See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/261120209

On Component Reliability and System Reliability for Space Missions

Conference Paper · April 2012

DOI: 10.1109/IRPS.2012.6241831

CITATIONS READS
13 1,802

5 authors, including:

Amanda Koons-Stapf
SAIC
8 PUBLICATIONS 45 CITATIONS

SEE PROFILE

All content following this page was uploaded by Amanda Koons-Stapf on 17 September 2015.

The user has requested enhancement of the downloaded file.

 On Component Reliability and System Reliability for
Space Missions
Yuan Chen1, Amanda M. Gillespie2, Mark W. Monaghan2, Michael J. Sampson3, Robert F. Hodson1
1
NASA Langley Research Center, 5 N Dryden St., MS 488, Hampton, VA, 23681
Phone : 757-864-3344, Email:
[email protected]
2
SAIC-LX-2, NASA Kennedy Space Center, FL 32899 USA
3
NASA Goddard Space Flight Center, NASA Goddard Space Flight Center, Greenbelt, MD 20771
Abstract—This paper is to address the basics, the limitations and
the relationship between component reliability and system
reliability through a study of flight computing architectures and
related avionics components for NASA future missions.
Component reliability analysis and system reliability analysis
need to be evaluated at the same time, and the limitations of each
analysis and the relationship between the two analyses need to be
understood.
Keywords-component reliability; system reliability;
applications;
I. INTRODUCTION
A comprehensive components/parts management program
and a system reliability and maintainability (R&M) program
are required by NASA for all spaceflight and critical ground
support systems to control risk and enhance reliability. The
component management program includes components
selection, review, verification, approval, traceability, testing,
packaging, storage, acquisition, and application [1], while the
system R&M program addresses system R&M design and
operational performance requirements, R&M engineering
analysis and integration, and risk assessment and management
[2].
System reliability analysis typically assumes exponential
distributions for the components’ time to fail. However,
depending on workmanship condition, use condition and
effectiveness of screening procedures, components may not
always operate under the constant failure region, which
follows the assumed exponential distribution. Without a
comprehensive component management program, it is
possible that components may yield early failures or infant
mortality or sometimes even wear-out failures under certain
use conditions. Therefore, component reliability analysis and
system reliability analysis should not be considered separately,
but rather be evaluated at the same time, while fully
understanding the limitations of each analysis and the
relationship between the two analyses is the key.
In this paper, a number of flight computing architectures
and related avionics components for launch vehicles are
studied, in an attempt to address the fundamental differences
between the basics of component reliability and system
reliability, and the impact of component reliability on system
reliability. In addition, the limitations of system reliability
analysis, the misconceptions of either using system reliability
to direct component selection or interpreting system reliability
in absolute values without fully understanding the assumptions
the analysis is based upon, the meaningful relationship of parts
reliability and system reliability, and its implementation for
space applications which require a high level of reliability of
the missions, are also provided in the paper.
space II. SYSTEM RELIABILITY OF COMPUTING ARCHITECTURES
Various avionics computing architectures similar to existing
designs are examined in response to a potential future need to
assess and/or design avionics computing architectures for a
launch vehicle. Representative computing architectures are
selected for detailed study from perspectives of reliability,
mass, power, data integrity, software implementation, and
hardware and software integration [3]. The six selected
architectures are listed below:
a) Fully Cross-Strapped Switched Triplex Voter (FCSSTV)
b) Partially Cross-Strapped Switched Triplex Voter
(PCSSTV)
c) Channelized Bussed Triplex Voter (CBTV)
d) Fully Cross-Strapped Switched Self-Checking (FCSSC)
e) Fully Cross-Strapped Bussed Self-Checking (FCSBSC)
f) Channelized Bussed Self-Checking (CBSC)
The selected architectures include both self-checking and
voting architectures, with either bussed or switched
interconnections, and with various levels of cross-strapping. In
order to compare the reliability, mass and power of all the
architectures, it is assumed i) all architectures have one-fault
tolerant by design, ii) the same lists of sensors and effectors,
and iii) the same failure rate and failure criteria for each type
of sensor or effector. The sensors and effectors include flight
computer (FC), data acquisition unit (DAU), pyro initiation
controller (PIC), thrust vector controller (TVC), etc. More
details in full paper.
For system reliability analysis, all the selected computing
architectures are modeled by Reliability Block Diagram
(RBD) Analysis, Cut Set Analysis, and Importance Measure
Analysis [4]. The system analyses are based on the mean time
to fail (MTTF) of each component assuming an exponential
distribution. Fig. 1 shows the reliability plot for the six
architectures assuming exponential distributions for all
components. Table 1 summarizes the architecture reliability at A. Statistics
24 hours and 9 months.
The system reliability analysis performed above assumes
that component’s time to fail follows an exponential
0.95 distribution. The probability density function of exponential
distribution is
0.85
݂ሺ‫ݐ‬ሻ ൌ ߣ ‡š’ሺെߣ‫ݐ‬ሻ (1)
Reliability

