Крючков Фундаменталс оф Нуцлеар Материалс Пхысицал Протецтион 2011

for the table containing item, container and location data. Any change to each material record is to be saved to enable this to be revised in different cases.

Where a transaction happens to involve a case of an identifier having been entered erroneously, this case is dealt with as an exception and the procedure should respond with a code indicating the error handled.

In the event of an attempted access to an unauthorized account, the core application should give out the exception code, deny access and log the attempt of unauthorized access.

Functionality of CoreMAS

The diversity of stored procedures can be employed by the user to realize the A&C functions. The CoreMAS core application includes the following functions and standard programs:

∙movements of material, including relocations within the MBA, movements between MBAs, as well as receipts and shipments with the report identification external tag;

∙transformation of material – split, combination, de cay, adjustment and change of project numbers;

∙containerization of material;

∙example of the state report system;

∙physical inventory support features;

∙supply of data to prepare standard and special reports, as well as to respond to queries. Outside programs will handle special reports and queries;

∙a complete history of transactions for each item;

∙support for striking the balance in the accounting period;

∙TID tracking;

∙saving of instrument readings;

∙management of the system and administrative functions;

∙example of built-in user help functions.

Now we shall look in more details at some of the A&C system functions.

Movement of material. There can be internal or onsite and offsite material movements. Material can be shipped to and received from anyone. To be moved, the item concerned is put into an in-transit condition and, after having been moved, out of the in-transit condition with its new position recorded. For offsite shipments/receipts, the CoreMAS supports

351

the logging and identification mechanisms, and generation of respective documents (reports).

Transformation of material. This function describes transformations of respective material. Transformation is understood as split of material, adjustment of records and combination of material. It is not applicable to containers. When this transaction is performed, one needs to determine:

∙the identifier of the material transformed;

∙the identifier of the new material;

∙the type of the transaction performed.

Containerization. There are two transactions through which this function is implemented: placement of a material, a package or a container inside a container and removal of these from the container. The items require the following source data to be identified: a material, a package or a container to be placed inside a container or withdrawn from the container, and the receiving or giving container.

Seal tracking. Seals are subject to record–keeping with reports generated for seal locations and seals linked to containers.

Radioactive decay. This function accounts for changes in the quantity of a nuclear material over time. So that this material to be accounted for accurately, masses thereof are required to be updated given radioactive decay of the material. The CoreMAS computes decay on a monthly basis for all nuclear material for which quantities subject to accounting can be changed by decay. These computations and corrections are applicable to all material items of types 44 (americium 241), 47 (berkelium), 48 (californium), 83 (plutonium 238) and 87 (tritium).

Control of measurements. The CoreMAS supports control of instrumentation. Each measurement is added to the measurement control history which contains all measurement information. If indication values of an instrument fall beyond the set limits as defined by independent calculations, the instrument can be rendered “inope rative”. Such instrument cannot be used for accounting measurements. Only authorized personnel have the right to bring it back to operation. This function is set by two transactions: instrument disactivation and activation.

Any A&C system should operate as a reference system. Therefore, the CoreMAS core should support responds to queries. The data wanted should be put out in response to queries. Each installing department is expected to devise its own techniques for setting out results in response to queries. The system core supports responds to the following queries:

∙location queries;

352

∙count queries;

∙container content listing;

∙material condition listing;

∙in-movement material listing;

transaction details.

Crystal Report is the software used for the CoreMAS report generation function.

Security requirements

The US DOE’s requirements to A&C systems are set forth hereinafter. These include only the requirements to which the CoreMAS core satisfies. The satisfaction to specific requirements is with the developers adapting the system to national uses.

∙The purchased CoreMAS software should be examined prior to being used to make sure it does not contain anything to be potentially compromising to security.

∙All commercial software should be respectively licensed before it can be inserted into the CoreMAS core development environment.

∙Each user is subject to authentication by the respective user identifier.

∙A password should be used along with the user identifier.

∙The CoreMAS core should permit access only to those users having an approved user identifier and a password.

∙Access should be denied after a maximum of five failed attempts to log into the system using the same user identifier.

∙The password should have a maximum of 12 month validity and be invalid thereafter.

∙Stored passwords should be protected by means of access control, coding or both.

∙Access control provisions should be made to protect the database against unauthorized modification or cracking.

∙Measures should be taken to avoid display of the password.

