DOCSLIB.ORG

EPRI #3002002990, Digital Common-Cause Failure Susceptibility, 2014 Project Status

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
EPRI #3002002990, Digital Common-Cause Failure Susceptibility, 2014 Project Status Digital Common-Cause Failure Susceptibility 2014 Project Status 3002002990 Digital Common-Cause Failure Susceptibility 2014 Project Status 3002002990 Technical Update, November 2014 EPRI Project Manager R. Torok All or a portion of the requirements of the EPRI Nuclear Quality Assurance Program apply to this product. ELECTRIC POWER RESEARCH INSTITUTE 3420 Hillview Avenue, Palo Alto, California 94304-1338 . PO Box 10412, Palo Alto, California 94303-0813 . USA 800.313.3774 . 650.855.2121 . [email protected] . www.epri.com DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITIES THIS DOCUMENT WAS PREPARED BY THE ORGANIZATION(S) NAMED BELOW AS AN ACCOUNT OF WORK SPONSORED OR COSPONSORED BY THE ELECTRIC POWER RESEARCH INSTITUTE, INC. (EPRI). NEITHER EPRI, ANY MEMBER OF EPRI, ANY COSPONSOR, THE ORGANIZATION(S) BELOW, NOR ANY PERSON ACTING ON BEHALF OF ANY OF THEM: (A) MAKES ANY WARRANTY OR REPRESENTATION WHATSOEVER, EXPRESS OR IMPLIED, (I) WITH RESPECT TO THE USE OF ANY INFORMATION, APPARATUS, METHOD, PROCESS, OR SIMILAR ITEM DISCLOSED IN THIS DOCUMENT, INCLUDING MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, OR (II) THAT SUCH USE DOES NOT INFRINGE ON OR INTERFERE WITH PRIVATELY OWNED RIGHTS, INCLUDING ANY PARTY'S INTELLECTUAL PROPERTY, OR (III) THAT THIS DOCUMENT IS SUITABLE TO ANY PARTICULAR USER'S CIRCUMSTANCE; OR (B) ASSUMES RESPONSIBILITY FOR ANY DAMAGES OR OTHER LIABILITY WHATSOEVER (INCLUDING ANY CONSEQUENTIAL DAMAGES, EVEN IF EPRI OR ANY EPRI REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES) RESULTING FROM YOUR SELECTION OR USE OF THIS DOCUMENT OR ANY INFORMATION, APPARATUS, METHOD, PROCESS, OR SIMILAR ITEM DISCLOSED IN THIS DOCUMENT. REFERENCE HEREIN TO ANY SPECIFIC COMMERCIAL PRODUCT, PROCESS, OR SERVICE BY ITS TRADE NAME, TRADEMARK, MANUFACTURER, OR OTHERWISE, DOES NOT NECESSARILY CONSTITUTE OR IMPLY ITS ENDORSEMENT, RECOMMENDATION, OR FAVORING BY EPRI. THE FOLLOWING ORGANIZATIONS PREPARED THIS REPORT: Electric Power Research Institute (EPRI) Southern Engineering Services, Inc. Applied Reliability Engineering, Inc. THE TECHNICAL CONTENTS OF THIS PRODUCT WERE NOT PREPARED IN ACCORDANCE WITH THE EPRI QUALITY PROGRAM MANUAL THAT FULFILLS THE REQUIREMENTS OF 10 CFR 50, APPENDIX B. THIS PRODUCT IS NOT SUBJECT TO THE REQUIREMENTS OF 10 CFR PART 21. This is an EPRI Technical Update report. A Technical Update report is intended as an informal report of continuing research, a meeting, or a topical study. It is not a final EPRI technical report. NOTE For further information about EPRI, call the EPRI Customer Assistance Center at 800.313.3774 or e-mail [email protected]. Electric Power Research Institute, EPRI, and TOGETHER…SHAPING THE FUTURE OF ELECTRICITY are registered service marks of the Electric Power Research Institute, Inc. Copyright © 2014 Electric Power Research Institute, Inc. All rights reserved. ACKNOWLEDGMENTS The following organizations prepared this report: Electric Power Research Institute (EPRI) Principal Investigator R. Torok Southern Engineering Services, Inc. 331 Allendale Drive Canton, Georgia 30115 Principal Investigator B. Geddes Applied Reliability Engineering, Inc. 1478 27th Avenue San Francisco, CA 94122 Principal Investigator D. Blanchard This report describes research sponsored by EPRI. This publication is a corporate document that should be cited in the literature in the following manner: Digital Common-Cause Failure Susceptibility: 2014 Project Status. EPRI, Palo Alto, CA: 2014. 3002002990. iii ABSTRACT Owner/operators of nuclear plants need to be able to systematically identify and assess susceptibilities to potential digital system failures and unintended behaviors that can lead to failures in plant systems, including common-cause failures (CCF). These vulnerabilities are managed using a combination of preventive and mitigative measures, but there is no consensus approach for crediting such measures to develop assurance that there is adequate protection against the consequences of potential failures and unintended behaviors involving digital systems. This concern applies to both safety and non-safety systems. While methods for ensuring high dependability in safety systems are generally well developed, non-safety systems typically use different design and quality assurance approaches; and corresponding consensus