1 prof kharchenko

7/31/2019 1 Prof Kharchenko

1/48

MULTIVERSION TECHNOLOGIES

FOR SAFETY CRITICAL I&C SYSTEMS

AND GREEN COMPUTING

Vyacheslav KharchenkoNational Aerospace University KhAI, Department of Computer Systems & Networks

Research & Production Corporation Radiy,

Centre for Safety Infrastructure-Oriented Research & Analysis

June, 15, 2012, SAFEGUARD Summer School, SSS12, Odessa, Ukraine

S


2/48

2VVER-1000

2VVER-440

2VVER-1000

Kyiv

6VVER-1000

3VVER-1000

Kirovograd(RPC Radiy)

South-Ukrainian NPP

Zaporizhya NPP

Rivne NPP

Khmelnitsky NPPKharkiv

(KhAI, Radiy STC)

S

Total NPPs Capacity: 13,880 MW (8th position in the world,

about 50% of total Ukrainian energy capacity)

Over 60 NPP I&C Radiy-based platform systems since 2003

in Ukraine and Bulgaria

S

12 000 BS, MSc studentsMore than 200 PhD and DrS students810 teachers (450 PhD, 120 DSc)9 faculties, 3 Institutes, 45 Depsmore than 50 specialties


3/48

Competition and active feedbacks ?

Suggestions:

to separate all participants on 3-4 teams for joint discussion

related to asked questions

to discuss questions during 1-3 mins and propose brief

answers/decisions/ideas

to support competition-oriented style

OK?

3 June, 15, 2012, SSS'12,Odessa, Ukraine


4/48

Outline

Motivation ?- Critical applications and problem computer I&C systems dependability and safety ?

- Common cause failure and diversity approach

Multi-version computing foundation- Taxonomy, classification schemes, models of multi-version systems

- Evolution of multi-version technologies and systems (MVS)- SW- and FPGA-based two-version reactor trip systems

Assessment of FPGA- and software-based MVS- Metrics-probabilistic techniques

- Practical issues

Development and implementation MVS- NPP I&Cs

- SOA Web- and Cloud-based systems

Green Computing and Communication (CC)- Dependability and paradigm of green CC

- Directions of R&D&E for green CC

Conclusions. Education activities



5/48

1. Introduction: Motivation. I&C Safety and Common

Cause Failure (CCF) Problem

Critical applications (CAs) and problem of safety:

- CAs = {Safetycritical (NPP I&C), Mission critical (Space I&C), Business-critical};

- One of the key challenges: digital instrumentation and control systems (I&Cs) are

meanand objectofsafety ensuring for CAs as a whole;

- 2000 2010: 1)17% (5/32) crashes of carrier rockets and 22% (24/109)

spacecrafts systems fatal failures were caused by SW (design) faults

(Aerospace T&T, 2010, 6, National Aerospace University KhAI, Ukraine)

2) 20% failures of NPP are failures of I&Cs (SSTC NRS, 2010).

Dependability safety green computing and communication

Problem of I&Cs safety problem of decreasing CCF probability

CCF simultaneous failure of two or more (all) redundant channels of I&C

The most probable reasons of CCFs (for critical applications) are :

(a) design faults (of SW-, HW- or FPGA-based systems);

(b) multiple physical faults of redundant HW channels caused by

different environment impacts or internal factors;

(c) multiple interaction faults of redundant channels caused by

intrusions directed at identical vulnerabilities of SW components.



6/48

1. Introduction: Decreasing CCF Risks Using Diversity

Ordinary structure (and time) redundancy is not effective to decrease probability of different CCFs.

What type of redundancy is effective? Version redundancy (or diversity), which is complex

(version proper & structure/time) type of redundancy.

There is representative practice of diversity implementation in different critical and business-critical applications.

