Systems Dependability Assessment Set

coordinated by
Jean-François Aubry

Volume 3

Data Uncertainty and Important Measures

Christophe Simon

Philippe Weber

Mohamed Sallak



The probabilistic quantitative assessment of a system is a problem born at the same time as the first computers with the aim of a reduction of their failure probability. The proposed models and methods were inspired by the development of digital electronics. The limitations of these models were more or less consciously admitted and today other approaches are available as the first three books of the series Systems Reliability Assessment have shown. The present book is the fourth one of this series.

For almost two decades, the pioneers of reliability concentrated their efforts on the probabilistic calculus of system dependability without worrying about the calculus sensitivity to its different influence factors. In the sixties, the importance measures appear in the reliability literature and remain associated with the names of Birnbaum, Lambert and Vesely.

The questioning of these models based on Boolean structure functions and their translation in the probability space took place at the end of the 20th Century when the probabilistic models of some failure event became incredible. Could in fact the uncertain knowledge of some events be legitimately modeled by a probability distribution? We then saw the development of attempts to represent human reasoning by fuzzy sets and approximate reasoning.

Interested in the problem of how to design and assess dependable control systems during the eighties, I was then confronted with the question of how qualify an instrumented system dedicated to safety application. Until then, based on qualitative requirements, regulations in the subject evolved in the sense of requesting a more quantitative assessment of the risk level. Some studies quickly showed that the assessment of the ability of such a system to reduce the risk level of the process under supervision was very sensitive to a variation in the estimation of one or more input parameters. The representation of this variation by interval-valued representation in the risk matrix method was much too abrupt and not very relevant to express the expert advice which is often assorted of shades.

Therefore, the idea of confronting the probability assessment of the fuzzy modeling came naturally to me as a means to a better control of the influence parameters. In 2004, I proposed to Christophe Simon, who had a good expertise in fuzzy set theory, to be the co-supervisor of a PhD on this subject. This resulted three years later in the thesis defense of Mohamed Sallak. Since then, both have continued to work in this field and presented many significant publications.

Similar to the approaches of reliability assessment by graph theory, stochastic automata, Petri nets or Bayesian models, this contribution to the uncertainty modeling is one of the representative aspects of the Dependability Nancy School of thought! Who better than Christophe Simon and Mohamed Sallak, reinforced by Philippe Weber for probabilistic graphical models for the aspects relative to the belief functions theory, to write such a book?

More than a collection of research work results, this book is also a precious educational document where the foundations of the various concepts are clearly presented. It contains as well a set of practical implementations of the proposed approaches, especially in the relevant field of safety integrated systems. No doubt that students, safety and dependability engineers and even teachers in the field would find a lot of interesting and strong resources in this book.

Jean-François AUBRY
Professor Emeritus
University of Lorraine, France


The content of this book is a part of the work done by our team around uncertainty and dependability. The authors want to acknowledge all who contributed to build our knowledge about uncertainty and dependability.

First, we acknowledge our colleague and friend Jean-François Aubry, Professor Emeritus at the University of Lorraine, France. He introduced many of us to dependability analysis and the research community.

Mohammed Sallak, who started his PhD thesis [SAL 07] on the topic and is now a known academic researcher at the University of Technology of Compiègne, France and continues to work on the subject. His thesis served as a basis to write Chapters 4 and 6.

Professor Boutheina Ben Yaghlane from Tunis University, Tunisia, who co-advised two PhD theses: Dr. Wafa Laâmari [LAÂ 17] and Dr. Narjes Ben Hariz [BEN 17] on the topic of evidential networks with Dr. Christophe Simon. A part of our work served to write elements of Chapters 3 and 5.

Dr. Walid Mechri who started his PhD thesis [MEC 11b] at Tunis University, Tunisia, on the question of interval-valued probabilities in the performance assessment of safety instrumented systems, which provides material mainly for writing Chapter 4.

Dr. Geoffrey Fallet-Fidry, who applied evidential networks to the assessment of system availability in the nuclear domain with our industrial partner engineer Carole Duval at EDF Research group. The public version of his PhD thesis [FAL 12a] is available online and a complete version is available at EDF under the responsibility of engineer Carole Duval.

