Business optimization through automated signaling design

M.Ing. (Engineering Management)Abstract: Railway signaling has become pivotal in the development of railway systems over the years. There is a global demand for upgrading signaling systems for improved efficiency. Upgrading signaling systems requires new signaling designs and modifications to adjacent signaling systems. The purpose of this research is to compare manually produced designs with design automation by covering the framework of multiple aspects of railway signaling designs in view of business optimization using computer drawings, programming software language and management of signaling designs. The research focuses on design automation from the preliminary design stage to the detailed design stage with the intention of investigating and resolving a common project challenge of time management. Various autonomous methods are used to seek improvement on the detailed design phase of re-signaling projects. An analysis on the project’s duration, resources and review cycles is conducted to demonstrate the challenges that are faced during the design of a project. Signaling designs are sophisticated and crucial in an ever-changing railway environment. As a result, there is a demand for efficiency and knowledge within railway signaling to achieve successful completion project target dates. A quantitative approach is used to identify the gaps leading to delays and best practices are applied using a comparative analysis to remediate on any snags that may potentially extend the project duration. The results illustrate that the resources required when automating detailed designs are reduced by two thirds for cable plans and book of circuits and reduced by one third for source documents. Successively, the projects benefit with reduced organizational resources, reduced design durations and reduced design review cycles. This research concludes that software integration of the signaling designs due to the efficiency and innovation of the selected computer drawing software and programming software language such as AutoCAD required less resources for computer drawings that are generated using automation tools compared to computer drawings that are generated manually. The resources required when automating the generation of signaling detailed designs are reduced for cable plans, book of circuits and source documents. This means that the business is optimized by utilizing less resources and subsequently delays are reduced during the design stage