6

b

df1

2

V1

V2

V3

df2

Design 1

df3

Design 2

Design 3

Environment

physic if inform. if

df

Environment

(interaction faults, if)

Design

(designfa

ults,

df)

2

if

June, 15, 2012, SSS'12,Odessa, Ukraine


7/48

1. Introduction: Decreasing CCF Risks Using Diversity ?

How you can realize diversity in computer-based systems?

What does diversity mean in general?

Any examples?

Different locks for your apartment

Keep in money on different bank accounts

Others?

What mainresult of diversity application is?



8/48

1. Introduction: Key Challenges of Diversity Approach

Application


Aspects Challenges Key questions

New technolo-

gies, possibili-

ties and risks

New technologies (including FPGA) ensure new possibilities for

diversity approach (DA) implementation but they can create new

risks and deficits of safety.

How we should use these possibilities?

Standardsrequirements

Existed standards dont contain detailed requirements andtechniques to assess and apply DA for FPGA-based NPP I&Cs.

What should be severity of regulation for DAimplementation?

CCF risk

decreasing

Key problem is decreasing number of common version faults

(CVF). The CVF number (CCF probability) may be decreased using

several types of diversity (multi-diversity ordiversity of

diversity).

What type (types) and how much versions

developers should use?

Risk

assessment

Problems of CCF risks assessment: inaccurate assessment

either increases risk of fatal failure (understated assessment) or

increases risk of unreasonable costs.

What approach, indicators, methods,

techniques, we should use to assess actual

diversity level and multi-version I&C safety ?

Uniqueness of

MVSs

There are a lot of example of DA implementation but comparative

analysis of MVS application is not enough.

How we may compare experience of

different DA applications?


9/48

1. Introduction: References and Objective

References (Last Publications) Kharchenko V.S., Siora A.A., Bakhmach E.S. Diversity-Scalable Decisions for FPGA-based Safety-Critical I&Cs: from Theory to

Implementation // Proceedings of NPIC&HMIT 2009, Knoxville, USA, April 5-9, 2009.

Kharchenko V.S. (ed). Multi-Version Systems for Critical Applications. - National Aerospace University KhAI, Kharkiv, Ukraine, 2009. - 205 p.

Kharchenko V.S., Bakhmach E.S., Siora A.A., et al. Diversity-Oriented FPGA-based NPP I&C Systems: Safety Assessment, Development,

Implementation // Proceedings of 18th International Conference on Nuclear Engineering ICONE18, May 17-22, 2010, Xi'an, China.

Kharchenko V.S., Siora A.A., Sklyar V.V., Volkovyj A.V. Multi-Version NPP I&C Systems // Proceedings of NPIC&HMIT 2010, Las Vegas,USA, November 7-11, 2010.

Kharchenko V.S., Siora A.A., Volkovyj A.V., Duzhyj. Metric-Probabilistic Assessment of Multi-Version I&C Systems Safety // Dependable

Computer Systems /V. Zamojsky (ed.), LNCS 4351, Springer, 2011.

Kharchenko V.S., Siora A.A., Sklyar V.V. Multi-Version FPGA-based NPP I&C Systems: Evolution of Safety // NPP Safety, InTech, 2011.

Kharchenko V.S. (ed). Case-Assessment of critical program systems. Vol1-3: Quality, Reliability, Safety. National Aerospace University KhAI,

Kharkiv, Ukraine, 2012. - 201 p., 289 p., 302 p.

Review of problems and decisions related to dependable multi-version software- and FPGA-

based I&Cs assessment, development and implementation for critical applications

Brief analysis of challenges and decisions for green computing and communication in context

of dependability and safety issues

9

Objectives



10/48

2. Diversity-Oriented Digital I&Cs: Taxonomy

Taxonomy of Diversity

10

Version redundancy (VR) is a kind of redundancy

based ondifferent ways and/or means of achieving a

specified objective.

Diversity or multiversity(MV) is the principle

providing use of several versions to perform the same

function (for a product or process) by two and more (n)options. Multi-diversitymeans use two and more (m) kinds

of VR.

Multi-version system is a system in which n>1

versions-products are used (in general case (n,l)-system or

(n,m,l)-system, l - number of channels).