∙The computer’s operating system should store the password change record. This record is storable for at least 6 months.

∙The computer’s operating system should store records of each system login and logout. This record is storable for at least 6 months.

∙The computer’s operating system should store records of each action leading to file creation, opening, closing or destruction. This record is storable for at least 6 months.

353

∙The computer’s operating system should store records of each action leading to access to the files system. This record is storable for at least 6 months.

∙The computer’s operating system should supply file access control listings. A file access control listing should allow the file owner to permit access to the file (separately to each file).

∙The computer system should be fitted with a dialog session disable mechanism after the user idle time. The idle time after which the disable function is initiated is specified by the installing department.

Components of the CoreMAS computerized A&C system

Excluding the data transformation and transport component, the CoreMAS NM accounting and control system comprises two basic components: Admin and CoreMAS.

Admin has been developed to give administrative support to the A&C system and authorize the initial system installation by the system administrator. The Admin capabilities include:

∙configuration of user groups;

∙authorization thereof;

∙configuration of the site specifics. Where the developers have created site-specific tables or wish to create a new form to model one of the forms of this component, they are expected to authorize operation of these tables.

The CoreMAS component is properly an automated NM accounting system based on a client/server architecture and an advanced relational database management system. The CoreMAS tracks the site activities that influence the NM status. The system design offers broad accounting and reporting capabilities. The CoreMAS design is based on an readily expandable system compatible to site-specific modifications and functionality.

To launch the program, the name “CoreMAS” shall be specified as the source of the ODBC data on the client machine. The connection to the database is by calling the OpenData data access subprogram. The ODBC connection is via the ODBC data name “CoreMAS”. Unl ike the User Data source, this is to be set as the System Data Source so that all those connecting to the system have access to it.

Fig. 7.11 shows the system’s interface master form with the unfolded system menu.

354

documents “on the fly”, in such form as acceptable for the given system and the browser. There is however one thing limiting to this. Some of the functions in the scenario are written in the VBScript language and are to be executed on the client computer, while the VBScript language is nowadays supportable only by the MS Internet Explorer browser. So when other platforms or another browser program is used in Windows systems, faults may occur.

Application and performance of the system

As mentioned earlier, the E/Z MAS has been designed for enterprises with a moderate NM accounting and control demand. The requirements specification for the E/Z MAS software is a much less voluminous document than its CoreMAS counterpart. It specifies the criteria to be looked at for the potential application at a enterprise as follows:

∙enterprise type – the system is intended for item h andling enterprises rather than for bulk handling ones;

∙number of transactions per month – the E/Z MAS is i ntended for enterprises with a minimum of 50–100 and a maximum of 1500–2000 transactions per month;

∙item type – the E/Z MAS is intended for enterprises with both static and dynamic type of items;

∙inventory dimensions – this parameter should be con sidered along with the type and the number of transactions per month. For example, an enterprise with 100000 static items and 100 transactions per month is the right candidate for the E/Z MAS installation. And an enterprise with the same number of items and 100000 transactions per month is the wrong one.

Here are some of the E/Z MAS features to mention:

∙the E/Z MAS can operate as a closed system or as an open system in a closed environment.

∙the E/Z MAS can operate both on a isolated computer and in a network with a dedicated database server.

∙the A&C system controls system logins by name and password, both of these not relating to the user parameters in the domain (unlike the CoreMAS) and verified by the system as such.

∙data can be databased using barcode devices and scales.

∙the E/Z MAS is available for operation immediately after the installation. At the same time, with all files being presentable to user, the system can be readily updated by adding functions.

357

E/Z MAS A&CS database design

The database tables can be grouped into a number of domains:

∙Users and right of access: Users, UserOp, Operation.

∙Enterprise: Enterprise, PhysLoc, MBA.

∙Material batch: Batch, BatchMat, MatType, PhysForm, ChemForm, Packaging, Quality.

∙Containers: ConInfo, ConType.

∙Transactions: ShipTrans, TransType, Trans, ConTrans, StatusType.

∙TIDs (seals): TIDTrans, TIDInfo, TIDTransType, TIDType.

∙Barcodes: BarcodeError, InvVerify, InvTrans, InvInfo.

∙Federal-level reports: UnitConversion, Classification.

∙A separate Log table not connected to any table is used to control logins by memorizing the URL from which the system was logged in.

