Applicability of AADL in modelling the overall I&C architecture of a nuclear power plant

This paper focuses on the challenges relating to the overall safety instrumentation and control (I&C) architectural design and more specifically the modelling and assessment of nuclear safety I&C systems at architectural level. We focus on the properties relating to Defence-in-Depth principle, mainly on the unwanted interactions between systems of different safety classification. This paper describes the design process of early conceptual overall safety I&C architecture from the modelling point of view and defines the requirements for a model-based approach to support the design and analysis of the design solution. The modelling language selected for the study was Architecture Analysis and Design Language (AADL), an architecture description language, which considers analysis as a goal. In this paper, we review the capabilities of the language for modelling overall safety I&C architectures and as a case study, we model a simplified example architecture of an APR-1400 nuclear power plant using standard AADL components and provide an overview of the analysis capabilities of the OSATE tool for checking Defence-in-Depth related requirements.