A cognitive control approach to interference mitigation in communications-based train control (CBTC) co-existing with passenger information systems (PISs)

As a key component of urban rail transit systems, communications-based train control (CBTC) is an automated train control system using train-ground communications to ensure efficient operation of rail vehicles. In addition to CBTC systems, passenger information systems (PISs) are adopted in urban rail transit systems to improve quality of service (QoS) offered to customers. The interference between CBTC systems and PISs is an important factor impacting QoS of both CBTC systems and PISs. With recent advances in cognitive dynamic systems, in this paper, we take a cognitive control approach to interference mitigation considering the co-existence of CBTC systems and PISs. In our cognitive control approach, the notion of information gap is adopted to quantitatively describe effects of interference on CBTC. The wireless channel is modeled as a finite-state Markov chain with multiple state transition probability matrices, which are derived from real field measurements. Simulation results show that the proposed cognitive control approach can significantly improve performance of CBTC train-ground communications under interference from

Measurements and analysis of large-scale fading characteristics in curved subway tunnels at 920 MHz, 2400 MHz, and 5705 MHz

ave propagation characteristics in curved tunnels are of importance for designing reliable communications in subway systems. This paper presents the extensive propagation measurements conducted in two typical types of subway tunnels—traditional arched “Type I” tunnel and modern arched “Type II” tunnel—with300- and 500-m radii of curvature with different configurations—horizontal and vertical polarizations at 920, 2400, and 5705 MHz, respectively. Based on the measurements, statistical metrics of propagation loss and shadow fading (path-loss exponent, shadow fading distribution, autocorrelation, and cross-correlation) in all the measurement cases are extracted. Then, the large-scale fading characteristics in the curved subway tunnels are compared with the cases of road and railway tunnels, the other main rail traffic scenarios, and some “typical” scenarios to give a comprehensive insight into the propagation in various scenarios where the intelligent transportation systems are deployed. Moreover, for each of the large-scale fading parameters, extensive analysis and discussions are made to reflect the physical laws behind the observations. The quantitative results and findings are useful to realize intelligent transportation systems in the subway system

