Timed Fault Tree Models of the China Yongwen Railway Accident

Safety is an essential requirement for railway transportation. There are many methods that have been developed to predict, prevent and mitigate accidents in this context. All of these methods have their own purpose and limitations. This paper presents a new useful analysis technique: timed fault tree analysis. This method extends traditional fault tree analysis with temporal events and fault characteristics. Timed Fault Trees (TFTs) can determine which faults need to be eliminated urgently, and it can also provide a safe time window to repair them. They can also be used to determine the time taken for railway maintenance requirements, and thereby improve maintenance efficiency, and reduce risks. In this paper, we present the features and functionality of a railway transportation system based on timed fault tree models. We demonstrate the applicability of our framework via a case study of the China Yongwen line railway accident

Vision Zero application on Czech railways

The railway is perceived as a modern, safe and environmentally sustainable way of transporting people and goods. In the past, appropriate innovations in the field of infrastructure and vehicles, combined with an attractive operational concept, have gradually become the backbone of public transport in the country. Even in this system, similar to other transport systems, there are accidents (events of emergency) or potentially risky situations. The paper places the issue of railway safety in the legislative context and uncovers the points of view from which the safety of railway traffic can be viewed

Critical Infrastructures: Enhancing Preparedness & Resilience for the Security of Citizens and Services Supply Continuity: Proceedings of the 52nd ESReDA Seminar Hosted by the Lithuanian Energy Institute & Vytautas Magnus University

Critical Infrastructures Preparedness and Resilience is a major societal security issue in modern society. Critical Infrastructures (CIs) provide vital services to modern societies. Some CIs’ disruptions may endanger the security of the citizen, the safety of the strategic assets and even the governance continuity. The European Safety, Reliability and Data Association (ESReDA) as one of the most active EU networks in the field has initiated a project group on the “Critical Infrastructure/Modelling, Simulation and Analysis – Data”. The main focus of the project group is to report on the state of progress in MS&A of the CIs preparedness & resilience with a specific focus on the corresponding data availability and relevance. In order to report on the most recent developments in the field of the CIs preparedness & resilience MS&A and the availability of the relevant data, ESReDA held its 52nd Seminar on the following thematic: “Critical Infrastructures: Enhancing Preparedness & Resilience for the security of citizens and services supply continuity”. The 52nd ESReDA Seminar was a very successful event, which attracted about 50 participants from industry, authorities, operators, research centres, academia and consultancy companies.JRC.G.10-Knowledge for Nuclear Security and Safet

Applications of Bayesian networks and Petri nets in safety, reliability, and risk assessments: A review

YesSystem safety, reliability and risk analysis are important tasks that are performed throughout the system lifecycle to ensure the dependability of safety-critical systems. Probabilistic risk assessment (PRA) approaches are comprehensive, structured and logical methods widely used for this purpose. PRA approaches include, but not limited to, Fault Tree Analysis (FTA), Failure Mode and Effects Analysis (FMEA), and Event Tree Analysis (ETA). Growing complexity of modern systems and their capability of behaving dynamically make it challenging for classical PRA techniques to analyse such systems accurately. For a comprehensive and accurate analysis of complex systems, different characteristics such as functional dependencies among components, temporal behaviour of systems, multiple failure modes/states for components/systems, and uncertainty in system behaviour and failure data are needed to be considered. Unfortunately, classical approaches are not capable of accounting for these aspects. Bayesian networks (BNs) have gained popularity in risk assessment applications due to their flexible structure and capability of incorporating most of the above mentioned aspects during analysis. Furthermore, BNs have the ability to perform diagnostic analysis. Petri Nets are another formal graphical and mathematical tool capable of modelling and analysing dynamic behaviour of systems. They are also increasingly used for system safety, reliability and risk evaluation. This paper presents a review of the applications of Bayesian networks and Petri nets in system safety, reliability and risk assessments. The review highlights the potential usefulness of the BN and PN based approaches over other classical approaches, and relative strengths and weaknesses in different practical application scenarios.This work was funded by the DEIS H2020 project (Grant Agreement 732242)

Towards an Accurate Probabilistic Modeling and Statistical Analysis of Temporal Faults via Temporal Dynamic Fault-Trees (TDFTs)

