Analysis and Software Development of System Failure Probability Correction Considering Common Cause Failure

Abstract

Common cause failure (CCF) is concealed and harmful. With the increase in the number of redundant systems in aircraft, quantifying the impact of CCF is crucial for accurately calculating system failure probabilities. However, the diverse and complex redundancy configurations prevalent in modern aircraft systems often limit the applicability and analytical efficiency of existing CCF quantification methods. To address these challenges, the applicability of three CCF modeling approaches, namely the β-factor model, the α-factor model, and the square root model is analyzed. Furthermore, a failure probability correction model is constructed to quantify CCF impacts across systems with varying redundancy levels and configurations. The effectiveness and versatility are then validated on three typical aircraft system failure cases. Further, a software for correcting the failure probability of complex systems considering CCF is developed, which is highly applicable and efficient in calculation. This study not only enriches the methodologies for system safety analysis but also significantly enhances the efficiency and accuracy of CCF quantification in aerospace engineering.

1. Introduction

Redundancy design is a fundamental strategy for enhancing the safety and reliability of modern aircraft systems. For instance, the B787 electric power supply system employs a four-redundancy generator and dynamic load distribution [1], while the Chinese C919 flight control system adopts a four-redundancy fly-by-wire architecture [2]. However, common cause failure (CCF), defined as the simultaneous failure of multiple redundant units due to shared causes such as design defects, environmental stress, or maintenance omissions, remains a critical concern in redundancy design [3]. The statistics of flight accidents of the US space shuttle [4] and the data from the offshore equipment reliability database OREDA [5,6] show that CCF is not accidental and accounts for about 10% of the total failure events. In recent years, with the continuous enrichment of functions in flight control, avionics and other systems, the number of redundant components has been increasing [7,8]. The highly concealed and highly hazardous CCF requires more attention and emphasis.

For the safety assessment of complex systems, qualitative methods such as Failure Mode and Effects Analysis (FMEA) and Fault Tree Analysis (FTA) have long been fundamental approaches. They have systematic and structured advantages in identifying potential faults and tracing the root causes of risks, and are widely incorporated into industry standards and practice systems. He Tao [9] conducted a CCF risk analysis on the all-electronic interlocking system of rail transit using the FTA method. The analysis systematically identified common cause risk sources related to hardware, human factors, environmental conditions, and software components, while also proposing targeted risk reduction measures tailored to each category. Similarly, Jiang et al. [10] in their analysis of the intended functionality safety for airborne software, utilized methods such as functional hazard analysis and fault tree analysis (FTA) to identify hazards in airborne systems and abnormal control behaviors in software. This framework allows for the combined analysis of various failure modes and the tracing of non-single point failures. Lu Jun [11] analyzed the applicability of methods such as FMEA and FTA in the safety assessment process of civil aircraft systems, and conducted a safety assessment on the roll control function of the flight control system as an example. Qin Qiang [12] transformed the SAE ARP4761 standard into a safety analysis model suitable for the cargo door system, identified potential failure modes of the cargo door through FMEA, and constructed the corresponding fault tree. Based on the independence of the working principle of the cargo door and the bottom events in the “cargo door accidental opening” fault tree, it was concluded that the cargo door would not experience CCF. The current industry standard SAE ARP4761A “Guidelines for the Safety Assessment Process and Methods of Civil Airborne Systems and Equipment” [13] constructs a qualitative analysis method for CCF from three aspects: common mode analysis, zonal safety analysis, and particular risk analysis, providing a basis for safety assessment in the design stage and guiding the optimization direction of the architecture of the assessment object and CCF defense measures. However, the standard does not provide quantitative analysis methods, which cannot accurately quantify the impact of CCF and correct the system failure probability, making it difficult to meet the requirements of modern aviation safety engineering. Therefore, conducting research on methods for calculating the probability of CCF can more effectively manage the risks brought by CCF, ensure system reliability, and provide guidance for the optimal design of aircraft redundant systems.

