Sage Journals: Discover world-class research

Abstract

Probabilistic risk assessment (PRA) is a methodology consisting of techniques to assess the probability of failure or success of a system. It has been proven to be a systematic, logical, and comprehensive methodology for risk assessment. However, the contribution of software to risk has not been well studied. To address this shortcoming, recent research has focused on the development of an approach to systematically integrate software risk contributions into the PRA framework. The latter research has identified as key the need to quantify various major software-failure-related contributions to risk. Of these contributions, the quantification of input failures is the topic of this paper. An input failure consists of a failure of a system component directly or indirectly connected to a software component, which reaches the software input and propagates through the software component. The paper studies and quantifies the impact of input failures on the software component and then further on in the system, and outlines a framework to systematically conduct such an analysis. An application to a safety-critical system is also provided that illustrates the application of the concepts introduced in the paper.

Keywords

probabilistic risk assessment software fault propagation software reliability system failure

Get full access to this article

View all access options for this article.

References

Lions

J. L.

, Ariane 501 failure: report by the Inquiry Board, European Space Agency, 19 July 1996.

Stephenson

, Mars Climate Orbiter: Mishap Investigation Board report, NASA, 10 November 1999.

Report on the loss of Mars Polar Lander and Deep Space 2 missions, NASA Jet Propulsion Laboratory, 22 March 2000.

Leveson

N. G

Safeware: system safety and computers (New York: Addison-Wesley 1995)

Pavlovich

J. G.

, Formal report of investigation of the 30 April 1999 Titan IV B/Centaur TC-14/Milstar-3 (B-32) space launch mishap, US Air Force, 1999.

Leveson

N. G

‘Role of software in spacecraft accidents’

J. Spacecr. Rockets 41 (4) (2004): 564–575

Smidts

‘Integrating software into PRA: a software related failure mode taxonomy’

Risk Anal. 26 (4) (2006): 997–1012

Smidts

‘Integrating software into PRA: a test-based approach’

Risk Anal. 25 (2005): 1061–1077

Ghose

Smidts

‘Integrating software into PRA’. In Proceedings of the 14th IEEE International Symposium on Software reliability engineering (ISSRE'2003), Denver, Colorado, 17–21 November 2003, pp. 246–258 (IEEE, Piscataway, New Jersey).

10.

Three Mile Island accident, available from http://en.wikipedia.org/wiki/Three_Mile_Island (accessed 15 October 2009)

11.

Kumamoto

Henley

E. J

Probabilistic risk assessment and management for engineers and scientists (Piscataway, New Jersey: IEEE 1996)

12.

Saphire information page, available at http://saphire.inel.gov/information.cfm (accessed 5 September 2009)

13.

Rutledge

, Overview of the quantitative risk assessment system (QRAS) project, (CQSDI 2000, Cape Canaveral, Florida, 2000 (American Society for Quality, Aviation/Space & Defense Division)

14.

Groen

Smidts

Mosleh

‘QRAS - the quantitative risk assessment system’

Reliab. Engng Syst. Saf. 96 (3) (2006): 292–304

15.

Cornell

E. P

Dillon

‘Probabilistic risk analysis for NASA space shuttle: a brief history and current work’

Reliab. Engng Syst. Saf. 74 (2002): 3456–352

16.

17.

18.

19.

20.

Dugan

J. D

Lyu

‘Software reliability analysis using fault trees’

In Software fault tolerance (New York: McGraw Hill 1995)

21.

Lutz

R. R

‘Analyzing software requirements errors in safety-critical, embedded systems’ (1992)

22.

Lutz

R. R

‘Targeting safety-related errors during software requirements analysis’

SIGSOFT Softw. Engng Notes 18 (5) (1993): 99–106

23.

Schneidewind

N. F

Keller

T. W

‘Applying reliability models to the space shuttle’

IEEE Softw. 9 (4) (1992): 28–33

24.

Lee

A. T.

Gunn

T. R.

, A quantitative risk assessment method for space flight software systems. The Fourth International Symposium on Software Reliability Engineering. Denver, Colorado, 3–6 November 2003.

25.