0.75
where Ȝ is the rate parameter. The MTTF of exponential
0.65 FCSSTV distribution is
PCSSTV ଵ
0.55 CBTV ‫ܨܶܶܯ‬௘௫௣௢௡௘௡௧௜௔௟ ൌ (2)
ఒ
FCSSC
0.45 FCSBSC The probability density function of Weibull distribution is
CBSC ఉ‫כ‬ሺ௧ሻഁషభ ௧
݂ሺ‫ݐ‬ሻ ൌ ‡š’ሾെሺ ሻఉ ሿ (3)
0.35 ఈഁ ఈ
0 1000 2000 3000 4000 5000 6000
where Į is the scale parameter and ȕ is the shape parameter.
Time (Hrs) MTTF of Weibull distribution is
ଵ
Figure 1. Reliability plot for the architectures assuming exponential ‫ܨܶܶܯ‬ௐ௘௜௕௨௟௟ ൌ ߙ ‫ כ‬ʒሺ ൅ ͳሻ (4)
distributions for all components. ఉ

Table 1. Summary of Architecture Reliability where Ƚ(z) is the gamma function.

Since MTTF is the defining parameter for the component
Architecture R (24 hrs) R (9 months) reliability statistics for system reliability analysis assuming
FCSSTV 0.999993 0.666999 exponential distribution, we can translate the exponential
PCSSTV 0.999991 0.613596 distributions used in the above system reliability analysis into
a set of Weibull distributions keeping the same MTTF, i.e.
CBTV 0.999979 0.464581
‫ܨܶܶܯ‬௘௫௣௢௡௘௡௧௜௔௟ ൌ ‫ܨܶܶܯ‬ௐ௘௜௕௨௟௟ to define a set of Į and ȕ
FCSSC 0.999992 0.648547 pairs for Weibull using (2) and (4). An example of cumulative
FCSBSC 0.999992 0.64673 density function of the Weibull distributions with ȕ ranging
CBSC 0.998334 0.389427 from 0.5 and 2 keeping the same MTTF of exponential
distribution for a component are plotted in Fig. 2, showing the
A simple interpretation from Figure 1 and Table 1 may reliability of the component decreases as ȕ decreases for a
indicate that a lesser stringent component program is needed short mission and increases as ȕ decreases for a long mission.
for short missions, or turning off the avionics system regularly This means that the reliability of the component can be
may help improve system reliability. Both concepts fail to anywhere on the curves in Fig. 2 if MTTF remains the same
consider either the assumptions associated with the system but with different ȕ values.
reliability analysis or the assumptions associated with
component reliability and, therefore, are mistaken. When For example, assuming MTTF of the exponential
proper assumptions are made such as the assumptions distribution is the same as the MFFT of the weibull
described above, system reliability analysis is an excellent distributions with a number of pre-determined ȕ values, a set
approach for comparisons among the architectures and for of Į and ȕ pairs can be calculated through (2) and (4) to define
correlation of the component contribution to the system a set of Weibull distributions, all of which will have the same
reliability and therefore leading to the system reliability MTTF with other and the same MTTF of the exponential
improvement through component reliability enhancement. distribution. The cumulative density function of the Weibull
However, the assumptions and limitations of the system distributions with ȕ ranging from 0.5 and 2 and the same
reliability analysis need to be fully considered so that the MTTF for a component are plotted in Figure 2, showing the
results of system reliability are interpreted along with the reliability of the component decreases as ȕ decreases for a
component reliability to avoid jumping into a misleading short mission and increases as ȕ decreases for a long mission.
conclusion. This means that the reliability of the component can be
anywhere on the curves in Figure 2 if MTTF remains the same
III. COMPONENT RELIABILITY IMPACT ON SYSTEM but with different ȕ values.
RELIABILITY
While system reliability analysis is mainly based on
statistics, component reliability analysis relies on statistics as
well as technology and physics of failures.
 MTTF for flight computers. Fig. 4 and 5 indicate the same
1 trend for all architectures that the change of the shape
Cumulative Density Function
0.9 parameter ȕ would yield a different system reliability
0.8 compared to ȕ equal to 1, which is the common assumption for
system reliability analysis.
0.7
0.6 Due the page limit of the abstract, the more complex
0.5 impact of multiple components on the system reliability
ɴ=0.5
0.4 (Relax runs for all components), the different responses of the
0.3 ɴ=0.8 architectures to the ȕ values due to the different contribution
distributions of the component, and the cross-over effects of
0.2 ɴ=1
CDF (Relex runs for longer time) and system reliability are to
0.1 ɴ=2 be addressed in the full paper.
0
0 20000 40000 60000 80000 100000
95% FCSSTV
Time (hours)
85%
Figure 2. Cumulative density function plot for Weibull distributions with ȕ

