Model-Based Safety Assessment of Industrial Automation Systems using IEC 61499

Abstract

Industrial automation systems are complex control systems that perform control and automation of hazardous plants. Safety of such systems is of paramount importance and may even be mandated by law. Safety-related systems may be required to demonstrate conformance to an applicable functional safety standards to assure safety and demonstrate the that these systems mitigate the risk to human lives, as much as reasonably possible. IEC 61508 is a standard of functional safety for generic electric, electronic, and programmable electronic (E/E/PE) systems and is used as the principal guide in this thesis. IEC 61508 adopts a two-pronged approach for addressing random failures in the hardware and systematic errors in the software. Random failures are addressed using quantitative techniques for reliability analysis e.g., reliability block diagrams and Markov analysis, and by computing the safe failure fraction to establish a confidence level. Systematic errors, on the other hand, are avoided by following quality assurance recommendations and qualitative validation techniques. However, this segregated application of quantitative and qualitative approaches is inadequate for addressing complexities introduced by software-intensive control systems. Furthermore, the manual application of traditional safety analysis techniques is tedious, error-prone, and largely dependent on practitioners’ skills. In order to ameliorate these problems, a model-driven approach towards safety analysis named, model-based safety assessment (MBSA) was proposed, which has gained significant interest in academia and industry in the recent years. MBSA approaches use system models for the purpose of safety analysis such as extracting fault trees, performing quantitative analysis, or discovering a critical sequence of errors that may cause system failures. MBSA can be performed on either by using dedicated safety models or by using system development models. The latter approach allows seamless integration with modeldriven development (MDD), which is the state-of-the-art for design, implementation and validation of control and automation systems. In MDD, high-level system models are constructed that are iteratively refined by adding details until an implementation of the system software can be automatically extracted from the development models using automatic code generation. One such approach for implementing industrial control systems uses IEC 61499, which is an open standard for implementing industrial process controller and measurement systems. It proposes various design artefacts e.g., basic and composite function blocks and enables a component-oriented design approach for implementing complex behaviours i.e., by connecting function blocks to form function block networks. A popular design pattern for the development of IEC 61499 based systems suggests the implementation of two separate tiers called plant-model and controller. The plantmodel mimics the expected behaviour of the plant and the controller implements the automation logic. When connected in a closed-loop, the overall system model is formed that is used for various verification and validation activities such as formal verification, testing, simulation. Such analyses are well-suited for safety-critical systems and help to avoid systematic errors. However, plant-models are also susceptible to random errors, which cannot be analysed by using qualitative techniques alone. Unfortunately, all existing validation and verification techniques available for IEC 61499 based systems are qualitative in nature, which cannot be used for the purpose of quantitative risk assessment. This calls for developing an approach for the quantitative safety assessment of IEC 61499 based systems. In this thesis, we present an MBSA approach for quantitative risk assessment of industrial automation systems using IEC 61499. The presented approach proposes a novel structure named stochastic function block for modelling stochastic aspects of random failures and environmental non-determinism in the plant-model. The controller, on the other hand, is developed using standard IEC 61499 function blocks. The overall system model is transformed into Markov decision processes in the Prism language for probabilistic verification using the Prism model checker. This enables quantitative analysis of the system behaviour presuming software behaviour under random errors of the plant. The controller is eventually used for automatic code generation and deployment onto the physical plant. Use of standard function blocks for the controller renders the proposed technique complaint to the IEC 61499 standard and permit seamless integration into the MDD activities. The key contributions of the presented work are as following. 1) A novel structure based on IEC 61499 basic function blocks named stochastic function block. This structure is used for representing the random errors in the plant model and environmental non-determinism. 2) A rule-based transformation from IEC 61499 function blocks to Prism model that preserves the adopted synchronous execution semantics. The generated Prism model is a Markov decision process that represents the probabilistic and non-deterministic aspects of the system due to its random errors. 3) A scalable MBSA approach for a unified qualitative and quantitative analysis, which is useful in the early design validation and managing modifications in system design. 4) An MDE tool-chain named BlokIDE, which provides support for the proposed stochastic function blocks and automatic translation to the Prism language. This enables stochastic error modelling and integration with the Prism model checker for the purpose of proposed MBSA approach. 5) A proposal for conforming to IEC 61508 requirements using IEC 61499 modelbased approach, showing various specification and design various stages of the V-Model. To the best of our knowledge, the proposed approach is the very first attempt for providing a model-based safety assessment approach for industrial automation systems using IEC 61499 along with a comprehensive tool-chain.