Dr. Lionel Jouffe and Dr. Paul Munteanu, the cofounders of the Bayesia Company who are exchanging with us on using their Bayesian network tool.

Finally, my research partner Professor Philippe Weber, who introduced me to Bayesian networks applied to dependability analysis and helped in developing evidential networks.

Why and Where Uncertainties

This book shows our work in the School of Nancy on taking into account several types of uncertainty in the assessment of dependability parameters. For this purpose, we are modeling uncertainties through additive and nonadditive theories for modeling epistemic and aleatory uncertainties. Several theories are used for this purpose in this book.

An important problem in reliability theory is to identify components within the system that significantly influence system behavior with respect to reliability or availability. Because all components cannot be improved at once to improve the system reliability, priority should be given to components that are more important. The importance measures have been developed to analyze the impact and influence of some parameters, components or group of components on the global performance of a system. The components concerned are those acting effectively to improve the system performances, or those on which to release or to impose requirements to meet or to maintain an expected level of performance. The assessment of these measures is associated with the probabilities of the system functioning (or malfunctioning) according to the state of the components. In dependability analysis, they can be used to identify the critical components, mincuts, etc., or more generally influence measures on the reliability, the availability or the maintainability of the system.

1.1. Sources and forms of uncertainty

Usually, knowledge can be defined by several characteristics such as its type and its source [DUB 10]. Based on this classification, knowledge can be generic, singular or coming from beliefs (Table 1.1). In addition, it comes from either historical-based or observation-based sources (Table 1.2).

Table 1.1. Types of knowledge according to [DUB 10]

Generic knowledge Repeated observations as dependence rules between variables or influence links
Singular evidence Singular situations like inspection results, test results or measurements
Beliefs Unobserved singular events as extreme phenomenon or unrealized actions

Table 1.2. Knowledge sources according to [DUB 10]

Historical Classes of situations (physical laws, statistical knowledge, etc.)
Observations Particular situations known as true (measurements, results of tests, etc.)

Moreover, knowledge can be classified from other characteristics as their nature or the expression mode (Table 1.3).

Table 1.3. Other characteristics of knowledge

Nature Knowledge can be expressed subjectively (individual and subject to change according to people) or objectively (no personal factor in the judgment provided)
Expression Knowledge can be qualitative (order, preference, etc.) or quantitative (scalar values, intervals with or without information, probability distribution, etc.)

Whereas generic knowledge and singular evidences are based on observed (or observable) events, beliefs are based on unmeasured (or unmeasurable) events. Therefore, beliefs are potentially more difficult to express and can be considered more complex in terms of uncertainty. Moreover, the subjective or objective nature of knowledge implies the modes and shape of different expressions according to their dependence on the personality and the level of knowledge possessed by people or experts.

Finally, the qualitative or quantitative character of knowledge can give several kinds of expressions which are more or less precise (order, preferences, scalar values, intervals, etc.). In conclusion, the different characteristics of knowledge induce several levels of (im)precision in their expression. These levels induce uncertainties on knowledge which are mainly characterized by their sources and types.

1.2. Types of uncertainty

Many works concern the classification of uncertainties [HOF 94, FER 96, HEL 97, RIE 12]. Generally, the taxonomy of uncertainty is done with two distinct categories: aleatory or epistemic.

  • – Aleatory uncertainty is due to the random character or the natural variability of physical phenomena (the values are precise but different according to natural variations). Some researchers talk of stochastic or variability uncertainty. This uncertainty is usually due to measurable elements [WIN 96], and it is considered irreducible because it is only due to the natural variations of physical phenomenon [BAE 04]. Aleatory uncertainty is usually associated with objective knowledge coming from generic knowledge or singular observations.
  • – Epistemic uncertainty is due to the imprecise character of knowledge or associated with the lack of knowledge. It is usually associated with non-measurable quantities [WIN 96] and it is considered as reducible since new information can reduce or eliminate this type of uncertainty. It is mainly encountered with subjective data based on beliefs and can be quantitative or qualitative.