Reliability (%)
ranging from 0.5 to 2, keeping the same MTTF of exponential distribution
75%
The contributions of components to the system reliability
of the architectures are shown in Fig. 3 [4], from which the 65%
flight computers (FC) have the most contribution to the system
reliability compared to other components. Using the approach 55%
Beta = 0.5
described above to define a set of Weibull distributions while Beta = 0.8
keeping the same MTTF of exponential distributions used for 45% Beta = 1.0
flight computers, the reliability of architecture FCSSTV is re- Beta = 2.0
calculated with different ȕ values keeping the same MTTF for 35%
flight computers only, shown in Fig. 4. 0 1000 2000 3000 4000 5000 6000
Time (Hrs)
45% Figure 4. Reliability plot of FCSSTV with ȕ ranging from 0.5 to 2, keeping
40% the same MTTF of exponential distribution for flight computers.
35%
30% 95% Beta = 0.5
25%
85%
20%
Reliability (%)

15%
75%
10%
5% 65%
0% FCSSTV
BUS

Switch
INU
DAU

PIC
FC

HCU
CCDL

RGA

Connectors
RCS
ECU

TVC
MPS

PCSSTV
Cables &

55%
CBTV
45%
FCSSC
FCSSTV PCSSTV CBTV FCSSC FCSBSC CBSC FCSBSC
CBSC
35%
Figure 3. The percentage of contributions of components to system reliability.
0 1000 2000 3000 4000 5000 6000
In Fig. 4, only one component, i.e., flight computer, is Time (Hrs)
assumed Weibull distributions with different ȕ values while
Figure 5(a). Reliability plot of the architectures with ȕ equal to 0.5, keeping
maintaining the same MTTF, there is no changes to other the same MTTF for flight computers.
components. The fact that the system reliability numbers are
sensitive to the ȕ value indicates that the system reliability is a
function of the component reliability and, therefore, the
workmanship, use condition and effectiveness of screening
procedures of the components cannot be overlooked during the
system reliability analysis.
Figure 5(a)-(d) show the reliability of all the six
architectures with different ȕ values while keeping the same
 B. Failure Modes
95% Beta = 0.8
Since the shape parameter ȕ corresponds to the different
85% failure modes for components, i.e., infant mortality when ȕ is
less than 1, random defects when ȕ is equal to 1, and wear-out
Reliability (%)

75% when ȕ is greater than 1, the results of system reliability

analysis can be misleading if components are not properly up-
65% screened or used under a certain bias condition where different
FCSSTV failure modes may occur.
PCSSTV
55% Table 2 gives the system reliability of the architectures at
CBTV
FCSSC
24 hours and 9 months with ȕ ranging from 0.5 to 2. The
45%
FCSBSC architectures do have a different level of sensitivity to the
CBSC change of ȕ. While the changes of the system reliability
35% numbers are more evident for longer time, e.g. 9 months, the
0 1000 2000 3000 4000 5000 6000
channelized architectures CBTV and CBSC are more sensitive
Time (Hrs)
to ȕ values compared to other architectures, since the number
Figure 5(b). Reliability plot of the architectures with ȕ equal to 0.8, keeping of “9”s changes even when ȕ changes from 1 to 0.8. This
the same MTTF for flight computers. indicates that the up-screening of the component to ensure that
the early failures are excluded is critical to mission success,
95% Beta = 1.0 even for a short mission. It is therefore a critical decision for
the mission to evaluate the risk and risk mitigation of using the
85% components with lesser grade which has less stringent up-
screening procedures. Cost associated with the use of the
Reliability (%)

