FRAAU —  Protection and Safety Systems   (14-Oct-11   08:30—10:15)
Chair: B. Todd, CERN, Geneva, Switzerland
Paper Title Page
FRAAUST01 Development of the Machine Protection System for LCLS-I 1281
  • J.E. Dusatko, M. Boyes, P. Krejcik, S.R. Norum, J.J. Olsen
    SLAC, Menlo Park, California, USA
  Funding: U.S. Department of Energy under Contract Nos. DE-AC02-06CH11357 and DE-AC02-76SF00515
Machine Protection System (MPS) requirements for the Linac Coherent Light Source I demand that fault detection and mitigation occur within one machine pulse (1/120th of a second at full beam rate). The MPS must handle inputs from a variety of sources including loss monitors as well as standard state-type inputs. These sensors exist at various places across the full 2.2km length of the machine. A new MPS has been developed based on a distributed star network where custom-designed local hardware nodes handle sensor inputs and mitigation outputs for localized regions of the LCLS accelerator complex. These Link-Nodes report status information and receive action commands from a centralized processor running the MPS algorithm over a private network. The individual Link-Node is a 3u chassis with configurable hardware components that can be setup with digital and analog inputs and outputs, depending upon the sensor and actuator requirements. Features include a custom MPS digital input/output subsystem, a private Ethernet interface, an embedded processor, a custom MPS engine implemented in an FPGA and an Industry Pack (IP) bus interface, allowing COTS and custom analog/digital I/O modules to be utilized for MPS functions. These features, while capable of handing standard MPS state-type inputs and outputs, allow other systems like beam loss monitors to be completely integrated within them. To date, four different types of Link-Nodes are in use in LCLS-I. This paper describes the design, construction and implementation of the LCLS MPS with a focus in the Link-Node.
slides icon Slides FRAAUST01 [3.573 MB]  
FRAAULT02 STUXNET and the Impact on Accelerator Control Systems 1285
  • S. Lüders
    CERN, Geneva, Switzerland
  2010 has seen a wide news coverage of a new kind of computer attack, named "Stuxnet", targeting control systems. Due to its level of sophistication, it is widely acknowledged that this attack marks the very first case of a cyber-war of one country against the industrial infrastructure of another, although there is still is much speculation about the details. Worse yet, experts recognize that Stuxnet might just be the beginning and that similar attacks, eventually with much less sophistication, but with much more collateral damage, can be expected in the years to come. Stuxnet was targeting a special model of the Siemens 400 PLC series. Similar modules are also deployed for accelerator controls like the LHC cryogenics or vacuum systems or the detector control systems in LHC experiments. Therefore, the aim of this presentation is to give an insight into what this new attack does and why it is deemed to be special. In particular, the potential impact on accelerator and experiment control systems will be discussed, and means will be presented how to properly protect against similar attacks.  
slides icon Slides FRAAULT02 [8.221 MB]  
FRAAULT03 Development of the Diamond Light Source PSS in conformance with EN 61508 1289
  • M.C. Wilson, A.G. Price
    Diamond, Oxfordshire, United Kingdom
  Diamond Light Source is constructing a third phase (Phase III) of photon beamlines and experiment stations. Experience gained in the design, realization and operation of the Personnel Safety Systems (PSS) on the first two phases of beamlines is being used to improve the design process for this development. Information on the safety functionality of Phase I and Phase II photon beamlines is maintained in a hazard database. From this reports are used to assist in the design, verification and validation of the new PSSs. The data is used to make comparisons between beamlines, validate safety functions and to record documentation for each beamline. This forms part of documentations process demonstrating conformance to EN 61508.  
slides icon Slides FRAAULT03 [0.372 MB]  
FRAAULT04 Centralised Coordinated Control to Protect the JET ITER-like Wall. 1293
  • A.V. Stephen, G. Arnoux, T. Budd, P. Card, R.C. Felton, A. Goodyear, J. Harling, D. Kinna, P.J. Lomas, P. McCullen, P.D. Thomas, I.D. Young, K-D. Zastrow
    CCFE, Abingdon, Oxon, United Kingdom
  • D. Alves, D.F. Valcárcel
    IST, Lisboa, Portugal
  • S. Devaux
    MPI/IPP, Garching, Germany
  • S. Jachmich
    RMA, Brussels, Belgium
  • A. Neto
    IPFN, Lisbon, Portugal
  Funding: This work was carried out within the framework of the European Fusion Development Agreement. This work was also part-funded by the RCUK Energy Programme under grant EP/I501045.
The JET ITER-like wall project replaces the first wall carbon fibre composite tiles with beryllium and tungsten tiles which should have improved fuel retention characteristics but are less thermally robust. An enhanced protection system using new control and diagnostic systems has been designed which can modify the pre-planned experimental control to protect the new wall. Key design challenges were to extend the Level-1 supervisory control system to allow configurable responses to thermal problems to be defined without introducing excessive complexity, and to integrate the new functionality with existing control and protection systems efficiently and reliably. Alarms are generated by the vessel thermal map (VTM) system if infra-red camera measurements of tile temperatures are too high and by the plasma wall load system (WALLS) if component power limits are exceeded. The design introduces two new concepts: local protection, which inhibits individual heating components but allows the discharge to proceed, and stop responses, which allow highly configurable early termination of the pulse in the safest way for the plasma conditions and type of alarm. These are implemented via the new real-time protection system (RTPS), a centralised controller which responds to the VTM and WALLS alarms by providing override commands to the plasma shape, current, density and heating controllers. This paper describes the design and implementation of the RTPS system which is built with the Multithreaded Application Real-Time executor (MARTe) and will present results from initial operations.
slides icon Slides FRAAULT04 [2.276 MB]  
FRAAUIO05 High-Integrity Software, Computation and the Scientific Method 1297
  • L. Hatton
    Kingston University, Kingston on Thames, United Kingdom
  Given the overwhelming use of computation in modern science and the continuing difficulties in quantifying the results of complex computations, it is of increasing importance to understand its role in the essentially Popperian scientific method. There is a growing debate but this has some distance to run as yet with journals still divided on what even constitutes repeatability. Computation rightly occupies a central role in modern science. Datasets are enormous and the processing implications of some algorithms are equally staggering. In this paper, some of the problems with computation, for example with respect to specification, implementation, the use of programming languages and the long-term unquantifiable presence of undiscovered defect will be explored with numerous examples. One of the aims of the paper is to understand the implications of trying to produce high-integrity software and the limitations which still exist. Unfortunately Computer Science itself suffers from an inability to be suitably critical of its practices and has operated in a largely measurement-free vacuum since its earliest days. Within CS itself, this has not been so damaging in that it simply leads to unconstrained creativity and a rapid turnover of new technologies. In the applied sciences however which have to depend on computational results, such unquantifiability significantly undermines trust. It is time this particular demon was put to rest.  
slides icon Slides FRAAUIO05 [0.710 MB]