Data integrity: an often-ignored aspect of safety systems: executive summary

Data is all-pervasive and is found in all aspects of modern computer systems, and yet many engineers seem reluctant to recognise the importance of data integrity. The conventional view of data, as simply an aspect of software, underestimates the role played by data errors in the behaviour of the system and their potential effect on the integrity of the overall system. In many cases hazard analysis is not applied to data in the same way that it is applied to other system components. Without data integrity requirements, data development and data provision may not attract the degree of rigour that would be required of other system components of a similar integrity. This omission also has implications for safety assessment where the data is often ignored or neglected. This position becomes self reenforcing, as without integrity requirements the importance of data integrity remains hidden. This research provides a wide-ranging overview of the use (and abuse) of data within safety systems, and proposes a range of strategies and techniques to improve the safety of such systems. A literature review and a survey of industrial practice confirmed the conventional view of data, and showed that there is little consistency in the methods used for data development. To tackle these problems this work proposes a novel paradigm, in which data is considered as a separate and distinct system component. This approach not only ensures that data is given the importance that it deserves, but also simplifies the task of providing guidance that is specific to data. Having developed this conceptual framework for data, the work then goes on to develop lifecycle models to assist with data development, and to propose a range of techniques appropriate for the various lifecycle phases. An important aspect of the development of any safety-related system is the production of a safety argument, and this research looks in some detail at the treatment of data, and data development, within this justification. The industrial survey reveals that in data-intensive systems data is often developed quite separately from other elements of the system. It also reveals that data is often produced by an extended data supply chain that may involve a number of disparate organisations. These characteristics of data distinguish it from other system components and greatly complicate the achievement and demonstration of safety. This research proposes methods of modelling complex data supply chains and proposes techniques for tackling the difficult task of safety justification for such systems

A review of key planning and scheduling in the rail industry in Europe and UK

Planning and scheduling activities within the rail industry have benefited from developments in computer-based simulation and modelling techniques over the last 25 years. Increasingly, the use of computational intelligence in such tasks is featuring more heavily in research publications. This paper examines a number of common rail-based planning and scheduling activities and how they benefit from five broad technology approaches. Summary tables of papers are provided relating to rail planning and scheduling activities and to the use of expert and decision systems in the rail industry.EPSR

component testing

Este relatório/dissertação foi desenvolvido no âmbito do Curso de Mestrado em Engenharia Eletrotécnica, e para a Unidade Curricular de Estágio, e representa o trabalho desenvolvido na empresa Critical Software, no âmbito do projeto interno Railway Embedded Software Validation na área de Component Testing. No projeto em que está envolvido este estágio, visa-se testar componentes do sistema de controlo do comboio (Luzes, Travagem, ...), ou seja, testar se uma das partes dos componentes está a funcionar dentro dos parâmetros exigidos e/ou estabelecidos. Para isso foi necessário passar por um processo de aprendizagem com várias etapas, entre as quais se podem destacar: - como funcionam os comboios; - como são aplicadas as normas; - como são descritos os requisitos necessários para que os comboios funcionem dentro dos parâmetros de segurança. Com isso em perspetiva, foram realizadas atividades de verificação formal, com objetivo fazer a especificação e desenvolvimento dos diversos níveis de teste o sistema. Alguns dos sistemas estudados foram de tração, sistema de travagem, controlos do motorista e de diagnóstico

Towards a Taxonomy for Eliciting Design-Operation Continuum Requirements of Cyber-Physical Systems

Software systems that are embedded in autonomous Cyber-Physical Systems (CPSs) usually have a large life-cycle, both during its development and in maintenance. This software evolves during its life-cycle in order to incorporate new requirements, bug fixes, and to deal with hardware obsolescence. The current process for developing and maintaining this software is very fragmented, which makes developing new software versions and deploying them in the CPSs extremely expensive. In other domains, such as web engineering, the phases of development and operation are tightly connected, making it possible to easily perform software updates of the system, and to obtain operational data that can be analyzed by engineers at development time. However, in spite of the rise of new communication technologies (e.g., 5G) providing an opportunity to acquire Design-Operation Continuum Engineering methods in the context of CPSs, there are still many complex issues that need to be addressed, such as the ones related with hardware-software co-design. Therefore, the process of Design-Operation Continuum Engineering for CPSs requires substantial changes with respect to the current fragmented software development process. In this paper, we build a taxonomy for Design-Operation Continuum Engineering of CPSs based on case studies from two different industrial domains involving CPSs (elevation and railway). This taxonomy is later used to elicit requirements from these two case studies in order to present a blueprint on adopting Design-Operation Continuum Engineering in any organization developing CPSs

Whole system railway modelling

There has been a general view articulated within the railway industry that there needs to be greater systems thinking and systems engineering applied to major projects within the industry (Network Rail, 2013 and Rail Safety and Standards Board, 2012). However, there are many differing ideas held by practising engineers of exactly what systems engineering is and how it is applied within the industry. There are also barriers within industry in general, management and practising engineers to using systems engineering techniques. They can be seen as an overhead in terms of, training, tooling, effort and costs. Also the benefits to be gained from applying these techniques are not easily seen when they work well. A key pillar of systems engineering and systems thinking is the ability to look at a system as a whole. Part of this is getting to grips with what a system really is, it’s interaction with its operational environment and the world around it and to understand the various subsystems that the system is comprised of and their interaction, including people. This is particularly difficult when it comes to complex systems like railways. This project attempts to develop an approach to modelling a whole railway system (or Guided Transport System (GTS) as it is defined in this project) by implementing a Model Based Systems Engineering (MBSE) approach and techniques. It also proposes definitions of a system and system engineering that are applicable to the Railway industry. Through a common view of a GTS as a whole and a common approach to modelling it, it should be possible to address some of the barriers to systems engineering techniques that currently exist. MBSE has three pillars, a method, a modelling language and a modelling tool (Delligatti, 2014, pp. 4-7). The author has developed a method that can be applied to a whole complex system, such as a GTS, supported by the SysML modelling language implemented through the Enterprise Architect modelling tool (other languages and modelling tools could also be used). The method developed was then tested on a body of students studying for an MSc in Railway Systems Engineering and Integration at the University of Birmingham. This body was chosen because the course is part time and the majority of the students work full time in the industry. Thus the author was able to gain an insight into how diverse the opinions on systems engineering and its application actually are within the industry and get valuable feedback on the systems modelling methodology developed during this research. It has been demonstrated through the development of a partial model of various representative parts of a GTS, that it is possible, within a single model, to capture and represent a large and diverse amount of information about a GTS as it is defined within this thesis. This includes: • its context within the wider world and its operational environment; • its physical structure; • the relationships between its various subsystems and the outside world; • the views of a diverse stakeholder group and their Requirements; and • critical system properties and how these are derived from the various layers of abstraction within the system. The methodology drives the user to develop a model that: 1. is re-usable, e.g. applicable to different railways at different times; 2. is extendable in length (be able to model more railway) and depth (greater levels of detail); 3. allows the inclusion of existing quantitative and qualitative models from other sources; 4. encourages the use of data from existing sources; 5. is open and transparent to allow others to use and add to them; and 6. enables the production of outputs that are readily understandable across disciplinary divides e.g. common representation

A survey on online monitoring approaches of computer-based systems

This report surveys forms of online data collection that are in current use (as well as being the subject of research to adapt them to changing technology and demands), and can be used as inputs to assessment of dependability and resilience, although they are not primarily meant for this use