In the design phase of digital instrument control system, the reactor scram subsystem is a complex system that is constructed by hardware, software, system interaction and communication. So the single analysis method such as FMEA and FTA are all have limitations. FMEA and FTA are all based in the accident model with event chain. FTA is not suitable for the discovery of software and communication failures and other problems with high coupling degree, time series association, constraints of control. Three independent basic analysis methods, FMEA, FTA and STPA, are combined to form the statistical table of failure and failure coverage. For FMEA and FTA, the design safety problem detection rate is only 74.1% and 64% respectively for reactor scram subsystem. The detection rate of STPA for reactor SCRAM subsystem is up to 95.1%. Meanwhile, multiple method fusion can cover all the safety issues triggered by hardware, software, system interaction, and communication failure and defect. The analysis of this paper shows that multiple method fusion is better than single method. STPA method is superior to other single security analysis methods. STPA method can effectively make up for the inadequacy of FMEA and FTA method.

This content is only available via PDF.
You do not currently have access to this content.