Fault tree (FT) is a standardized notation for representing relationships between a system's reliability and the faults and/or the events associated with it. However, the existing FT fault models are only capable of portraying permanent events in the system. This is a major hindrance since these models fail to reflect accurately the other classes of faults, such as soft-faults, which are often temporary events that usually disappear after the source of the interference is no longer present. This paper proposes a new fault tree modeling paradigm, to capture the impact of temporal events in systems, called temporal dynamic fault trees (TDFTs). TDFTs are utilized to model the characteristics and dependencies between different temporal events, soft-faults, and permanent faults. These features are integrated into the proposed probabilistic models of the temporal gates, which are modeled as priced-timed automata. This paper also proposes a new FT analysis methodology, based on statistical model checking, designed to circumvent the state-explosion problem that is inherent to other model-checking approaches. The proposed analysis is able to evaluate the impact of temporal faults in systems, as well as to estimate the reliability and availability of the system over extended periods of time. The experiments reported in this paper demonstrate the versatility and scalability of the proposed approach. For instance, the results display the impact that temporal events may have in a digital system. Our observations indicate that while regular soft-fault analyses tend to underestimate metrics such as system reliability, TDFT analysis shows remarkable consistency with radiation testing, with differences of under 2%, in the conducted analysis

Alternative railway tools and sustainability in RAMS: A review

RAMS is a tool and methodology that combines reliability engineering, availability, maintainability, and safety in a way that is tailored to the system’s goals. A comprehensive view on RAMS’s components and theory behind the underlying mathematical model is not to be found in journal publication. This paper would also discuss several benefits and sustainability of RAMS. Life Cycle Cost (LCC) would also being introduce as a complementary discipline in term of costing that normally regarded parallel to RAMS. There are a series of methods that being utilized at every discipline of the RAMS component such as Fault Tree Analysis (FTA), Failure Mode Effect Critical Analysis (FMECA), Reliability Block Diagram and many more. Some commonly used methods would be highlighted in this paper. RAMS application and implementation will aid asset owners, contractors, and operators in efficiently procuring, developing, and operating their assets. However, further research and analysis is needed in the railway industry to build a viable framework for project and operation implementation using both tools

Entwicklung und Analyse eines Zug-zentrischen Entfernungsmesssystems mittels Colored Petri Nets

Based on the technology trends, the train control system should weaken the proportion of ground facilities, and give trains more individual initiative than in the past. As a result, the safety and flexibility of the train control system can be further improved. In this thesis, an enhanced movement authority system is proposed, which combines advantages of the train-centric communication with current movement authority mechanisms. To obtain the necessary train distance interval data, the onboard equipment and a new train-to-train distance measurement system (TTDMS) are applied as normal and backup strategies, respectively. While different location technologies have been used to collect data for trains, the development and validation of new systems remain challenges. In this thesis, formal approaches are presented for developing and verifying TTDMS. To assist the system development, the Colored Petri nets (CPNs) are used to formalize and evaluate the system structure and its behavior. Based on the CPN model, the system structure is validated. Additionally, a procedure is proposed to generate a Code Architecture from the formal model. The system performance is assessed in detection range and accuracy. Therefore both mathematical simulation and practical measurements validation are implemented. The results indicate that the system is feasible to carry out distance measurements both in metropolitan and railway lines, and the formal approaches are reusable to develop and verify other systems. As the target object, TTDMS is based on a spread-spectrum technology to accomplish distance measurement. The measurement is carried out by applying Time of Arrival (TOA) to calculate the distance between two trains, and requires no synchronized time source of transmission. It can calculate the time difference by using the autocorrelation of Pseudo Random Noise (PRN) code. Different from existing systems in air and maritime transport, this system does not require any other localization unit, except for communication architecture. To guarantee a system can operate as designed, it needs to be validated before its application. Only when system behaviors have been validated other relative performances' evaluations make sense. Based on the unambiguous definition of formal methods, TTDMS can be described much clearer by using formal methods instead of executable codes.Basierend auf technologischen Trends sollte das Zugbeeinflussungssystem den Anteil der Bodenanlagen reduzieren und den Zügen mehr Eigeninitiative geben als in der Vergangenheit, da so die funktionale Sicherheit und die Flexibilität des Zugbeeinflussungssystems erhöht werden können. In dieser Arbeit wird ein verbessertes System vorgeschlagen, das die Vorteile der zugbezogenen Kommunikation mit den aktuellen Fahrbefehlsmechanismen kombiniert. Um die notwendigen Daten des Zugabstandsintervalls zu erhalten, werden die Bordausrüstung und ein neues Zug-zu-Zug-Entfernungsmesssystem (TTDMS) als normale bzw. Backup-Strategien angewendet. Während verschiedene Ortungstechnolgien zur Zugdatenerfassung genutzt wurden, bleibt die Entwicklung und Validierung neuer Systeme eine Herausforderung. In dieser Arbeit werden formale Ansätze zur Entwicklung und Verifikation von TTDMS vorgestellt. Zur Unterstützung der Systementwicklung werden CPNs zur Formalisierung und Bewertung der Systemstruktur und ihres Verhaltens eingesetzt. Basierend auf dem CPN-Modell wird die Systemstruktur validiert. Zusätzlich wird eine Methode vorgeschlagen, mit der eine Code-Architektur aus dem formalen Modell generiert werden kann. Die Systemleistung wird im Erfassungsbereich und in der Genauigkeit beurteilt. Daher werden sowohl eine mathematische Simulation als auch eine praktische Validierung der Messungen implementiert. Die Ergebnisse zeigen, dass das System in der Lage ist, Entfernungsmessungen in Metro- und Eisenbahnlinien durchzuführen. Zudem sind die formalen Ansätze bei der Entwicklung und Verifikation anderer Systeme wiederverwendbar. Die Abstandsmessung mit TTDMS basiert auf einem Frequenzspreizungsverfahren. Die Messung wird durchgeführt, indem die Ankunftszeit angewendet wird, um den Abstand zwischen zwei Zügen zu berechnen. Dieses Verfahren erfordert keine Synchronisierung der Zeitquellen der Übertragung. Der Zeitunterschied kann damit berechnet werden, indem die Autokorrelation des Pseudo-Random-Noise-Codes verwendet wird. Im Unterschied zu Systemen im Luft- und Seeverkehr benötigt dieses System keine andere Lokalisierungseinheit als die Kommunikationsarchitektur. Um zu gewährleisten, dass ein System wie vorgesehen funktioniert, muss es validiert werden. Nur wenn das Systemverhalten validiert wurde, sind Bewertungen anderer relativer Leistungen sinnvoll. Aufgrund ihrer eindeutigen Definition kann das TTDMS mit formalen Methoden klarer beschrieben werden als mit ausführbaren Codes

