Validating the Hybrid ERTMS/ETCS level 3 concept with electrum

This paper reports on the development of a formal model for the Hybrid ERTMS/ETCS Level 3 concept in Electrum, a lightweight formal specification language that extends Alloy with mutable relations and temporal logic operators. We show how Electrum and its Analyzer can be used to perform scenario exploration to validate this model, namely to check that all the operational scenarios described in the reference document are admissible, and to reason about expected safety properties, which can be easily specified and model checked for arbitrary track configurations. We also show how the Analyzer can be used to depict scenarios (and counter-examples) in a graphical notation that is logic-agnostic, making them understandable by stakeholders without expertise in formal specification.The authors would like to thank David Chemouil for the support provided during the model checking of the model. This work is financed by the ERDF – European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020 and by National Funds through the Portuguese funding agency, FCT - Fundação para a Ciência e a Tecnologia within project POCI-01-0145-FEDER-016826

MP-CFM: MPTCP-Based communication functional module for next generation ERTMS

184 p. El contenido de los capítulos 4,5,6,7,8 y 9 está sujeto a confidencialidadEl Sistema Europeo de Gestión del Tráfico Ferroviario (ERTMS, por sus siglasen inglés), fue originalmente diseñado para los ferrocarriles europeos. Sinembargo, a lo largo de las dos últimas décadas, este sistema se ha convertidoen el estándar de-facto para los servicios de Alta Velocidad en la mayoría depaíses desarrollados.El sistema ERTMS se compone de tres subsistemas principales: 1) el Sistemade Control Ferroviario Europeo (ETCS, por sus siglas en inglés), que actúacomo aplicación de señalización; 2) el sistema Euroradio, que a su vez estádividido en dos subsistemas, el Módulo de Seguridad Funcional (SFM, porsus siglas en inglés), y el Módulo de Comunicación Funcional (CFM, porsus siglas en inglés); y 3) el sistema de comunicaciones subyacente, GSM-R,que transporta la información intercambiada entre el sistema embarcado enel tren (OBU, por sus siglas en inglés) y el Centro de Bloqueo por Radio(RBC, por sus siglas en inglés). El sistema de señalización ETCS soporta tresniveles dependiendo del nivel de prestaciones soportadas. En el nivel 3 seintroduce la posibilidad de trabajar con bloques móviles en lugar de bloquesfijos definidos en la vía. Esto implica que la distancia de avance entre dos trenesconsecutivos puede ser reducida a una distancia mínima en la que se garanticela seguridad del servicio, aumentando por tanto la capacidad del corredorferroviario. Esta distancia de seguridad viene determinada por la combinaciónde la distancia de frenado del tren y el retraso de las comunicaciones deseñalización. Por lo tanto, se puede afirmar que existe una relación directaentre los retrasos y la confiabilidad de las transmisiones de las aplicaciones deseñalización y la capacidad operacional de un corredor ferroviario. Así pues,el estudio y mejora de los sistemas de comunicaciones utilizados en ERTMSjuegan un papel clave en la evolución del sistema ERTMS. Asimismo, unaoperatividad segura en ERTMS, desde el punto de vista de las comunicacionesimplicadas en la misma, viene determinada por la confiabilidad de lascomunicaciones, la disponibilidad de sus canales de comunicación, el retrasode las comunicaciones y la seguridad de sus mensajes.Unido este hecho, la industria ferroviaria ha venido trabajando en ladigitalización y la transición al protocolo IP de la mayor parte de los sistemasde señalización. Alineado con esta tendencia, el consorcio industrial UNISIGha publicado recientemente un nuevo modelo de comunicaciones para ERTMSque incluye la posibilidad, no solo de operar con el sistema tradicional,basado en tecnología de conmutación de circuitos, sino también con un nuevosistema basado en IP. Esta tesis está alineada con el contexto de migraciónactual y pretende contribuir a mejorar la disponibilidad, confiabilidad yseguridad de las comunicaciones, tomando como eje fundamental los tiemposde transmisión de los mensajes, con el horizonte puesto en la definición deuna próxima generación de ERTMS, definida en esta tesis como NGERTMS.En este contexto, se han detectado tres retos principales para reforzar laresiliencia de la arquitectura de comunicaciones del NGERTMS: 1) mejorarla supervivencia de las comunicaciones ante disrupciones; 2) superar laslimitaciones actuales de ERTMS para enviar mensajes de alta prioridad sobretecnología de conmutación de paquetes, dotando a estos mensajes de un mayorgrado de resiliencia y menor latencia respecto a los mensajes ordinarios; y3) el aumento de la seguridad de las comunicaciones y el incremento de ladisponibilidad sin que esto conlleve un incremento en la latencia.Considerando los desafíos previamente descritos, en esta tesis se proponeuna arquitectura de comunicaciones basada en el protocolo MPTCP, llamadaMP-CFM, que permite superar dichos desafíos, a la par que mantener laretrocompatibilidad con el sistema de comunicaciones basado en conmutaciónde paquetes recientemente propuesto por UNISIG. Hasta el momento, esta esla primera vez que se propone una arquitectura de comunicaciones completacapaz de abordar los desafíos mencionados anteriormente. Esta arquitecturaimplementa cuatro tipos de clase de servicio, los cuales son utilizados porlos paquetes ordinarios y de alta prioridad para dos escenarios distintos; unescenario en el que ambos extremos, el sistema embarcado o OBU y el RBC,disponen de múltiples interfaces de red; y otro escenario transicional en el cualel RBC sí tiene múltiples interfaces de red pero el OBU solo dispone de unaúnica interfaz. La arquitectura de comunicaciones propuesta para el entornoferroviario ha sido validada mediante un entorno de simulación desarrolladopara tal efecto. Es más, dichas simulaciones demuestran que la arquitecturapropuesta, ante disrupciones de canal, supera con creces en términos derobustez el sistema diseñado por UNISIG. Como conclusión, se puede afirmarque en esta tesis se demuestra que una arquitectura de comunicaciones basadade MPTCP cumple con los exigentes requisitos establecidos para el NGERTMSy por tanto dicha propuesta supone un avance en la evolución del sistema deseñalización ferroviario europeo

