On the Use of Non-Coherent Fault Trees in Safety and Security Studies

This paper gives some insights on the usefulness of non coherent fault trees in system modelling from both the point of view of safety and security. A safety related system can evolve from the working states to failed states through degraded states, i.e. working state, but in a degraded mode. In practical applications the degraded states may be of par-ticular interest due e.g. to the associated risk increase or the different types of consequent actions. The top events definitions of such states contain the working conditions of some subsystems/components. It is shown in this paper how the use of non coherent fault trees can greatly simplify both the model-ling and quantification of these states. Some considerations about the interpretation of the importance indexes of negated basic events are also briefly described. When dealing with security applications there is the need to cope not only with stochastic events, such as component failures and human errors, but also with deliberate intentional actions, which successes might be characterised by high probability values. Different mutually exclusive attack scenarios may be envisaged for a given system. Hence, the essential feature of a fault tree analyser is the capability to determine the exact value of the top event probability containing mutually exclusive events. It is shown that also in these cases the use of non coherent fault trees allows solving the problem with limited effort.

CONTINI Sergio;  COJAZZI Giacomo;  RENDA Guido; 

2008-09-01

ELSEVIER SCI LTD

JRC38257

0951-8320,   

http://www.sciencedirect.com/science/journal/09518320,    http://dx.doi.org/10.1016/j.ress.2008.03.018,    https://publications.jrc.ec.europa.eu/repository/handle/JRC38257,   

10.1016/j.ress.2008.03.018,