I. B. Shubinsky,E. N. Rozenberg

DOI: https://doi.org/10.21683/1729-2646-2023-23-3-38-45

2023-08-22

Dependability

Abstract:Aim . The paper aims to solve the problem of objective and confident functional safety (FS) evaluation of intelligent control systems (ICS). As regards ICS, the conventional methods, due to their particular features, do not allow for a sufficiently confident estimation of the actual state of FS. The above features include primarily the nondistinct architecture of ICS and the changing connections between the system elements. Methods . Substantiating ICS FS requires using the complete arsenal of known methods and means recommended in GOST 33432-2015 [1], including managerial measures defined by the requirements for the safety policy, program and case. The authors have analysed the capability to prove ICS FS using experimental, expert, analytical, technological, and simulation-based methods. The limitations of some methods as regards ICS FS substantiation have been established. Results . The authors suggest a heuristic graph-based semi-Markov (Markov) method of proving system FS. For the purpose of substantiating ICS FS, it is recommended using the heuristic graph-based method combined with the technological method defined in GOST R IEC 61508 [2–4]. They don’t only allow confidently evaluating the FS of intelligent systems, but developing recommendations for achieving acceptable safety levels of such systems.

Gaoxiang Chen,Dongqin Feng

DOI: https://doi.org/10.3969/j.issn.1000-0380.2006.10.001

2006-01-01

Abstract:The demands of safety related systems in practical applications are introduced.The standards to be complied with in design,development,application and maintenance of safety related systems are studied.The flowchart of functional safety certification of safety related system is described and the V-model development of safety related system is given.

GUAN Ai-ai,QIU Xin-xi,WANG Dong,CHEN Xiang-xian,HUANG Hai,LIU Ji-quan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.03.001

2013-01-01

Abstract:Automatic Train Protection(ATP) system is a safety-critical system to ensure the train running safety.The system has various functions and complex logic,which makes the development difficult.To this end,a model-based method is presented to develop ATP application software,in which interface models,status models,and control flow models are used to clearly and correctly describe application software functions and their implementation processes.The functions of the developed software are further verified by simulations and tests.The obtained results confirm that the function logic is simplified effectively with this method,making the software development easy.What’s more,human errors and faults are also reduced in this process.

Xianhui Yang,Ming Xu,Yao Cheng

DOI: https://doi.org/10.1109/3CA.2010.5533881

2010-01-01

Abstract:The automatic train control system (ATC) is the safety critical system (SCS). Based on the revised parts of the ATC, this paper analyzes the risks which may be triggered by the parts of modification. The paper follows the international standard of railway function safety, and describes the relevant requirements and basic methods. From the basic structure of the ATC, the required safety integrity level (SIL) of each part of the system is discussed. The paper concludes the methods for risk analysis and evaluation in the modified system. They contain hazard identification, hazard validation, consequence analyzing, the methods for determining risk category, hazard severity, possible hazard frequency, stages for dividing risks and recommended management for eliminate and alleviate risks. Those results of the revised system were analyzed by using lists of hazard identification, hazard influence and hazard liber. And risk monitoring is implemented by using the hazard liber. © 2010 IEEE.

Alessandro Baldassarra,Cristiano Marinacci,Stefano Ricci

DOI: https://doi.org/10.1016/j.trpro.2023.11.266

2023-01-01

Transportation Research Procedia

Abstract:The paper on typical rail operation hazards, such as Signal Passed at Danger (SPAD) and Failed Braking Application by Driver (FBAD). The protection against these hazards is normally by Automatic Train Protection (ATP) systems and emergency braking activation, operated by the onboard systems over a certain Minimum Release Speed (MRS). The determination of such speed is a key design parameter related with the achievable performances in terms of safety and capacity. The present research deal with a systematic analysis of the operational conditions potentially affecting the determination of such speed values by modelling the dynamics of the problem taking into account the features of the infrastructures (tracks layout, gradients, etc.), the vehicles (mass, braking performances, etc.) and the geography of signalling and ATP systems themselves. In fact, the position of main signals protecting the dangerous points (switches, level crossings, etc.) emerges as key player, affecting both the design and the operation of the systems.