Re-use of tests and arguments for assesing dependable mixed-critically systems

The safety assessment of mixed-criticality systems (MCS) is a challenging activity due to system heterogeneity, design constraints and increasing complexity. The foundation for MCSs is the integrated architecture paradigm, where a compact hardware comprises multiple execution platforms and communication interfaces to implement concurrent functions with different safety requirements. Besides a computing platform providing adequate isolation and fault tolerance mechanism, the development of an MCS application shall also comply with the guidelines defined by the safety standards. A way to lower the overall MCS certification cost is to adopt a platform-based design (PBD) development approach. PBD is a model-based development (MBD) approach, where separate models of logic, hardware and deployment support the analysis of the resulting system properties and behaviour. The PBD development of MCSs benefits from a composition of modular safety properties (e.g. modular safety cases), which support the derivation of mixed-criticality product lines. The validation and verification (V&V) activities claim a substantial effort during the development of programmable electronics for safety-critical applications. As for the MCS dependability assessment, the purpose of the V&V is to provide evidences supporting the safety claims. The model-based development of MCSs adds more V&V tasks, because additional analysis (e.g., simulations) need to be carried out during the design phase. During the MCS integration phase, typically hardware-in-the-loop (HiL) plant simulators support the V&V campaigns, where test automation and fault-injection are the key to test repeatability and thorough exercise of the safety mechanisms. This dissertation proposes several V&V artefacts re-use strategies to perform an early verification at system level for a distributed MCS, artefacts that later would be reused up to the final stages in the development process: a test code re-use to verify the fault-tolerance mechanisms on a functional model of the system combined with a non-intrusive software fault-injection, a model to X-in-the-loop (XiL) and code-to-XiL re-use to provide models of the plant and distributed embedded nodes suited to the HiL simulator, and finally, an argumentation framework to support the automated composition and staged completion of modular safety-cases for dependability assessment, in the context of the platform-based development of mixed-criticality systems relying on the DREAMS harmonized platform.La dificultad para evaluar la seguridad de los sistemas de criticidad mixta (SCM) aumenta con la heterogeneidad del sistema, las restricciones de diseño y una complejidad creciente. Los SCM adoptan el paradigma de arquitectura integrada, donde un hardware embebido compacto comprende múltiples plataformas de ejecución e interfaces de comunicación para implementar funciones concurrentes y con diferentes requisitos de seguridad. Además de una plataforma de computación que provea un aislamiento y mecanismos de tolerancia a fallos adecuados, el desarrollo de una aplicación SCM además debe cumplir con las directrices definidas por las normas de seguridad. Una forma de reducir el coste global de la certificación de un SCM es adoptar un enfoque de desarrollo basado en plataforma (DBP). DBP es un enfoque de desarrollo basado en modelos (DBM), en el que modelos separados de lógica, hardware y despliegue soportan el análisis de las propiedades y el comportamiento emergente del sistema diseñado. El desarrollo DBP de SCMs se beneficia de una composición modular de propiedades de seguridad (por ejemplo, casos de seguridad modulares), que facilitan la definición de líneas de productos de criticidad mixta. Las actividades de verificación y validación (V&V) representan un esfuerzo sustancial durante el desarrollo