Research on the System Safety Management in Urban Railway

Nowadays, rail transport has become one of the most widely utilised forms of transport thanks to its high safety level, large capacity, and cost-effectiveness. With the railway network's continuous development, including urban rail transit, one of the major areas of increasing attention and demand is ensuring safety or risk management in operation long-term remains for the whole life cycle by scientific tools, management of railway operation (Martani 2017), specifically in developed and developing countries like Vietnam. The situation in Vietnam demonstrates that the national mainline railway network has been built and operated entirely in a single narrow gauge (1000mm) since the previous century, with very few updates of manual operating technology. This significantly highlights that up to now, the conventional technique for managing the safety operation in general, and collision in particular, of the current Vietnamese railway system, including its subsystems, is only accident statistics which is not a scientific-based tool as the others like risk identify and analyse methods, risk mitigation…, that are already available in many countries. Accident management of Vietnam Railways is limited and responsible for accident statistics analysis to avoid and minimise the harm caused by phenomena that occur only after an accident. Statistical analysis of train accident case studies in Vietnam railway demonstrates that, because hazards and failures that could result in serious system occurrences (accidents and incidents) have not been identified, recorded, and evaluated to conduct safety-driven risk analysis using a well-suited assessment methodology, risk prevention and control cannot be achieved. Not only is it hard to forecast and avoid events, but it may also raise the chance and amount of danger, as well as the severity of the later effects. As a result, Vietnam's railway system has a high number of accidents and failure rates. For example, Vietnam Rail-ways' mainline network accounted for approximately 200 railway accidents in 2018, a 3% increase over the previous year, including 163 collisions between trains and road vehicles/persons, resulting in more than 100 fatalities and more than 150 casualties; 16 accidents, including almost derailments, the signal passed at danger… without fatality or casual-ty, but significant damage to rolling stock and track infrastructure (VR 2021). Focusing and developing a new standardised framework for safety management and availability of railway operation in Vietnam is required in view of the rapid development of rail urban transport in the country in recent years (VmoT 2016; VmoT 2018). UMRT Line HN2A in southwest Hanoi is the country's first elevated light rail transit line, which was completed and officially put into revenue service in November 2021. This greatly highlights that up to the current date, the UMRT Line HN2A is the first and only railway line in Vietnam with operational safety assessment launched for the first time and long-term remains for the whole life cycle. The fact that the UMRT Hanoi has a large capacity, more complicated rolling stock and infrastructure equipment, as well as a modern communica-tion-based train control (CBTC) signalling system and automatic train driving without the need for operator intervention (Lindqvist 2006), are all advantages. Developing a compatible and integrated safety management system (SMS) for adaption to the safety operating requirements of this UMRT is an important major point of concern, and this should be proven. In actuality, the system acceptance and safety certification phase for Metro Line HN2A prolonged up to 2.5 years owing to the identification of difficulties with noncompliance to safety requirements resulting from inadequate SMS documents and risk assessment. These faults and hazards have developed during the manufacturing and execution of the project; it is impossible to go back in time to correct them, and it is also impossible to ignore the project without assuming responsibility for its management. At the time of completion, the HN2A metro line will have required an expenditure of up to $868 million, thus it is vital to create measures to prevent system failure and assure passenger safety. This dissertation has reviewed the methods to solve the aforementioned challenges and presented a solution blueprint to attain the European standard level of system safety in three-phase as in the following: • Phase 1: applicable for lines that are currently in operation, such as Metro Line HN2A. Focused on operational and maintenance procedures, as well as a training plan for railway personnel, in order to enhance human performance. Complete and update the risk assessment framework for Metro Line HN2A. The dissertation's findings are described in these applications. • Phase 2: applicable for lines that are currently in construction and manufacturing, such as Metro Line HN3, Line HN2, HCMC Line 1 and Line 2. Continue refining and enhancing engineering management methods introduced during Phase 1. On the basis of the risk assessment by manufacturers (Line HN3, HCMC Line 2 with European manufacturers) and the risk assessment framework described in Chapter 4, a risk management plan for each line will be developed. Building Accident database for risk assessment research and development. • Phase 3: applicable for lines that are currently in planning. Enhance safety requirements and life-cycle management. Building a proactive Safety Culture step by step for the railway industry. This material is implemented gradually throughout all three phases, beginning with the creation of the concept and concluding with an improvement in the attitude of railway personnel on the HN2A line. In addition to this overview, Chapters 4 through Chapter 9 of the dissertation include particular solutions for Risk assessment, Vehicle and Infrastructure Maintenance methods, Inci-dent Management procedures, and Safety Culture installation. This document focuses on constructing a system safety concept for railway personnel, providing stringent and scientific management practises to assure proper engineering conditions, to manage effectively the metro line system, and ensuring passenger safety in Hanoi's metro operatio

Protecting critical infrastructure systems using cyber, physical, and socio-technical models

