United States Nuclear Regulatory Commission - Protecting People and the Environment

Developing a Bayesian Belief Network Model for Quantifying the Probability of Software Failure of a Protection System (NUREG/CR-7233)

On this page:

Download complete document

Publication Information

Manuscript Completed: July 2016
Date Published: January 2018

Prepared by:
Tsong-Lun Chu1, Athi Varuttamaseni1, Meng Yue1,
Seung Jun Lee2, Hyun Gook Kang3, Jaehyun Cho4, and Steve Yang5

1Brookhaven National Laboratory
2Ulsan National Institute of Science and Technology
3Korea Advanced Institute of Science and Technology
4Korea Atomic Energy Research Institute
5NUV Technology, LLC

Ming Li, NRC Project Manager

Office of Nuclear Regulatory Research
U.S. Nuclear Regulatory Commission
Washington DC 20555-0001

Availability Notice


A new approach has been developed to quantify the software failure probabilities in nuclear power plant (NPP) digital instrumentation and control (I&C) systems. Specifically, this approach uses a Bayesian belief network (BBN) to model the causal relationships between the software development life cycle, the number of residual defects within software, and the software failure probability. The software development life cycle (SDLC) characteristics (e.g., development quality and verification and validation (V&V) quality), and software-self characteristics (e.g., size and complexity) are represented using a hierarchical structure. As part of the BBN model development, the SDLCs were classified into five phases: requirements, design, implementation, testing, and installation/checkout. Information for each phase (or activity) was abstracted from the relevant guidance and standards documents. A BBN sub-model was then developed for each phase to estimate the number of software defects remaining. The phase sub-models include the quality of software development and verification and validation (V&V) activities, which affect the number of defects inserted and the number of defects detected/removed in that specific phase. Three rounds of expert elicitation were used to complete the BBN model. The first two rounds used experts with knowledge and experience in the general application of software quality assurance to assist in the identification of BBN nodes, the construction of the BBN model structure (the causal relationship), and the establishment of the Node Probability Tables (NPTs) (the causal relationship quantification). The NPTs were further Bayesian updated using literature data available from the literature and the limited amount of development and V&V data. The insights gained from these elicitations were used to develop a BBN model for NPP digital safety software. The outputs from the third round of elicitations were used as inputs to the BBN model applications to two trial nuclear systems: (1) the Loop Operating Control System (LOCS) of the Advanced Test Reactor (ATR) at Idaho National Laboratory, and (2) the prototype Integrated Digital Protection System-Reactor Protection System (IDiPS-RPS) developed by the Korea Atomic Energy Research Institute (KAERI). Experts who are familiar with the software development, including V&V activities, of the two trial systems provided these inputs. The results obtained from applications of the modified BBN model to two nuclear applications as well as an assessment of the feasibility of using BBNs for quantifying software failure probabilities are discussed herein.

Page Last Reviewed/Updated Wednesday, January 24, 2018