DCDS'09 Plenary Talk by Francesco Flammini, Ansaldo STS.
The Workshop is organized by the: Laboratory of Control and Automation of Politecnico di Bari and will be held in Bari, Italy, at the prestigious Domina Hotel Conference Bari-Palace located in the city centre and nearby the old town.
Model-Based Approaches for Railway Safety, Reliability & SecurityFrancesco Flammini
Invited Talk by Francesco Flammini at the 6th International Workshop on Verification and Evaluation of Computer and Communication Systems (VECoS'12)
CNAM, Paris, France
August 27-28, 2012
co-located with
18th International Symposium on Formal Methods (FM 2012)
http://fm2012.cnam.fr
1. The document provides an overview of safety systems and statistics related to India's railway system. It details measures taken to ensure safety, including inspections, maintenance schedules, and medical exams for employees.
2. Departments like civil engineering, mechanical engineering, electrical engineering, and operations work together on safety and have prescribed duties to maintain infrastructure and rolling stock.
3. In case of an accident, standard procedures are followed which include sounding sirens, dispatching medical and breakdown staff, and conducting inquiries to determine the causes and impose punishments when needed. Overall, efforts are made continuously to reduce human failures and minimize accidents.
This document discusses the possibility of creating a safe communications-based train control (CBTC) system without secondary train detection. It notes that secondary detection is not technically required by standards and examines Dubai Metro as a case study of a successful CBTC system without secondary detection. The key points made are that Dubai Metro has achieved over 99.9% system availability through its operating procedures, maintenance practices, and system design without secondary detection. Eliminating secondary detection significantly reduces capital and operating costs while not compromising safety based on Dubai Metro's track record. The document concludes that a safe and reliable CBTC system can be created without secondary detection through high system reliability and carefully designed failure recovery processes.
This document discusses safety concepts and practices in railway signalling. It covers fail-safe principles, redundancy techniques, and self-check methods used to ensure safety in signalling systems. The key points are:
1) Signalling systems are designed to be fail-safe, meaning any failure will result in a safe reaction by defaulting to the lowest energy state. This is achieved through mechanical and electrical designs.
2) Microprocessors are not inherently fail-safe, so redundancy and self-checks are used to monitor for faults and ensure safe operation. Techniques include dual hardware, triple modular redundancy, and watchdog timers.
3) Railway interlocking systems are designed so that running signals cannot be lowered unless routes are set
Radio communications for safe and efficient Rail OperationIbrahim Al-Hudhaif
This document discusses Teltronic's radio communications solutions for safe and efficient rail operations. It provides an overview of Teltronic as a company with 40 years of experience in public safety communications. It then discusses key aspects of Teltronic's TETRA-based rail communication solutions, including infrastructure, terminals, applications, and total project management. Examples are given of various rail projects where Teltronic has provided integrated voice, data, and signaling solutions using a combination of TETRA and broadband networks. The document emphasizes that Teltronic can deliver a cost-effective single network approach using TETRA for mission critical voice and data with broadband for additional applications like CCTV.
ERTMS is a new railway signalling and train control system being implemented across Europe to replace existing national systems and enable cross-border travel. It uses in-cab displays and train-to-ground communication via trackside balises (Level 1), or GSM-R radio (Level 2), or without trackside equipment (Level 3). The UK is currently implementing ERTMS on the Thameslink route, upgrading from 16 to 24 trains per hour, with the national implementation plan delayed until Thameslink is complete. ERTMS aims to increase capacity, interoperability and safety across Europe's rail networks.
The document provides information about the Dubai Metro signaling and train control system. It discusses key details about the metro system including its two phases, the lines and stations, train fleet size, and technology used. The signaling system is a Thales SelTrac S40 CBTC system which enables a headway of 90 seconds and maximum speed of 90 kph. It also faced challenges during construction and operation due to its scale, the region's environment, and tight timelines. Lessons learned include the importance of consortiums, technical specifications, workforce culture, and testing procedures. The system includes specialized features and future opportunities exist in the region for interoperability and growth of metro systems.
innovative railway track surveying with sensors and controlled by wireless co...kalaimathi mathiyazhagan
This document describes a proposed multi-sensor railway track geometry surveying system. The system uses MEMS, ultrasonic, and GPS sensors on a robot to detect cracks and obstacles on railway tracks and bridges in real-time. When issues are detected, the GPS location is recorded and an SMS is sent to authorities via GSM. Trains approaching will also receive a wireless message to slow down. A microcontroller controls gate closures to prevent accidents. The low-cost system aims to improve safety by allowing for faster response times over existing manual inspection methods.
Model-Based Approaches for Railway Safety, Reliability & SecurityFrancesco Flammini
Invited Talk by Francesco Flammini at the 6th International Workshop on Verification and Evaluation of Computer and Communication Systems (VECoS'12)
CNAM, Paris, France
August 27-28, 2012
co-located with
18th International Symposium on Formal Methods (FM 2012)
http://fm2012.cnam.fr
1. The document provides an overview of safety systems and statistics related to India's railway system. It details measures taken to ensure safety, including inspections, maintenance schedules, and medical exams for employees.
2. Departments like civil engineering, mechanical engineering, electrical engineering, and operations work together on safety and have prescribed duties to maintain infrastructure and rolling stock.
3. In case of an accident, standard procedures are followed which include sounding sirens, dispatching medical and breakdown staff, and conducting inquiries to determine the causes and impose punishments when needed. Overall, efforts are made continuously to reduce human failures and minimize accidents.
This document discusses the possibility of creating a safe communications-based train control (CBTC) system without secondary train detection. It notes that secondary detection is not technically required by standards and examines Dubai Metro as a case study of a successful CBTC system without secondary detection. The key points made are that Dubai Metro has achieved over 99.9% system availability through its operating procedures, maintenance practices, and system design without secondary detection. Eliminating secondary detection significantly reduces capital and operating costs while not compromising safety based on Dubai Metro's track record. The document concludes that a safe and reliable CBTC system can be created without secondary detection through high system reliability and carefully designed failure recovery processes.
This document discusses safety concepts and practices in railway signalling. It covers fail-safe principles, redundancy techniques, and self-check methods used to ensure safety in signalling systems. The key points are:
1) Signalling systems are designed to be fail-safe, meaning any failure will result in a safe reaction by defaulting to the lowest energy state. This is achieved through mechanical and electrical designs.