Strategy of diversityis a set of general criteria and

rules defining principles of VR (kinds and volume) choice.Multi-version technologyis a set of the

interconnected rules and design decisions leading to

development of two or more intermediate or end-products.

Multi-version life cycle, multi-version project,

diversity metrics



11/48

Structure of 2-Version Reactor Trip System Based on Radiy Platform

V1(FPGA1.1)

V2

(FPGA2.1)

MooN2oo3,

2oo4V1

(FPGA1.2)

V2

(FPGA2.2)

V1(FPGA1.N)

V2

(FPGA2.N)

Main system

Diverse system

OR

Track 1 Track 2 Track N

Track 1' Track 2' Track N'

Cab

inets

Cabinets

...

...

.

.

.

.

.

.

MooN2oo3,

2oo4

The Radiy platform-based RTS design

consists of two

independent and diverse

divisions:

-FPGA1 / FPGA2;

(orFPGA / MP);

- other diversity types.

Safety actuation by

either division initiates

reactor shutdown. Each division is

composed of three (or

four) separate channels.

2. Diversity-Oriented Digital I&Cs: Example

June, 15, 2012, SSS'12,Odessa, Ukraine11


12/48

2. Diversity-Oriented Digital I&Cs: Fault & Metric -

Based Model of Diversity

One-version system (a): number of design faults equals N(N= Card F) and any fault of set Fis

fatal (and is an equivalent of CCF): == 1.

Two-version system (b,c): CCF metric= NCCF / N, NCCF = CardF1 F2; Ni = CardFi;

SF metric i = 1 -; DCCF metricd = NDCCF / N; UDCCF metric = = NUDCCF /N;=d +.



13/48

13

(a) Ps = P(DF) P(PF)

(b) Ps = P(DF) (1 - (1 - P(PF1))(1 - P(PF2)))

(c) Ps = P(DF) (1 - (1 - P(PF1) P(DF1))x

(1 - P(PF2)P(DF2)))

If main and diverse subsystems are 2oo3

Ps = P(DF)(1- (1-3P2(PF1) P

2(DF1) + 2P3(PF1)

P3(DF1))(1- 3P2(PF1) P

2(DF1) + 2P3(PF1) P

3(DF1)))

2. Diversity-Oriented Digital I&Cs: RBD-Based Model



14/48

Assessment of diversity ?

How we can calculate beta (metric of diversity)?

What information may be used?

Any propositions/techniques?



15/48

2. Diversity-Oriented Digital I&Cs: Classifications of

Diversity Types

Classification of SW-based systems (IEC 60880:2006,)life cycle models and processes of development (V-model, spiral model,);

conceptual diversity (traditional vs modular arithmetic, CAD vs GA design,)

resources and means (different human resources, languages, tools);

project decisions(different architectures, platforms, protocols, ).

Classification of FPGA-oriented systems (V. Kharchenko, 2007)diversity of electronic elements; diversity of CASE-tools;

diversity of development languages; diversity of specifications.

process (development and verification) diversity

15

NPP I&C-oriented classification (NUREG/CR-6303, 1993; NUREG/CR-7007, R. Wood, 2009)human orlife cycle diversity(different design companies, teams,);

design diversity(different technologies, architectures);

software diversity(different languages, algorithms, logic, OS,);

functional diversity(different purposes, functions, actuation means,);

signal diversity(different parameters, physical effects, sensors);

equipment diversity(different manufacturers, designs, CPU,).



16/48


2. Diversity-Oriented Digital I&Cs: FPGA Technology

FPGA (Field Programmable Gate Array) is a semiconductor

device that can be programmed after manufacturing.

FPGA integrated circuit is a hardware

functions of this hardware are programmed, i.e. configuredby means of hardware description language (HDL)

configuration (FPGA electronic design) can be updated

even after the product has been installed

FPGA technology is very convenient for development of

safety critical I&Cs (Reactor Trip Systems)

FPGA technology allows to realize a lot ofdifferent

diversity oriented process-product decisions
http://upload.wikimedia.org/wikipedia/commons/f/fa/Altera_StratixIVGX_FPGA.jpg


17/48

FPGA Technology ?