de aplicaciones basadas en electrónica confiable. En la evaluación de la seguridad de un SCM el propósito de las actividades de V&V es obtener las evidencias que apoyen las aseveraciones de seguridad. El desarrollo basado en modelos de un SCM incrementa las tareas de V&V, porque permite realizar análisis adicionales (por ejemplo, simulaciones) durante la fase de diseño. En las campañas de pruebas de integración de un SCM habitualmente se emplean simuladores de planta hardware-in-the-loop (HiL), en donde la automatización de pruebas y la inyección de faltas son la clave para la repetitividad de las pruebas y para ejercitar completamente los mecanismos de tolerancia a fallos. Esta tesis propone diversas estrategias de reutilización de artefactos de V&V para la verificación temprana de un MCS distribuido, artefactos que se emplearán en ulteriores fases del desarrollo: la reutilización de código de prueba para verificar los mecanismos de tolerancia a fallos sobre un modelo funcional del sistema combinado con una inyección de fallos de software no intrusiva, la reutilización de modelo a X-in-the-loop (XiL) y código a XiL para obtener modelos de planta y nodos distribuidos aptos para el simulador HiL y, finalmente, un marco de argumentación para la composición automatizada y la compleción escalonada de casos de seguridad modulares, en el contexto del desarrollo basado en plataformas de sistemas de criticidad mixta empleando la plataforma armonizada DREAMS.Kritikotasun nahastuko sistemen segurtasun ebaluazioa jarduera neketsua da beraien heterogeneotasuna dela eta. Sistema hauen oinarria arkitektura integratuen paradigman datza, non hardware konpaktu batek exekuzio plataforma eta komunikazio interfaze ugari integratu ahal dituen segurtasun baldintza desberdineko funtzio konkurrenteak inplementatzeko. Konputazio plataformek isolamendu eta akatsen aurkako mekanismo egokiak emateaz gain, segurtasun arauek definituriko jarraibideak jarraitu behar dituzte kritikotasun mistodun aplikazioen garapenean. Sistema hauen zertifikazio prozesuaren kostua murrizteko aukera bat plataformetan oinarritutako garapenean (PBD) datza. Garapen planteamendu hau modeloetan oinarrituriko garapena da (MBD) non modeloaren logika, hardware eta garapen desberdinak sistemaren propietateen eta portaeraren aurka aztertzen diren. Kritikotasun mistodun sistemen PBD garapenak etekina ateratzen dio moduluetan oinarrituriko segurtasun propietateei, adibidez: segurtasun kasu modularrak (MSC). Modulu hauek kritikotasun mistodun produktu-lerroak ere hartzen dituzte kontutan. Berifikazio eta balioztatze (V&V) jarduerek esfortzu kontsideragarria eskatzen dute segurtasun-kiritikoetarako elektronika programagarrien garapenean. Kritikotasun mistodun sistemen konfiantzaren ebaluazioaren eta V&V jardueren helburua segurtasun eskariak jasotzen dituzten frogak proportzionatzea da. Kritikotasun mistodun sistemen modelo bidezko garapenek zeregin gehigarriak atxikitzen dizkio V&V jarduerari, fase honetan analisi gehigarriak (hots, simulazioak) zehazten direlako. Bestalde, kritikotasun mistodun sistemen integrazio fasean, hardware-in-the-loop (Hil) simulazio plantek V&V iniziatibak sostengatzen dituzte non testen automatizazioan eta akatsen txertaketan funtsezko jarduerak diren. Jarduera hauek frogen errepikapena eta segurtasun mekanismoak egiaztzea ahalbidetzen dute. Tesi honek V&V artefaktuen berrerabilpenerako estrategiak proposatzen ditu, kritikotasun mistodun sistemen egiaztatze azkarrerako sistema mailan eta garapen prozesuko azken faseetaraino erabili daitezkeenak. Esate baterako, test kodearen berrabilpena akats aurkako mekanismoak egiaztatzeko, modelotik X-in-the-loop (XiL)-ra eta kodetik XiL-rako konbertsioa HiL simulaziorako eta argumentazio egitura bat DREAMS Europear proiektuan definituriko arkitektura estiloan oinarrituriko segurtasun kasu modularrak automatikoki eta gradualki sortzeko