2) Microprocessors are not inherently fail-safe, so redundancy and self-checks are used to monitor for faults and ensure safe operation. Techniques include dual hardware, triple modular redundancy, and watchdog timers.
3) Railway interlocking systems are designed so that running signals cannot be lowered unless routes are set
Radio communications for safe and efficient Rail OperationIbrahim Al-Hudhaif
This document discusses Teltronic's radio communications solutions for safe and efficient rail operations. It provides an overview of Teltronic as a company with 40 years of experience in public safety communications. It then discusses key aspects of Teltronic's TETRA-based rail communication solutions, including infrastructure, terminals, applications, and total project management. Examples are given of various rail projects where Teltronic has provided integrated voice, data, and signaling solutions using a combination of TETRA and broadband networks. The document emphasizes that Teltronic can deliver a cost-effective single network approach using TETRA for mission critical voice and data with broadband for additional applications like CCTV.
ERTMS is a new railway signalling and train control system being implemented across Europe to replace existing national systems and enable cross-border travel. It uses in-cab displays and train-to-ground communication via trackside balises (Level 1), or GSM-R radio (Level 2), or without trackside equipment (Level 3). The UK is currently implementing ERTMS on the Thameslink route, upgrading from 16 to 24 trains per hour, with the national implementation plan delayed until Thameslink is complete. ERTMS aims to increase capacity, interoperability and safety across Europe's rail networks.
The document provides information about the Dubai Metro signaling and train control system. It discusses key details about the metro system including its two phases, the lines and stations, train fleet size, and technology used. The signaling system is a Thales SelTrac S40 CBTC system which enables a headway of 90 seconds and maximum speed of 90 kph. It also faced challenges during construction and operation due to its scale, the region's environment, and tight timelines. Lessons learned include the importance of consortiums, technical specifications, workforce culture, and testing procedures. The system includes specialized features and future opportunities exist in the region for interoperability and growth of metro systems.
innovative railway track surveying with sensors and controlled by wireless co...kalaimathi mathiyazhagan
This document describes a proposed multi-sensor railway track geometry surveying system. The system uses MEMS, ultrasonic, and GPS sensors on a robot to detect cracks and obstacles on railway tracks and bridges in real-time. When issues are detected, the GPS location is recorded and an SMS is sent to authorities via GSM. Trains approaching will also receive a wireless message to slow down. A microcontroller controls gate closures to prevent accidents. The low-cost system aims to improve safety by allowing for faster response times over existing manual inspection methods.
The document discusses the European Train Control System (ETCS), including its history, components, levels, functions, and deployments. ETCS uses digital train-track communication through balises or radio to monitor train movement and provide automatic train protection. It has been implemented at various levels across Europe and is being introduced in India to improve safety. Future plans include further expansions within India and transitioning to successor systems as technology advances.
The focus of the Indian Railways is to increase capacity utilization of existing assets including rolling stock, track infrastructure, traction power and signalling & telecommunications. By running more high speed trains on the existing infrastructure, passengers and freight carrying capacity as well as revenue and profitability can be increased. In order to ensure safety over high speed and high density rail networks of Indian Railways it is the need of the hour to implement Automatic Train Protection (ATP) system such as Train Collision Avoidance System (TCAS). Indian Railways have taken up indigenous development of Train Collision Avoidance System (TCAS) through Research Designs & Standards Organization (RDSO) to prevent dangerous train collisions caused due to human errors or limitations and equipment failures by providing additional layer of enhanced safety in the operations.
1) A rail track switching system has been designed to automatically control railway switches and signals from a central monitoring unit using track circuits to detect train positions and monitor safety. The low-cost system uses a microcontroller and DC motors to switch tracks reliably while maintaining safety standards.
2) Sensors including photodiodes and infrared LEDs are used to detect train positions at track switching points and communicate this information to the central monitoring software via a communication line. The software displays train positions and switch statuses.
3) The system can operate automatically based on sensor inputs to switch tracks and avoid collisions, or can be manually controlled from the monitoring software. It provides improved safety over existing systems at a lower cost.
This PPT is very useful for the beginners interested for Metro Railway signalling system. It covers an overview of Signalling from fixed block to CBTC moving block system. It also includes the importance of CBTC over fixed block.
The document discusses railway signaling and transportation. It describes the need for railway signaling to safely manage train traffic, given that trains travel quickly on fixed tracks and have limited ability to stop. It then covers types of signals like color light and semaphore signals. The document also provides a brief history of railway signaling development from early mechanical systems to current electronic and computer-controlled technologies. It concludes with discussions of microprocessor-based signaling systems, redundancy features, and concepts like centralized traffic control and potential future automated train control.
This Simple-cost effective-easy to maintain track circuit can be used to identify an incoming train so that it can automatically trigger an alarm system as well as the railway gate. This system is assured to be fail-safe.
Unmanned railway tracking and anti collision system using gsmvmohankumar5
This document describes an anti-collision system for unmanned railway crossings that uses GPS receivers in trains to track locations and prevent collisions. When trains get within a minimum distance, both will stop. Infrared sensors activate gate controls when a train reaches a specific spot. Train locations are sent via GSM modem to a server and displayed to alert drivers. The system uses a microcontroller, sensors, transmitters, receivers and other hardware to monitor trains and control gates for increased safety.
The document describes a project to simulate an anti-collision system for trains using Erlang. Key aspects include:
1) The project uses Erlang processes and an in-memory cache to store train positions and status updates for fast access by the analyzer module.
2) The analyzer module uses a deadline monotonic algorithm to analyze train positions and schedules and determine if trains can run or if collisions may occur.
3) The simulation was tested with various scenarios and timing graphs, and the project successfully demonstrated real-time anti-collision detection and response.
CONCEPT AND WORKING OF WILD (Wheel Impact Load Detector)Vipin Kumar
A brief description on the concept and working of WILD Wheel Impact Load Detector, introduced in Indian Railways. Get to know how the system works and how it is beneficial for Railways.
What is ‘WILD’: It is a set of instrumented rails (strain gauged) through which data acquisition (impact of load) for wheels of trains under moving conditions at all speeds is done and processed for further report generation.