The E/Z MAS system includes base tables from which data cannot be removed so that no data integrity be disturbed, e.g. physical location. These tables are filled in when the system begins operations and information can be only added thereto.

We shall discuss the key concepts and entities the E/Z MAS database contains.

The description of any material used in the database is based on the concept of material batch. The material type, weight, physical/chemical form and package are identified for each batch. Batches of material can arrive from beyond the site or result from processing of material.

The material of any batch is subject to distribution among containers. The system watches that the overall material weight be the same as that of the batch. The containerization concept is close to what was employed in the CoreMAS A&C system: no limited number of containers that could be placed one in another, application of seals and conformity of these to containers. The only difference of the containerization concept is that no material can exist in the E/Z MAS beyond the container. If it does (ingot metal, for example), the system creates a virtual container which expressly conforms to this part of material. The container may be empty.

Each container, unless it is in-transit (the same status exists in the CoreMAS), is matched by a location. If a container is contained or placed in another container, the location thereof has the NULL value and is identified via the location of the external container.

The location is identified in the database by a number of notions. The most general notion is enterprise. Enterprise for this database is only one

and it may receive only external shipments so these exist as names

358

(addresses). There is at least one MBA matching the enterprise. The number of material balance areas for enterprises is not limited. It is inside the MBA that the location is specified. There can be not less than one location while the maximum number of locations is not limited. The location may contain containers or be empty.

Finally, an important component of the database is users. Each user has a login and a password. Rules of access to MBAs and containers and rights to perform any function in or out of the MBA are specified for each user.

The E/Z MAS developers believe that such database arrangement is adapted the best to accounting of item material, though bulk material can also be accounted for.

Functionality of E/Z MAS

The E/Z MAS possesses all the functionality an NM A&C system is expected to have. The system keeps track of nuclear material using the inventory listing. The information on material in this listing is changed synchronously with the actual changes in the so-called near real time. This, naturally, suggests that the user enters the transaction data on a timely basis when the real action takes place.

Still, the system is not designed to control material physically; it does not control racks, doors or locks, and does not track down TIDs.

Five categories of the E/Z MAS functions can be identified:

1.Movement of containers.

2.Transfer of containers into or out of the enterprise.

3.Inventory-affecting operations.

4.Generation of reports.

5.Operation of statistical database tables.

More details on the system’s functionality are given in descriptions of the following operations.

∙Movements within MBAs – this function allows an aut horized user to move containers and the content thereof between different physical locations within one MBA. For this operation, the user identifies the MBA, selects the containers, defines the new location and orders the process to be started. Where the process runs routinely, the following transactions are implemented and logged: the one showing that the container has been moved and that indicating the container’s new location.

∙Movements between MBAs – this function exists in tw o forms: 1) containers are moved between different MBAs in one operation, and 2) material is moved between different MBAs in two steps in an in-transit

359

condition. The container shipment function can be performed by one user and the container receipt function by another user.

In both cases the user selects the original MBA, the container, the destination MBA and the physical location therein. In the second option, the user ships the container without giving the destination, the container being later put out of the in-transit condition at the destination point.

∙External transfers: shipments/receipts – this funct ion enables material receipts and shipments from and to beyond the site to be recorded.

When material is received, the authorized user can add a new container and the new material it contains to the system in such form as it has been received from another enterprise. It is exactly where the material’s physical appearance, chemical composition and form are identified and the material is linked to the container. In all other operations we deal with containers and not with material. It is also where the MBA to which the material is shipped, the number and composition of containers and the outside enterprise from which the material was received are identified.

When material is shipped, the user records the enterprise to which the material is shipped and the container or containers to be shipped.

∙Inventory change – this may involve a number of ope rations: correction of material parameters. This function enables the user to

modify the material weight and the elements and isotopes thereof. The user selects the MBA, the material type and the type of the correction to follow. One may change the material weight and update information on an element and an isotope in the material;

combination of materials into a new material; split of a material batch into two batches;

bulk separation – makes it possible for the user to record isotope separation operations.

∙Containerization – may involve the following operat ions: formation of a container not linked to material – e mpty container; placement of containers in another container;

withdrawal of containers from a container; movement of material between containers.

∙Physical inventory taking. This function helps the user to enter the physical inventory taking results with recorded observations. The checked container is labeled and the check results are entered in process.

∙Accounting of tamper indication devices (seals). The system enables the user to generate seals, update seals and be provided with reports on

360