Ammar

H. H

Nikzadeh

Dugan

J. B

‘Risk assessment of software-system specifications’

IEEE Trans. Reliab. 50 (2) (2001): 171–183

26.

Yacoub

S. M

Ammar

H. H

‘A methodology for architecture-level reliability risk analysis’

IEEE Trans. Softw. Engng 28 (6) (2002): 529–547

27.

Bennett

J. C

Bohoris

G. A

Aspinwall

E. M

Hall

R. C

‘Risk analysis techniques and their application to software development’

Eur. J. Opera. Res. 95 (3) (1996): 467–475

28.

Iannino

Musa

J. D

Okumoto

Software reliability: measurement, prediction, application (New York: McGraw-Hill 1987)

29.

Lyu

M. R

Handbook of software reliability engineering (New Jersey: McGraw-Hill 1996)

30.

Hansen

K. M

Ravn

A. P

Stavridou

‘From safety analysis to software requirements’

IEEE Trans. Softw. Engng 24 (7) (1998): 573–584

31.

Yacoub

Cukic

Ammar

H. H

‘A scenario-based reliability analysis approach for component-based software’

IEEE Trans. Reliab. 53 (4) (2004): 465–480

32.

NUREG CR 6962: 2008 Traditional probabilistic risk assessment methods for digital systems

33.

Kang

H. G

Sung

‘An analysis of safety-critical digital systems for risk-informed design’

Reliab. Engng Syst. Saf. 78 (3) (2002): 307–314

34.

NUREG CR 6942: 2007, Dynamic reliability modeling of digital instrumentation and control systems for nuclear reactor probabilistic risk assessments

35.

Zhu

Mosleh

Smidts

‘A framework to integrate software behavior into dynamic probabilistic risk assessment’

Reliab. Engng Syst. Saf. 92 (12) (2007): 1733–1755

36.

Michael

C. C

Jones

R. C

‘On the uniformity of error propagation in software’. In Proceedings of the 12th Annual Conference on Computer assurance (COMPASS'97), Gaithersburg, Maryland, 16–19 June1 997, pp. 68–76 (IEEE, New York).

37.

Hiller

Jhumka

Suri

‘On the placement of software mechanisms for detection of data errors’, In Proceedings of the International Conference on Dependable systems and networks (DSN 2002), Washington, DC, 23–26 June 2002, pp. 135–144 (IEEE Comput. Soc Los Alamitos, California).

38.

Hiller

Jhumka

Suri

‘An approach for analyzing the propagation of data errors in software’. Dependable System and Networks (DSN 2001), Göteborg, Sweden, 2001.

39.

Jhumka

Hiller

Suri

‘Assessing inter-modular error propagation in distributed software’. In Proceedings of the 20th IEEE Symposium on Reliable distributed systems, New Orleans, Louisiana, 28–31 October 2001, pp. 152–161 (IEEE, Piscataway, New Jersey).

40.

Nassar

D. M.

Rabie

W. A.

Shereshevsky

Gradetsky

Ammar

H. H.

Bogazzi

Mili

, Estimating error propagation probabilities in software architectures, College of Computer Science, New Jersey Institute of Technology, 2004.

41.

Nassar

D. M

Rabie

W. A

Shereshevsky

Gradetsky

Ammar

H. H

Bogazzi

Mili

‘A framework for error propagation analysis of software architecture specifications’. In Proceedings of the 13th IEEE International Symposium on Software reliability engineering (ISSRE' 2002), Annapolis, Maryland, 12–15 November 2002, pp. 9–11 (IEEE, Piscataway, New Jersey).

42.

Thompson

M. C.

Richardson

D. J.

Clarke

L. A.

. An information flow model of fault detection. The First International Symposium on Software testing and analysis (ISSTA), Cambridge, Massachusetts, 28–30 June 1993.

43.

Richardson

D. J

Thompson

M. C

‘An analysis of test data selection criteria using the RELAY model of fault detection’

IEEE Trans. Softw. Engng 19 (6) (1993): 533–553

44.

Richardson

D. J

Thompson

M. C

‘The RELAY model of error detection and its application’. In Proceedings of the Second Workshop on Software testing, verification and analysis, Banff, Canada, 19–21 July 1988, pp. 223–230 (IEEE Comput. Soc. Press, Washington, DC).

