Fault mitigation in safety-critical software systems

Subramanian, S.; Elliott, L.; Vishnuvajjala, R.V.; Tsai, Wei‐Tek; Mojdehbakhsh, R.

doi:10.1109/cbms.1996.507118

Cited by 8 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Donm � z et al [10] introduce a taxonomy of mitigation strategies for driver distraction as a framework to address the driver distraction problem systematically. Subramanian et al [28] present some patterns of safety fault mitigation in medical devices which propose appropriate fault mitigation processes and techniques for diverse safety situations. None of these address testing proper mitigation via MBT.…”

Section: Mitigation Modelingmentioning

confidence: 99%

Testing proper mitigation in safety-critical systems: An aerospace Launch application

Andrews

Elakeili

Gario

et al. 2015

2015 IEEE Aerospace Conference

View full text Add to dashboard Cite

In the aerospace domain, defects in mitigating fail ures can have very high costs.This makes it imperative to have systematic testing approaches for making sure that failure mitigations work properly. This paper describes a model-based testing approach that targets mitigations of system failures. It includes models of the system, of possible failures, and required mitigations. It uses all three to construct a mitigation test suite.We apply the approach to a Launch vehicle.

show abstract

Section: Mitigation Modelingmentioning

confidence: 99%

Testing proper mitigation in safety-critical systems: An aerospace Launch application

Andrews

Elakeili

Gario

et al. 2015

2015 IEEE Aerospace Conference

View full text Add to dashboard Cite

show abstract

“…(EEP) (8) Was the cost of implementing the mitigation as expected? (CEP) Subramanian et al's (1996) analysis of patterns of fault mitigation in safety critical software systems identified effort and knowledge as key factors in the implementation of the fault mitigation. Questions 1, 5, 6, 7, and 8 attempted to capture the influence of these factors.…”

Section: Preliminary Datamentioning

confidence: 99%

“…Failure mitigation is the process of annulling the consequences of fault by redesigning the system to correct the fault or by designing a fail‐safe or fault‐tolerant system (Leveson & Harvey, 1983). Failure mitigation is generally regarded as the most important strategy for managing catastrophic risks in complex technology failures (Subramanian, Elliott, Vishnuvajjala, Tsai, & Mojdehbakhsh, 1996).…”

Section: Introductionmentioning

confidence: 99%

“…Failure mitigation is an integral part of engineering risk management. Previous research has found a positive relationship between the extent to which the causes of a failure are understood and the subsequent probability of mitigating that failure in future AUV missions (Subramanian et al., 1996). The probability of failure mitigation is assumed to be a proxy for the probability of fault not reoccurring.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Predicting the Validity of Expert Judgments in Assessing the Impact of Risk Mitigation Through Failure Prevention and Correction

Brito

Dawson

2020

Risk Analysis

View full text Add to dashboard Cite

Operational risk management of autonomous vehicles in extreme environments is heavily dependent on expert judgments and, in particular, judgments of the likelihood that a failure mitigation action, via correction and prevention, will annul the consequences of a specific fault. However, extant research has not examined the reliability of experts in estimating the probability of failure mitigation. For systems operations in extreme environments, the probability of failure mitigation is taken as a proxy of the probability of a fault not reoccurring. Using a priori expert judgments for an autonomous underwater vehicle mission in the Arctic and a posteriori mission field data, we subsequently developed a generalized linear model that enabled us to investigate this relationship. We found that the probability of failure mitigation alone cannot be used as a proxy for the probability of fault not reoccurring. We conclude that it is also essential to include the effort to implement the failure mitigation when estimating the probability of fault not reoccurring. The effort is the time taken by a person (measured in person-months) to execute the task required to implement the fault correction action. We show that once a modicum of operational data is obtained, it is possible to define a generalized linear logistic model to estimate the probability a fault not reoccurring. We discuss how our findings are important to all autonomous vehicle operations and how similar operations can benefit from revising expert judgments of risk mitigation to take account of the effort required to reduce key risks.

show abstract

“…In this paper, failure is defined as the termination of the ability of an AUV to perform the required function which can potentially lead to AUV loss. Generally, failure, or risk, mitigation is defined as the process of annulling the consequence of failure or its likelihood of occurrence (Subramanian et al, 1996). In this paper, failure or risk, mitigation is achieved by reducing the likelihood of failure occurrence.…”

Section: Introductionmentioning

confidence: 99%

Updating Autonomous Underwater Vehicle Risk Based on the Effectiveness of Failure Prevention and Correction

Brito

Griffiths

2018

Journal of Atmospheric and Oceanic Technology

View full text Add to dashboard Cite

Autonomous underwater vehicles (AUVs) have proven to be feasible platforms for marine observations. Risk and reliability studies on the performance of these vehicles by different groups show a significant difference in reliability, with the observation that the outcomes depend on whether the vehicles are operated by developers or nondevelopers. This paper shows that this difference in reliability is due to the failure prevention and correction procedures—risk mitigation—put in place by developers. However, no formalization has been developed for updating the risk profile based on the expected effectiveness of the failure prevention and correction process. A generic Bayesian approach for updating the risk profile is presented, based on the probability of failure prevention and correction and the number of subsequent deployments on which the failure does not occur. The approach, which applies whether the risk profile is captured in a parametric or nonparametric survival model, is applied to a real case study of the International Submarine Engineering Ltd. (ISE) Explorer AUV.

show abstract

Fault mitigation in safety-critical software systems

Cited by 8 publications

References 6 publications

Testing proper mitigation in safety-critical systems: An aerospace Launch application

Testing proper mitigation in safety-critical systems: An aerospace Launch application

Predicting the Validity of Expert Judgments in Assessing the Impact of Risk Mitigation Through Failure Prevention and Correction

Updating Autonomous Underwater Vehicle Risk Based on the Effectiveness of Failure Prevention and Correction

Contact Info

Product

Resources

About