FPGA technology is very convenient for development of safety critical

I&Cs (Reactor Trip Systems)

FPGA technology allows to realize a lot of different diversity oriented

process-product decisions

Why?

FPGA versus Microprocessor (as a chip and technology)?What about risks of applications for safety critical domains?

Main advantages/disadvantages of FPGA?



18/48


Diversity types Implementation

Diversity of

programmable

components (A)

Diversity of manufacturers of FPGA (A1) Altera vs. Actel

Diversity of technologies of FPGA producing (A2) SRAM vs. Antifuse

Diversity of FPGA families (A3) Cyclone vs. ProASIC (based on A1)

Diversity of FPGA from the same family (A4) different families (based on A1)

Diversity of printed circuitboards (PCBs) (B) Diversity of PCB development technologies andmanufacturers Different manufacturers but the same technology

Diversity of

CASE-tools (C)

Diversity of CASE-tools developers (C1) Altera vs. Actel

Diversity of CASE-tools (C2) Quartus II vs. Libero (based on C1)

Diversity of CASE-tools configurations (C3) Different tools for design but the same for verification

Diversity of languages of

FPGA projects

development (D)

Diversity of language kinds (D1) Graphic Notation and HDL are used

Diversity of hardware description languages (D2) VHDL vs. Verilog

Diversity of specification

presentation (E)

Diversity of FPGA

initial specification languages (E1)

The same language

Diversity of FPGA

specification models (E2)

B&HDL used for Altera

Diversity of processes (P) Diversity of development processes (P1) Different teams

Diversity of verification processes (P2) Different departments

Diversity of maintenance (P3) Different development teams

2. Diversity-Oriented Digital I&Cs: Types of Diversity for FPGA


19/48

2. Diversity-Oriented Digital I&Cs: Cube of Diversity

19

NUREG 6303-based

classification

Classification of SW- based

systems

Classification FPGA-basedsystems

Cube coordinates: Life cycle (LC) stages; levels of project decisions (PD); kindof version redundancy (VR).(V. Kharchenko, E. Bakhmach, A.Siora, V. Sklyar, V. Tokarev, NPIC-HMIT, 2009)



20/48

2. Diversity-Oriented Digital I&Cs: Matrix of FPGA Decisions

(Stages 1,2)

Stage of FPGA-

based I&C life

cycle

Types of version redundancy

1 Diversity of

electronic elements

(EE)

2 Diversity of CASE-

tools

3 Diversity of project

development

languages

4 Diversity of scheme

speci-fication (SS)

1 Development

of block-diagrams

according with

signal formation

algorithms

1.2.1 Different developers

of CASE-tools

1.2.2 Different CASE-tools

kinds

1.2.3 Different CASE-tools

configurations

1.4.1 Different SSs

1.4.2-1.4.4 Combination of

couples of diverse CASE-

tools and SSs

2 Development of

program models

of signal

embedding of

algorithms in

CASE-tools

environment)

2.2.1 Different developers

of CASE-tools2.2.2 Different CASE-tools

kinds

2.2.3 Different CASE-

tools configurations

2.3.1 Joint use of graphical

scheme language and HDL2.3.2 Different HDLs

2.3.3-2.3.8 Combination of

couples of diverse CASE-

tools and HDLs



21/48

2. Diversity-Oriented Digital I&Cs: Matrix of FPGA Decisions

(Stages 3,4)

Stage of FPGA-

based I&C life

cycle

Types of version redundancy

1 Diversity of electronic

elements (EE)

2 Diversity of CASE-tools 3 Diversity of project

development languages

4 Diversity of scheme

specification (SS)