45.

Voas

‘PIE: a dynamic failure-based technique’

IEEE Trans. Softw. Engng 18 (8) (1992): 717–727

46.

Voas

Morell

L. J

Miller

K. W

‘Predicting where faults can hide from testing’

IEEE Softw. 8 (2) (1991): 41–48

47.

Voas

Miller

‘Dynamic testability analysis for assessing fault tolerance’

High Integr. Syst. J. 1 (2) (1994): 171–178

48.

Voas

‘Error propagation analysis for COTS system’

J. Comput. Control Engng 8 (6) (1997): 269–272

49.

Voas

‘Software testability measurement for assertion placement and fault localization’. In Proceedings of the Second International Workshop on Automated and algorithmic debugging (AADEBUG'95), St. Malo, France, 22–24 May 1995, pp. 133–144 (INSA de Rennes Rennes, France).

50.

Khoshgoftaar

T. M

Szabo

R. M

Voas

J. M

‘Detecting program modules with low testability’. In Proceedings of the International Conference on software maintenance, Opio, France, 17–20 October 1995, pp. 242–250 (IEEE Comput. Soc. Press, Los Alamitos, California, USA).

51.

Murrill

Morell

Olimpiew

‘A perturbation-based testing strategy’. In Proceedings of the eighth IEEE International Conference on Engineering of complex computer systems (ICECCS 2002), Greenbelt, Maryland, 2–4 December 2002, pp. 145–152 (IEEE, Piscataway, New Jersey).

52.

Kao

W. L

Tang

Iyer

R. K

‘Study of fault propagation using fault injection in the UNIX System’. In Proceedings of the Second Asian test symposium, Beijing, China, 16–18 November 1993, pp. 38–43 (IEEE Comput. Soc. Press Los Alamitos, California, USA).

53.

Guan

Graham

J. H

‘Diagnostic reasoning with fault propagation digraph and sequential testing’

IEEE Trans. Syst. Man Cybern. 24 (10) (1994): 1552–1558

54.

Wei

A study of software input failure propagation mechanisms, PhD Thesis, Mechanical Engineering, University of Maryland, 2006.

55.

Kossiakoff

Sweet

W. N

Systems engineering principles and practice (New York: Wiley 2003)

56.

Musa

‘The operational profile in software reliability engineering: an overview’ The Third International Symposium on Software Reliability Engineering, Research Triangle Park, North Carolina, 7–10 October 1992.

57.

NUREG CR 1624: 2000, Technical basis and implementation guidelines for a technique for human event analysis (ATHEANA)

58.

NUREG CR 1278: 1983, Handbook of human reliability analysis with emphasis on nuclear power plant applications

59.

Wei

Rodriguez

Smidts

‘How time- related failures affect the software system’. The eighth International Conference on Probabilistic Safety Assessment and Management (PSAM), New Orleans, Louisiana, 14–18 May 2006.

60.

Glasstone

Sesonske

‘Reactor trip signals’

In nuclear reactor engineering: reactor systems engineering (Norwell, Massachusetts: Springer 1994): pp. 680.

61.

Huang

Bernstein

Smidts

‘Study of impact of hardware failures on software reliability’. In Proceedings of the 16th IEEE International Symposium on Software reliability (ISSRE 2005), Chicago, Illinois, 8–11 November 2005, pp. 63–72 (IEEE, Piscataway, New Jersey).

62.

Huang

Bernstein

Smidts

, Software-specific hardware failure profile. The 41st AIAA/ASME/SAE/ASEE Joint Propulsion Conference and Exhibit (AIAA 2005), Tucson, Arizona, 2005.

63.

Huang

Rodriguez

Bernstein

Smidts

, Software reliability estimation of microprocessor transient faults. The 42nd AIAA/ASME/SAE/ASEE Joint Propulsion Conference and Exhibit (AIAA 2006), Sacramento, California, 2006.

64.

Huang

Rodriguez

Smidts

‘On the development of fault injection profiles’ (2007)

Probabilistic risk assessment framework for software propagation analysis of failures

Abstract

Keywords

Get full access to this article

References