guidance and acceptance criteria for them are not well established. This technical update provides a status report on an ongoing EPRI project that is developing practical guidance to help utility engineers, equipment suppliers, and system integrators assess and manage a full range of digital instrumentation and control (I&C) failure and CCF susceptibilities. It describes the important technical issues and provides a preliminary description of the overall approach being developed by the project team, including key underlying concepts and principles that form the technical basis of the approach. The final product will be published in 2015. Keywords Common-cause failure (CCF) Coping analysis Diversity Digital Instrumentation and control systems v CONTENTS 1 INTRODUCTION ..................................................................................................................1-1 2 TECHNICAL ISSUES ...........................................................................................................2-1 Common-Cause Failure .....................................................................................................2-1 Software CCF and Design Defects .....................................................................................2-3 Protecting Against the Effects of CCF ................................................................................2-4 3 TECHNICAL APPROACH ....................................................................................................3-1 Key Terms ..........................................................................................................................3-1 Protection = Preventive and/or Mitigative Measures ...........................................................3-2 Defects and Triggers ..........................................................................................................3-3 Level of Interest ..................................................................................................................3-4 Diversity .............................................................................................................................3-5 4 ASSESSING AND MANAGING DIGITAL FAILURE SUSCEPTIBILITIES ...........................4-1 Holistic Approach ...............................................................................................................4-1 Safety versus Non-Safety ...................................................................................................4-2 Safety Systems ............................................................................................................4-2 Non-Safety Systems .....................................................................................................4-2 Considerations for Assessment ..........................................................................................4-3 5 PROJECT STATUS AND DELIVERABLES .........................................................................5-1 Guideline Description .........................................................................................................5-1 Schedule ............................................................................................................................5-1 6 REFERENCES .....................................................................................................................6-1 vii LIST OF FIGURES Figure 2-1 Analog Plant ...........................................................................................................2-2 Figure 2-2 Analog Plant with a Digital Feedwater Control (DFW) Upgrade ...............................2-2 Figure 2-3 Digital Feedwater Control and Digital Electrohydraulic (DEH) Turbine Control ........2-3 Figure 3-1 Protection = Preventive and/or Mitigative Measures................................................3-2 Figure 3-2 Conditions Required for Digital Failures and Digital CCFs ......................................3-4 Figure 3-3 Plant Architecture Hierarchy Illustrating “Level of Interest” Issue .............................3-5 ix 1 INTRODUCTION Operating nuclear plants are gradually transitioning much of their aging and obsolete instrumentation and control (I&C) equipment from analog to digital technology. However, the introduction of software-based instrumentation and control (I&C) equipment in critical safety and control system applications in nuclear power plants raises the concern that latent software and other ‘digital’ faults could create new failure modes and unintended