Performs dynamic probabilistic risk assessment (PRA) of technological systems, developed under grants from University of Maryland, US Nuclear Regulatory Commission, Electric Power Research Institute, Ship Research Institute of Japan, Paul Scherrer Institute, Switzerland, 1993, 2001, 2006. Dynamic probabilistic risk assessment methods can improve nuclear plant probabilistic risk assessment by providing rich contextual information and an explicit consideration of feedback arising from complex equipment dependencies and operator actions. The Accident Dynamics Simulator paired with the Information, Decision, and Action in a Crew context cognitive model (ADS-IDAC) is one such dynamic method that shows promise for supported nuclear power plant risk assessments. The ADS-IDAC environment couples a thermal-hydraulic model with an operations crew cognitive model to permit the dynamic simulation of operator performance during nuclear power plant events. ADS-IDAC generates a discrete dynamic event tree (DDET) using simplified branching rules to model variations in crew responses. Branching events may include hardware failures; operator decisions or actions; and stochastic timing variabilities. In ADS-IDAC, the experience and training of each crew operator is reflected in the ADS-IDAC knowledge base. The knowledge base captures the information needed to assess the plant state, execute procedural actions, and match memorized response actions to perceived plant needs. Compared to more traditional risk assessment methods such as static linked event and fault tree approaches, dynamic PRA methods offer a number of significant advantages. Because a simulation model can provide a more realistic representation of plant accident response, the time available for operator actions, the presence (or absence) of key diagnostic cues, and contextual information about accident scenarios can be more directly assessed in support of human reliability analysis. Plant procedures and skill- and rule-based actions can be directly simulated in order to better account for feedback from the nuclear plant to the operations crew and assist in the identification of situational contexts where operators may commit errors of commission. Because dynamic simulation methods more explicitly represent the timing and sequencing of events, directly calculate the impact of variations of hardware and operator performance on the plant model, and are capable of capturing complex interdependencies, system success criteria is more realistic and does not include conservatisms due to scenario binning that is sometimes found in traditional static PRA models.


Developed for risk-based design of complex hybrid systems under a grant from NASA, 2005, SimPRA is an adaptive-scheduling simulation-based DPRA environment developed at the University of Maryland under NASA funding. SimPRA provides an extensive and multi-layered risk model building capability to capture engineering knowledge, design information, and any available information from operating experience, simplifying (and in part automating) the tasks typically undertaken by the risk analysts. In the SimPRA framework, the estimation of end state probabilities is based on the simulation of system behavior under stochastic and epistemic uncertainties. A new scenario exploration strategy is employed to guide the simulation in an efficient and targeted way. The SimPRA environment provides the analysts with a user-friendly interface and a rich DPRA library for the construction of the system simulation model. In SimPRA, a high-level simulation scheduler is constructed to control the simulation process, generally by controlling the occurrence of the random events inside the system model. To stimulate the desired types of scenarios, the input to the simulation model is also controlled, using scheduling algorithms. Rather than using a generic wide-scale exploration, the scheduler is able to pick up the important scenarios, which are essential to the final system risk, thus increasing the simulation efficiency. To do that, a high-level simulation planner is constructed to guide the scheduler to simulate the scenarios of interest. Therefore the SimPRA environment has three key elements: planner, scheduler, and simulator. The planner serves as a map for exploration of risk scenario space. The scenarios of interest are highlighted in the planner. The scheduler manages the simulation process, including saving system states, deciding the scenario branch selection, and restarting the simulation. The scheduler guides the simulation toward the plan generated by the planner. The scenarios with high importance would be explored with higher priority, while all other scenarios also have a chance to be simulated. Scheduler would favor the events with higher information and importance values. This is done with an entropy-based algorithm.


Developed for NASA for Space Shuttle mission risk management, 1997, 2001, 2002 developed for NASA (currently a commercial software used by several government agencies and industries worldwide).


Developed for the US Federal Aviation Administration for risk-informed safety oversight, 2007, IRIS software is a platform to perform probabilistic risk analysis (PRA) based on the Hybrid Causal Logic (HCL) methodology. The HCL methodology employs a model-based approach to system analysis. The framework contains a multi-layer structure that integrates event sequence diagrams (ESDs), fault trees (FTs), and bayesian belief networks (BBNs) without converting the entire system into a large BBN. This allows the most appropriate modeling techniques to be applied in the different individual domains of the system. The scenario or safety context is modeled in the first layer using event sequence diagrams. In the next layer, fault trees are used to model the behavior of the physical system as possible causes or contributing factors to the incidents delineated by the ESDs. The BBNs in the third layer extend the causal chain of events to potential human and organizational roots. The connections between the BBNs and ESD/FT logic models are formed by binary variables in the BBN that correspond to basic events in the FTs, or initiating events and pivotal events in the ESDs. The probability of the connected events is thus determined by the BBN. In order to quantify the hybrid causal model it is necessary to convert the three types of diagrams into a set of models that can communicate mathematically. This is accomplished by converting the ESDs and FTs into Reduced Ordered Binary Decision Diagrams (ROBDD). BBNs are not converted into ROBDDs; instead, a hybrid ROBDD/BBN is created. In this hybrid structure, the probability of one or more of the ROBDD variables is provided by a linked node in the BBN.