Automatic instantiation of abstract tests on specific configurations for large critical control systems

Computer-based control systems have grown in size, complexity, distribution and criticality. In this paper a methodology is presented to perform an abstract testing of such large control systems in an efficient way: an abstract test is specified directly from system functional requirements and has to be instantiated in more test runs to cover a specific configuration, comprising any number of control entities (sensors, actuators and logic processes). Such a process is usually performed by hand for each installation of the control system, requiring a considerable time effort and being an error prone verification activity. To automate a safe passage from abstract tests, related to the so called generic software application, to any specific installation, an algorithm is provided, starting from a reference architecture and a state-based behavioural model of the control software. The presented approach has been applied to a railway interlocking system, demonstrating its feasibility and effectiveness in several years of testing experience

10421 Abstracts Collection -- Model-Based Testing in Practice

From 17.10. to 22.10.2010, the Dagstuhl Seminar 10421 ``Model-Based Testing in Practice \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Selection of a new hardware and software platform for railway interlocking

The interlocking system is one of the main actors for safe railway transportation. In most cases, the whole system is supplied by a single vendor. The recent regulations from the European Union direct for an “open” architecture to invite new game changers and reduce life-cycle costs. The objective of the thesis is to propose an alternative platform that could replace a legacy interlocking system. In the thesis, various commercial off-the-shelf hardware and software products are studied which could be assembled to compose an alternative interlocking platform. The platform must be open enough to adapt to any changes in the constituent elements and abide by the proposed baselines of new standardization initiatives, such as ERTMS, EULYNX, and RCA. In this thesis, a comparative study is performed between these products based on hardware capacity, architecture, communication protocols, programming tools, security, railway certifications, life-cycle issues, etc

The risk assessment of ERTMS-based railway systems from a cyber security perspective: Methodology and lessons learned

The impact that cyber issues might have on the safety and resilience of railway systems has been studied for more than five years by industry specialists and government agencies. This paper presents some of the work done by Adelard in this area, ranging from an analysis of potential vulnerabilities in the ERTMS specifications through to a high-level cyber security risk assessment of a national ERTMS implementation and detailed analysis of particular ERTMS systems on behalf of the GB rail industry. The focus of the paper is on our overall methodology for security-informed safety and hazard analysis. Lessons learned will be presented but of course our detailed results remain proprietary or sensitive and cannot be published

Train planning in a fragmented railway: a British perspective

Train Planning (also known as railway scheduling) is an area of substantial importance to the success of any railway. Through train planning, railway managers aim to meet the needs of customers whilst using as low a level of resources (infrastructure, rolling stock and staff) as possible. Efficient and effective train planning is essential to get the best possible performance out of a railway network. The author of this thesis aims, firstly, to analyse the processes which are used to develop train plans and the extent to which they meet the objectives that they might be expected to meet and, secondly, to investigate selected new and innovative software approaches that might make a material difference to the effectiveness and/or efficiency of train planning processes. These aims are delivered using a range of primarily qualitative research methods, including literature reviews, interviews, participant observation and case studies, to understand these processes and software. Conclusions regarding train planning processes include how the complexity of these processes hinders their effectiveness, the negative impact of the privatisation of British Rail on these processes and the conflicting nature of objectives for train planning in the privatised railway. Train planning software is found not to adequately support train planners in meeting the objectives they are set. The potential for timetable generation using heuristics and for timetable performance simulation to improve the effectiveness of train planning are discussed and recommendations made for further research and development to address the limitations of the software currently available

Automatic instantiation of abstract tests to specific configurations for large critical control systems

Computer-based control systems have grown in size, complexity, distribution and criticality. In this paper a methodology is presented to perform an ‘abstract testing’ of such large control systems in an efficient way: an abstract test is specified directly from system functional requirements and has to be instantiated in more test runs to cover a specific configuration, comprising any number of control entities (sensors, actuators and logic processes). Such a process is usually performed by hand for each installation of the control system, requiring a considerable time effort and being an error-prone verification activity. To automate a safe passage from abstract tests, related to the so-called generic software application, to any specific installation, an algorithm is provided, starting from a reference architecture and a statebased behavioural model of the control software. The presented approach has been applied to a railway interlocking system, demonstrating its feasibility and effectiveness in several years of testing experience