Development and certification of mixed-criticality embedded systems based on probabilistic timing analysis

An increasing variety of emerging systems relentlessly replaces or augments the functionality of mechanical subsystems with embedded electronics. For quantity, complexity, and use, the safety of such subsystems is an increasingly important matter. Accordingly, those systems are subject to safety certification to demonstrate system's safety by rigorous development processes and hardware/software constraints. The massive augment in embedded processors' complexity renders the arduous certification task significantly harder to achieve. The focus of this thesis is to address the certification challenges in multicore architectures: despite their potential to integrate several applications on a single platform, their inherent complexity imperils their timing predictability and certification. Recently, the Measurement-Based Probabilistic Timing Analysis (MBPTA) technique emerged as an alternative to deal with hardware/software complexity. The innovation that MBPTA brings about is, however, a major step from current certification procedures and standards. The particular contributions of this Thesis include: (i) the definition of certification arguments for mixed-criticality integration upon multicore processors. In particular we propose a set of safety mechanisms and procedures as required to comply with functional safety standards. For timing predictability, (ii) we present a quantitative approach to assess the likelihood of execution-time exceedance events with respect to the risk reduction requirements on safety standards. To this end, we build upon the MBPTA approach and we present the design of a safety-related source of randomization (SoR), that plays a key role in the platform-level randomization needed by MBPTA. And (iii) we evaluate current certification guidance with respect to emerging high performance design trends like caches. Overall, this Thesis pushes the certification limits in the use of multicore and MBPTA technology in Critical Real-Time Embedded Systems (CRTES) and paves the way towards their adoption in industry.Una creciente variedad de sistemas emergentes reemplazan o aumentan la funcionalidad de subsistemas mecánicos con componentes electrónicos embebidos. El aumento en la cantidad y complejidad de dichos subsistemas electrónicos así como su cometido, hacen de su seguridad una cuestión de creciente importancia. Tanto es así que la comercialización de estos sistemas críticos está sujeta a rigurosos procesos de certificación donde se garantiza la seguridad del sistema mediante estrictas restricciones en el proceso de desarrollo y diseño de su hardware y software. Esta tesis trata de abordar los nuevos retos y dificultades dadas por la introducción de procesadores multi-núcleo en dichos sistemas críticos: aunque su mayor rendimiento despierta el interés de la industria para integrar múltiples aplicaciones en una sola plataforma, suponen una mayor complejidad. Su arquitectura desafía su análisis temporal mediante los métodos tradicionales y, asimismo, su certificación es cada vez más compleja y costosa. Con el fin de lidiar con estas limitaciones, recientemente se ha desarrollado una novedosa técnica de análisis temporal probabilístico basado en medidas (MBPTA). La innovación de esta técnica, sin embargo, supone un gran cambio cultural respecto a los estándares y procedimientos tradicionales de certificación. En esta línea, las contribuciones de esta tesis están agrupadas en tres ejes principales: (i) definición de argumentos de seguridad para la certificación de aplicaciones de criticidad-mixta sobre plataformas multi-núcleo. Se definen, en particular, mecanismos de seguridad, técnicas de diagnóstico y reacción de faltas acorde con el estándar IEC 61508 sobre una arquitectura multi-núcleo de referencia. Respecto al análisis temporal, (ii) presentamos la cuantificación de la probabilidad de exceder un límite temporal y su relación con los requisitos de reducción de riesgos derivados de los estándares de seguridad funcional. Con este fin, nos basamos en la técnica MBPTA y presentamos el diseño de una fuente de números aleatorios segura; un componente clave para conseguir las propiedades aleatorias requeridas por MBPTA a nivel de plataforma. Por último, (iii) extrapolamos las guías actuales para la certificación de arquitecturas multi-núcleo a una solución comercial de 8 núcleos y las evaluamos con respecto a las tendencias emergentes de diseño de alto rendimiento (caches). Con estas contribuciones, esta tesis trata de abordar los retos que el uso de procesadores multi-núcleo y MBPTA implican en el proceso de certificación de sistemas críticos de tiempo real y facilita, de esta forma, su adopción por la industria.Postprint (published version