3 Integration of

program models

of signal

formation

algorithms in

CASE-tools

environment

3.2.1 Different developers of

CASE-tools

3.2.2 Different CASE-tools kinds3.2.3 Different CASE-tools

configurations

3.3.1 Joint use of graphical

schemes and HDL

3.3.2 Different HDLs3.3.3 3.3.8 Combination of

couples of diverse CASE-tools

and HDLs

4 Implementatio

n of integrated

program modelsin FPGA

4.1 Different

manufacturers of EEs

4.2 Different technologiesof EEs production

4.3 Different families of

EEs

4.4 Different element

kinds of EE families

4.2.1 Different developers of

CASE-tools

4.2.2 Different CASE-tools kinds4.2.3 Different CASE-tools

configurations 4.2.4-4.2.15

Combination of couples of

diverse CASE-tools and EEs



22/48

Version Redundancy for FPGA Technology ?

What kinds of diversity (version redundancy) for FPGA-based projects

you can propose?

Any examples?

What kinds of diversity are themost effective?

Why?



23/48

3. Models of Multi-Version Systems:

One- and Multi-Version I&Cs

23

One-version W(1) and multi-version W(n) systems are defined by 4 and 6 variables:

W(1) = {X, Y, Z,},

W(n) = {X, Y, Z,, V, } = {W(1), V, },

whereX, Y, Z sets of input signals, internal conditions (states) and output signals

correspondingly;

= {i, i=1, ..., a} set of I&C functions (e.g. actuation functions or algorithms of reactor

trip system);

V= {vj,j=1, ..., n}set of versions with output signals Z1,, Zn (or signals Zid, d= 1,, ni;ni number of versions for function i;i~ vj= { vij,j=1,...,ni}) ;= {s, s=1, ..., } mappingZiZ.



24/48

24

The model W(n) does not take into account the possibility of applying several diversity kinds.

Set of version redundancy kinds R= {rd, d=1,..., m} may be decomposed on subsets for

versions of products vprd(tj) and processes vprc(tj): R= ( Rprdj)U( Rprcj).

The different diversity kinds, rR, are accumulated in final versions of multi-version system. It

is described by special mapping: RV.

Mapping is presented by Boolean matrix djwhere dj= 1, if diversity kind rpis used inversion vj, and if not dj= 0.

Multi-version system ormulti-diversion system W(n,m) is described by formula:

W(n,m) = {X, Y, Z, , V, ,R, } = {W(1), V, , R, } = {W(n), R, } .

3. Models of Multi-Version Systems: Multi-Diversion I&Cs



25/48

25

Correspondence between set of versions Vand set of redundant channels = {cq, q=1,...,l}

is defined by mappingQ: VC.

This mapping is presented by Boolean matrix Q = jg, , , where gj=1, if version vi is

realized by channel cj, and if not gj= 0.

Hence the model of multi-diversion system is the following:

W(n,m,l) = {X, Y, Z, , V, , R, , , Q} = { W(n), R, , , Q} = { W(n,m), , Q}.

Multi-version systems with temporal redundancy and iterations of algorithms (performingfunctions) are indicated as W(n,m,l,).

Note: number of parallel (structural) versions , and sequential versions realized by use one

channel).

3. Models of Multi-Version Systems: General Case



26/48

Tree of MVS Structures

(as a Fault-Tolerant

Systems)

n number of versions;m number of version

redundancy kinds;

number of time iterations.

26

3. Models of Multi-Version Systems: Tree of Structures



27/48

4. Development of Multi-Version FPGA-Based I&Cs:

Sets of Decisions



28/48


Two Versions

28

Version 1

Version 2



29/48

V1(FPGA1.1)

V2(FPGA2.1)

MooN2oo3,2oo4

V1(FPGA1.2)

V2(FPGA2.2)

V1(FPGA1.N)

V2(FPGA2.N)

Main system

Diverse system

OR

Track 1 Track 2 Track N

Track 1' Track 2' Track N'

C

abinets

Ca

binets ...

...

.

.

.

.

.

.

