Staff and Funding
Principal Investigator: Prof Bev Littlewood
Contact People: Prof Bev Littlewood
Funding for City University: (approx) £900,000
Funding Source: British Energy / EDF
Duration: ongoing since March 1997
Summary: Funding for diversity research in CSR, under what is now the Control and Instrumentation Nuclear Industry Forum (CINIF) program, began in 1996 and continues to the present day. This work can be informally grouped into two main themes:
- work centred on diversity as a means to achieve systems dependability - particularly in the presence of faults in software: e.g. work on how to manage the pursuit of diversity that is useful to achieve diversity;
- work on the assessment of the dependability of diverse systems: e.g. as a means of obtaining confidence in a dependability claim as part of a safety case.
In the early part of the project, outputs included:
- Strategic advice to users: what can be expected in general
- "Independent faults" models
- How effective is functional diversity?
- Is it better to use diversity or to seek high reliability in a single version?
- Advice on how to build diverse systems
- Advice on assessment and design for assessment
- Modeling reliability of a specific fault-tolerant program
- Bayesian inference for reliability estimation of fault-tolerant software
- The use of proof in diversity arguments
- Advice on diversity in the development process
- Application of diversity in software fault detection and removal
More recently, work on assessment of system dependability - i.e. work of most direct relevance to safety cases - has produced significant results:
- produced a set of valid conservative arguments based on binning of the demand space and/or on the "better among two versions" form of argument
- clarified the roles of various related dependability measures (pfd, probability of no safety-relevant fault, probability of survival) as these all lead to different forms of argument and the disparate kinds of evidence usually available are directly related to different measures
- demonstrated the risks of using arguments about averages, rather than distributions, in comparing system design options
- extended the modelling methods for diverse systems to "clear box" descriptions when each channel is made up of components
- We have clarified the roles of "confidence" and "diversity" in the arguments used in dependability
- shown (claim, confidence) pairs are the necessary output of a dependability case
- shown that simple assumptions about the efficacy of multi-legged arguments can be false
- produced a detailed mathematical model of a BBN for an idealized 2-legged argument
During the same period, work on achievement of diversity has clarified the roles of various "diversity seeking decisions" in the design process:
- produced a reasoned map of diversity seeking decisions (DSDs) in use and their roles in achieving diversity
- extended the previous LM model to rigorously answer whether introducing a specific form of "commonality" between two version development processes is guaranteed to bring either better system pfd or worse system pfd (an important special case is the selection of testing regimes)
- demonstrated by reasoning and an experiment that evidence about a DSD bringing fault diversity does not assure that that DSD is useful for system pfd
DISPO results released for publication are listed in our diversity research page.
Partners (until 1999): Safety Systems Research Centre (SSRC) - University of Bristol (UK).
CSR Personnel: Prof. Littlewood, Prof. Strigini, Prof. Bishop, Prof. Bloomfield and Dr. Popov.
Ex-DISPO Staff: Prof. Fenton, Mr Pizza and Dr Takang.
We welcome your feedback, please mail any comments/suggestions to firstname.lastname@example.org
version 2.9 Published: 11th Dec 2013