behaviors that might defeat traditional protective features. New nuclear plants will be ‘all digital;’ they will use more extensive and highly integrated I&C systems than existing plants, with correspondingly greater potential for new failure modes and unanticipated behaviors. Owner/operators of nuclear plants need to be able to systematically identify and assess susceptibilities to potential digital system failures and unintended behaviors that can lead to failures in plant systems, including common-cause failures (CCF). These vulnerabilities are managed using a combination of preventive and mitigative measures, but there is no consensus approach for crediting such measures to develop
Load more

Recommended publications
  • Challenges and Directions for Dependable Computing”
    Workshop “Challenges and Directions for Dependable Computing” 41st Meeting of IFIP WG 10.4 — Saint John, US VI — January 4-8, 2002 — — — 01. From Fault Injection Experiments to Dependability Benchmarking Jean Arlat (LAAS-CNRS, Toulouse, France) 02. Building a Hierarchical Defense: An Immune System Paradigm for Fault-Tolerant System Design Algirdas Avizˇienis (University of California at Los Angeles, USA) 03. Dependable Computer Networks Dimiter R. Avresky (Northeastern University, Boston, MA, USA) 04. Interactions and Tradeoffs between Software Quality Attributes Mario Barbacci and Charles B. Weinstock (SEI-CMU, Pittsburgh, PA, USA) 05. Production Process of Dependable Systems / Human Factors / Emerging Applications / Middleware Platforms Andrea Bondavalli (University of Florence, Italy), Felicita Di Giandomenico (IEI-CNR, Pisa, Italy) and Luca Simoncini (CNUCE-CNR and University of Pisa, Italy) 06. Creating Robust Software Interfaces: Fast, Cheap, Good — Now You Can Get All Three John DeVale and Philip Koopman (Carnegie Mellon University, Pittsburgh, PA, USA) 07. Pervasive Dependability: Moving Dependable Computing Towards Mainstream Systems Cristof Fetzer and Richard D. Schlichting (AT&T Labs–Research, Florham Park, NJ, USA) 08. Dependability Challenges in Model-Centered Software Development David P. Gluch (Embry-Riddle Aeronautical University, Daytona Beach, FL, USA) 09. Report Correlation for Improved Intrusion Detection and Fault Diagnostics Walter L. Heimerdinger (Honeywell Technology Center, Minneapolis, MN, USA) 10. Future Automotive Scenarios and R&D Challenges Günter Heiner (DaimlerChrysler AG, Berlin, Germany) 11. Dependability Challenges in Pushed-based Systems Yennun Huang (PreCache Inc., Bridgewater, NJ, USA) 12. Dependability Challenges in the Field of Embedded Systems Hermann Kopetz (Vienna University of Technology, Austria) 13. Dependability: Information Assurance Research Agenda Jaynarayan H.
    [Show full text]
  • Assessing Asymmetric Fault-Tolerant Software
    Assessing asymmetric fault-tolerant software Peter Popov, Lorenzo Strigini Centre for Software Reliability City University London United Kingdom [email protected], [email protected] Abstract — The most popular forms of fault tolerance against components in these systems. But this research has been design faults use "asymmetric" architectures in which a mostly limited to “symmetric” architectures: “multiple "primary" part performs the computation and a "secondary" version software” and similar schemes, in which two or part is in charge of detecting errors and performing some kind more diverse, redundant components perform equivalent of error processing and recovery. In contrast, the most studied functions and their outputs are “adjudicated” (by voting or forms of software fault tolerance are "symmetric" ones, e.g. N- some other algorithm, built into the computer system or the version programming. The latter are often controversial, the physical controlled systems) to decide which values will be former are not. We discuss how to assess the dependability output to the controlled system. Such architectures are gains achieved by these methods. Substantial difficulties have important for some highly critical applications, but also been shown to exist for symmetric schemes, but we show that expensive and relatively rare. In most systems, fault the same difficulties affect asymmetric schemes. Indeed, the latter present somewhat subtler problems. In both cases, to tolerance against design faults takes the form of predict the dependability of the fault-tolerant system it is not “asymmetric” architectures, in which a “primary” enough to know the dependability of the individual component (we will often use the term “primary” alone for components.