To overcome the limitations of qualitative approaches, quantitative CCF analysis has evolved, developing a methodological framework primarily centered around parametric models. Among these, the β-factor model [14] and the α-factor model [15] are the most widely used. These two models define the proportion of CCF in system failure to construct a quantitative framework for system CCF. The α-factor method is based on statistical analysis of historical failure data, while the β-factor method can be estimated through standard lookup tables [16]. Although the multi-Greek letter model, an extension of the β-factor model, offers refined modeling through multi-level correction parameters, its parameter identification demands extensive full life cycle data, limiting its practical application. Lin Yingjie et al. [17] summarized the theoretical calculation and standard estimation methods of the β-factor and verified the effectiveness of the method through a typical case of nuclear power systems. Kong Xiangfen et al. [18] decomposed the independent failure rate and CCF rate of aircraft electric power system components using the α-factor, and on this basis, established a reliability model of the aircraft power system considering CCF using Bayesian networks, demonstrating the model’s applicability to aircraft power systems. However, parametric models heavily rely on a substantial amount of high-quality failure data for parameter identification. Yet, during the system design phase, data are scarce, and obtaining sufficient operational failure data from existing systems is extremely difficult. For instance, Hu Yinxiao et al. [19] utilized a particle swarm algorithm to construct a mixed shock model and proposed combinatorial failure cause strategies with time-dependent probabilistic calculation rules to quantitatively determine system failure probability [20]. Although these approaches theoretically improve the prediction accuracy of CCF probabilities, their model complexity and strong dependency on extensive data for parameter identification hinder their practical application in real-world engineering. Furthermore, the β-factor model and α-factor model cannot cover all types of systems. The applicability analysis of various models and methods, as well as their application across different systems, has not yet been sufficiently explored. Han Bao et al. [21], used an improved β-factor model within the Digital Instrumentation and Control (DI&C) system risk assessment platform developed at Idaho National Laboratory, assessed software CCF in safety-significant nuclear power plant DI&C systems to guide system safety maintenance. While automated software tools have been applied in nuclear engineering for calculating common cause failure probabilities, the field of aircraft systems still shows a deficiency in applying such software tools for quantifying CCFs.

The heavy reliance of existing parametric models on high-quality failure data fundamentally limits their use during the early design phase, where data are scarce. Moreover, the high safety requirements of aircraft systems pose higher challenges for quantitative CCF analysis methods, making it particularly urgent to construct a universally applicable comprehensive model. Meanwhile, with the continuous increase in system operation and failure data, the manual calculation mode is inefficient and difficult to solve.

To address these challenges, a comprehensive analysis model for CCFs is proposed, and the corresponding software is designed. Compared with existing research, the contribution of this paper lies in three aspects.

• A quantitative model of CCF is constructed. This model establishes a systematic probabilistic framework that bridges different redundancy configurations and data conditions, enabling consistent failure probability correction across diverse system types and phases of application.
• The proposed framework is validated on three distinct engineering systems. These cases span different domains and redundancy configurations, thereby demonstrating that the correction model is not limited to a single application field but can be consistently applied across heterogeneous systems.
• A software is developed to support system probability correction considering CCF. It integrates data filtering, probabilistic computation, and automatic reporting, reducing manual workload and resource demand. Compared with traditional manual calculation, the tool improves computational efficiency and ensures reproducibility, providing engineers with a practical platform for CCF analysis.

The structure of this paper is as follows. In Section 2, the classification of redundant systems and the matching relationship between system types and CCF quantification methods are introduced, and the process of the quantification CCF model and the principle of each quantification method are explained. In Section 3, three typical redundant systems are selected for validation of the proposed model’s effectiveness and universality. In Section 4, a system failure probability correction software considering CCF is developed based on MATLAB App Designer, and the system architecture along with functional verification of the software is presented.

2. System Failure Probability Correction Considering CCF

The classification of redundant systems and the characteristics of each type are first introduced. Upon this categorization, a system failure probability correction model considering CCF applicable to different types of systems is proposed.

2.1. Classification of Redundant Systems

Redundant systems are categorized based on the technical paths of redundant units and the characteristics of redundant systems. This classification establishes a crucial foundation for the subsequent development of a differentiated quantitative analysis methodology for CCFs and the construction of a comprehensive failure probability correction model.