This document discusses a project to implement Automatic Train Protection (ATP) and Automatic Train Control (ATC) systems in railway networks. It begins with an introduction to ATC, describing it as a train control system that can achieve driverless train movement with fail-safe ATP. It then provides details on the specific functions of ATP, including enforcing speed limits, providing advance notice of upcoming signals, and preventing trains from passing danger signals. The document outlines the hardware and software components required for both on-board and trackside systems. It discusses applications such as speed monitoring, train spacing, train supervision, and energy efficiency. Finally, it covers expected future technological developments and the benefits of ATP and ATC systems in increasing safety and network capacity
The document provides an overview of various topics related to railway signaling and communication systems used in the Kota division of Indian Railways. It discusses the role of the Divisional Railway Manager and describes four branches under DRM Kota. It then summarizes signaling systems including semaphore and color light signals. Other topics covered in brief include track circuits, points, data loggers, microwave communication, optical fiber communication, and their applications in railways.
Communications-based signalling is the future of train control systems. It involves moving signalling components onboard trains and using wireless communication networks instead of trackside signals. While this improves safety, capacity and efficiency, implementing such systems presents challenges such as high costs, operational impacts during rollout, and ensuring compatibility with existing infrastructure. When choosing a signalling solution, factors like capital costs, safety, capacity, maintenance requirements, driver impacts and technology risks must all be considered.
This document provides a case study of the development of metro signalling systems in India. It details how Delhi Metro Rail Corporation introduced the latest ERTMS level 2 signalling and train control system, the first of its kind in India. The document describes the features of DMRC's signalling and train control system and the challenges faced in implementing this modern technology. It also summarizes the signalling requirements of upcoming metro systems in India and important issues around achieving interoperability as urban transport expands rapidly.
The document discusses the development of an Anti-Collision Device (ACD) by Konkan Railways to prevent train collisions in India. The ACD uses a microprocessor and GPS technology to track train locations and automatically apply brakes if trains get too close. It consists of onboard units installed on locomotives and guard vans, as well as trackside units at stations and level crossings. The ACD communicates via digital radio and its microprocessor uses an Intel chipset to execute the collision prevention system. It was created to address several deadly train collisions between 1999-2003.
Power Presentation On Railway Track Fault DetectorNEERAJ SINGH
This power presentation basically gives you ideas about railway track fault detector using ZIGBEE as sensor(i.e for communication) and differents series of PIC Microcontrooler.
The document describes an Anti Collision Device (ACD) developed by Konkan Railways to prevent train accidents. The ACD uses microprocessors and GPS technology to automatically apply brakes if trains are approaching each other too quickly. It has been successfully implemented on sections of the Northeast Frontier Railway and Konkan Railway, preventing head-on and rear-end collisions. While costly to install across all of Indian Railways, ACD implementation is expected to greatly enhance rail safety.
The document discusses railway communication systems in India. It describes the layout and control of the Eastern Railways, the types of signals used, and communication technologies like MTRC, walkie talkies, voice loggers, and emergency portable control telephones. It also outlines the basic features of GSM-R communication and types of control systems. Various communication mediums are presented, including overhead, underground, microwave, and optical fiber systems.
Magesh Velu has over 9 years of experience in railway signaling projects in India. He has expertise in installation, testing, and commissioning of signaling systems including ERTMS Level 1 and mass transit systems. Currently, he works as a Construction Lead Engineer for Ansaldo STS on the Navi Mumbai Metro project, overseeing installation planning and coordination. Previously, he held roles on signaling projects for Mumbai Monorail and Etihad Rail in Abu Dhabi, managing installation and testing activities. He holds a diploma in electrical engineering and safety certifications in railway signaling, first aid, and fire protection.
The document discusses the European Train Control System (ETCS), including its history, components, levels, functions, and deployments. ETCS uses digital train-track communication through balises or radio to monitor train movement and provide automatic train protection. It has been implemented at various levels across Europe and is being introduced in India to improve safety. Future plans include further expansions within India and transitioning to successor systems as technology advances.
The focus of the Indian Railways is to increase capacity utilization of existing assets including rolling stock, track infrastructure, traction power and signalling & telecommunications. By running more high speed trains on the existing infrastructure, passengers and freight carrying capacity as well as revenue and profitability can be increased. In order to ensure safety over high speed and high density rail networks of Indian Railways it is the need of the hour to implement Automatic Train Protection (ATP) system such as Train Collision Avoidance System (TCAS). Indian Railways have taken up indigenous development of Train Collision Avoidance System (TCAS) through Research Designs & Standards Organization (RDSO) to prevent dangerous train collisions caused due to human errors or limitations and equipment failures by providing additional layer of enhanced safety in the operations.
1) A rail track switching system has been designed to automatically control railway switches and signals from a central monitoring unit using track circuits to detect train positions and monitor safety. The low-cost system uses a microcontroller and DC motors to switch tracks reliably while maintaining safety standards.
2) Sensors including photodiodes and infrared LEDs are used to detect train positions at track switching points and communicate this information to the central monitoring software via a communication line. The software displays train positions and switch statuses.
3) The system can operate automatically based on sensor inputs to switch tracks and avoid collisions, or can be manually controlled from the monitoring software. It provides improved safety over existing systems at a lower cost.
This PPT is very useful for the beginners interested for Metro Railway signalling system. It covers an overview of Signalling from fixed block to CBTC moving block system. It also includes the importance of CBTC over fixed block.
The document discusses railway signaling and transportation. It describes the need for railway signaling to safely manage train traffic, given that trains travel quickly on fixed tracks and have limited ability to stop. It then covers types of signals like color light and semaphore signals. The document also provides a brief history of railway signaling development from early mechanical systems to current electronic and computer-controlled technologies. It concludes with discussions of microprocessor-based signaling systems, redundancy features, and concepts like centralized traffic control and potential future automated train control.
This Simple-cost effective-easy to maintain track circuit can be used to identify an incoming train so that it can automatically trigger an alarm system as well as the railway gate. This system is assured to be fail-safe.
Unmanned railway tracking and anti collision system using gsmvmohankumar5
This document describes an anti-collision system for unmanned railway crossings that uses GPS receivers in trains to track locations and prevent collisions. When trains get within a minimum distance, both will stop. Infrared sensors activate gate controls when a train reaches a specific spot. Train locations are sent via GSM modem to a server and displayed to alert drivers. The system uses a microcontroller, sensors, transmitters, receivers and other hardware to monitor trains and control gates for increased safety.