Critical infrastructure systems are vital to all nations, and incapacitating such systems can result in devastating impact on the general public. Therefore, it is essential to protect such systems from malicious threats. Today, the increasing interconnectedness of critical infrastructure systems has greatly improved system efficiency at the cost of a larger attack surface. In recent years, we have seen cyber-attack campaigns in addition to physical attacks on various critical infrastructure systems around the world. Thus it is important to protect such systems from adversarial physical and cyber threats. In this dissertation, we propose to protect critical infrastructure systems by (1) assessing the safety of the system and (2) detecting malicious physical threats on the system by using models that integrate the cyber, physical, and human domains. We support our dissertation statement by applying our contributions to a railway system case study. First, we perform a security analysis to identify malicious threats and suggest potential detection mechanisms to strengthen the system defense. We define a general ontology that represents cyber-physical system components and relationships among them, and cyber and physical actions by a human actor. We model a railway station using concepts from that ontology, and feed the model into the ADVISE tool to automatically generate an attack execution graph. We analyze that attack execution graph and show that the addition of a potential defense system for physical movement is an effective mechanism for improving system security. We then conduct a safety analysis to identify potential cyber attacks on the railway signaling system that would violate system safety. To do so, we use networks of timed automata to model the cyber-physical control feedback loop that drives system service. We develop a set of transformations on state automata that represent combinations of cyber actions of a human actor. Then, we perform model checking to identify the cyber attack scenarios that would compromise system safety. We demonstrate that while certain safety countermeasures can mitigate attacks by outsider adversaries, attacks by insider adversaries would still succeed. Reapplication of our security analysis with the addition of the cyber-attack vectors that we discovered shows that adversaries prefer to use physical and social means to gain access to the railway station and attack the system. Thus, to strengthen the physical security of the system, we develop defense systems that detect suspicious physical movement by human actors in a railway station. We identify abnormal movement behavior by comparing sequences of movement to historic normal movement models. In doing so, we first build models of normal movement behavior by using historic building access control logs. Then, in real-time, we screen physical accesses and check for deviations in users' behavior from the normal movement behavior model. If we find any, we flag those physical accesses as suspicious. We show that our detection approach is able to flag suspicious behavior with increasing likelihood as the malicious movement sequence increases. We then develop approaches to identify tailgating in building access control logs by using physical constraints about human movement and space occupancy. This work was motivated by the observation that adversaries may thwart building access control systems by physical and social means, e.g., by ``tailgating," or following closely behind, an authorized person. We use cyber and physical data sources to build models of the physical locations of people. Then, we flag tailgating instances when the physical constraints on human movement and space occupancy are violated. We show that our detection approach is able to identify certain tailgating scenarios and that the addition of other data sources, such as physical data sources, allows us to build a more complete model of physical location. Finally, we reapply our security analysis with the addition of defense systems. The results of our analysis show that the inclusion of the defense systems incentivizes adversaries to expend more effort and time to launch a cyber-attack campaign instead of attempting to gain access to the railway station. Therefore, our defense systems help to strengthen the overall security posture of the system. In conclusion, we identify several cyber and physical attack scenarios that would affect system safety, and we develop physical defense systems that demonstrably increase the system's security posture. Thus, in this dissertation, we present an integration of security analysis, safety analysis, and system defense that uses cyber, physical, and socio-technical models to protect critical infrastructure systems

Entwicklung und Analyse eines Zug-zentrischen Entfernungsmesssystems mittels Colored Petri Nets