• Similar Redundant System. These systems are characterized by two or more units employing identical or highly similar technologies and devices to execute the same primary and backup functions;
• Dissimilar Redundant Systems. Dissimilar redundant systems comprise two or more units that utilize distinct technical paths while fulfilling identical functional requirements;
• Electrical/Electronic/Programmable Electronic Safety-Related Similar Redundant Systems (EEPES). CCFs within EEPES are typically attributed to a confluence of factors, including system design characteristics, the proficiencies of design, operation, and maintenance personnel, and the operational environment. Due to their inherent complexity, CCFs in EEPES are more concealed and more difficult to detect. Consequently, similar redundant systems involving electronic and electrical products warrant specific analysis and categorization;

For different types of redundant systems, this section analyzes the applicability of the three types of CCF models from the perspective of their construction mechanisms to the calculation of CCF probabilities of different redundant systems. The matching relationship between redundant system types and CCF quantification models is shown in

Table 1. Applicability of CCF Quantification Models to Different Redundant System Types. The √ in the table represents applicable, and the × represents not applicable.

Applicability	EEPES		Other Similar Redundant Systems		Dissimilar Redundant Systems
Operational data	√	×	√	×	√	×
α-factor model	√	×	√	×	×	×
β-factor model	√	√	×	×	×	×
Square root model	×	√	×	√	√	√

.

This table presents, for each redundant system type, two columns of ticks and crosses that indicate the applicability of different CCF quantification models. The row titled Operational data specifies whether historical operational data are available for the given system type, and the subsequent rows show which models can be applied under each data condition. For instance, in EEPES, both the α-factor and β-factor models are applicable when operational data exist, whereas in the absence of the data, the β-factor and square root models are recommended. For other similar redundant systems, the α-factor model is suitable with data, while the square root model is appropriate without data. In contrast, dissimilar redundant systems rely exclusively on the square root model regardless of data availability.

2.2. System Failure Probability Correction Considering CCF

Based on Section 2.1, a CCF quantification model applicable to all systems in Section 2.1 is proposed in this section, as shown in Figure 1.

The proposed model first necessitates the characterization of the research object’s system type based on its features. Based on this categorization and the availability of operational data, an appropriate CCF quantification method is selected.

Define the system type set as S, and S = {s₁,s₂,s₃}, where s₁ is EEPES, s₂ is other similar redundant systems, and s₃ is dissimilar redundant systems. D is data availability, and D = {0,1}, where 0 indicates the absence of operational data and 1 indicates its presence. The set of candidate CCF quantification models is denoted as M, and M = {α, β, sqrt}, corresponding to the α-factor model, the β-factor model, and the square root model, respectively. A mapping function f is defined to select the appropriate CCF model based on the system type and data availability conditions:

$$f\left(S,D\right)\to M(\cdot )$$

(1)

According to the applicability summarized in Table 1, for EEPES, f(s₁,1) = {α,β} and f(s₁,0) = {β,sqrt}; for other similar redundant systems, f(s₂,1) = {α} and f(s₂,0) = {sqrt}; for dissimilar redundant systems, f(s₃,1) = {sqrt} and f(s₃,0) = {sqrt}.

Specifically, The α-factor model statistically processes operational data to calculate CCF probability. The β-factor model references historical data and system architecture to score measures for defending against CCFs, further estimating CCF probability. The square root model requires calculating CCF probability using component independent failure probabilities. After determining CCF probability via the selected model, it is integrated with the system failure probability derived from traditional independent component failure assumptions to correct the system failure probability.

The independent failure probability of redundant system components is denoted by p_i, and redundancy is denoted by m. The CCF probability is expressed as:

$$P_{\mathit{CC}}=M(p_i,m,\theta )$$

(2)

where the functional form $M(\cdot )$ depends on the specific CCF model employed, and θ denotes the data or system architecture parameters required by the model.

The corrected system failure probability is then given by:

$$P_S=P_I+P_{CC}$$

(3)

where P_I is the system failure probability under the assumption of independent failures.

In addition, this model can be applied both in the design and operational phase. In the design phase, the proposed comprehensive model still provides a structured way to estimate CCF probability and correct system failure probabilities. For instance, when dealing with EEPES, the estimation using the β-factor model can be guided by design documentation, whereas for other types of redundant systems, the square root model offers a computational approach with low data requirements.

The principle for solving each CCF probability model is as follows.

2.2.1. α-Factor Model

The α-factor model necessitates the availability of historical data pertaining to the failure and repair processes of redundant components. It employs parameter estimation to assess system availability and failure probability. For calculating the CCF probability in a similar redundant system with m units, data on the simultaneous failure of k subsystems (where k = 1, 2, …, m) are prerequisite. Such data are typically acquired from onboard system operation or maintenance records, primarily through the systematic screening and tabulation of instances where multiple components fail concurrently within a defined time frame.