The document describes a project to simulate an anti-collision system for trains using Erlang. Key aspects include:
1) The project uses Erlang processes and an in-memory cache to store train positions and status updates for fast access by the analyzer module.
2) The analyzer module uses a deadline monotonic algorithm to analyze train positions and schedules and determine if trains can run or if collisions may occur.
3) The simulation was tested with various scenarios and timing graphs, and the project successfully demonstrated real-time anti-collision detection and response.
CONCEPT AND WORKING OF WILD (Wheel Impact Load Detector)Vipin Kumar
A brief description on the concept and working of WILD Wheel Impact Load Detector, introduced in Indian Railways. Get to know how the system works and how it is beneficial for Railways.
What is ‘WILD’: It is a set of instrumented rails (strain gauged) through which data acquisition (impact of load) for wheels of trains under moving conditions at all speeds is done and processed for further report generation.
This document discusses a project to implement Automatic Train Protection (ATP) and Automatic Train Control (ATC) systems in railway networks. It begins with an introduction to ATC, describing it as a train control system that can achieve driverless train movement with fail-safe ATP. It then provides details on the specific functions of ATP, including enforcing speed limits, providing advance notice of upcoming signals, and preventing trains from passing danger signals. The document outlines the hardware and software components required for both on-board and trackside systems. It discusses applications such as speed monitoring, train spacing, train supervision, and energy efficiency. Finally, it covers expected future technological developments and the benefits of ATP and ATC systems in increasing safety and network capacity
The document provides an overview of various topics related to railway signaling and communication systems used in the Kota division of Indian Railways. It discusses the role of the Divisional Railway Manager and describes four branches under DRM Kota. It then summarizes signaling systems including semaphore and color light signals. Other topics covered in brief include track circuits, points, data loggers, microwave communication, optical fiber communication, and their applications in railways.
Communications-based signalling is the future of train control systems. It involves moving signalling components onboard trains and using wireless communication networks instead of trackside signals. While this improves safety, capacity and efficiency, implementing such systems presents challenges such as high costs, operational impacts during rollout, and ensuring compatibility with existing infrastructure. When choosing a signalling solution, factors like capital costs, safety, capacity, maintenance requirements, driver impacts and technology risks must all be considered.
This document provides a case study of the development of metro signalling systems in India. It details how Delhi Metro Rail Corporation introduced the latest ERTMS level 2 signalling and train control system, the first of its kind in India. The document describes the features of DMRC's signalling and train control system and the challenges faced in implementing this modern technology. It also summarizes the signalling requirements of upcoming metro systems in India and important issues around achieving interoperability as urban transport expands rapidly.
The document discusses the development of an Anti-Collision Device (ACD) by Konkan Railways to prevent train collisions in India. The ACD uses a microprocessor and GPS technology to track train locations and automatically apply brakes if trains get too close. It consists of onboard units installed on locomotives and guard vans, as well as trackside units at stations and level crossings. The ACD communicates via digital radio and its microprocessor uses an Intel chipset to execute the collision prevention system. It was created to address several deadly train collisions between 1999-2003.
Power Presentation On Railway Track Fault DetectorNEERAJ SINGH
This power presentation basically gives you ideas about railway track fault detector using ZIGBEE as sensor(i.e for communication) and differents series of PIC Microcontrooler.
The document describes an Anti Collision Device (ACD) developed by Konkan Railways to prevent train accidents. The ACD uses microprocessors and GPS technology to automatically apply brakes if trains are approaching each other too quickly. It has been successfully implemented on sections of the Northeast Frontier Railway and Konkan Railway, preventing head-on and rear-end collisions. While costly to install across all of Indian Railways, ACD implementation is expected to greatly enhance rail safety.
The document discusses railway communication systems in India. It describes the layout and control of the Eastern Railways, the types of signals used, and communication technologies like MTRC, walkie talkies, voice loggers, and emergency portable control telephones. It also outlines the basic features of GSM-R communication and types of control systems. Various communication mediums are presented, including overhead, underground, microwave, and optical fiber systems.
Magesh Velu has over 9 years of experience in railway signaling projects in India. He has expertise in installation, testing, and commissioning of signaling systems including ERTMS Level 1 and mass transit systems. Currently, he works as a Construction Lead Engineer for Ansaldo STS on the Navi Mumbai Metro project, overseeing installation planning and coordination. Previously, he held roles on signaling projects for Mumbai Monorail and Etihad Rail in Abu Dhabi, managing installation and testing activities. He holds a diploma in electrical engineering and safety certifications in railway signaling, first aid, and fire protection.
DFCCIL signed two contracts worth Rs. 2390 crores for design and construction of signalling and telecommunication works on the Western Dedicated Freight Corridor. The first contract of Rs. 1780 crores was for 915 route km between Rewari and Vadodara, and the second contract of Rs. 610 crores was for 1370 route km between Rewari and JNPT, Mumbai. The contracts involve the latest signalling and telecom technologies and represent the biggest such project on Indian Railways. DFCCIL is constructing the Eastern and Western dedicated freight corridors to enhance freight transport capacity in India.
The document discusses railway signaling and train control systems. It begins with an introduction to various railway signaling devices like signals and switches. It then provides overviews of different train control systems used in Europe like TVM, KVB, TBL, ETCS. It discusses the signaling and control systems on the Eurostar high-speed train. The document then shifts to discussing software used in train control systems like SIBAS 32 and how it has evolved. It provides examples of SIBAS 32 usage. It concludes with discussions of formal methods for verifying railway interlocking systems and examples of industrial case studies applying formal methods.
The document describes an automatic railway gate control system that uses sensors and a microcontroller to operate railway crossing gates. When a train is detected by infrared sensors, an alarm is triggered and the microcontroller then controls stepper motors to close the gates. The system uses an AT89C51 microcontroller, infrared sensors for train detection, stepper motors to move the gates, and a power supply to power the electrical components. Keil Microvision IDE is used for programming the microcontroller.
This document proposes an automatic railway gate control system using a microcontroller. It describes the current manual system's issues with wasted time and errors. The automatic system would use a sensor set including IR, sound and thermal sensors to detect arriving and departing trains. When a train is detected, it would provide warning signals to road users, close the gate, change the train signal, and open the gate once the train departs, to improve safety and efficiency over the manual system. The microcontroller would run the control logic and algorithm to coordinate the sensors and gate/signal operations.
