This paper presents a method to conceptually model sacrificing non-critical sub-systems, or components, in a failure scenario to protect critical system functionality through a functional failure modeling technique. The method presented here helps systems designers to better understand where failures propagate through systems and guides modification of systems functional models to adjust the way in which systems fail to have more desirable characteristics. A preferred functional model configuration that has a desirable failure flow distribution can then be identified. The alternative functional models suggest different approaches to mitigating an emergent system failure vulnerability in the electrical power system's heat extraction capability. An example is presented wherein a functional model of an electrical power system testbed is iteratively perturbed to generate alternatives. This paper presents a framework for exploring a space of functional models using graph rewriting rules and a qualitative failure simulation framework that presents information in an intuitive manner for human-in-the-loop decision-making and human-guided design. Use of the method may result in a system that causes less SoS damage during a failure event.Ī challenge systems engineers and designers face when applying system failure risk assessment methods such as probabilistic risk assessment (PRA) during conceptual design is their reliance on historical data and behavioral models. A functional and flow approach to analyzing spurious emissions and developing mitigation strategies is used in the method. The method is suited for use during the system architecture phase of the system design process. This paper presents a method to (1) analyze a system for potential spurious emissions and (2) choose mitigation strategies that provide the best return on investment for the SoS. It is therefore important to develop systems that are “good neighbors” with the other systems in a SoS by failing in ways that do not further degrade a SoS’s ability to complete its mission. ![]() While the failure of one system within a SoS may produce little collateral damage beyond a loss in SoS capability, a highly interconnected SoS can experience significant damage when one member system fails in an unanticipated way. ![]() Increasingly tight coupling and heavy connectedness in systems of systems (SoS) presents new problems for systems designers and engineers. The method is intended for use during the system architecture phase of the system design process when functional architectures are being developed, and analysis of alternatives and trade-off studies are being conducted. This paper presents a method to (1) analyze a system of interest (SoI) for potentially harmful spurious system emissions (failure flows that exit the SoI's system boundary and may cause failure initiating events in other systems within the SoS), and (2) choose mitigation strategies that provide the best return on investment for the SoS. It is therefore important to develop systems that are “good neighbors” with the other systems in a SoS by failing in ways that do not further degrade a SoS's ability to complete its mission. While the failure of one system within a loosely coupled SoS may produce little collateral damage beyond a loss in SoS capability, a highly interconnected SoS can experience significant damage when one member system fails in an unanticipated way. A liquid fueled rocket engine serves as a case study to illustrate the benefits of the methodology. In this light, this paper introduces the Flow State Logic (FSL) method as a means for reasoning on the state of EMS flows that allows the assessment of failure propagation over potential flows that were not considered in a functional representation of a “nominally functioning” design. To capture possible failure propagation paths, a function-based reliability method must consider all potential flows, and not be limited to the function structure of the nominal state. Specifically, when failures are modeled to propagate along energy, material, and signal (EMS) flows, a nominal-state functional model is insufficient for modeling all types of failures. This paper asserts that, in non-nominal system states, the functional representation limits the scope of failure analysis. These methods all use a functional representation as the basis for reliability analysis. In the past several years, various research methods have been presented in the design community to move reliability analysis into the early conceptual design stages. Implementing these analyses early in the design stage can reduce costs associated with redesign and provide important information on design viability. For safety critical complex systems, reliability and risk analysis are important design steps.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |