operational features.

• International Journal of Safety
• /
• v.3 no.1
• /
• pp.38-46
• /
• 2004

This paper introduces the software life-cycle V&V (verification and validation) tasks for the KNICS (Korea nuclear instrumentation and control system) project. The objectives of the V&V tasks are mainly to develop a programmable logic controller (PLC) for safety critical instrumentation and control (I&C) systems, and then to apply the PLC to developing the prototype of an engineered safety features-component control system (ESF-CCS) in nuclear power plants. As preparative works for the software V&V, various kinds of software plans and V&V task procedures have been developed according to the software life-cycle management. A number of software V&V tools have been adopted or developed to efficiently support the V&V tasks. The V&V techniques employed in this work include a checklist-based review and inspection, a requirement traceability analysis, formal verification, and life-cycle based software testing.

• Proceedings of the Safety Management and Science Conference
• /
• 2006.04a
• /
• pp.237-249
• /
• 2006

Critical incident can be happened at any time, any places without any pre-notification. For minimizing the loss of the life safety, financial and so on caused by the risk, most of company needs a system what can activate the critical incident management plan to prevent, plan for and respond to events that become critical incident. But a lot of company still don't have such a detailed system in our country and almost company has no effective training way for to boot. This paper shows the way to activate the risk management system to work efficiently the plan. The training way, proposed by this paper, is a incident command simulator based on virtual reality and scenario generation software.

• Journal of the Korea Safety Management & Science
• /
• v.8 no.4
• /
• pp.25-37
• /
• 2006

Critical incident can be happened at any time, any places without any pre-notification. For minimizing the loss of the life safety, financial and so on caused by the risk, most of company needs a system what can activate the critical incident management plan to prevent, plan for and respond to events that become critical incident. But a lot of company still don't have such a detailed system in our country and almost company has no effective training way for to boot. This paper shows the way to activate the risk management system to work efficiently the plan. The training way, proposed by this paper, is a incident command simulator based on virtual reality and scenario generation software.

• Nuclear Engineering and Technology
• /
• v.41 no.6
• /
• pp.849-858
• /
• 2009

Risk caused by safety-critical instrumentation and control (I&C) systems considerably affects overall plant risk. As digitalization of safety-critical systems in nuclear power plants progresses, a risk model of a digitalized safety system is required and must be included in a plant safety model in order to assess this risk effect on the plant. Unique features of a digital system cause some challenges in risk modeling. This article aims at providing an overview of the issues related to the development of a static fault-tree-based risk model. We categorize the complicated issues of digital system probabilistic risk assessment (PRA) into four groups based on their characteristics: hardware module issues, software issues, system issues, and safety function issues. Quantification of the effect of these issues dominates the quality of a developed risk model. Recent research activities for addressing various issues, such as the modeling framework of a software-based system, the software failure probability and the fault coverage of a self monitoring mechanism, are discussed. Although these issues are interrelated and affect each other, the categorized and systematic approach suggested here will provide a proper insight for analyzing risk from a digital system.

• Journal of Aerospace System Engineering
• /
• v.6 no.3
• /
• pp.7-12
• /
• 2012

The contents of aircraft system safety assessment vary depending on factors such as the complexity of the system, how critical the system is to flight safety, what volume of experience is available on the type of system and the novelty and complexity of the technologies being used. If the system safety assessment is to substantiate that the developed products are 'safe enough' to be taken into use, then the system safety assessment should be planned and managed to provide the necessary assurance that all relevant hazards and failure conditions have been identified and that all significant combinations of hazards and failures which could cause those conditions have been considered. The assessment must assist the designer and management in making decisions. It must make clear what the critical features of each system are and upon which special manufacturing techniques, inspection, testing, crew drills and maintenance practice they are critically dependent. This paper has prepared to study on promoting the efficiency of aircraft system safety assessment and to present how to compile system safety assessment strategy.

• Proceedings of the KIEE Conference
• /
• 2008.04c
• /
• pp.158-160
• /
• 2008

Safety critical systems are those in which a failure can have serious and irreversible consequences. Nowadays digital technology has been rapidly applied to critical system such as railways, airplanes, nuclear power plants, and vehicles. The main difference between analog system and digital system is that the software is the key component of the digital system. The digital system performs more varying and highly complex functions efficiently compared to the existing analog system because software can be flexibly designed and implemented. The flexible design make it difficult to predict the software failures. This paper reviews safety standard and criteria for safety critical system such as railway system and suggests development methodology, ordering management and assessment process for railway software with more detail description.

• Proceedings of the KIEE Conference
• /
• 2008.07a
• /
• pp.1014-1015
• /
• 2008

Safety critical systems are those in which a failure can have serious and irreversible consequences. Nowadays digital technology has been rapidly applied to critical system such as railways, airplanes, nuclear power plants, and vehicles. The main difference between analog system and digital system is that the software is the key component of the digital system. The digital system performs more varying and highly complex functions efficiently compared to the existing analog system because software can be flexibly designed and implemented. The flexible design make it difficult to predict the software failures. This paper reviews safety standard and criteria for safety critical system such as railway system and suggests development process, ordering management and assessment process for railway software with more detail description.

• Nuclear Engineering and Technology
• /
• v.41 no.1
• /
• pp.91-98
• /
• 2009

The "3+3 Process" for safety critical software for nuclear power plants' I&C (Instrumentation and Control system) has been developed in this work. The main idea of the "3+3 Process" is both to simplify the software development and safety analysis in three steps to fulfill the requirements of a software safety plan [1]. The "3-Step" software development process consists of formal modeling and simulation, automated code generation and coverage analysis between the model and the generated source codes. The "3-Step" safety analysis consists of HAZOP (hazard and operability analysis), FTA (fault tree analysis), and DV (design validation). Put together, these steps are called the "3+3 Process". This scheme of development and safety analysis minimizes the V&V work while increasing the safety and reliability of the software product. For assessment of this process, validation has been done through prototyping of the SDS (safety shut-down system) #1 for PHWR (Pressurized Heavy Water Reactor).

• Nuclear Engineering and Technology
• /
• v.27 no.1
• /
• pp.84-95
• /
• 1995

Application of computer software to safety-critical systems is on the increase. To be successful, the software must be designed and constructed to meet the functional and performance requirements of the system. For safety reason, the software must be demonstrated not only to meet these requirements, but also to operate safely as a component within the system. For longer-term cost consideration, the software must be designed and structured to ease future maintenance and modifications. This paper present a software engineering process for the production of safety-critical software for a nuclear power plant The presentation is expository in nature of a viable high quality safety-critical software development. It is based on the ideas of a rational design process and on the experience of the adaptation of such process in the production of the safety-critical software for the Shutdown System Number Two of Wolsong 2, 3 & 4 nuclear power generation plants. This process is significantly different from a conventional process in terms of rigorous software development phases and software design techniques. The process covers documentation, design, verification and testing using mathematically precise notations and highly reviewable tabular format to specify software requirements and software design. These specifications allow rigorous, stepwise verification of software design against software requirements, and code against software design using static analysis. The software engineering process described in this paper applies the principle of information-hiding decomposition in software design using a modular design technique so that when a change is' required or an error is detected, the affected scope can be readily and confidently located. It also facilitates a sense of high degree of confidence in the ‘correctness’ of the software production, and provides a relatively simple and straightforward code implementation effort.