Automatic Railway Gate Control
Project Objective :
Provide an automatic railway gate at a Level crossing replacing the gates operated by the gatekeeper to provide safety to the road users by reducing the accidents.
video URL :
http://www.youtube.com/watch?v=c0Z61bOQp8w
It's time to change the basics of Cyber SecurityJiří Napravnik
Take a look also at the Three Laws of ICT Security.
It's time to change the basics of Cyber Security. SW is an exact discipline,
where is possible everything clearly describe, programme and test.
Innovation in Airport System by Giuliano D'AuriaALIAS Network
The document discusses innovation in airport systems by SELEX Sistemi Integrati. It summarizes several key systems including surface conflict alert, advanced tower automation, ground route management, CPDLC, and system interoperability. The focus is on integrating different airport stakeholders and tight integration between area, approach and aerodrome control centers through sharing of radar, flight plan and operational data. SELEX is involved in validating these systems through various SESAR test beds and validation platforms.
ET02 - Meetings
Orario 09.30 – 12.00
Sala AVORIO
HOSTED
EASY RIDER PROJECT
Achieving a sustainable and safe mobility trough the integration of vehicles and infrastructures
A cura del CENTRO RICERCHE FIAT
The document discusses connectivity technologies that enable connected vehicles. It provides examples of applications for connected vehicles in urban and interurban areas that improve efficiency, safety, and sustainability. Connected vehicle technologies allow for wireless asset management solutions that optimize maintenance schedules based on real-time vehicle sensor data.
The document discusses railway scanning using the Riegl VMX-450 mobile laser scanning system. It provides an overview of the system and its capabilities, including automated rail detection and axis calculation (3 sentences). Challenges in railway scanning like low variation in direction and lack of GNSS visibility in tunnels are addressed. Applications of the system for various railway projects in Germany are described, with details on data acquisition and processing speeds and point densities achieved (3 sentences). The document concludes by introducing Riegl's product lines for processing and analyzing railway point clouds, including software for rail feature extraction, clearance analysis, and managing spatial databases (3 sentences).
The document proposes upgrading an existing CCTV camera system with smart surveillance cameras. It evaluates AGD Systems - Traffic Information and Measurement Equipment as a smart camera solution. AGD Systems can provide real-time traffic data like speed, direction, occupancy, and queues. This data can be sent to a traffic control center and used for applications like traffic monitoring, incident detection, and travel time calculation. Sketches are included to enhance the explanation of how AGD Systems can perform traffic counting, speed determination, vehicle classification, and incident detection.
The document discusses various computerized train control and communication systems used in Indian Railways. It describes the Passenger Reservation System (PRS) which allows online booking from remote locations. It also outlines the Automatic Train Protection (ATP) system which uses track to train communication for distance monitoring and the Operation Control Center (OCC) for centralized control. The document summarizes other key systems like the Unreserved Ticketing System (UTS), Freight Operations Information System (FOIS), Interactive Voice Response System (IVRS) and various communication networks used to manage train operations and passenger information services in Indian Railways.
This document discusses a presentation given by the SCADA StrangeLove team, a group of security researchers focused on industrial control systems. The presentation provides an overview of railway safety and signaling systems such as ETCS and analyzes past railway accidents like those in Santiago de Compostela and Wenzhou. It also examines train communication networks and onboard control systems from a security perspective. Throughout, it emphasizes that the views expressed are those of the researchers and not their employers.
Mathieu Melenchon, System Engineering Manager at SYSTRA, discusses the application of autonomous technology in trams; the challenges and opportunities that exist in designing tram systems for the future.
This document announces a seminar on machine-to-machine communications to be held on October 26th from 3:00 to 4:30 PM in room 3003. The seminar will include a panel presentation on what M2M is, presentations from various speakers, and a panel discussion and question period. The panelists will represent companies involved in M2M applications and technologies, including Boatracs, Kyocera Wireless, Aeris.net, Opto 22, Cingular Interact, and SensorLogic. The seminar aims to discuss M2M applications, requirements, technologies, and the various players involved in providing end-to-end M2M solutions.
The document discusses innovative solutions from Thales for the railway and harbour environment. It describes Thales Rail Signalling Solutions and its portfolio, including ARAMIS, an integrated solution for railway-harbour interfaces. ARAMIS provides functions like train supervision and automatic route setting. It has key features like scalability and reliability. The document also briefly mentions other Thales solutions like electronic interlocking systems and the Checkpoint train condition monitoring system.
The document outlines the agenda and presentations for a Wireless Building Automation demonstration at Vooruit. The agenda includes general presentations on WBA and demonstrations of managing video surveillance over a wireless mesh network, intelligent video transmission and control, SANET use cases, indoor positioning, and SANET network solutions. The document also provides details on WBA, including its architecture, applications to building management systems, and research partners.
The document outlines the agenda and presentations for a Wireless Building Automation demonstration at Vooruit. The agenda includes general presentations on WBA and demonstrations of managing video surveillance over a wireless mesh network, intelligent video transmission and control, SANET use cases, indoor positioning, and SANET network solutions. The document also provides details on WBA, including its architecture, applications to building management systems, and research partners.
1) The document provides an overview of JPG's Electronics Division, which focuses on electronics for rail applications.
2) The division has 350 employees across centers of expertise in France and Australia, with a product portfolio that includes driving aid systems, train control and monitoring systems, passenger information systems, and auxiliary converters.
3) Key details include annual sales of 60 million euros, 2 million euros spent on R&D, and certification at Safety Integrity Level 4 for some products like ERTMS speed measurement systems.
The document discusses indigenous intelligent transportation systems (ITS) solutions developed by the Centre for Development of Advanced Computing (C-DAC). It summarizes several ITS products including area traffic control systems, wireless traffic control systems, intelligent parking management systems, and red light violation detection systems. It also provides details on C-DAC's implementation of these solutions in cities across India and the benefits realized, such as reduced delays and fuel savings.
CAN networks are used in a wide variety of applications including passenger vehicles, public transportation, mobile machinery, industrial control systems, building automation, medical devices, and more. Some key application areas are engine management and body electronics in passenger cars, train controls, mobile equipment like agricultural machinery, industrial automation systems, and medical equipment. CAN provides real-time communication capabilities that make it suitable for many applications that require networked control of sub-systems.