    [Show full text]
  • Learning Ios Design Addison-Wesley Learning Series
    Learning iOS Design Addison-Wesley Learning Series Visit informit.com/learningseries for a complete list of available publications. The Addison-Wesley Learning Series is a collection of hands-on programming guides that help you quickly learn a new technology or language so you can apply what you’ve learned right away. Each title comes with sample code for the application or applications built in the text. This code is fully annotated and can be reused in your own projects with no strings attached. Many chapters end with a series of exercises to encourage you to reexamine what you have just learned, and to tweak or adjust the code as a way of learning. Titles in this series take a simple approach: they get you going right away and leave you with the ability to walk off and build your own application and apply the language or technology to whatever you are working on. Learning iOS Design A Hands-On Guide for Programmers and Designers William Van Hecke Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products Editor-in-Chief are claimed as trademarks. Where those designations appear in this book, and the pub- Mark L. Taub lisher was aware of a trademark claim, the designations have been printed with initial Senior Acquisitions capital letters or in all capitals. Editor The author and publisher have taken care in the preparation of this book, but make no Trina MacDonald expressed or implied warranty of any kind and assume no responsibility for errors or omis- Development sions.
    [Show full text]
  • [Dense, Subtropical, Sustainable] the Liveable Multi-Storey Apartment Building
    [DENSE, SUBTROPICAL, SUSTAINABLE] THE LIVEABLE MULTI-STOREY APARTMENT BUILDING Rosemary Kennedy BDesSt. BArch(Hons) UQld GradCert(EnvMan) UQld Submitted in fulfilment of the requirements for the degree of Doctor of Philosophy Centre for Subtropical Design Creative Industries Faculty Queensland University of Technology June 2015 Keywords Architecture, apartments, apartment buildings, acoustics, air quality, air- conditioning, balconies, charrette, climate, climate-responsive design, crisis, daylight, density, dwelling, energy, energy efficiency, housing, greenhouse gas emissions, liveability, multi-storey apartment building, neighbourhood, noise, post- occupancy evaluation, privacy, private open space, renewable energy technology, residents, resident perceptions, residential environment, resilience, satisfaction, satisficing, subtropical, sustainability, thermal comfort, typology, urban consolidation, ventilation [Dense, subtropical, sustainable] The liveable multi-storey apartment building i Abstract This study positions private-sector multi-storey apartment buildings (MSABs) in Australia’s subtropical cities within the context of urban sustainability and identifies the conundrums associated with the suitability and acceptance of apartment buildings as a housing type in this mix. Not only is the MSAB inherently energy-intensive, but Australian residents have expressed a reluctance to transition permanently to apartment living. Unless apartment living becomes a far more attractive proposition for residents, and apartment buildings far less CO2 intensive, then apartment developments will remain incongruous elements of the 21st Century city. While many researchers have investigated the relationship between urban consolidation, density and housing form in terms of overall urban energy consumption of the contemporary Australian city, relatively little is known about the social, cultural, economic and environmental “fit” of MSABs, and particularly the dwellings within them, with the lifestyle expectations of residents of Australia’s subtropical humid settlements.
    [Show full text]
  • Nrc Technical Basis for Evaluation of Its Position on Protection Against Common Cause Failure in Digital Systems Used in Nuclear Power Plants
    NRC TECHNICAL BASIS FOR EVALUATION OF ITS POSITION ON PROTECTION AGAINST COMMON CAUSE FAILURE IN DIGITAL SYSTEMS USED IN NUCLEAR POWER PLANTS Steven A. Arndt, Rossnyev Alvarado, Bernard Dittman and Kenneth Mott1 U.S. Nuclear Regulatory Commission Washington, D.C. 20555 [email protected]; [email protected]; [email protected]; [email protected] Richard Wood Department of Nuclear Engineering University of Tennessee Knoxville, TN 37996 [email protected] ABSTRACT Digital technology has advantages over analog systems, including automated monitoring and alerts for standby safety functions, and predictive algorithms to maintain critical safety systems. Additionally, digital technology generally has higher reliability and can be designed to reduce single point vulnerabilities. For these reasons many nuclear plants have applied digital technology to safety and non-safety related applications, including reactor protection system, feedwater and turbine controls, etc. with a corresponding significant improvement in trip reduction. Nonetheless, digital instrumentation and control (I&C) systems also present potential new vulnerabilities that need to be assessed, including potential failures due to increased complexity of digital systems, the introduction of unique failure modes due to software (including software common cause failure (CCF)), and limited operating history of digital systems in nuclear safety related applications compared to analog systems. The fact that software is intangible means that common methods, such as analysis or testing, used for detecting CCF may not be effective when applied to software. Consequently, digital technology is perceived to pose a potential risk from the introduction of undetected systematic faults that could result in CCF. Despite the I&C system upgrades and modifications performed to date, the U.S.