Railway Capacity Enhancement with Modern Signalling Systems – A Literature Review

In times of ever stronger awareness of environmental protection and potentiation of a beneficial modal split, the railway sector with efficient asset utilization and proper investment planning has the highest chance of meeting customer expectations and attracting new users more effectively. Continuous increase in railway demand leads to an increase in the utilization of railway infrastructure, and the inevitable lack of capacity, a burning problem that many national railways are continually facing. To address it more effectively, this paper reviews available methodologies for railway capacity determination and techniques for its enhancement in the recent scientific literature. Particular focus is given to the possibility of increasing railway capacity through signalling systems and installing the European Train Control System (ETCS). The most important relationships with segments of existing research have been identified, and in line with this, the directions for a potential continuation of research are suggested

Validating the hybrid ERTMS/ETCS level 3 concept with electrum

This paper reports on the development of a formal model for the Hybrid ERTMS/ETCS Level 3 concept in Electrum, a lightweight formal specification language that extends Alloy with mutable relations and temporal logic operators. We show how Electrum and its Analyzer can be used to perform scenario exploration to validate this model, namely to check that all the example operational scenarios described in the reference document are admissible, and to reason about expected safety properties, which can be easily specified and model checked for arbitrary track configurations. The Analyzer depicts scenarios (and counter-examples) in a graphical notation that is logic-agnostic, making them understandable for stakeholders without expertise in formal specification.- Fundação para a Ciência e a Tecnologia(POCI-01-0145-FEDER-016826); ERDF - European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020 and by National Funds through the Portuguese funding agenc

Application of Multicriteria Decision-Making Methods in Railway Engineering: A Case Study of Train Control Information Systems (TCIS)

In order to improve its position in the transport market railway, as a complex system, it has to fulfill a number of objectives such as increased capacity and asset utilization, improved reliability and safety, higher customer service levels, better energy efficiency and fewer emissions, along with increased economic viability and profits. Some of these objectives call for the implementation of maximum values, while some of them require minimum values. Additionally, some can be expressed quantitatively, while some, for example, customer service, can be described qualitatively through a descriptive scale of points. The application of MCDM in railway engineering can play a significant role. Therefore, the major objective of this chapter is the review of the application of MCDM methods in railway engineering. As one of the means in achieving the objectives of railways and above all the utilization of capacity are Train Control Information Systems (TCIS). Based on that, the aim of this chapter is the evaluation of the efficiency of TCIS in the improvement of railway capacity utilization through defined technical-technological indicators. The non-radial Data Envelopment Analysis (DEA) model for the evaluation of TCIS efficiency in improvement of utilization of railway capacity using the selected indicators is proposed. The proposed non-radial DEA model for TCIS efficiency evaluation in using railway capacity could be applied to an overall network or for separate parts of railway lines

Business optimization through automated signaling design

M.Ing. (Engineering Management)Abstract: Railway signaling has become pivotal in the development of railway systems over the years. There is a global demand for upgrading signaling systems for improved efficiency. Upgrading signaling systems requires new signaling designs and modifications to adjacent signaling systems. The purpose of this research is to compare manually produced designs with design automation by covering the framework of multiple aspects of railway signaling designs in view of business optimization using computer drawings, programming software language and management of signaling designs. The research focuses on design automation from the preliminary design stage to the detailed design stage with the intention of investigating and resolving a common project challenge of time management. Various autonomous methods are used to seek improvement on the detailed design phase of re-signaling projects. An analysis on the project’s duration, resources and review cycles is conducted to demonstrate the challenges that are faced during the design of a project. Signaling designs are sophisticated and crucial in an ever-changing railway environment. As a result, there is a demand for efficiency and knowledge within railway signaling to achieve successful completion project target dates. A quantitative approach is used to identify the gaps leading to delays and best practices are applied using a comparative analysis to remediate on any snags that may potentially extend the project duration. The results illustrate that the resources required when automating detailed designs are reduced by two thirds for cable plans and book of circuits and reduced by one third for source documents. Successively, the projects benefit with reduced organizational resources, reduced design durations and reduced design review cycles. This research concludes that software integration of the signaling designs due to the efficiency and innovation of the selected computer drawing software and programming software language such as AutoCAD required less resources for computer drawings that are generated using automation tools compared to computer drawings that are generated manually. The resources required when automating the generation of signaling detailed designs are reduced for cable plans, book of circuits and source documents. This means that the business is optimized by utilizing less resources and subsequently delays are reduced during the design stage