The α-factor model takes into account all possible failure combinations. In conjunction with operational data, it enables the calculation of α and CCF probability. For a system with redundancy of m, it is assumed that when k redundant components fail simultaneously, the failure probability of each combination is equal, denoted as Q_k^(m)(k = 1, 2, …, m). The sum of the probabilities of any k redundant components failing denoted as QQ_k^(m), is expressed as:

$$Q{Q}_k^{\left(m\right)}={\mathrm{C}}_m^k{Q}_k^{(m)}={\displaystyle \frac{m!}{(m-k)!k!}}{Q}_k^{(m)}$$

(4)

The sum of the probabilities of all possible failure scenarios in a redundant system (i.e., the simultaneous failure of k redundant components, where k = 1, 2, …, m) is denoted as Q_SS. Q_SS is:

$$Q_{SS}={\displaystyle \sum _{k=1}^m{\mathrm{C}}_m^k{Q}_K^{\left(m\right)}}={\displaystyle \sum _{k=1}^m\frac{m!}{(m-k)!k!}{Q}_k^{(m)}}$$

(5)

The k-components CCF factor α_k^(m) is defined as the ratio of the probability of simultaneous failure of k (where k = 2, …, m) components to the sum of the probabilities of all possible failure scenarios Q_SS. It can be expressed as:

$${\alpha }_k^{\left(m\right)}={\displaystyle \frac{Q{Q}_K^{\left(m\right)}}{Q_{SS}}}={\displaystyle \frac{\frac{m!}{(m-k)!k!}{Q}_k^{(m)}}{{\displaystyle \sum _{j=1}^m\frac{m!}{(m-j)!j!}{Q}_j^{(m)}}}}$$

(6)

When the failure probability is not available, α_k^(m) can also be calculated using the number of times N_k^(m) that different quantities of components have failed.

$${\alpha }_k^{\left(m\right)}={\displaystyle \frac{N{N}_K^{\left(m\right)}}{N_{SS}}}={\displaystyle \frac{\frac{m!}{(m-k)!k!}{N}_k^{(m)}}{{\displaystyle \sum _{j=1}^m\frac{m!}{(m-j)!j!}{N}_j^{(m)}}}}$$

(7)

where NN_k^(m) (k = 1, 2, …, m) represents the sum of the number of times any k redundant components fail simultaneously, and N_SS denotes the sum of the number of occurrences of all failure scenarios in the redundant system.

Furthermore, the CCF probability p_k^(m) for k (k = 2, …, m) components can be defined as:

$$p_k^{(m)}={\alpha }_k^{(m)}{p}_I$$

(8)

where P_I represents the independent failure probability of a component. CCF scenarios are bounded by k = 2, …, m. The case k = 1 corresponds to purely independent failures.

When the system is in a state where k (k = 2, …, m) components have failed due to a common cause, it is assumed that the remaining components are in a state of independent failure. In this case, the system failure probability can be expressed as P_k^(m):

$$P_k^{(m)}=p_k^{(m)}{(p_I)}^{m-k}$$

(9)

The sum of all failure probabilities for failure scenarios involving CCF, P_CC, is the aggregate of P_k^(m) across all states where different numbers of components fail simultaneously in the system (considering the presence of CCF):

$$P_{CC}={\displaystyle \sum _{k=2}^{\mathrm{m}}{P}_k^{(m)}}={\displaystyle \sum _{k=2}^{\mathrm{m}}{p}_k^{(m)}•{(p_I)}^{m-k}}$$

(10)

When not considering CCF, the failure probability of a system with a redundancy of m, denoted as λ_I, is expressed as:

$$P_I={(p_I)}^m$$

(11)

The total system failure probability, which is the sum of the failure probabilities of system components that are considered to be independent and the failure probability considering CCF, is denoted by P_S, and is given by:

$$P_S=P_{CC}+P_I={\displaystyle \sum _{k=2}^m{p}_k^{(m)}{(p_I)}^{m-k}+}{(p_I)}^m$$

(12)

2.2.2. β-Factor Model

The β-factor model is applicable to EEPESs composed of multiple similar redundant components or subsystems. The advantage of the β-factor model is that it does not require historical operational data. The disadvantage is that for a system with redundancy of m, the β-factor model can only calculate the simultaneous failure probability of all components (as the CCF probability) and cannot calculate the simultaneous failure probability of k (k < m) components out of m in the system.

