In particle accelerators like the LHC and other large experimental physics facilities, machine protection relies on complex interlock systems. The design of such systems has to meet the tradeoff between machine safety and availability. The systems are required to trigger machine stops in case of emergency but not cause spurious shutdowns. In order to investigate this tradeoff, a modeling approach has been developed at CERN. It yields probabilities for missed emergency shutdowns and spurious shutdowns to be expected in a system and provides a tool for the comparison of different architectures.
This talk introduces the modeling approach and its application in the design of an interlock system prototype for the magnet protection in a nuclear fusion reactor.