Software fault tree analysis

doi:10.1016/0164-1212(83)90030-4

Journal of Systems and Software

Volume 3, Issue 2, June 1983, Pages 173-181

https://doi.org/10.1016/0164-1212(83)90030-4 Get rights and content

Abstract

With the increased use of software in safety critical systems, software safety has become an important factor in system quality. This paper describes a technique, software fault tree analysis, for the safety analysis of software. The technique interfaces with hardware fault tree analysis to allow the safety of the entire system to be maximized. Experience with the technique and its practicality are discussed.

References (7)

R.L. Browning
The Loss Rate Concept in Safety Engineering
(1980)
S.L. Gerhart et al.
Observations on the Fallibility in Applications of Modern Programming Methodologies
IEEE Trans. Software Engin.
(1976)
J.G. Griggs
A Method of Software Safety Analysis

There are more references available in the full text version of this article.

Cited by (41)

Collision detection and resolution of hazard prevention actions in safety critical systems
2016, Journal of Systems and Software
Citation Excerpt :
These studies by and large were focused on the hazard identification and root cause analysis, using certain analysis techniques. The representative techniques include Fault Tree Analysis (FTA) (Leverson and Harvey, 1983a), Failure Mode and Effect Analysis (FMEA) (Snooke and Price, 2011), and Hazard and Operability Analysis (HAZOP) (Redmill et al., 1999). There are also other important techniques, such as Event Tree Analysis (ETA) (Andrews and Dunnett, 2000) and Cause-Consequence Analysis (CCA) (Pauperas and Ridley, 1991), which can be used to identify what kinds of safety actions should be prepared, and to evaluate whether the safety actions can be activated and executed in normal operating conditions.
The importance of safety-critical systems can never be overemphasized, as we have witnessed how devastating the accidents were with the recent nuclear power plant explosions and also with airplane and spaceship crashes. To ensure the safety of such systems, system engineers should consider how to prevent system hazards during the design phase of system development. Although existing techniques, such as event tree analysis and cause-consequence analysis, suggest various ways of hazard prevention for safety-critical systems, they per se do not deal with situations where two distinct actions of two separate safety devices can fail to prevent the very hazard they are supposed to prevent, since they collide, or conflict, with each other. In this paper, we propose a technique for identifying and analyzing the colliding actions of safety devices, using fault prevention tree and resource map. We also propose the use of a mediator for coordinating the actions that otherwise would lead to a collision. Through an empirical study, we demonstrate that this technique can help design (more) robust systems that can prevent hazards, while meeting the software safety requirements in practical system development.
DAG-based attack and defense modeling: Don't miss the forest for the attack trees
2014, Computer Science Review
Citation Excerpt :
A short history of non-security related fault trees was published by Ericson II [146] in 1999. Fault trees have also been used for software analysis [147–150] and were even equated with attack trees by Steffen and Schumacher [36]. In 2003, however, Brooke, and Paige adopted fault trees for security, extending the classical AND–OR structure of attack trees (Section 3.1.1), to include well-known concepts from safety analysis [151].
This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals.
The objective of this survey is to summarize the existing methodologies, compare their features, and propose a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements.
A quality control method for nuclear instrumentation and control systems based on software safety prediction
2000, IEEE Transactions on Nuclear Science
STEAM & MoSAFE: SOTIF Error-and-Failure Model & Analysis for AI-Enabled Driving Automation
2023, arXiv
HIFuzz: Human Interaction Fuzzing for small Unmanned Aerial Vehicles
2023, arXiv
Automated Identification and Qualitative Characterization of Safety Concerns Reported in UAV Software Platforms
2023, ACM Transactions on Software Engineering and Methodology

View all citing articles on Scopus

^☆: This work was supported in part by a contract with Hughes Aircraft Company (7-656146-T-DS) and by a joint MICRO grant with the University of California and Hughes Aircraft.

View full text

Software fault tree analysis☆

Abstract

The Loss Rate Concept in Safety Engineering

Observations on the Fallibility in Applications of Modern Programming Methodologies

IEEE Trans. Software Engin.

A Method of Software Safety Analysis