On one hand, when conducting CCF analysis using the β-factor model, due to the inherent limitations of the method, it can only analyze two scenarios: all units failing independently and all units failing simultaneously. Assuming P_I is the independent failure probability of a single component, P_SS is the failure probability of a redundant system, and P_CC is the CCF probability, the β-factor is defined as the proportion of the CCF (all units failing simultaneously) to the failure probability of the redundant system:

$$\beta ={\displaystyle \frac{P_{CC}}{P_S}}={\displaystyle \frac{P_{CC}}{P_I+P_{CC}}}, P_{CC}={\displaystyle \frac{\beta }{1-\beta }}{P}_I$$

(13)

Due to the small value of β, it can be simplified as:

$$P_{CC}={\displaystyle \frac{\beta }{1-\beta }}{P}_I\approx \beta P_I$$

(14)

On the other hand, the failure of a complex system involves the issue of detectability. Typically, some failures within a system are detectable, while others are not. Based on this situation, β can be divided into detectable and undetectable parts, with β_D representing the detectable CCF coefficient and β_DU representing the undetectable CCF coefficient. Correspondingly, P_D and P_DU are used to denote the detectable and undetectable failure probabilities, respectively. Thus, the system’s CCF probability can be expressed as:

$$P_{CC}=P_D{\beta }_D+P_{DU}{\beta }_{DU}$$

(15)

Further calculation of the system failure probability:

$$P_S=P_{CC}+P_I$$

(16)

P_D and P_DU can be obtained in two ways: (1) Through safety analysis, assess and obtain the failure probability P_D of detectable failure modes and the failure probability P_DU of undetectable failure modes; (2) Define the system detection/diagnostics coverage T, which represents the proportion of failures that a complex system can detect. Then, P_D and P_DU are given by:

$$P_D=T{P}_I,\hspace{1em}{P}_{DU}=(1-T)P_I$$

(17)

where the system detection/diagnostics coverage is expressed as the ratio of the number of detectable failure modes to the total number of failure modes. it can also be expressed as the ratio of the number of detectable failure occurrences to the total number of system failures, that is:

$$T={\displaystyle \frac{\mathrm{Number} \mathrm{of} \mathrm{detectable} \mathrm{failure} \mathrm{modes}}{\mathrm{Total} \mathrm{number} \mathrm{of} \mathrm{failure} \mathrm{modes}}}$$

(18)

β_DU and β_D can be obtained based on the IEC-61508-6 standard [16]. The CCF probability and the corrected system failure probability can be calculated accordin g to expressions (12) to (13). Figure 2 shows the process of estimating the CCF probability and correcting the failure probability based on the β-factor model.

The CCF characteristics of the system need to be analyzed by comprehensively considering expert opinions, design levels, maintenance capabilities, and operational history. The X and Y scores are obtained by scoring the system’s component architecture, environmental testing and maintainability level, etc. The Z score is obtained by scoring the system and component characteristics, testability levels, etc. The diagnostic coverage T is estimated based on the system’s failure detection capability. The S_D score and S_DU are calculated using X, Y and Z, and the CCF coefficient β is further estimated. The calculation of the β factor is shown in Figure 3.

With the increase in the S score, the β factor decreases in a stepwise manner, indicating that the system’s protective ability against CCF is enhanced. The higher the S score, the more complete the protective measures of the system in terms of design, isolation, redundancy, diagnosis, etc., thereby significantly reducing CCF probability. The three critical points marked in the figure are S = 45, 70, and 120, respectively. These points are the thresholds for the β factor to jump. When S is at the critical point, minor improvement measures can significantly reduce the impact of CCF.

Finally, in combination with the independent probability of components, the system’s probability is corrected.

2.2.3. Square Root Model

The square root model is suitable for similar and dissimilar redundant systems that lack operational data. Taking two dissimilar redundant systems A and B as an example, assume the system CCF probability is represented as P_AB, and the independent failure probabilities of A and B are p_A and p_B, respectively. The CCF probability cannot be higher than the independent failure probability of any single component, thus:

$$P_{AB}\le \min \left\{p_A,p_B\right\}$$

(19)

At the same time, the CCF probability of components A and B is not lower than the independent failure probabilities of the two components, that is:

$$P_{AB}\ge p_A\cdot p_B$$

(20)

Let a = p_Ap_B, b = min(p_A,p_B), and the square root model can approximate the CCF probability as:

$$P_{CC}=\sqrt{ab}$$

(21)

For a dissimilar redundant system with a redundancy of m, the square root model is generalized to express P_CC as:

$$a={\displaystyle {\prod }_{i=1}^m{p}_i},\hspace{1em}b=\min \{p_1,..,p_m\},\hspace{1em}{P}_{CC}=\sqrt{ab}$$

(22)

where p_i is the independent failure probability of the i-th component of the system.