    [Show full text]
  • A FAULT TOLERANT INTEGRATED Cl RCUIT MEMORY Thesis By
    A FAULT TOLERANT INTEGRATED Cl RCUIT MEMORY Thesis by Anthony Francis Barton In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy California Institute of Technology Pasadena, California 1980 (Submitted April 14, 1980) - i i - ACKNOWLEDGEMENTS First would like to thank my parents whose support and encouragement have been unfailing over the past 26 years. Their early teaching and later guidance have been the most important influences in my life. At Caltech my chief mentor was Chuck Seitz, my advisor; I am grateful to him for suggesting the topic for this research and for his help with and interest in the project. Useful contribu­ tions were also made by Lennart Johnsson, Jim Kajiya, Carver Mead and I van Sutherland. have a lso benefited from working, talking and relaxing with other members of the Caltech community too numerous to mention individually. Acknowledgements for financial support go to the North Atlantic Treaty Organisation (studentship 8/76/ 3003) and the Defence Advanced Research Projects Agency (contracts N00123-78-C-0806 and N00014-79-C-0597). - iii - ABSTRACT Most commercially produced integrated circuits are incapable of tolerating manufacturing defects. The area and function of the circuits is thus limited by the probability of faults occurring within the circuit. This thesis examines techniques for using redundancy in memory circuits to provide fault tolerance and to increase storage capacity. A hierarchical memory architecture using multiple Hamming codes is introduced and analysed to determine its resistance to manufacturing defects. The results of the analysis indicate that substantial yield improvement is possible with relatively modest increases in circuit area.
    [Show full text]
  • Howell, Ocean (2001). "The Poetics of Security: Skateboarding, Urban
    The Poetics of Security: Skateboarding, Urban Design, and the New Public Space by Ocean Howell (© 2001. No portion of this essay, text or image, may be reproduced without author's consent.) Abstract: Skateboarding is a thorn in the side of landscape architects, planners, and building owners; so much so that there are now design workshops that teach a series of defensive architectural tactics for deterring the activity. The type of skateboarding that plagues these architects and the spaces they create, "street skating," has only existed for about 15 years, and in fact was born out of the barren, defensive spaces created by redevelopment. Viewed in this light, it is clear that street skating is not only an impetus for defensive architecture, but also a symptom of defensive architecture. Recognizing that redevelopment spaces fostered pathologies, cities and corporations have begun to build more friendly spaces in the past couple of decades. But they have been careful to ensure that the spaces are only friendly to a select subset of the public, namely office workers and consumers. To create such spaces requires knowledge of the minutest details of undesirable behaviors—a knowledge that can only be gleaned through surveillance. Because the resultant spaces appear open but exclude the vast majority of the citizenry, they represent a restrictive discourse of publicness. Although the destructive effects of skateboarding have been exaggerated, the purpose of this essay is not to argue that skateboarding should be permitted in public space. It is by virtue of its status as a misuse of these spaces—and because it is a symptom of defensive design—that skateboarding is exceptionally good at drawing attention to the quietly exclusionary nature of the new public space.
