Practical Experience Report: Implementation, verification and validation of a safe and secure communication protocol for the railway domain

Different communication protocols are currently being used for the railway domain. However, most of these protocols rely on many interlacing mechanisms and safety codes which raise their complexity. Therefore, companies operating in the railway domain, guided by the Italian railway network manager, devised the Protocollo Vitale Standard, a light network protocol that stems from the Euroradio and RBC-RBC (Radio Block Centre) protocols. In this paper we report our practical experience in the implementation of the Protocollo Vitale Standard in compliance with a CENELEC SIL4 safety target. The implementation of this protocol required assembling a V&V&S plan to specify all the V&V activities that need to be carried out before, during and after the implementation of the protocol. Moreover, coding styles, standards and code quality metrics are defined, and cross-checked at various stages of the implementation. To complete our work, we conducted tests and performance analyses on the source code, while currently we are devising an adequate safety case aiming at a future certification

Development and validation of a safe communication protocol compliant to railway standards

Railway systems are composed of a multitude of subsystems, sensors, and actuators that exchange datagrams through safety-critical communication protocols. However, the vast majority of these protocols rely on ad hoc interlacing mechanisms and safety codes which raise the heterogeneity and complexity of the overarching railway system. Therefore, Rete Ferroviaria Italiana, the company who is in charge of managing the Italian railway network, coordinated the definition of the Protocollo Vitale Standard (Standard Vital Protocol). This protocol is inspired to, and compliant with, the communication protocols adopted for the European Train Control System (ETCS) (SUBSET, UNISIG, 037, Euroradio FIS, version 2.3. 0; SUBSET, UNISIG, 098, RBC-RBC safe communication interface, 2007), and it is meant to become the standard layer to enable safe communication between components of the Italian railway system. This paper reports our experience in the design, implementation, verification, and validation of the Protocollo Vitale Standard in compliance with the European safety standards for railway systems. We first defined a safety plan and a verification and validation plan, which guide the design, development, verification, and validation activities as required by safety standards. Guidelines of such plans have been followed strictly until completion of the work, which concludes with the provision of a safety case where all safety evidences are summarized. Noticeably, we (i) selected appropriate safety mechanisms, (ii) verified the software design, (iii) implemented the software in compliance with code metrics and coding rules, (iv) conducted tests to validate the protocol against its functional and performance requirements, and ultimately (v) devised all relevant documentation and a safety case which summarizes the evidences needed for certification