A model based framework for the safety analysis of

A Model Based Framework For The Safety Analysis Of-Free PDF

  • Date:06 Mar 2020
  • Views:76
  • Downloads:0
  • Pages:12
  • Size:572.72 KB

Share Pdf : A Model Based Framework For The Safety Analysis Of

Download and Preview : A Model Based Framework For The Safety Analysis Of

Report CopyRight/DMCA Form For : A Model Based Framework For The Safety Analysis Of


828 Computers in Railways XII, important objectives of a railway signalling system While advanced information. techniques have been widely used in new generation signalling systems safety. analysis becomes a genuine challenge Due to the development of automation. networking and to the general increase of train speed the number of interacting. components or subsystems has increased drastically over recent decades. Transplanting the redundant structure and degrade recovery technique into a. digital system makes the signalling system even more complex Leveson 1 It. is not sufficient to comprehend the system in its minute details just depending on. intuition and experience What is worse as the functions are much stronger and. the techniques are totally changed the availability of safety data for the new. computer based signalling systems such as accident or incident statistics is. limited Vernez and Vuille 2, To cope with the increasing complexity of signalling systems CENELEC. IEC and many countries have developed several standards and. recommendations These standards regulate the system development process. lifecycle of signalling systems to design for safety and also give out technical. requirements such as SIL Traditional techniques are recommended in the safety. assessment process including HAZOP FTA FMEA FMECA etc These. specific inductive or deductive methods of analysis are used to identify hazard. trace causation and evaluate their risk at different stages of the lifecycle and the. results are the main basis for design decisions This methodology has been used. by most railway equipment suppliers over the last 20 years although they. obviously lag behind the state of the art engineering practice. These dominant applied approaches commonly rely on expert opinion The. analysis models explain accidents in terms of multiple events connected by. causality relationship The methods just give out a very simple rule tree. structure or tables for the description of relationship There is no limitation for. the category of events and they could be some type of component failure human. error or energy related event However the selection of these events the links. between the events and even the point of beginning and ending is arbitrary Khan. and Abbasi 3 In order to reduce the subjectivity more experts with different. academic backgrounds are involved and the results need to be reviewed at least. once which obviously make the safety analysis time consuming and mentally. intensive Furthermore the simple rules of most classic safety analysis are not. well structured The forward or backward reasoning is carried out with regard to. the hierarchy of failure influences rather than to the architecture of the system. Vaidhyanathan and Venkatasubramanian 4 So at each stage if the design of. the system has changed many analyses need to start from the very beginning. Moreover there are major defects in most traditional safety analysis techniques. so different techniques are chosen at different stages of the lifecycle and two or. more techniques are usually employed at one stage to make up the defects of. each other However as there is no unifying framework for these techniques it is. very difficult to relate the results of the various safety studies to each other and. back to the high level failure analysis, In the past ten years many researchers have devoted themselves to the. solution to these problems of traditional safety analysis with model based. WIT Transactions on The Built Environment Vol 114 2010 WIT Press. www witpress com ISSN 1743 3509 on line,Computers in Railways XII 829. approaches 5 10 They intend to build precise models for the system. architecture and its failure modes so that computers can help to do the tedious. and error prone hazard sources tracing and probability calculation One solution. of model based safety analysis is extending the system development model with. a fault mode Formal languages are used to describe normal and failure. behaviours of the system and model checking tools or simulation engines are. used to do automatic analysis Some commercial safety analysis software. tools packages based on this idea are available such as FSAP NuSMV SA 5. and SCADE 6 However the major portion of this kind of model is still a. normal process rather than a failure process It is very difficult to plug in detail. failure information because of the limitation of model scale from analysis tools. Another solution is to model the failure propagation behaviour directly The. Failure Propagation and Transformation Notation FPTN described in 7 8 is. the first component based failure behaviour model Kaiser 9 introduced. modular concepts for a basic fault tree to analyze complex component based. systems Based on early researches Papadopoulos et al 10 proposed a model. based semi automatic safety and reliability analysis technique that uses tabular. failure annotations as the basic building block of analysis at the component level. called Hierarchically Performed Hazard Origin and Propagation Studies HiP. HOPS This tool can automatically synthesise the component failure modes and. generate a fault tree However the model does not work well in describing the. dynamic behaviour of system, The present study proposes an improved failure propagation approach for the.
safety analysis of a computer based rail signalling system In order to describe. the complex structure and function the study has developed an output guided. hazard identification method with a scenario hazard table to ensure the. correctness of system understanding and the completeness of hazard. identification A kind of simplified state machine model is used to express the. dynamic properties of signalling system structure The study has also developed. an iterative algorithm to combine the dynamic model with FPTN components. and compute qualitative results automatically, The rest of the paper is organized as follows Section 2 is a description of the. dynamics of a computer based signalling system Section 3 introduces the. hierarchical dynamic safety analysis framework including methodology. hypothesis definitions of each layer and the synthesis algorithms of different. layers The case study of a CBTC system in Section 4 demonstrates the. application of this approach The conclusion is drawn in Section 5. 