To further illustrate the behavior of the square root model in a three-redundancy system, we fix the failure probabilities of two components and observe how the system’s CCF probability P_CC varies with the failure probability of the third component p₁, as shown in Figure 4.

For each curve, p₂ and p₃ are fixed, and the change P_CC reflects how the system’s CCF probability responds to increasing p₁. All curves show a monotonic increase. Among the three curves, the curve corresponding to p₂ = 10⁻² rises most rapidly, indicating that when one component is significantly weaker, the system becomes more sensitive to changes in the other components. In contrast, the curve for p₂ = 10⁻⁴ is the flattest, showing that stronger components effectively suppress the growth of, even as p₁ increases.

After calculating the CCF probability, the system failure probability is further corrected to:

$$P_S=P_{CC}+P_I,P_I={\displaystyle {\prod }_{i=1}^m{p}_i}$$

(23)

3. Experimental Validation

To verify the applicability of the system model considering CCFs to different types of redundant systems, three typical systems are selected for case analysis. The rocket bolt connection system, aircraft battery system and transformer rectifier unit (TRU) system correspond to the similar redundant systems of non-electronic and electrical type similar redundant systems, EEPES and dissimilar redundant systems, respectively, in the previous classification.

3.1. CCF Probability Estimation of Rocket Bolts Based on α-Factor

The rocket bolt connection system is a four-redundant similar redundant system. The four fixing bolts on a solid rocket are used to connect the boosters and the mobile launch platform. During the rocket launch, if the fixing bolts and the lower baffle do not maintain sufficient spacing, the movement of the boosters will impose additional structural loads on one or more bolts, which may cause one or more bolts to fail to break, that is, to fail. This affects the launch of the rocket [22]. If non-electronic and electrical similar redundant systems have sufficient historical failure data, the α-factor model can be used for quantitative analysis of CCF.

The failure data of the key connection bolts of solid rockets provided by NASA were used to verify the α-factor model [23]. The four fixed bolts on the solid rocket are used to connect the booster and the mobile launch platform. During the rocket launch, if the fixed bolts and the lower baffle do not maintain sufficient spacing, the movement of the booster will apply additional structural loads to one or more bolts, which may lead to the failure of one or more bolts.

This report statistically analyzed 19,652 record data from 4913 dates. After screening, the results were obtained as follows: Among the 4913 data, the number of independent failures was 708, the number of simultaneous failures of two bolts was 132, the number of simultaneous failures of three bolts was 16, and the number of simultaneous failures of four bolts was 1, as shown in

Table 2. Number of failures of specific k components of four bolts.

N1(4)	N2(4)	N3(4)	N4(4)	NN1(4)	NN2(4)	NN3(4)	NN4(4)
177	22	4	1	708	132	16	1

.

As an example, the calculation of α₁⁽⁴⁾ is shown below:

$${\alpha }_1^{(4)}={\displaystyle \frac{N{N}_1^{(4)}}{N_{SS}}}={\displaystyle \frac{\frac{4!}{(4-1)!1!}{N}_1^{(4)}}{{\displaystyle {\sum }_{j=1}^4\frac{4!}{(4-j)!j!}{N}_j^{(4)}}}}=0.8261$$

(24)

The α-factors are summarized in

Table 3. The α factor of the rocket bolt connection system.

α1(4)	α2(4)	α3(4)	α4(4)
0.8261	0.1540	0.0187	0.0012

.

In spacecraft applications, the reliability requirement for such critical bolts is specified within the range of 0.9999–0.99999 [24]. The independent failure probability of the bolt is assumed to be 5 × 10⁻⁵. Without considering CCF, the failure probability of the four-redundancy connection system is 6.250 × 10⁻¹⁸. Based on the above introduction, the CCF coefficient of the α-factor is calculated, and further calculation shows that the failure probability of the connection system (bolt) considering CCF is 5.839 × 10⁻⁸.