ConveyorCAM provides video inspection technology and services to reduce manufacturing costs for clients. It has been in business since 1978 and focuses on scientifically oriented, patented equipment. Services include testing, inspecting, analyzing existing and new conveyor systems. ConveyorCAM uses specialized equipment like video cameras and data loggers to provide detailed inspections of conveyors. The goal is to accurately analyze conveyor status and conditions to prevent breakdowns and production losses.
Siding rails integrated management system for the industrial enterpriseSIS Group International
To modernize the siding rails of industrial enterprises SIS offers: Specialized railway automation (microprocessor centralization, microprocessor dispatching, automatic block, microprocessor centralized interlocking, railway traffic safety monitoring systems, etc.), voice and video transfer systems, data transfer network (SDH/OTN/IP).
Similar to Model-Based Approaches for Railway Safety, Reliability and Security: The Experience of Ansaldo STS (20)
Interview of Prof. Francesco Flammini published on Railway Gazette about the Europe's Rail project "Roadmaps for A.I. Integration in the Rail Sector" (RAILS) that he led as the Technical Manager.
2023 Professor Zdzislaw Pawlak Award - International Cooperation, "Balancing Privacy and Accuracy in Federated Learning for Speech Emotion Recognition" (S. Mohammadi, M. Mohammadi, S. Sinaei, A. Balador, E. Nowroozi, F. Flammini, M. Conti), 18th Conference on Computer Science and Intelligence Systems (FedCSIS’23)
Internationalization of the Curriculum Conference CertificateFrancesco Flammini
This certificate confirms that Francesco Flammini participated in a two-day symposium on internationalizing university curriculums held November 17-18, 2022 at the Polo Universitario Lugano - Campus EST in Lugano-Viganello, Switzerland. The event was organized by the Department of Innovative Technologies and the Swiss Global Competence Lab at the University of Applied Sciences and Arts of Southern Switzerland.
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021Francesco Flammini
The IEEE SMC Technical Committee on Homeland Security (TCHS) held its annual award ceremony. Five awards were given to recognize outstanding leadership, research, service, early career contributions, and contributions by women in the field of homeland security. Award winners included Professor Isaac Ben-Israel for leadership, Professors Ernesto Damiani, Steven Furnell, and Igor Linkov for research and innovation, Stavros Shiaeles, Nicholas Kolokotronis, and Emanuele Bellini for service, Luca Faramondi for his early career contributions, and Cristina Alcaraz for her contributions and role modeling as a woman in the field.
Second International Colloquium on Recent Trends in Computer Science – 2021 (Vidyavardhaka College of Engineering, July 6th, 2021)
http://icrtcs.vvce.ac.in/
http://wing.vvce.ac.in/
https://www.youtube.com/watch?v=bd3p7Pl72Bw
Science of Computer Programming, Certificate of ReviewingFrancesco Flammini
Francesco Flammini received an award from the journal Science of Computer Programming in recognition for contributing a review to the journal. The award has been presented since September 2020 and is given out based on reviews submitted to the journal. The Editors of Science of Computer Programming presented the award to Francesco Flammini.
Francesco Flammini has been appointed as a Distinguished Speaker for the Association for Computing Machinery (ACM) for a three year term. The ACM's Distinguished Speaker Program engages emerging professionals, students, and the public through leading researchers on topics in computing. Gabriele Kotsis, the ACM President, thanked Flammini for joining this prestigious program and lending his time to benefit the computing community.
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
The document discusses using artificial intelligence techniques like Bayesian networks and event trees for cybersecurity applications. It describes how these techniques can help address issues with security operations centers being overwhelmed by too much information from various sensors and systems. Bayesian networks and event trees can help fuse data from different sources to detect threats more effectively. The document provides examples of how Bayesian networks can be built using historical threat data and customized for specific organizations. It also discusses how these models can be updated dynamically based on real-time data from systems.
Embedded systems control devices and have dedicated functions, while cyber-physical systems intensively connect computational entities to the physical world. The research group at Linnaeus University studies cyber-physical systems and IoT security, developing techniques for smart troubleshooting of connected devices and applying IoT solutions to smart environments. They also provide IoT education to help students learn about these important topics.
- The document discusses virtual coupling, which aims to allow trains to operate closer together while maintaining safety. It explores extending ERTMS Level 3 to enable this through cooperative driving and dynamic train compositions.
- Preliminary simulations show a train joining a fleet in virtual coupling mode and coordinated emergency braking of the coupled trains. Further work is needed to fully implement and test virtual coupling.
This document discusses using virtual coupling to increase railway line capacity. Virtual coupling would allow trains to virtually join together by reducing headways. This could transfer achievements from vehicle platooning to railways. The document proposes a vision of virtual coupling integrated with ERTMS Level 3 moving block signaling. Trains would communicate position/speed and follow a desired spacing profile determined by the radio block center. A stochastic Petri net model is presented and simulated, showing virtual coupling could increase train frequency on a high-speed line from 20 to 100 trains per hour by reducing headways from 3 to 0.36 minutes. Compatibility with ERTMS standards is discussed.
Smart-Troubleshooting Symbiotic Autonomous Systems in the Connected SocietyFrancesco Flammini
This document summarizes a presentation on smart troubleshooting of interconnected devices. It discusses how as devices become more connected and complex, troubleshooting failures is challenging. Research aims to gather error logs from different devices, analyze them to match fixes and instructions. This could help with troubleshooting in smart cities and transportation. The proposed approach would reuse a framework to model dependability and security. It is connected to research on symbiotic autonomous systems and addresses areas like big data, machine learning, and cybersecurity.