2 Dynamics of computer based signalling systems, Computer based signalling systems generally adopt a distributed structure. including a trackside control centre and onboard vital computer systems which. are connected with a wireless communication network The trackside equipments. collect the parameters of trains within a certain area and related information from. other trackside systems such as ATS interlocking to compute a safe. unoccupied region for each train The onboard computer systems are responsible. WIT Transactions on The Built Environment Vol 114 2010 WIT Press. www witpress com ISSN 1743 3509 on line,830 Computers in Railways XII. for keeping train speed within the upper limit computed with the safe region. from the trackside and train parameters from the onboard computer The. European Train Control System ETCS and Communication Based Train. Control CBTC system applied in urban mass transit are the representative. computer based signalling systems, Traditionally the logic relations of different scenarios are expressed by the. combination of the trackside discrete electromechanical components while the. function of each signalling system remains unchanged In computer based. signalling systems trackside equipments are cut down and their functions are. integrated into onboard computers In this way computers should provide. different functions and work with different interfaces under different operation. scenarios This kind of system is called a phased mission system Alam and. Al Saggaf 11 which means that the mission served by the system composes of. several distinct phases with different objectives the phased mission. characteristic is called behavioural dynamics In each mission phase the system. has different service objectives and therefore the safety constrains may change. from time to time which make the safety analysis error prone For example. safety engineers often make the mistake of generally treating the measured value. of train distance as greater than the actual value that is safe In fact when a train. is moving out of a station or a speed limit section see fig 1 a greater measured. value of distance will make the calculated permitted speed larger than the real. one which might cause a derailment or train rollover Not only the structure of. the signalling system but also the function of the onboard computer is different. when the operation level or mode changes, Additionally some safety measures inherited from the electromechanical.
system increase the dynamics of the signalling system In order to apply the. powerful and undependable computer technique into a safety critical signalling. system redundant structures are used in almost all of the kernel trackside and. onboard processors Moreover the control mechanisms and even the whole. architectures are designed to be redundant which are represented in the form of. backup modes and system levels For example the CBTC system used in the. Beijing Yizhuang Line defines three operation levels for the whole system and. Speed restriction,Normal train speed curve,Train speed curve when. measured position is,bigger than real one, Figure 1 Speed curves when a train is moving out of a speed restriction. WIT Transactions on The Built Environment Vol 114 2010 WIT Press. www witpress com ISSN 1743 3509 on line,Computers in Railways XII 831. three operation modes for the onboard system Therefore the structure of this. subsystem will be changed with time in case any replications are down. 3 Model based dynamic safety analysis framework, 3 1 Framework for the safety analysis of computer based signalling systems. The construction of the hierarchical structure approach is shown in Fig 3. Hierarchical modelling is used in our framework as it fits in well with the. system design process and reduces the complexity of system analysis The. system is successively split into subsystems until the level of the basic. components is reached following a top down approach This kind of approach. has been successfully used in recent studies proposed by other authors such as. the successive modelling approach used in HHM to address large hierarchical. systems 12 and the MFM approach used in the Safe SADT method 13. The block at the top in Fig 2 represents the operation scenarios of the system. which should be defined at the beginning of its lifecycle For each scenario the. states definition and state transition of the system subsystem can be described by. the state transition model For each state the safe critical functions can be. decided and refined by FPTN models and it becomes more and more specific. when moving down along the system structure The safety analysis process can. be divided into the dynamic layer and the failure propagation layer The dynamic. layer used to structure and describe the dynamic attributes is combined with the. scenario lists and the state transition models The failure propagation layer is. expressed by FPTN language,System Design Safety Analysis.
SN Item Description Pec,System Definition 1,Scenario Identification L OC TC. operation condition,System Level,Layer Synthesis Algorithm. system interface,System operation level BL CB,Definition OC TC. Architecture Design FPTN Modules,Subsystems Functional Subsystem. Definition,Fault Tree Generation,Subsystem Interfaces 2.
Scenario chart,Subsystem Design,Layer Synthesis Algorithm. Subsystem Level,Subsystems operation,Subsystem State. mode Definition Machines,Subsystem Interfaces,Detail Design. FPTN Modules,SW Components Components,HW Structure. 1 Dynaic Layer of Safety Analysis Model, 2 Failure Propagation Layer of Safety Analysis Model.
Figure 2 Framework of hierarchical safety analysis. WIT Transactions on The Built Environment Vol 114 2010 WIT Press. www witpress com ISSN 1743 3509 on line,832 Computers in Railways XII. Operation System Function,Ref Scenario Mode Structure Output Hazards. CBTC VOBC ZC Door open DoorO DoorO c,SN01 at a 0 12. AM DCS interlocking SDoorO SDoorO c,Figure 3 Scenario hazard table. 3 1 1 Output guided hazard identification, Just like all other safety analysis methods hazard identification is the first.
procedure in our safety analysis framework Unlike general automatic control. systems traditional hazard identification methods do not work quite so well for. computer based railway signalling systems Firstly as computers are widely. used nowadays in signalling systems most vital functions are processed together. by computers and the critical information translation between the trackside and. onboard computers becomes much more dangerous Secondly the computer. based signalling system is large scaled and its control logic and interactions. between components are very complex Traditional brain storming methods. such as HAZOP apparently cannot ensure the correctness and completeness of. hazard identification Fortunately in railway systems the signalling system does. 3 1 Framework for the safety analysis of computer based signalling systems The construction of the hierarchical structure approach is shown in Fig 3 Hierarchical modelling is used in our framework as it fits in well with the system design process and reduces the complexity of system analysis The

Related Books