MooN2oo3,2oo4

MooN2oo3,2oo4

The Radiy platform-based RTS design

consists of two

independent and diverse

divisions:- FPGA1 / FPGA2;

- other diversity types.

Safety actuation by

either division initiates

reactor shutdown.

Each division is

composed of three (or

four) separate channels.

Radiy has provided

RTSs for 4 NPPs in

Ukraine (24 sets).

June, 15, 2012, SSS'12,Odessa, Ukraine29


Reactor Trip System Based on Radiy Platform


30/48

30

Web-

CWS

Application-

CAS

CDB

COS

X

Z

Linux

Solaris

WinNT

MacOS X

HP-UX

Proxy-

Internet

Web/Application

Apache Tomcat

BEA

WebLogic

Caucho Resin

Oracle

10g

MySQL

Firebird

5. Development of Multi-Version SOA-Based Systems:

Example of Web-Architecture



31/48

31

BEA

WebLogic

ApacheTomcat

IBM Web

Sphere

Oracle Application

Server 10g

Caucho Resin

JBoss

SAP AG WebApplication Server

Sun Java Web

Application Server

Win2K

MacOSX

Solaris

Linux

WinXP

HP-UX

AIX

Apache

MS IIS

Lotus Domino Go

Sun ONE Web

Server

MSSQL

MySQL

Oracle 10g

Firebird

DB2

PostgreSQL

Interbase


Multi-Component Graph



32/48

32


Intrusion-Tolerant Cloud Computing


Database

Database

Vulnerability databases

(CERT, ISS, NVD, Mitre,

OSVDB, Secuna, etc.)

Companies - SW

developers (Microsoft,

Apache, IBM, Oracle, etc.)

Configuration

controller

OS

Web-server

App-serverDBMS

Client instance

active

configuration

spare

configurations

(images)

Get list of activevulnerabilities Get list of

patches

Replace active configuration|change settings | rejuvenate

Update | upgrade |change settings

Estimate security

risks of active andspare configurations

Cloud

provider

Cloud-Based MV Architecture

Tool (Vulnerability Tracker)

(A. Gorbenko, V. Kharchenko, O.Tarasyuk, A. Romanovsky. Intrusion-Avoiding Architecture Making

Use of Diversity in the Cloud-Based Deployment Environment, LNCS, Springer, 2011)


33/48

Version Redundancy for Web-Services and SOA-systems ?

What kinds of diversity (version redundancy) for SOA-based projects

you can propose?

Any examples?

What kinds of diversity are themost effective?

Why?



34/48

6. Multi-Version Technologies

A set ofmulti-version technologies (MVTs) is described by matrices: diversity metrics D = dij and cost values = ij .

MVS LC is presented by a bipolar N-level graph (graph of MVTs).

Selection of MVT (optimal way in the graph) is fulfilled according with criteria diversity (safety) -reliability-cost.

(Kharchenko V.S., Sklyar V.V. (edits). FPGA-based NPP I&C Systems: Development and Safety Assessment. - RPC Radiy, National Aerospace University KhAI,SSTC on Nuclear and Radiation Safety, 2008. - 188 p.)



35/48

Choice of Version Redundancy ?

How you formulate task of choice of version redundancy according with

criteria safety/cost?



36/48

7. Assessment of Multi-Version Digital I&Cs: Methods

1. Theoretical-set metrics methods:- Eilers diagram for sets of version design faults (+ vulnerabilities);

- matrix of diversity metrics;

- calculation and analysis ofdiversity metrics.

2. Probabilistic methods:

a) RBD & metric-based assessment:

- RBD development taking into account: MVS architecture, sets of faults (design (individual, group, absolute) and

physical);- calculation of reliability/safety indicators;

b) Markov models (multi-fragmental technique, imbedded MMs);

c) Bayesian methods.

3. Interval mathematics-based assessment:

- choice of model (SRGMs or others);

- determination of parameter intervals and interval assessment of reliability/safety indicators.

4. Soft computing-based assessment:- fussy logic;

- genetic algorithms (GA).