Improving the performance of railway track-switching through the introduction of fault tolerance

In the future, the performance of the railway system must be improved to accommodate increasing passenger volumes and service quality demands. Track switches are a vital part of the rail infrastructure, enabling traffic to take different routes. All modern switch designs have evolved from a design first patented in 1832. However, switches present single points of failure, require frequent and costly maintenance interventions, and restrict network capacity. Fault tolerance is the practice of preventing subsystem faults propagating to whole-system failures. Existing switches are not considered fault tolerant. This thesis describes the development and potential performance of fault-tolerant railway track switching solutions. The work first presents a requirements definition and evaluation framework which can be used to select candidate designs from a range of novel switching solutions. A candidate design with the potential to exceed the performance of existing designs is selected. This design is then modelled to ascertain its practical feasibility alongside potential reliability, availability, maintainability and capacity performance. The design and construction of a laboratory scale demonstrator of the design is described. The modelling results show that the performance of the fault tolerant design may exceed that of traditional switches. Reliability and availability performance increases significantly, whilst capacity gains are present but more marginal without the associated relaxation of rules regarding junction control. However, the work also identifies significant areas of future work before such an approach could be adopted in practice

A Model-driven Approach for the Automatic Generation of System-Level Test Cases

Systems at the basis of the modern society, as the as the homeland security, the environment protection, the public and private transportations, the healthcare or the energy supply depend on the correct functioning of one or more embedded systems. In several cases, such systems shall be considered critical, since the consequences of their failures may result in economic losses, damages to the environment or even injuries to human life. Possible disastrous consequences of embedded critical systems, suggest that discover flaws during systems development and avoid their propagation to the system execution, is a crucial task. In fact, most of the failures found during the usage of embedded critical systems, is due to errors introduced during early stages of the system development. Thus, it is desiderable to start Verification and Validation (V&V) activities during early stages of a system life cycle. However such V&V activities can account over the 50% of times and costs of a system life cycle and there is therefore the need to introduce techniques able to reduce the accounted resources without losses in term efficiency. Among the methodologies found in scientific and industrial literature there is a large interest in the V&V automation. In particular, automatic verification can be performed during different stages of a system development life cycle and can assume different meanings. In this thesis, the focus is on the automation of the test cases generation phase performed at the System level starting from SUT and test specifications. A recent research trend, related to this, is to support such process providing a flexible tool chain allowing for effective Model Driven Engineering (MDE) approaches. The adoption of a model-driven techniques requires the modelling of the SUT to drive the generation process, by using suitable domain-specific modelling languages and model transformations. Thus, a successful application of the MDE principles is related to the choice of the high-level language for SUT specification and the tools and techniques provided to support the V\&V processes. According to this, the model-driven approach define in this thesis relies on three key factors: (1) the definition of new domain-specific modelling languages (DSMLs) for the SUT and the test specifications, (2) the adoption of model checking techniques to realize the generation of the test cases and (3) the implementation of a concrete framework providing a complete tool chain supporting the automation process. This work is partially involved in an ARTEMIS European project CRYSTAL (CRitical sYSTem engineering AcceLeration). CRYSTAL is strongly industry-oriented and aims at achieving technical innovation by a user-driven approach based on the idea to apply engineering methods to industrially relevant Use Cases from the automotive, aerospace, rail and health-care sectors. The DSML that will be presented in this thesis, emerged as an attempt to address the modelling requirements and the design practices of the industrial partners of the project, within a rigorous and well-founded formal specification and verification approach. In fact, the main requirement that a modelling language suitable for the industry should have is to be small and as simple as possible. Thus, the modelling language should provide an adequate set of primitive constructs to allow for a natural modelling of the system of interest. Furthermore, the larger the gap between the design specification and the actual implementation is, the less useful the results of the design analysis would be. The test case generation is supported by model checking techniques; the SUT and test models are in fact translated in specifications expressed by the language adopted by a model checker. The thesis discusses all the issues addressed in the mapping process and provides their implementations by means of model transformations. A class of test specifications is addressed to exemplify the generation process over a common class of reachability requirements. The model-driven approach discussed in the thesis is applied in the contest of the railway control systems, and in particular on some of the key functionalities of the Radio Block Center, the main component of the ERTMS/ETCS standards for the interoperability of the railway control systems in the European Community. The thesis is organized as follows. The first chapter introduces embedded critical systems and outlines the main research trends related to their V&V process. The Chapter 2 outlines the state of the art in testing automation with a particular focus on model-driven approaches for automatic test generation. The same Chapter 2 provides also the necessary technical background supporting to understand the development process of the supporting framework. The Chapter 3 describes the context of the CRYSTAL project and the proposed model-driven approach partially involved in its activities. The Chapter 4 describes the domains pecific modelling languages defined for the modelling of the SUT specifications and of the test generation outcomes. Moreover the guidelines defined for modelling test specifications are discussed. The Chapter 5 focuses on the mapping process that enable the translation of the high-level language for the modelling of the SUT specification to the language adopted by the chosen model checker. The implementation of the overall framework is addressed in Chapter 6. Here model transformations realizing the defined mappings and the architecture of the Test Case Generator (TCG) framework are described and discussed. The Chapter 7 shows the results of the application of the approach in the context of the railway control systems and in particular to the Radio Block Centre system, a key component in the ERTMS/ETCS standard. Chapter 8 end the thesis, giving some conclusive remarks

Special study: Legal transition programme review

This study is an evaluation of the European Bank for Reconstruction and Development's Legal Transition Programme’s activities from 2001-2011, through a review of a sample of 30 legal reform projects and advisory projects in Armenia, Hungary, Mongolia, Russia and Serbia. It was conducted by the Evaluation department in conjunction with three external experts: Professor Douglas Arner (University of Hong Kong), Professor Charles Booth (University of Hawaii) and Professor Gordon Walker (LaTrobe University). Overall the programme was found to be successful due to its compatibility with the Bank’s activities and highly relevant due to its support of the Bank’s investments through contributions to legal improvements. The programme’s projects have made a core contribution to the transition process, influencing domestic policy formulation and contributing to stronger free market economies. The transition impact and sustainability of the programme was found to be excellent.published_or_final_versio

Research and innovation in network and traffic management systems in Europe

Adequate research and innovation (R&I) is paramount for the seamless testing, adoption and integration of network and traffic management systems. This report provides a comprehensive analysis of R&I initiatives in Europe in this field. The assessment follows the methodology developed by the European Commission’s Transport Research and Innovation Monitoring and Information System (TRIMIS). The report critically addresses research by thematic area and technologies, highlighting recent developments and future needs.JRC.C.4-Sustainable Transpor

An Assessment of Preparations Made in the United States for Highly Hazardous Communicable Diseases Following the 2014-2016 Ebola Virus Disease Epidemic