3.2. CCF Probability Estimation of Aircraft Battery Based on β-Factor

The front and rear electronic compartments of aircraft such as B737 and B787 each install a set of batteries to provide continuous power supply for flight instrument systems, navigation and positioning equipment and key avionics units, which is a typical two-redundancy electrical similar redundant system [25]. Its CCF is affected by multiple factors such as design characteristics, environmental control and personnel capabilities. According to Table 1, for such systems and familiar with the redundancy characteristics of the system, the β-factor model is used to calculate the CCF probability.

The battery is a final component, and the “sensor and final component” scoring series is selected; all failure modes of the battery (such as detectable overheat failure, short circuit, etc.) can be detected, and the diagnostic coverage rate is 100%. The relevant scoring items in the β-factor model analysis process are as follows:

• Scoring item “Separation/segregation”, the battery and its cables are separated and arranged;
• Scoring item “Diversity/redundancy”, it does not meet the redundancy degree greater than 2, and does not meet the different maintenance personnel using different test methods…;
• For the scoring item “Complexity/design/application/maturity/experience”, lead-acid batteries, nickel-cadmium batteries, lithium-ion batteries, etc., used in aircraft have over 5 years of rich experience in automobiles and other fields. The emergency load power consumption during the aircraft’s demand period will not cause over-discharge;
• For the scoring item “Evaluation/Analysis and Capability Feedback”, the safety assessment of the power system has already considered preventive measures such as regional risks and common cause risks;
• For the scoring item “Assessment/analysis and feedback of data”, there are 5 scoring items for the final components, and they need to be scored separately;
• For the scoring item “Competence/training/safety culture”, the ground maintenance personnel of the aircraft battery fully understand its function and the impact of failure, and check and maintain the battery according to the standard specifications;
• For the scoring item “Environmental Control”, the battery is installed in the electronic cabin, and no one except maintenance personnel can enter normally;
• In the scoring item “Environmental Testing”, the battery has undergone temperature, humidity, EMC and other environmental tests before installation.

The total failure score of the aircraft battery is X = 17.5, Y = 23.5, Z = 0 (diagnosis coverage rate 100%), S = X + Y = 41; based on the standard estimation, the CCF coefficient β = 10%.

Based on the analysis of actual operation failure data: The failure data of the power system of over 50 B737-800 aircrafts of a certain airline from 2015 to 2018 were statistically analyzed [18]. The independent failure probability of any battery is 0.232 × 10⁻⁵, and the simultaneous failure probability of two batteries is 0.024 × 10⁻⁵. The calculated β ≈ 10.34%. The relative error between the model-derived value and the theoretical value is 3.288%, which demonstrates good numerical accuracy. It can be seen that the CCF result of the battery obtained by solving the β-factor model is consistent with the actual situation.

3.3. CCF Probability Estimation of Three-Redundancy TRU Based on Square Root Model

The B737, B787 adopt three-redundancy TRU to convert the AC power output by the on-board generator into DC power that meets the equipment operation requirements [26]. In response to the existing problems of low efficiency and large weight of TRU, reference [27] proposed a high-reliability and low-weight TRU design method based on pulse doubling using a half-bridge auxiliary circuit. The input and output characteristics of the TRU1 before improvement and the TRU2 after improvement both meet the usage requirements. When they are combined, they form a non-similar redundancy system, and a single configuration is a similar redundancy system. According to Table 1, the square root model is applicable to both similar and non-similar redundancy systems. We approximate the independent failure probability of each TRU component by its failure rate under the assumption of small values. The independent failure probabilities of TRU1 and TRU2 are therefore expressed as:

$$p_1=8.381\times {10}^{-7},\hspace{1em}{p}_2=6.354\times {10}^{-7}$$

(25)

Using the square root model, the common cause failure (CCF) probabilities of different three-redundancy TRU combinations are calculated. The results are summarized in

Table 4. CCF probabilities of different TRU redundancy combinations.

Combination	Pmax	Pmin	PCCF
3 TRU1	8.381 × 10−7	5.887 × 10−19	7.024 × 10−13
1TRU2 + 2TRU1	6.354 × 10−7	4.463 × 10−19	5.325 × 10−13
2TRU2 + 1TRU1	6.354 × 10−7	3.384 × 10−19	4.637 × 10−13
3TRU2	6.354 × 10−7	2.565 × 10−19	4.037 × 10−13

.