5. Expert and experimental methods:

- metric-based assessment using direct and indirect diversity metrics;

- fault injection-based assessment.



37/48

7. Assessment of Multi-Version Digital I&Cs: RBDs

37

(blue physical faults, yellow design faults)



38/48

7. Assessment of Multi-Version Digital I&Cs:

Check-List & Metric & RBD-Based Technique


I&C Design and

Documentation

Check-list-based

analysis of

applicable

diversity types

Metric-based

assessment of

diversity

RBD and

Markovian model-

based assessment

Results of

assessment

Table of

diversity types

Values

of metrics

Weight

coefficients

RBDs, MMs for

typical

structures


39/48

7. Assessment of Multi-Version Digital I&Cs: Check-List


Diversity kinds Result of analysisYes/No Implementation

Diversity of

programmable

components (A)

Diversity of manufacturers of FPGA (A1) Yes Altera vs. Actel

Diversity of technologies of FPGA producing (A2) Yes SRAM vs. Antifuse

Diversity of FPGA families (A3) Yes Cyclone vs. ProASIC (based on A1)

Diversity of FPGA from the same family (A4) Yes different families (based on A1)

Diversity of printed circuit

boards (PCBs) (B)

Diversity of PCB development technologies and

manufacturers

Yes Different manufacturers but the same technology

Diversity of

CASE-tools (C)

Diversity of CASE-tools developers (C1) Yes Altera vs. Actel

Diversity of CASE-tools (C2) Yes Quartus II vs. Libero (based on C1)

Diversity of CASE-tools configurations (C3) Yes Different tools for design but the same for verification

Diversity of languages of

FPGA projects

development (D)

Diversity of language kinds (D1) Yes Graphic Notation and HDL are used

Diversity of hardware description languages (D2) Yes VHDL vs. Verilog

Diversity of specification

presentation (E)

Diversity of FPGA

initial specification languages (E1)

No The same language

Diversity of FPGA

specification models (E2)

Yes B&HDL used for Altera

Diversity of processes (P) Diversity of development processes (P1) Yes Different teams

Diversity of verification processes (P2) Yes Different departments

Diversity of maintenance (P3) Yes Different development teams


40/48

40

8. Implementation of Multi-Version I&Cs:

Matrix Diversity-Critical Domains



41/48

(Law Negation of Negation for NPP RTS)

HW1(FPGA1)

HW2(FPGA2)

SW1(MP1)

SW2(MP2)

HW SW(MP)

HW HW

FPGA1(IP-HW/SW)

FPGA2

2000s

Radiy

1990s

WH, Siemens,

1980s

FPGA

SW

HW

FPGA1(IP-HW/SW)1

FPGA2(IP-HW/SW)2

2005-2010Radiy

? (NDC1) ? (NDC2)Naturally Dependable

Chip (NDC)?

41

8. Implementation of Multi-Version I&Cs:



42/48

Reactor Trip System More 30 sets

(main and diverse)Zaporozhye NPP-1 2004, 2005

Zaporozhye NPP-3 2003, 2007

Zaporozhye NPP-2 2009, 2011

Rovno NPP-4 2004, 2004

Rovno NPP-3 2004, 2005Rovno NPP-1 2007, 2007

Rovno NPP-2 2009, 2010

Khmelnitsky NPP-2 2004, 2004

Khmelnitsky NPP-1 2007, 2007

South-Ukraine NPP-1 2003, 2005

South-Ukraine NPP-2 2006, 2007

8. Implementation of Multi-Version I&Cs: RPC Radiy Experience



43/48

9. Dependability, Safety and

Green Computing and Communication

Key Challenges in Green Computing and Communication

Information and Communication Technologies as a mean for ensuring of green:green car,

green & smart energy grid,

smart & green houses, cities, the Earth

Information and Communication Technologies as a objective for ensuring of green (2%!):green chip (MC, FPGA):

energy modulated computing,

compiler tunings,

diversity (diversity approach!) clocking

green wireless networks:

adaptive access pointsadaptive WLN-based systems

green data centers for Cloud Computing

Dependability, safety and energy critical applications

green&safe automotive and on-board aviation systems



44/48

Green Computing and Communication ?

