Risk Modeling - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Risk Modeling

Description:

Re-Writing Tree. Solution to satisfy G1 and G6. S1: G3,G4,G8. S2: G3,G5,G8 ... Re-Writing Tree. Find all possible set goal solutions to satisfy top-level goal ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 27
Provided by: not103
Category:

less

Transcript and Presenter's Notes

Title: Risk Modeling


1
Risk Modeling
  • The Tropos Approach
  • PhD Lunch Meeting 07/07/2005
  • Yudistira Asnar yudis.asnar_at_dit.unitn.it

2
Definition
  • Failure The inability of a system or component
    to perform its required functions within
    specified performance
  • Failure mode The physical or functional
    manifestation of a failure
  • Model of Risk Likelihood, but also effect of the
    failure
  • Risk Likelihood Severity
  • Severity 0,5
  • Likelihood 0,1

3
  • Every Choice has the own consequences

4
Risk Modeling
5
Goal Analysis
6
Objective of Risk Analysis
  • Traditionally
  • Find the most effective and efficient set of
    mitigation plans such that the risk can be
    manageable ? Strategy of choosing option
  • Increasing Quality of System (Reliability,
    Safety, Available, etc)
  • Tropos Approach The evaluation of the best
    solution must be based on
  • Adopt traditional ones
  • REAL Cost is the cost of achieving main goals and
    the cost of associated Mitigation Plans
  • This means selecting subgoals taking into account
    their risks and the associated mitigation plans
  • We should optimize not only one of them, but both
    at the same time

7
Basic Assumption
  • Failure Mode-Risk can be associated with
    Objective-Asset
  • Tropos Goal, Task/Plan, Resource
  • Property of Assets (Necessary)
  • Rank
  • Threshold (Confidence Level)
  • Denial Likelihood (DL) 0,1
  • Satisfaction Level (SL) 0,100

8
Risk Analysis Scenario
  • Given Threshold of each assets
  • Find the most efficient set of solutions, that
    can be acceptable for given threshold
    (satisfaction level and denial likelihood)
  • Given Budget for accomplishment
  • Find the set of solutions (Assets and Mitigation)
    with the highest satisfaction level and the least
    denial likelihood
  • How much does it cost for achieving the highest
    satisfaction and confidence level
  • Etc.

9
Case Study
10
Computing Impact
  • Top-Level Goals are annotated with their
    importance (Imp), that define by user
  • Leaf-Goal has rank (R), value that come form the
    function. It calculates order among all of them.
  • Failure modes are annotated with likelihood (L),
    a.k.a probability, and severity (S)
  • Links between failure modes and goals are
    annotated with Impact (I)-20,20 (e.g.
    Satisfaction reduction)

11
Computing Impact
  • The risk of a goal G is computed as Possibility
    of Loss (PL)
  • PLG RG SG (S L I) I 0
  • Mitigation Plans are chosen in order to reduce
    PLG, until acceptable value
  • PLG is acceptable if
  • PLG RG SL DL
  • If there is no mitigation plan for it, we can
    de-idealize (Confidence Level) of the least
    importance goal
  • How much we can do de-idealize?

12
Defining Importance
  • Propagation Importance of Top-Level Goal (value
    1, 2, 3, etc., the bigger means more important)
  • Set of Goals with the cheapest cost of
    satisfaction of top level goal
  • Rules??
  • And-Decomposition AND(G1,G2) ? G3
  • ImpG1ImpG2ImpG3
  • CostG3 CostG1 CostG2
  • Or-Decomposition OR(G1,G2) ? G3
  • ImpG31 ImpG21,2) and ImpG31,2) ? needs more
    precise
  • CostG2 gt CostG1? ImpG2 lt ImpG1
  • CostG3 Min(CostG1, CostG2)
  • G3 is sub goal of G1 and G2
  • ImpG3 Max(ImpG3-G1,ImpG3-G2)

13
Defining Rank
14
Failure Mode
  • Failure Mode contribute to Intermediate Goal, not
    just leaf goal
  • Failure modes can contribute not only to goals
    but to other failure modes
  • Failure Mode is traditionally represented as an
    isolated event, but in reality, there is
    interrelation among failure modes
  • Failure Mode property
  • Severity and Likelihood

15
Failure Mode
  • Contribution of FM1 to FM2, depends on the
    intrinsic risk of FM1 and the weight of edge
    connecting FM1 to FM2
  • Contribution among FMs can be meant
  • Modifying Likelihood
  • Modifying Severity
  • Weight of edge should represent both
  • Traditional Fault Trees are incomplete and faults
    should be represented as graphs

16
Computing Risk
  • In Case Study
  • Contribution of Explosive User Added means
    increasing just likelihood of Limited Key Space
  • R ? Original Risk, R ? Contributed Risk, R ?
    Mitigated Risk
  • R2 ? R2 M1
  • R1 ? R1 M2
  • R1 ? R1 R2

17
Failure Mode Identification
  • Goal has 2 dimension Satisfy and Maintain
  • Failure Mode of Goal (Negative-Goal)
  • Undesired thing
  • Something that not suppose to be maintained
  • Undesired Thing
  • Set-Theory
  • A U A
  • What is the Universe? ??
  • Context
  • Domain
  • Something that not suppose to be maintained??

18
Mitigation Plan
  • Mitigations are set of actions to reduce
    (Likelihood and Severity) of Failure Mode
  • Likelihood Threshold Denial-Likelihood
  • Severity Impact Threshold Satisfaction-Level
  • One mitigation action can reduce the one risk and
    can also increase the other risk
  • Choosing plan with considering
  • Severity Level of Risk
  • Some mitigation plan give the same effect to one
    particular failure mode

19
Mitigation Plan
  • Mitigations are annotated with Costs (C),
    Category (Transfer, Prevention, Detection,
    Retention, Alleviation, etc)
  • Link between mitigation and failure mode is
    annotated as Effect (E) (e.g. reduce/increase the
    risks)
  • Mitigation Plan Analysis
  • And-Or Decomposition
  • Positive-Negative Contribution
  • Mitigation Plan contribute to Goal, instead of
    Failure Mode
  • Mitigation Plan can fail
  • Introducing concept of time constrain to satisfy
    goal and to accomplish mitigation

20
Mitigation Plan Identification
  • Based on experience and repository
  • ??

21
Re-Writing Tree
  • Solution to satisfy G1 and G6
  • S1 G3,G4,G8
  • S2 G3,G5,G8
  • S3 G3,G4,G9,G10
  • S4 G3,G5,G9,G10

22
Classic Approach
  • Top-Down

23
Approach to Solve
  • Classic Top-Down ? Bottom-Up ? Adjustment
  • Re-Writing Tree

24
Re-Writing Tree
  • S1 G3,G4,G8 M1,M2,M3
  • S2 G3,G5,G8 M2,M3
  • S3 G3,G4,G9,G10 M1,M2,M3,M4
  • S4 G3,G5,G9,G10 M2,M3,M4

25
Re-Writing Tree
  • Find all possible set goal solutions to satisfy
    top-level goal
  • Find all Mitigation Plans that is reachable from
    set goal solution
  • Calculate (Cost, Confidence Level) all possible
    combination between set goal solutions and all
    subset of mitigation plans
  • Needs something to reduce the search space

26
Severity - Mitigation Plan
Write a Comment
User Comments (0)
About PowerShow.com