Since the upper and lower bounds of the estimated CCF probabilities differ by several orders of magnitude, logarithmic scaling is applied and plotted in Figure 5 for visual comparison. Figure 5 shows the overall variation range of the CCF probabilities for different TRU combinations and marks the estimated values.

Based on the calculation results of this case and the analysis of the graph, the order of failure probabilities from smallest to largest for the three TRU combinations is 3*TRU2, 2TRU2 + 1TRU1, 1TRU2 + 2TRU1, and 3*TRU1. To enhance the system’s safety, the combination of three TRU2 should be prioritized. If a heterogeneous design is adopted to avoid CCFs caused by environmental and installation factors, components with lower failure probabilities should be preferred, and the use of components with higher failure probabilities should be minimized. Subsequently, the selection and design optimization of the redundant system architecture can be further carried out in combination with operating costs, maintenance expenses, etc.

4. System Failure Probability Correction Software Development

In Section 3, the validity and universality of the System Failure Probability Correction Model Considering CCF are verified in the application of three typical cases. To further promote the application of this model in engineering practice and improve the efficiency of common cause failure analysis, the System Failure Probability Correction Software Considering CCF is designed and developed based on MATLAB App Designer in this section. This software integrates the core function of quantitative analysis of common cause failures and can quickly and accurately calculate the CCF probability of redundant systems.

4.1. Software Architecture

The system failure probability correction software addressing CCFs is developed on the MATLAB App Designer platform. This computational tool incorporates three distinct CCF probability analysis approaches including the α-factor model, β-factor model and Square Root model, systematically modifying system failure probabilities through quantitative evaluation of common cause effects. Designed to accommodate diverse redundant system configurations and redundancy levels, the application’s architectural framework appears in Figure 6.

The software is divided into three major functional modules namely the α-factor model, the β-factor model, and the square root model. These three functional modules correct system failure probabilities due to CCFs and output the analysis results in PDF or excel format. The software flow is shown in Figure 7, and the processes of the three CCF probability models are shown in Figure 8.

The main page of the software includes a brief introduction to the software’s functions, a brief description of the three CCF models, and a model selection function, as shown in Figure 9a. The functional module pages for the α-factor model, β-factor model and Square Root mod el are shown in Figure 9b, Figure 9c and Figure 9d, respectively. These modules allow users to input system parameters, select redundancy configurations, and obtain CCF probability calculations in a structured and intuitive manner.

4.2. Software Function Testing and Case Verification

This section uses the software to calculate the CCF probability of the three systems in Section 3.1, Section 3.2 and Section 3.3, verifying that the software calculation results are consistent with the theoretical calculation results. The verification process is in Appendix A.

In particular, the tabular results clearly list the intermediate parameters (e.g., S_D, S_DU, β values) and the final corrected system failure probability, and the report provides a structured summary suitable for engineering documentation.

The accuracy and reliability of the software in complex system reliability analysis have been effectively verified. Moreover, the visual interface improves usability by reducing manual input errors, and the automated reporting function significantly decreases the time required for analysis, which demonstrate the software’s value in practical applications.

5. Conclusions

The results of this study demonstrate that the constructed model can effectively quantify the impact of CCFs across different application scenarios and redundancy configurations. Analyses of the aircraft battery system, the rocket bolt connection system, and the three-redundancy TRU system verify the universality and accuracy of the model. The developed software further confirms the efficiency and practicality of the approach in engineering applications, reducing manual calculation errors and time costs. These findings highlight the significant value of the model and tool in reliability assessment of complex engineering systems.

At present, the parameters of the model are regarded as deterministic, and the influence of input uncertainty on the estimation of failure probability has not been captured. It is still necessary to conduct more extensive validation of the model for different operation datasets. These restrictions define the boundaries of current work and also point out a clear direction for future research and improvement.

In the future, a multi-objective optimization model integrating reliability, operating cost, and maintenance cost will be constructed for redundant systems to provide multi-angle optimization suggestions for system design. Meanwhile, further research will incorporate the sensitivity study of the uncertainty of input parameters to the results and construct the feedback loop of the model to enhance the accuracy of failure probability estimation. It will also be verified against a broader range of operational and experimental reliability datasets, and the model will be optimized to expand its applicability in actual engineering environments.