    [Show full text]
  • Massachusetts Institute of Technology Engineering Systems Division
    Massachusetts Institute of Technology Engineering Systems Division Working Paper Series ESD-WP-2003-01.20-ESD Internal Symposium ESD SYMPOSIUM COMMITTEE OVERVIEW: ENGINEERING SYSTEMS RESEARCH AND PRACTICE ESD Symposium Committee MAY 29-30, 2002 ESD Symposium Committee Overview Engineering Systems Research and Practice ESD Symposium Committee 2 Table of Contents I. Summary......................................................................................................................... 3 II. Introduction.............................................................................................................3 III. What Makes Engineering Systems Interesting, Challenging, and Important?........4 a. Large Scale.............................................................................................................. 4 b. Complexity..............................................................................................................4 c. High or Varying Rates of Change........................................................................... 5 d. The “ilities”............................................................................................................. 5 IV. A Multidimensional View of Engineering Systems................................................ 6 a. The Technical Dimension .......................................................................................6 b. The People/Organization Dimension ...................................................................... 7 c. The Context Dimension .........................................................................................
    [Show full text]
  • VDC and the Engineering Continuum
    VDC and the Engineering Continuum Gregory P. Luth, Ph.D., S.E. Gregory P. Luth & Associates, Inc. Abstract In this paper we provide a brief overview of the historical underpinnings of the design-construction industry and the development of design engineering and construction engineering as independent, but related sub-disciplines of civil engineering. The effects of the 1st and 2nd generation of computer tools on the design engineering are identified. The complementary and evolving definitions of Construction Engineering and Design Engineering are examined, specifically in the context of Structural Design Engineering activities and deliverables and the corresponding Construction Engineering activities and deliverables. The concept of an “Engineering Continuum” is introduced and the process is recast in light of that concept. Several case studies are used to examine the promise of third generation design-construction computing technologies such as Virtual Design and Construction and their potential beneficial impact on the cost and schedule of the typical design- construction project. Refinements to the definitions of construction and design engineering that have the potential to maximize the benefits of 3rd generation technology are proposed with an eye towards the form of 4th generation computing technologies that are on the horizon. Keywords: VDC, integration, detailed construction model, simulation 1 Introduction It is always fascinating to study the historical context that underpins the current topics of discussion. Civil engineering dates back over 5000 years to when the technical focus was on the art of transporting and stacking large rocks for projects such as Stonehenge and the Pyramids. Structural engineering evolved as distinct discipline within civil engineering in the mid-19th century in response to the increased complexity that came with better understanding of the science, development of analytical tools, and the evolution of long span bridges and high rise buildings enabled by the perfection of steel making in the latter half of the century.
    [Show full text]
  • Getting Real the Smarter, Faster, Easier Way to Build a Successful Web Application
    Getting Real The smarter, faster, easier way to build a successful web application by 37signals This book was prepared for Jason Evans and up to 10 co-workers. Copyright © 2006 by 37signals All rights reserved. No part of this book may be reproduced in any form or by any electronic or mechanical means, including information storage and retrieval systems, without permission in writing from 37signals, except by a reviewer who may quote brief passages in a review. First edition This book was prepared for Jason Evans and up to 10 co-workers. Contents 1 Introduction 2 What is Getting Real? 6 About 37signals 9 Caveats, disclaimers, and other preemptive strikes 12 The Starting Line 13 Build Less 14 What’s Your Problem? 17 Fund Yourself 19 Fix Time and Budget, Flex Scope 21 Have an Enemy 24 It Shouldn’t be a Chore 25 Stay Lean 26 Less Mass 29 Lower Your Cost of Change 31 The Three Musketeers 33 Embrace Constraints 35 Be Yourself 37 Priorities 38 What’s the Big Idea 40 Ignore Details Early On 42 It’s a Problem When It’s a Problem 43 Hire the Right Customers 44 Scale Later 46 Make Opinionated Software This book was prepared for Jason Evans and up to 10 co-workers. 47 Feature Selection 48 Half, Not Half-Assed 49 It Just Doesn’t Matter 51 Start With No 53 Hidden Costs 54 Can You Handle It? 55 Human Solutions 56 Forget Feature Requests 58 Hold the Mayo 59 Process 60 Race to Running Software 62 Rinse and Repeat 64 From Idea to Implementation 66 Avoid Preferences 68 “Done!” 70 Test in the Wild 72 Shrink Your Time 75 The Organization 76 Unity 77 Alone Time 79 Meetings Are Toxic 81 Seek and Celebrate Small Victories 82 Staffing 83 Hire Less and Hire Later 85 Kick the Tires 86 Actions, Not Words 88 Get Well Rounded Individuals 89 You Can’t Fake Enthusiasm 90 Wordsmiths 91 Interface Design 92 Interface First 94 Epicenter Design This book was prepared for Jason Evans and up to 10 co-workers.