Yu Cheng,Jinzhao Liu,Xinliang Jiang,Xinyu Du,Ruijun Cheng

DOI: https://doi.org/10.1007/s11227-024-06110-z

IF: 3.3

2024-05-30

The Journal of Supercomputing

Abstract:Online quantitative safety monitoring is the key technology for ensuring the operational safety of the automatic train protection (ATP) system for the future advanced train control system. However, the traditional formal verification method can only deal with the system of small scale since these verification algorithms exhaustively search all executable paths of formal models. Especially for the formal models with uncertain parameters, the problem of memory overflow will occur due to the state space explosion, which makes verification algorithms fail to converge. To solve this problem, an intelligent quantitative safety monitoring approach is proposed by integrating the probabilistic model checking method (PMCM) with neural network in this paper. To begin with, the instantiated continuous-time Markov Chains model is verified by PMCM offline. Then, the neural network is constructed and optimized based on the offline verification results. The quantitative safety boundaries (QSBs) for all quantitative safety levels are also computed by the designed algorithm. Furthermore, hierarchical iterative evaluation method is applied to efficiently evaluate the reliability performance of the ATP online. Finally, the quantitative safety level of ATP or its subsystem will be determined by both reliability performance and the previous QSBs or the neural network online.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Ping Tan,Yiming Shi,Xiaochun Zhang,Xueming Jiang,Zhihua Chen

DOI: https://doi.org/10.1109/icicee.2012.370

2012-01-01

Abstract:Train Interface Unit (TIU) is the key execution unit of on board Automatic Train Protection (ATP) system. ATP system achieves the control of the train and information exchange with the train via TIU. Developing a TIU which fits for different train platform and is in compliance with the safety integrity level (SIL) 4 can greatly facilitate the system installation and lower operation and maintenance cost. This thesis has designed a TIU for a series of standard train platform. Based on the system design, four key technologies of TIU, include relay and Multifunction Vehicle Bus (MVB) interface, safety communication, emergency brake (EB) interface and service brake (SB) interface, are in-depth in anatomist. Through the thorough analysis and evaluation of the safety and real-time performance, we can get the conclusion that the TIU sub-system meets the requirements of the practical use.

Wenbo Zhang,Xiangkun Meng,Jianyuan Wang,Tieshan Li,Qihe Shan,Fei Teng

DOI: https://doi.org/10.1109/iccss53909.2021.9722016

2021-12-10

Abstract:Automatic crane is a complex system affected by the external environment and the internal components of the system, information fusion, software and hardware combination, and man-machine integration. The improvement of its automation and informatization proposes various challenges in the accident model construction and safety analysis. However, the safety analysis methods based on fault types consider that the occurrence of accidents is linear and ignore the correlation among components of the system. This paper adopts the system-theoretic accident model and process (STAMP) and system-theoretic process analysis (STPA) mode is to implement safety analysis of the automatic crane trolley running system (ACTRs). The paper starts from the identification of system-level losses and hazards, clarifies the function and internal logical control relationships of the system’s components, and then finds potential unsafe control actions (UCAs) and loss scenarios during the trolley running. The results show that the control requirements for the regular operation of the trolley running system can be analyzed in detail. Therefore, the STAMP/STPA can apply to the safety investigation of automatic cranes.

Yang Yang,Guangwu Chen,Di Wang

DOI: https://doi.org/10.3390/electronics11182863

IF: 2.9

2022-09-11

Electronics

Abstract:The positioning system based on satellite navigation can meet the requirements of CTCS-4 train control, improve the transportation efficiency, reduce the operation and maintenance costs, which is the trend of train positioning system in the future, and the security risk assessment is of great significance to the future application of this system. In this paper, combined with the self-developed train positioning system based on satellite navigation, and an improved fault tree-interval analytic hierarchy process (FTA-IAHP) method for evaluating the safety risk of train positioning system is proposed. Firstly, a security risk assessment model based on FTA-IAHP is established by combining FTA and IAHP. Secondly, two judgment matrices are constructed by using the basic events and structural importance based on FTA, and the IAHP model based on expert scoring, the difference between FTA and IAHP is adjusted by combining the weighting factor. The new method of trial of weighting can determine the degree of each factor in the system fault. This method has great significance to the safety design and protection of the new train positioning system based on satellite navigation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Guoqi Xie,Yanwen Li,Yunbo Han,Yong Xie,Gang Zeng,Renfa Li

DOI: https://doi.org/10.1109/tii.2020.2978889

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:Guaranteeing safety is always a prerequisite in the process of realizing various automotive applications. However, the automotive functional safety design has been challenged by multiple factors, such as the complexity of the new generation automotive electrical and electronic (E/E) architecture, the continuous release and update of automotive functional safety standard International Standardization Organization (ISO) 26262, the release of new AUTOSAR adaptive platform standard, and the increase in different types of costs. In this article, we summarize the recent advances of automotive functional safety design methodologies through analysis, design, optimization, and runtime phases, respectively: 1) functional safety analysis; 2) functional safety guarantee; 3) safety-aware cost optimization; and 4) safety-critical multifunctional scheduling. Then, we provide the future trends in functional safety design methodologies that will be directly oriented to autonomous vehicles and adapt to the next generation functional safety standard ISO 21448.