Based on the technology trends, the train control system should weaken the proportion of ground facilities, and give trains more individual initiative than in the past. As a result, the safety and flexibility of the train control system can be further improved. In this thesis, an enhanced movement authority system is proposed, which combines advantages of the train-centric communication with current movement authority mechanisms. To obtain the necessary train distance interval data, the onboard equipment and a new train-to-train distance measurement system (TTDMS) are applied as normal and backup strategies, respectively. While different location technologies have been used to collect data for trains, the development and validation of new systems remain challenges. In this thesis, formal approaches are presented for developing and verifying TTDMS. To assist the system development, the Colored Petri nets (CPNs) are used to formalize and evaluate the system structure and its behavior. Based on the CPN model, the system structure is validated. Additionally, a procedure is proposed to generate a Code Architecture from the formal model. The system performance is assessed in detection range and accuracy. Therefore both mathematical simulation and practical measurements validation are implemented. The results indicate that the system is feasible to carry out distance measurements both in metropolitan and railway lines, and the formal approaches are reusable to develop and verify other systems. As the target object, TTDMS is based on a spread-spectrum technology to accomplish distance measurement. The measurement is carried out by applying Time of Arrival (TOA) to calculate the distance between two trains, and requires no synchronized time source of transmission. It can calculate the time difference by using the autocorrelation of Pseudo Random Noise (PRN) code. Different from existing systems in air and maritime transport, this system does not require any other localization unit, except for communication architecture. To guarantee a system can operate as designed, it needs to be validated before its application. Only when system behaviors have been validated other relative performances' evaluations make sense. Based on the unambiguous definition of formal methods, TTDMS can be described much clearer by using formal methods instead of executable codes.Basierend auf technologischen Trends sollte das Zugbeeinflussungssystem den Anteil der Bodenanlagen reduzieren und den Zügen mehr Eigeninitiative geben als in der Vergangenheit, da so die funktionale Sicherheit und die Flexibilität des Zugbeeinflussungssystems erhöht werden können. In dieser Arbeit wird ein verbessertes System vorgeschlagen, das die Vorteile der zugbezogenen Kommunikation mit den aktuellen Fahrbefehlsmechanismen kombiniert. Um die notwendigen Daten des Zugabstandsintervalls zu erhalten, werden die Bordausrüstung und ein neues Zug-zu-Zug-Entfernungsmesssystem (TTDMS) als normale bzw. Backup-Strategien angewendet. Während verschiedene Ortungstechnolgien zur Zugdatenerfassung genutzt wurden, bleibt die Entwicklung und Validierung neuer Systeme eine Herausforderung. In dieser Arbeit werden formale Ansätze zur Entwicklung und Verifikation von TTDMS vorgestellt. Zur Unterstützung der Systementwicklung werden CPNs zur Formalisierung und Bewertung der Systemstruktur und ihres Verhaltens eingesetzt. Basierend auf dem CPN-Modell wird die Systemstruktur validiert. Zusätzlich wird eine Methode vorgeschlagen, mit der eine Code-Architektur aus dem formalen Modell generiert werden kann. Die Systemleistung wird im Erfassungsbereich und in der Genauigkeit beurteilt. Daher werden sowohl eine mathematische Simulation als auch eine praktische Validierung der Messungen implementiert. Die Ergebnisse zeigen, dass das System in der Lage ist, Entfernungsmessungen in Metro- und Eisenbahnlinien durchzuführen. Zudem sind die formalen Ansätze bei der Entwicklung und Verifikation anderer Systeme wiederverwendbar. Die Abstandsmessung mit TTDMS basiert auf einem Frequenzspreizungsverfahren. Die Messung wird durchgeführt, indem die Ankunftszeit angewendet wird, um den Abstand zwischen zwei Zügen zu berechnen. Dieses Verfahren erfordert keine Synchronisierung der Zeitquellen der Übertragung. Der Zeitunterschied kann damit berechnet werden, indem die Autokorrelation des Pseudo-Random-Noise-Codes verwendet wird. Im Unterschied zu Systemen im Luft- und Seeverkehr benötigt dieses System keine andere Lokalisierungseinheit als die Kommunikationsarchitektur. Um zu gewährleisten, dass ein System wie vorgesehen funktioniert, muss es validiert werden. Nur wenn das Systemverhalten validiert wurde, sind Bewertungen anderer relativer Leistungen sinnvoll. Aufgrund ihrer eindeutigen Definition kann das TTDMS mit formalen Methoden klarer beschrieben werden als mit ausführbaren Codes

Safety and Reliability - Safe Societies in a Changing World

The contributions cover a wide range of methodologies and application areas for safety and reliability that contribute to safe societies in a changing world. These methodologies and applications include: - foundations of risk and reliability assessment and management - mathematical methods in reliability and safety - risk assessment - risk management - system reliability - uncertainty analysis - digitalization and big data - prognostics and system health management - occupational safety - accident and incident modeling - maintenance modeling and applications - simulation for safety and reliability analysis - dynamic risk and barrier management - organizational factors and safety culture - human factors and human reliability - resilience engineering - structural reliability - natural hazards - security - economic analysis in risk managemen