A hierarchical coloured Petri net model of fleet maintenance with cannibalisation

Cannibalisation refers to a maintenance action where an unserviceable part in an inoperative platform is replaced by a serviceable part of the same type from another platform. It helps a fleet meet operational requirements when spares are in short supply but leads to more maintenance tasks to be carried out. In practice, cannibalisation may be performed in an unrestricted manner, or through the use of cannibalisation birds. A cannibalisation bird is a platform which is selected as the primary source of cannibalisation, while any inoperative platform can be a cannibalisation source under the unrestricted policy. In order to aid fleet managers in making cannibalisation-related decisions, this paper presents a hierarchical coloured Petri net (HCPN) model of a fleet operation and maintenance process which considers mission-oriented operation, multiple level maintenance, multiple cannibalisation policies (no cannibalisation, unrestricted cannibalisation and cannibalisation bird), maintenance scheduling and spare inventory management. The model is applied to an example fleet to compare the effects of different cannibalisation policies on fleet performance using a number of performance measures related to reliability and maintenance and to optimise the number of cannibalisation birds used and the length of time that a platform is taken as a cannibalisation bird for the fleet

High-Level Analysis of the Impact of Soft-Faults in Cyberphysical Systems

As digital systems grow in complexity and are used in a broader variety of safety-critical applications, there is an ever-increasing demand for assessing the dependability and safety of such systems, especially when subjected to hazardous environments. As a result, it is important to identify and correct any functional abnormalities and component faults as early as possible in order to minimize performance degradation and to avoid potential perilous situations. Existing techniques often lack the capacity to perform a comprehensive and exhaustive analysis on complex redundant architectures, leading to less than optimal risk evaluation. Hence, an early analysis of dependability of such safety-critical applications enables designers to develop systems that meets high dependability requirements. Existing techniques in the field often lack the capacity to perform full system analyses due to state-explosion limitations (such as transistor and gate-level analyses), or due to the time and monetary costs attached to them (such as simulation, emulation, and physical testing). In this work we develop a system-level methodology to model and analyze the effects of Single Event Upsets (SEUs) in cyberphysical system designs. The proposed methodology investigates the impacts of SEUs in the entire system model (fault tree level), including SEU propagation paths, logical masking of errors, vulnerability to specific events, and critical nodes. The methodology also provides insights on a system's weaknesses, such as the impact of each component to the system's vulnerability, as well as hidden sources of failure, such as latent faults. Moreover, the proposed methodology is able to identify and categorize the system's components in order of criticality, and to evaluate different approaches to the mitigation of such criticality (in the form of different configurations of TMR) in order to obtain the most efficient mitigation solution available. The proposed methodology is also able to model and analyze system components individually (system component level), in order to more accurately estimate the component's vulnerability to SEUs. In this case, a more refined analysis of the component is conducted, which enables us to identify the source of the component's criticality. Thereafter, a second mitigation mechanic (internal to the component) takes place, in order to evaluate the gains and costs of applying different configurations of TMR to the component internally. Finally, our approach will draw a comparison between the results obtained at both levels of analysis in order to evaluate the most efficient way of improving the targeted system design