1.3. Sources of uncertainty

An important question comes from the sources of uncertainty. These sources are our own inability to know the exact values or state of the system and its components in the dependability point of view. This inability can be technical or conceptual. For instance, Pate-Cornell [COR 96] used six levels of uncertainty to obtain a family of risk curves in the presence of both aleatory and epistemic uncertainties. Smithson [SMI 89] proposed a taxonomy of ignorance (see Figure 1.1). In his work, ignorance is considered multiple and at several levels. Ignorance is the top level concept of his taxonomy. Some parts of this taxonomy concern irrelevance of knowledge but they are outside the scope of our work. The second part concerns error and is well developed but less clear for our purpose.

We can also add to this list of knowledge imperfection the notion of inconsistency which appears when knowledge is formulated by one or several sources that provide contradictory information [OSE 03].


Figure 1.1. Taxonomy of ignorance

For our purpose of numerical assessment of risk and dependability, we prefer the taxonomy proposed by Fisher [FIS 99] which is a particular point of view of the Smithson taxonomy (see Figure 1.2). This taxonomy seems more convenient and refers to a current meaning, for instance, developed in the special issue of Reliability Engineering & System Safety [HEL 04].


Figure 1.2. The taxonomy of uncertainty considered

Aleatory or random uncertainty has its roots in the natural variability of physical phenomena, as shown in Figure 1.2, four notions generate epistemic uncertainty:

  • – imprecision corresponds to the inability to express the true value because the absence of experimental values does not allow the definition of a probability distribution or because it is difficult to obtain the exact value of a measure. For instance, only bounds are known because it cannot be different physically.
  • – ignorance (partial or total) corresponds to the inability to express knowledge on disjoint hypotheses. Sometimes, it is easier to express knowledge on their disjunctions. Indeed, what is more imprecise is more certain [SME 97].
  • – incompleteness corresponds to the fact that not all situations are covered. For instance, all the failure modes of a material are not known.
  • – credibility concerns the weight that an agent can attach to its judgment. It is a sort of second-order information.

Imprecision, ignorance and incompleteness are closed notions. Incompleteness is a kind of model uncertainty, whereas ignorance and imprecision more concern parametric uncertainty. Imprecision and ignorance are different because the first is linked to the quality of the value, whereas the second is associated with the knowledge of the value.

For epistemic uncertainty, [BOU 95b] considered that knowledge imperfections can be sorted in three main types: uncertainty that represents doubt of the knowledge validity, imprecision that corresponds to a difficulty to express or to obtain the knowledge, and incompleteness that corresponds to the absence of knowledge or to partial knowledge.

In addition, uncertainty can impact both the model and its parameters [DRO 09, IPC 06]. Parametric uncertainties mainly concern the input values, whereas the model uncertainty concerns the difference between the model and the reality. Model uncertainty also integrates completeness associated with model partiality or its scale of validity. [OBE 02] defined the notion of errors which can be linked to model uncertainty. It is closed to error induced by the use of some mathematical models (probability, theory of belief function, etc.) or knowledge management tools and their uncertainty.

1.4. Conclusion

In conclusion, exact knowledge is very difficult to obtain so it implies that uncertainty is inevitable. It is clear that uncertainty can be epistemic or aleatory and can affect the model and the parameters. Dealing with uncertainty is complex and the terminology difficult to use. According to Smitshon [SMI 89] and more particularly Fisher [FIS 99], the situations that generate ignorance and imperfection are numerous and as said by Dubois [DUB 10], it depends on the situation to elicit knowledge. To model and analyze knowledge, it is necessary to use convenient mathematical languages or frameworks to produce coherent and credible results.

For this purpose, we have divided the book into several chapters. For the sake of illustration, we have applied these approaches to the assessment of the performance of a lot of typical systems, such as safety instrumented systems, and with different models (fault trees and Markov chains).

Chapter 2 concerns the mathematical modeling languages/frameworks. In Chapter 3, we show how to model uncertainties of expert judgments for the allocation of SIL with risk graphs or risk matrices by using fuzzy sets or evidence theory (also named belief functions theory). Chapter 4 is dedicated to interval valued probabilities in dependability assessment. In Chapter 5, we introduce the concept of evidential networks, which is a graphical model like Bayesian networks but considers several forms of uncertainties. Evidential networks are applied to assess some dependability parameters of systems. Temporal variations are also considered through dynamic evidential networks. Chapter 6 is dedicated to importance measures in dependability analysis using evidential networks and considering several uncertainties.

The conclusion draws together the main contributions of the chapters to managing several forms of uncertainty with several models.