The 2014-2016 Ebola virus disease (EVD) epidemic in West Africa was unprecedented in magnitude and scope. The threat of imported cases of EVD in the United States prompted the Centers for Disease Control and Prevention (CDC) to establish a tiered network of hospitals to enhance domestic isolation capacity, including the designation of select hospitals as Ebola treatment centers (ETCs). As of spring 2015, no information existed on the capacity, physical infrastructure, staffing models, or infection control protocols of these newly-established ETCs, nor was there information on other highly hazardous communicable diseases (HHCDs) these units would admit. Moreover, no documentation was available on the varying preparedness activities of state health departments related to HHCD transport and the treatment center network. The purpose of theses studies was to assess preparations made in the United States in response to the 2014-16 EVD epidemic; specifically, to determine costs incurred by CDC-designated ETCs in establishing their unit, capabilities developed by ETCs, and guidelines established by state health departments for the management and transportation of patients with EVD or another HHCD. Data were obtained through the distribution of three electronic national assessments; two administered to the 56 CDC-designated ETCs in 2015 and 2016 (85% and 64% response rate, respectively) and one to all state public health departments (73% response rate). On average, responding ETCs incurred $1.2 million in establishing their facility and are awaiting$650,000 in reimbursement. Cumulative capacity of reporting ETCs was 121 beds. Although nearly all facilities had written protocols for various infection control domains, procedures and capabilities varied. ETCs and state health departments differed in reports on diseases that would be treated in high-level isolation. The domestic preparedness efforts described in this dissertation are fundamental to the U.S. response to the next HHCD threat; however, questions on the sustainability and scalability of this network and the use of these units for a non-EVD HHCD outbreak remain

Ingénierie de modèle pour la sécurité des systèmes critiques ferroviaires

Development and application of formal languages are a long-standing challenge within the computer science domain. One particular challenge is the acceptance of industry. This thesis presents some model-based methodologies for modelling and verification of the French railway interlocking systems (RIS). The first issue is the modellization of interlocking system by coloured Petri nets (CPNs). A generic and compact modelling framework is introduced, in which the interlocking rules are modelled in a hierarchical structure while the railway layout is modelled in a geographical perspective. Then, a modelling pattern is presented, which is a parameterized model respecting the French national rules. It is a reusable solution that can be applied in different stations. Then, an event-based concept is brought into the modelling process of low-level part of RIS to better describe internal interactions of relay-based logic. The second issue is the transformation of coloured Petri nets into B machines, which can help designers on the way from analysis to implementation. Firstly, a detailed mapping methodology from non-hierarchical CPNs to abstract B machine notations is presented. Then the hierarchy and the transition priority of CPNs are successively integrated into the mapping process, in order to enrich the adaptability of the transformation. This transformation is compatible with various types of colour sets and the transformed B machines can be automatically proved by Atelier B. All these works at different levels contribute towards a global safe analysis frameworkLe développement et l’application des langages formels sont un défi à long terme pour la science informatique. Un enjeu particulier est l’acceptation par l’industrie. Cette thèse présente une approche pour la modélisation et la vérification des postes d’aiguillage français. La première question est la modélisation du système d’enclenchement par les réseaux de Petri colorés (RdPC). Un cadre de modélisation générique et compact est introduit, dans lequel les règles d’enclenchement sont modélisées dans une structure hiérarchique, tandis que les installations sont modélisées dans une perspective géographique. Ensuite, un patron de modèle est présenté. C’est un modèle paramétré qui intègre les règles nationales françaises qui peut être appliquée pour différentes gares. Puis, un concept basé sur l’événement est présenté dans le processus de modélisation des parties basses des postes d’aiguillage. La deuxième question est la transformation des RdPCs en machines B, qui va aider les concepteurs sur la route de l’analyse à application. Tout d’abord, une méthodologie détaillée, s’appuyant sur une table de correspondance, du RdPCs non-hiérarchiques vers les notations B est présentée. Ensuite, la hiérarchie et la priorité des transitions du RdPC sont successivement intégrées dans le processus de mapping, afin d’enrichir les possibilités de types de modèles en entrées de la transformation. Les machines B produites par la transformation permettent la preuve automatique intégrale par l’Atelier B. L’ensemble de ces travaux, chacun à leur niveau, contribuent à renforcer l’efficacité d’un cadre global d’analyse sécuritair