    [Show full text]
  • Software Engineering & Design OUTLINE of COURSE
    Software Engineering and Design Software Engineering & Design CST IIG / CS Diploma Alan Blackwell OUTLINE OF COURSE Introduction – the “Software Crisis” Software Construction Object-oriented Design Interaction Design Design Challenges Project Management CS Part II General / CS Diploma Page 1 Software Engineering and Design Books Code Complete: A practical handbook of software construction Steve McConnell, Microsoft Press 1993 UML Distilled (2nd edition) Martin Fowler, Addison-Wesley 2000 Interaction Design: Beyond human-computer interaction Jenny Preece, Helen Sharp & Yvonne Rogers, Wiley 2002 Software Engineering (European edition) Roger Pressman, McGraw-Hill 2001 Further: Programming as if People Mattered, Nate Borenstein The Mythical Man Month, Fred Brooks Computer-Related Risks, Peter Neumann The Sciences of the Artificial, Herb Simon Educating the Reflective Practitioner, Donald Schon London Ambulance Service & CAPSA reports, Finkelstein Supervisions The course is practical, not theoretical Designed specifically to feed in to your projects (and your future life …) No point in having supervisions to discuss the material until you have tried it in practice, so: Part IIG students (group project) Supervisions should help you apply project management, object-oriented design methods etc. in your group Diploma students (project and dissertation) Supervisions should address interface design issues, coding, testing and evaluation techniques. CS Part II General / CS Diploma Page 2 Software Engineering and Design Introduction The Software Crisis London Ambulance Service The project: automate inefficient manual operation 999 calls written on forms map reference looked up conveyor belt to central point controller removes duplicates, passes to NE/NW/S district division controller identifies vehicle and puts note in its ‘activation box’ form passed to radio dispatcher Takes about 3 minutes, and 200 staff (of 2,700 total).
    [Show full text]
  • SUSTAINABLE LANDSCAPE in UNIVERSITY CAMPUS URBAN DESIGN by Ahmed Ibrahim Amr B.Sc
    Department of Architecture Faculty of Engineering Ain Shams University SUSTAINABLE LANDSCAPE IN UNIVERSITY CAMPUS URBAN DESIGN By Ahmed Ibrahim Amr B.Sc. Architecture, Ain Shams University, 2010 A thesis Submitted to the Faculty of Engineering in Partial Fulfillment of requirements for the degree of Master of Science in Architecture Supervised by Prof. Prof. Prof. Shaimaa Kamel Germin El Gohary Johannes Hamhaber Professor of Architecture Professor of Landscape Professor of Urban and Regional Department of Architecture Department of Management Faculty of Engineering Urban Design and Planning ITT Ain Shams University Faculty of Engineering Cologne University of Applied Ain Shams University Sciences Ain Shams University CAIRO, EGYPT 2015 STATEMENT This thesis is submitted to Ain Shams University for the degree of Master in Architecture. The work included in this thesis was accomplished by the author at the Department of Architecture, Faculty of Engineering; Ain shams University. No part of this thesis has been submitted for a degree or a qualification at any other university or institute. Date: / /2015 Signature: Name: Ahmed Ibrahim Amr Faculty: Faculty of Engineering – Ain Shams University i BOARD OF EXAMINERS Examiner Signature Prof. Ayman Hassaan Mahmoud Professor of Landscape Faculty of Engineering Cairo University A. Prof. Ahmed Atef Faggal Associate Professor of Architecture Faculty of Engineering Ain Shams University Prof. Shaimaa Mohamed Kamel Professor of Architecture Faculty of Engineering Ain Shams University Prof. Germin Farouk El Gohary Professor of Landscape Faculty of Engineering Ain Shams University ii ACKNOWLEDGEMENTS First of all, I would like to thank God for his generosity, blessings and giving me power, health and patience to finish this piece of work.
    [Show full text]