Francesco Flammini has received a Certificate of Completion for successfully completing a course on "Successful grant applications: getting it right" on Monday January 23, 2017. The certificate confirms Francesco Flammini's participation in and completion of the course on that specified date.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
The Microsoft 365 Migration Tutorial For Beginner.pptx
Model-Based Approaches for Railway Safety, Reliability and Security: The Experience of Ansaldo STS
1. (DCDS’
Dependable Control of Discrete Systems (DCDS’09)
Bari, 10-12 May 2009
10-
Model-Based Approaches for
Railway Safety, Reliability and Security:
The Experience of Ansaldo STS
Dr. Francesco Flammini
Ansaldo STS Italy – Innovation Unit
francesco.flammini@ansaldo-sts.com
francesco.flammini@ansaldo-
2. Outline
• Introduction to modern railway control systems
• The need for model-based approaches
model-
• Succesful applications
• Future developments
DCDS’09, Francesco Flammini
2
3. Catastrophic Failures in Railways
• Brief history… (due to speed or signalling)
history… signalling)
– Recent – Metro Rome, 2006
Rome,
– Most catastrophic: Amagasaki (Japan), 107 killed,
catastrophic: Japan), killed,
555 injuried
– One of the oldest – Waterloo station, 1803
• http://danger-ahead.railfan.net/
http://danger-ahead.railfan.net/
danger
DCDS’09, Francesco Flammini
3
4. Computer-Based Railway Control Systems
Control
System
Sensor Actuator
System System
ENVIRONMENT
• Safety-
Safety-Critical Railway Control Systems:
Systems:
– Interlocking Systems – management of train route and signals in stations
– trackside)
Traffic Management Systems – management of train headways (trackside)
– on-board)
Train Control Systems – management of train movement (on-board)
• Evolution from relays based to computer based → more complex failure modes
• real- complex:
Embedded real-time reactive systems increasingly complex:
– large, distributed,
large, distributed, heterogeneous
• Dependability attributes of interest:
– Reliability Availability Mantainability Safety Security (RAMSS)
• Important to evalutate such attributes in:
– early development stages to support design choices (fault forecasting)
– verification and validation phase, to demonstrate compliance to RAMSS standard (assessment / certificafion)
phase,
DCDS’09, Francesco Flammini
4
5. Automatic Train Protection Systems
HMI TRAFFIC
MANAGEMENT
Radio
Block
Center
GSM
-R
Train Position Report
Wide Area Network
Neighbour
Movement Authority with
Static Speed Profile
TRAIN CONTROL
RBCs Base Trans/receiver Station
ON-BOARD
ap SYSTEM
-g
Air
TRACK CIRCUIT
Balise Telegram with
Eurobalise Balise Group identifier
INTERLOCKING
PHYSICAL CONTROL ENTITIES
IXLj Adjacent IXL IXLk
TRACK CIRCUIT
Automation
WAN System
SIGNAL SWITCH POINT
DCDS’09, Francesco Flammini ROUTE Communication
5
Man Machine IXL Central Computer
STATION Interface Processing Unit
6. Threats of system dependability
Designers and Management Staff Normal Users
Developers Users
Data Network Maintainers
Computer-Based
Electrical Connections Control System
Power Supply Vandals, Hackers,
Terrorists
Vibrations Temperature Moisture
Electromagnetic Fields Environmental Cosmic Radiation
Parameters
DCDS’09, Francesco Flammini
6
7. The core of most control systems
• Triple Modular Redundancy
(TMR) U n it A U n it B U n it C
• Many other fault-tolerance
fault-
mechanisms
– Design diversity E x c lu s io n E x c lu s io n E x c lu s io n
L o g ic
– Error Correcting Codes A -B
L o g ic
B -C
L o g ic
A -C
– Defensive programming
– … V o te r
DCDS’09, Francesco Flammini
7
8. Objectives of dependability assessment
• Extensive simulation with real systems is unfeasible
• We need to evaluate RAMSS attributes of interest
possible:
with models as much as possible:
– Holistic
• System level failure modes
– Realistic
• Correct behavior with not too many conservative assumptions
– Maintainable
• No hyper-skills required to build and modify them
– Efficient
• Quick to build and evaluate on normal computers
– Assessable
• Readable and low error prone
– …
DCDS’09, Francesco Flammini
8
9. New frontiers in dependability modeling
• Multi-paradigm approaches, involving:
Multi- approaches, involving:
– Multi-formalism modeling
Multi-
– Meta-modeling
Meta-
– Model-abstraction and transformation
Model-
• Choice of the modeling approach most suited to the:
• Objective of the analysis (performability, security, maintainability, etc.)
• Constituent subsystems (small embedded device, workstation, etc.)
• Abstraction layers (hardware, software state-machine, software functions, etc.)
• Advantages:
Advantages:
– Modular or compositional approach
• Divide ed impera
• Incremental, multi-level / hierarchical
• Reuse (model libraries)
– They allow for a trade-off among:
trade- among:
• Ease of use
• Expressive power
• Solving efficiency
DCDS’09, Francesco Flammini
9
10. Experience report 1: issues
• Main problem:
problem:
– evaluate system availability with respect to system-level failure
system-
modes to demonstrate compliance to RAM requirements
• Unfeasible with traditional single-formalism stochastic
single-
approaches:
modeling approaches:
– Queueing Networks ➪ limited expressiveness (no failure
modeling)
modeling)
– Fault Trees ➪ limited expressiveness (no performance modeling)
modeling)
– Stochastic Petri Nets ➪ ungovernable complexity and limited
explosion)
efficiency (state space explosion)
– …
• Further problem:
problem:
– how to evaluate the effect of real-world repair strategies (e.g.
real-
maintenance, resources, etc)?
preventive maintenance, limited resources, etc)?
DCDS’09, Francesco Flammini
10
11. Experience report 1: solution
AVAILABILITY MODEL
(overall system, BN)
PERFORMABILITY MODEL MAINTAINABILITY MODEL
RELIABILITY MODEL (network / software, GSPN)
(on-board, FT) (trackside, RFT)
• F. Flammini, M. Iacono, S. Marrone, N. Mazzocca: quot;Using Repairable Fault Trees for the evaluation of design choices for critical repairable systemsquot;. In: Proceedings
Flammini, Iacono, Marrone, Mazzocca: choices
of the 9th IEEE Symposium on High Assurance Systems Engineering, HASE’05, Heidelberg, Germany, October 12-14, 2005: pp. 163-172
HASE’ 12- 163-
• F. Flammini, S. Marrone, N. Mazzocca, V. Vittorini: “Modelling System Reliability Aspects of ERTMS/ETCS by Fault Trees and Bayesian Networksquot;. In: Safety and
Flammini, Marrone, Mazzocca, Vittorini: Trees
Reliability for Managing Risk: Proceedings of the 15th European Safety and Reliability Conference (published in September 1st 2006), ESREL’06, Estoril, Portugal,
Risk: Conference ESREL’ Estoril,
18- 2675-
September 18-22, 2006: pp. 2675-2683
DCDS’09, Francesco Flammini
11
12. Experience report 2: issues
• Main problem:
problem:
– evaluate TMR safety in presence of imperfect maintenance
• Existing GSPN model assuming perfect maintenance
hardly extensible
– Low maintenability
– Very limited efficiency
• No other single formalism approach usable to solve the
overall problem
• Further problem:
problem:
– how to improve the maintenability of the existing GSPN-based
GSPN-
model?
safety model?