Bingjun Yan,Xiufang Zhou,Bo Zhang,Zhiping Wang

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys53884.2021.00302

2021-01-01

Abstract:Based on functional safety standard IEC61508, this paper studies the functional safety approaches of the pressure transmitter. Following the 1oo1D architecture, self-diagnostics measures are used in this functional safety pressure transmitter. In order to improve diagnostic coverage, dual CPUs are used to compare results at different calculation stages. The FTA analysis and Markov model are used for safety verification. Furthermore, the safety failure fraction (SFF) and probability of failure on demand (PFD) are analysed, and the results indicate that safety integrity level is SIL2.

Jia Guo,Yingkai Bao,Bin Yu,Zhian Zeng,Liangyi Wang,Chuangxin Guo

DOI: https://doi.org/10.1109/powercon.2014.6993773

2014-01-01

Abstract:Due to the popularity of intelligent electronic device and digital information transmission in intelligent substation, the security issues of the SAS have become increasingly prominent, it is necessary to carry out security risk assessment for the SAS. This paper proposed a methodology for the security risk assessment of the SAS, the function-based model (FBM) was proposed according to IEC 61850, by which the SAS could be decomposed into functions. Secondly, a method for calculating the function failure probability was presented, referring to information security risk assessment norms, function value was defined to measure the loss of function failure. Based on AHP (analytic hierarchy process, AHP), the transmission weights of function risk were calculated, to integrate function risk into system risk Based on the sensitivity analysis, the assessment and ranking for different parts of SAS are completed, and the weaknesses of SAS are found. Finally, Taking Tl-1 substation SAS system as an example, the feasibility and applicability of the proposed method was verified.

GUO Tongcheng,MU Chundi,LIU Ren,SHEN Zhuoli

DOI: https://doi.org/10.3321/j.issn:1000-0054.2000.07.014

2000-01-01

Abstract:Automatic train protection (ATP), the main control strategy for high speed trains, includes not only the control algorithm, but also the communication protocol between a train and a train control center. This paper introduces a feasible ATP algorithm for high speed trains, which includes an optimized design and an actualizing procedure for train control centers and train computer systems. The algorithm is described for determining the target point, calculating the distance limited velocity curve, and for passing the information to the train. The method is given for the train computer system calculate the velocity control curve and the train control speed. The ATP algorithm simulation results show the feasibility and advantages of the algorithm.

Hao An,Kai Zhang

DOI: https://doi.org/10.1109/aeeca55500.2022.9919087

2022-01-01

Abstract:Autonomous vehicle has become a research hotspot. The lidar system is recognized as a vital part of environmental perception for the autonomous vehicle. To improve the safety of autonomous vehicles, it is necessary to study the safety control technology of the lidar system. In this paper, we propose the functional safety design of the lidar system according to the standard ISO26262 from the concept stage, including the lidar system's function definition, hazard analysis, risk assessment, functional safety requirements, and safety control strategy. Based on the functional safety design, this paper classifies the functional failure modes of the lidar system and proposes corresponding anomaly detection methods and safety control measures for each functional failure mode. We believe this work should receive research attention to provide more references to the safety guarantee of autonomous vehicles.

Lei He,Junyi Chen,Xiucai Zhang,Jun Li,Jingquan Tian

DOI: https://doi.org/10.1109/access.2024.3349964

IF: 3.9

2024-01-01

IEEE Access

Abstract:In recent years, autonomous driving technology has been developing rapidly, but there is still a certain gap from commercial production, in which the safety issue is one of the important factors. In the working of most companies and colleges, the Traffic Jam Pilot (TJP), serving as a prototypical Level 3 autonomous driving function, has predominantly focused on functional implementation and enhancement, prioritizing functional completeness and user comfort. However, the aspect of functional safety in the system has received comparatively less attention. To guarantee the safety of the driver’s life and property, it is essential to consider the functional safety aspect regarding automobile operation after system function failure. In this paper, according to the functional safety development process and related regulations in ISO 26262, the functions and operation environment of the TJP system are defined in detail, and the longitudinal function is taken as an example to be developed following the functional safety process and verified by simulation. Simulation verification results show that the control algorithm is safe and reliable, and can ensure the safety and stability of the vehicle during operation. The research in this paper further explores the combination of functional safety and high-level automated driving function, providing some ideas for their practical application in industry.

computer science, information systems,telecommunications,engineering, electrical & electronic