75% components with higher grade is of importance as well;

however, different cost models are available, with one
65% example of NASA cost model referenced in [5].
FCSSTV
Table 2. Summary of Architecture Reliability with ȕ between
55% PCSSTV
CBTV
0.5 and 2
45%
FCSSC R (24 hrs)
FCSBSC Beta
FCSSTV PCSSTV CBTV FCSSC FCSBSC CBSC
CBSC 0.5 0.995388 0.995412 0.994807 0.993915 0.993867 0.992985
35%
0 1000 2000 3000 4000 5000 6000 0.8 0.999935 0.999932 0.999878 0.999910 0.999923 0.999825
1.0 0.999982 0.999982 0.999968 0.999976 0.999989 0.999960
Time (Hrs)
2.0 0.999986 0.999984 0.999985 0.999981 0.999994 0.999981
Figure 5(c). Reliability plot of the architectures with ȕ equal to 1.0, keeping R (9 months)
Beta
the same MTTF for flight computers. FCSSTV PCSSTV CBTV FCSSC FCSBSC CBSC
0.5 0.390061 0.358168 0.195661 0.344148 0.341046 0.124876
0.8 0.600525 0.551993 0.375597 0.570492 0.567588 0.289916
95% Beta = 2.0 1.0 0.666420 0.612354 0.463806 0.647530 0.645730 0.389427
2.0 0.736666 0.676404 0.656380 0.734770 0.736430 0.650573
85%
Majority of the failure or degradation mechanisms are
Reliability (%)

accumulative; some are more aggravated at higher

75%
temperature, some are more sensitive to thermal cycling, and
some are more prominent under bias or power-on condition.
65%
FCSSTV
Not all the failure modes are alike and more details to be
PCSSTV included for system reliability improvement in the full paper.
55%
CBTV C. Long Missions
45%
FCSSC
FCSBSC It is evident that the system reliability decreases for long
35%
CBSC missions. This may not be an issue for short missions such as
0 1000 2000 3000 4000 5000 6000 launch vehicles, but is critical for long mission such as crew-
Time (Hrs) vehicles. The statistics assumptions and component
assumption described so far enable the architecture reliability
Figure 5(d). Reliability plot of the architectures with ȕ equal to 2.0, keeping comparisons and reliability improvements; however, more
the same MTTF for flight computers.
studies are needed if the absolute system reliability numbers
are used for design/mission decisions. More in the full paper.
D. System Reliability Improvement
System reliability can be improved by enhancing
component reliability, adding component and/or module level
redundancy, and keeping simple core critical avionics
architecture designs. System reliability analysis provides
distributions of the failure probability contribution from each
component and indicates different reliability improvement
path for the architectures. The level of redundancy needed
depends on the component reliability, architectures design,
mission lifetime, etc. which will be discussed in the full paper.
IV. SUMMARY
This paper is to address the basics, the limitations and the
relationship between component reliability and system
reliability through a study of flight computing architectures
and related avionics components to show that component
View publication stats
reliability analysis and system reliability analysis need to be
evaluated at the same time, and the limitations of each analysis
and the relationship between the two analyses need to be
understood.
REFERENCES
[1] NPD 8730.2C, “NASA Parts Policy”, NASA Policy Directive, 2008.
[2] NPD 8720.1C, “NASA Reliability and Maintainability Program Policy”,
NASA Policy Directive, April 2008.
[3] R. Hodson, et al, “Heavy Lift Vehicle (HLV) Avionics Flight
Computing Architecture Study”, NASA Technical Report, 2011.
[4] A. M. Gillespie, M. W. Monahan, Y. Chen, “Comparison Modeling of
System Reliability for Future NASA Projects”, Reliability and
Maintainability Symposium, 2012.
[5] M. J. Sampson, “Cost/Benefit of using COTS EEE Parts in Space”,
Commercialization of Military and Space Electronics Conference,
February, 2003.