What does it mean?

green chip (MC, FPGA):

energy modulated computing,

compiler tunings,diversity (diversity approach!) clocking

green wireless networks:

adaptive access points

(adaptive parameters?)adaptive WLN-based systems

(adaptive parameters + algorithm of interaction for access points?)



45/48

10. Education Activities: Critical Multi-Version

Computing, Safeware Engineering

MSc(and PhD) Specialty Critical Computing TEMPUS-MASTAC project MS- and PhD-Studies on Critical Computing (2006-2009www.mastac.org.ua):

- universities of Ukraine (National Aerospace University KhAI), UK, Finland;

- 6 courses (including courses Fault-Tolerant FPGA-Based I&Cs, Foundations of Multi-Version Systems and

Technologies,etc.).

MSc, PhD (and Industrial Training) Specialty Safety IT-Engineering TEMPUS-SAFEGUARD project National Safeware Engineering Network of Centres of Innovative Academia-

Industry Handshaking (2010-2013www.mastac.org.ua):

- universities and RTCs of Ukraine (National Aerospace University KhAI, RPC Radiy), UK (London City University,

Newcastle University, Adelard), Italy (Naples University, ISTI), Sweden (KTH), Finland (Abo Academy);

- 10 MSc-, PhD- and training Safety Case courses (including Scalable Diversity-Based Technologies for Safety-

Critical Applications, etc.).

http://www.mastac.org.ua/http://www.mastac.org.ua/http://www.mastac.org.ua/http://www.mastac.org.ua/


46/48

10. Education Activities:

Green Computing and Communication (GCC)

GCC-Curriculum structureMaster CoursesMSc1. Foundations of Green Computing and CommunicationMSc2. Technologies of Green ComputingMSc3. Technologies of Green CommunicationMSc4. Technologies of Green Regulators and Robotics

PhD coursesPhD1. Standardization of Green Computing and CommunicationPhD2. Research and Development (R&D) for Green FPGA-Based ComputingPhD3. R&D for Green Mobile ApplicationsPhD4. R&D for Green Wireless-Based Computing and CommunicationPhD5. R&D for Green ICT-Infrastructures (Critical and Commercial)PhD6. R&D of ITs for Smart Energy Infrastructures

PhD7. GCC-Oriented Optimization and Decision Making

Training coursesTC1. Techniques and Tools (Cases) for Green ComputingTC2. Techniques and Tools for Green CommunicationTC3. Techniques and Tools for GCC Project Management



47/48

10. Conclusions

1. Key challenges related to diversity-oriented computer systems are the following:

- existing standards are not enough detailed to make all necessary decisions concerning diversity;

- multi-version I&Cs are still unique, failures occurred rarely, failures data arent enough representative;

- methods of diversity assessment and kind selection, as a rule, are based on expert approach.

We have a few techniques to assess real diversity using quantitative indicators.

2. SW and FPGA technology allows to develop:- multi-version systems with different product-process version redundancy (Cubeof diversity),

- diversity scalable multi-tolerant decisions for safety-critical NPP I&Cs.

3.Proposed models of MVSs & MVTs are base :

- to choice cost(and energy)-effective technique,

- to develop architecture taking into account requirements to diversity, dependability(+ limitations)

4.These issues are applied on development of NPP I&C by use ofplatform RADIY.

Scalability of diversityis ensured by changing types, depth and method of diversity choice.

5. Green computing and communication = energy critical applications

6.Future: more detailed standards, techniques and tools to assess, choice and realize MVSs

Educational aspect!


Beauty of nature is in a diversity and in green


48/48

Beauty of nature is in a diversity and in green

Questions, please?

!

!

Thank for your attention!

1 prof kharchenko

Documents