A MULTIFORMALISM MODULAR APPROACH TO ERTMS/ETCS FAILURE MODELING

European Railway Traffic Management System/European Train Control System (ERTMS/ETCS) is a recent standard aimed at improving performance, safety and inter-operability of modern railways. In order to be compliant to ERTMS/ETCS, a railway signalling system must meet strict nonfunctional requirements on system level failure modes. In this paper, a multiformalism model is employed to perform an availability analysis of an ERTMS/ETCS reference architecture at early phases of its development cycle. At this aim, a bottom-up analysis is performed from subsystem failure models (expressed by means of Generalized Stochastic Petri Nets, Fault Trees and Repairable Fault Trees) up to the overall system model. The modular approach, here used, allows to evaluate the influence of basic design parameters on the probability of system-level failure modes and demonstrates that system availability is within the bound required by the ERTMS/ETCS specification. The results show that the multiformalism modeling approach helps to cope with complexity, eases the verification of availability requirements and can be successfully applied to the analysis of complex critical systems.

[1]  Valeria Vittorini,et al.  Repairable fault tree for the automatic evaluation of repair policies , 2004, International Conference on Dependable Systems and Networks, 2004.

[2]  Stefano Marrone,et al.  Enabling the usage of UML in the verification of railway systems: The DAM-rail approach , 2013, Reliab. Eng. Syst. Saf..

[3]  Leonardo Impagliazzo,et al.  Experimental evaluation of computer-based railway control systems , 1997, Proceedings of IEEE 27th International Symposium on Fault Tolerant Computing.

[4]  Stefano Marrone,et al.  Using repairable fault trees for the evaluation of design choices for critical repairable systems , 2005, Ninth IEEE International Symposium on High-Assurance Systems Engineering (HASE'05).

[5]  Reiko Heckel,et al.  Cooperability in Train Control Systems: Specification of Scenarios using Open Nets , 2001, Trans. SDPS.

[6]  Luigi Portinale,et al.  Comparing Fault Trees and Bayesian Networks for Dependability Analysis , 1999, SAFECOMP.

[7]  Susanna Donatelli,et al.  Building Petri net scenarios for dependable automation systems , 2003, 10th International Workshop on Petri Nets and Performance Models, 2003. Proceedings..

[8]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[9]  T. Pasquale,et al.  Hazard analysis of complex distributed railway systems , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[10]  Mauro Iacono,et al.  The SIMTHESys multiformalism modeling framework , 2012, Comput. Math. Appl..

[11]  Stefano Marrone,et al.  A new modeling approach to the safety evaluation of N-modular redundant computer systems in presence of imperfect maintenance , 2009, Reliab. Eng. Syst. Saf..

[12]  Reinhard German,et al.  Performance analysis of communication systems - modelling with non-Markovian stochastic Petri nets , 2000, Wiley-Interscience series in systems and optimization.

[13]  M. W. Pollack Train control. Automating the world's railways for safety , 1998 .

[14]  A. G. Foord,et al.  Systems safety-a real example (European rail traffic management system, ERTMS) , 2001 .

[15]  Francesco Flammini,et al.  The software architecture of the OsMoSys multisolution framework , 2007, Valuetools 2007.

[16]  Eckehard Schnieder,et al.  Formal Modelling and Simulation of Train Control Systems Using Petri Nets , 1999, World Congress on Formal Methods.

[17]  Stefano Marrone,et al.  Model-Driven V&V Processes for Computer Based Control Systems: A Unifying Perspective , 2012, ISoLA.

[18]  Enrico Vicario,et al.  Correctness verification and performance analysis of real-time systems using stochastic preemptive time Petri nets , 2005, IEEE Transactions on Software Engineering.

[19]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[20]  Valeria Vittorini,et al.  The OsMoSys approach to multi-formalism modeling of systems , 2004, Software & Systems Modeling.

[21]  Francesco Flammini,et al.  Modelling system reliability aspects of ERTMS/ETCS by fault trees and Bayesian networks , 2006 .

[22]  Jan Trowitzsch,et al.  Using UML state machines and petri nets for the quantitative investigation of ETCS , 2006, valuetools '06.

[23]  Günter Hommel,et al.  Towards modeling and evaluation of ETCS real-time communication and operation , 2005, Journal of Systems and Software.

[24]  Pieter J. Mosterman,et al.  Computer Automated Multi-Paradigm Modeling : An Introduction , 2000 .

[25]  Anne Elisabeth Haxthausen,et al.  The Model-Driven openETCS Paradigm for Secure, Safe and Certifiable Train Control Systems , 2012 .

[26]  Asrar U. H. Sheikh,et al.  ATCS: Advanced Train Control System radio data link design considerations , 1990 .

[27]  Mats P. E. Heimdahl,et al.  Behavioral Fault Modeling for Model-based Safety Analysis , 2007 .

[28]  Kishor S. Trivedi,et al.  Stochastic Modeling Formalisms for Dependability, Performance and Performability , 2000, Performance Evaluation.