Asim Abdulkhaleq,Stefan Wagner,Daniel Lammering,Hagen Boehmert,Pierre Blueher

DOI: https://doi.org/10.48550/arXiv.1703.03657

2017-03-10

Software Engineering

Abstract:Safety has become of paramount importance in the development lifecycle of the modern automobile systems. However, the current automotive safety standard ISO 26262 does not specify clearly the methods for safety analysis. Different methods are recommended for this purpose. FTA (Fault Tree Analysis) and FMEA (Failure Mode and Effects Analysis) are used in the most recent ISO 26262 applications to identify component failures, errors and faults that lead to specific hazards (in the presence of faults). However, these methods are based on reliability theory, and they are not adequate to address new hazards caused by dysfunctional component interactions, software failure or human error. A holistic approach was developed called STPA (Systems-Theoretic Process Analysis) which addresses more types of hazards and treats safety as a dynamic control problem rather than an individual component failure. STPA also addresses types of hazardous causes in the absence of failure. Accordingly, there is a need for investigating hazard analysis techniques like STPA. In this paper, we present a concept on how to use STPA to extend the safety scope of ISO 26262 and support the Hazard Analysis and Risk Assessments (HARA) process. We applied the proposed concept to a current project of a fully automated vehicle at Continental. As a result, we identified 24 system- level accidents, 176 hazards, 27 unsafe control actions, and 129 unsafe scenarios. We conclude that STPA is an effective and efficient approach to derive detailed safety constraints. STPA can support the functional safety engineers to evaluate the architectural design of fully automated vehicles and build the functional safety concept.

Zheng Zhu,Liang Li

DOI: https://doi.org/10.1109/tiv.2024.3478792

IF: 8.2

2024-01-01

IEEE Transactions on Intelligent Vehicles

Abstract:With the development of automotive intelligence, drive-by-wire system has attracted extensive attention from academia and industry. However, the architectural design of electro-mechanical-brake (EMB) systems has not been emphasized enough, especially in the context of functional safety concept. In view of this, based on ISO 26262, this paper extends the system boundary of functional safety for the first time, and combines EMB system with other systems of the vehicle to build a 4-way redundant EMB system architecture. Furthermore, detailed qualitative and quantitative analysis results are given by using state transition location diagram and quantitative fault tree analysis (FTA) respectively, and the braking failure rate is Q 0 ≈ 2.0003×10 -10 < 10 -8 meets the failure rate requirements of ASIL-D, which prove the security and reliability of the proposed architecture. This paper provides guidance and reference for the design and analysis of EMB system for subsequent researchers, and guarantees the safe development of autonomous vehicles from the safety and reliability of the system.

Weili Gui,Chundi Mu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.08.039

2001-01-01

Abstract:Automatic train protection(ATP)is the necessary kernel of modern railway signal system.,it is important for the safety and effciency of the train's running. An ATP diagnostic system of subways based on simulations is described. The technologies of distributed interactive simulation and virtual reality(VR)are applied in the analysis and design of the system,the running environment of the ATP facilities is virtualized,so the accuracy and reliability can be tested. For the priorities of functions and cost compared with other distributed simulation infrastructure, CORBA is used to integrate the subsystems. At last,the structure of the system is depicted.

HUANG Quanan,SONG Jian,ZHANG Guosheng,LI Lei

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2010.11.016

2010-01-01

Abstract:To enhance the diagnostic and self-protected ability of automated mechanical transmission(AMT),and to improve the system reliability,this paper proposes a concept of the controller system safety.By way of system analysis method,the traditional development of hardware and software is changed to the design of system input,internal logic and output.The methods of circuit adaptive,fault rapid diagnosis,safety redundancy,sub-system replacement and open-loop fault-tolerant control were used to design the power management module,sensor signal processing,system internal control unit and actuators' driver,with an AMT controller developed,which is stable and controllable,adaptive to input environment and has limp-home and fail-safe characteristic.Laboratory experiments and road tests proved that the proposed design methods can improve the control performance of AMT and enhance the whole system stability and reliability.

Lian-chuan Ma,Dongmei Huang,Jian-cheng Mu,Yuan Cao

DOI: https://doi.org/10.2991/AIEA-16.2016.61

2016-11-12

Abstract:Commercial off-the-shelf (COTS) software and hardware components are widely used in the design of train control system. In order to satisfy the application requirements of the safety computer in train control system, it is necessary to analyze its safety properties. In this paper, a method of safety analysis for the safety computer is proposed. The safety properties of the safety computer in train control system are verified by establishing the system model of safety mechanism, and establishing a safety base in safety computer management units (SCMU), and measuring the safety of each part of the system step by step, and then establishing a safety chain. Finally, tests are carried out through a designed software fault injection tool to demonstrate the effectiveness of the proposed method.

Computer Science,Engineering