DCDS’09, Francesco Flammini
12
13. Experience report 2: solution
Finite State Machine OR Continuous Time M arkov Chain OR Timed Automata REPAIR MODELS
at differ ent levels of detail (environmental & human
factors, CTMC)
M aintenance model
implementation
Choice of the m odel
M ainte nance M ode l Inte rface
Operational Status Fault Ev ents
Composition
(OK, KO, Up w ith f ault, etc .) (Transient, Permanent, etc .)
Failure M ode l Inte rface
Choice of the m odel
H azardo us
Fa l ure
i
Erroneou s
o ut utfr m
p o
voter
O ne
erroneous
outputand
S ameerror i n
npu t datao f
i
both uni t
s
S ameerror
fromthe tw o
C omb na ti n
i o
of l ate nt
e rr rs
o Failure model
voterfai ure
l
implementation
u ni s
t
Laten t erro r Late nt e rror A va t on of
cti i
in A in B e rr rs of
o
both A an d B
Erron eou s Erro neou s E rroneo us
outp utfrom Vote rf ai ure
l ou tput ro m
f o utput f r m
o
one u ni
t A B
EXISTING SAFETY MODEL
Fault Tree Bayesian Netw ork GSPN
(hardware, GSPN)
+ expressiveness, com plexity, realism
- solving efficiency, readability, maintainability
• Flammini, Marrone, Mazzocca, Vittorini: N-
F. Flammini, S. Marrone, N. Mazzocca, V. Vittorini: “A new modelling approach to the safety evaluation of N-modular
DCDS’09, Francesco Flammini maintenance”
redundant computer systems in presence of imperfect maintenance”. In: Reliability Engineering & System Safety (Elsevier) –
ESREL’
special issue on ESREL’07 selected papers. DOI: 10.1016/j.ress.2009.02.014 13
14. Experience report 3: issues
• Main problem:
problem:
– perform system functional verification of the European Railway
Traffic Management System / European Train Control System
(ERTMS/ETCS)
• Issues:
Issues:
– extensive testing unfeasible due to system complexity (test-case
(test-
explosion)
number explosion)
– testing required for both nominal and degraded conditions
– unstable system requirements specification
• Further problem:
problem:
– How to detect missing requirements in order to improve system
specification? (validation
validation)
specification? (validation)
DCDS’09, Francesco Flammini
14
15. Experience report 3: solution
Model-
1. Model-based testing (dynamic
verification)
verification) Partial_Supervision_1
Train Moving in a
1: Receive TAF Granted /
Send Disconnection Request
Disconnection_1
Disconnection Request
Staff Responsible Mode Sent by the RBC
– Automatic generation and
test-
reduction of the test-suite using
2: Receive standstill Position Report in TAF zone /
Send TAF Request
reference abstract models like
Finite State Machines Partial_Supervision_2
Waiting for TAF
1: Receive TAF Granted /
Send MA in Full Supervision
Full_Supervision_1
Train Moving in Full
Granted Supervision
• Flammini, Mazzocca,
F. Flammini, N. Mazzocca, A. Orazzo: “Automatic instantiation of abstract tests to specific
configurations for large critical control systems”. In: Journal of Software Testing, Verification
systems”
91-
& Reliability (STVR), Vol. 19, Issue 2, pp. 91-110
• Flammini, Tommaso, Lazzaro, Pellecchia,
F. Flammini, P. di Tommaso, A. Lazzaro, R. Pellecchia, A. Sanseviero: quot;The Simulation of
Anomalies in the Functional Testing of the ERTMS/ETCS Trackside Systemquot;. In:
Proceedings of the 9th IEEE Symposium on High Assurance Systems Engineering, LOGIC SPECIFICATION
HASE’ 12-
HASE’05, Heidelberg, Germany, October 12-14, 2005: pp. 131-139 131- Req. xx.yy: When the MA verification process is activated, the RBC Logic
shall verify the status of the track circuits assigned to the MA and then […]
...
UML MODEL verification of compliance
1) CLASS DIAGRAMS 2) SEQUENCE DIAGRAMS 3) STATECHARTS
Model-
2. Model-based code inspection
MA
-attributes MA TC MA_state1
+operations() 1
verification)
(static verification)
verify_cond() Send_MA
TC op()
-attributes MA_state2
– UML-
Use of UML-based reverse * +operations()
reverse
refactoring
engineering and refactoring
LOGIC CODE engineering
PROCESS MA;
VARIABLES process_status, control, …
COMMANDS send_MA, …
COMMAND send_MA:
• Abbaneo, Flammini, Lazzaro, Marmo, Mazzocca,
C. Abbaneo, F. Flammini, A. Lazzaro, P. Marmo, N. Mazzocca, A. Sanseviero: quot;UML Based IF cond ASSIGN “ok” TO VARIABLE “control”
Reverse Engineering for the Verification of Railway Control Logicsquot;. In: IEEE Proceedings of
Logicsquot;. AND SEND AUTOMATIC COMMAND “op” TO PROCESS “TC”
DepCoS’ Poręba,
Dependability of Computer Systems, DepCoS’06, Szklarska Poręba, Poland, May 25-27,25- ...
3-
2006: pp. 3-10
DCDS’09, Francesco Flammini
15
16. Experience report 4: issues
• Main problem:
problem:
– Quantitative security risk assessment to support the design of
protection mechanisms and evaluate the return on investment
• Issues:
Issues:
– Traditional reliability modeling formalisms (e.g. Fault Trees)
Trees)
inadequate for security modeling (e.g. no support for
events)
interdependant basic events)
– Complexity in vulnerability modeling
• Further problem:
problem:
– How to demonstrate to the customer the optimality of security
subsystems)?
system design (e.g. size of subsystems)?
DCDS’09, Francesco Flammini
16
17. Experience report 4: solution
R = P ⋅V ⋅ D WORK IN
PROGRESS
RISK MODEL
BAYESIAN NETWORKS STOCHASTIC PETRI NETS
Threat Frequency Threat Vulnerability
Model Model
Threat Consequences
Model
EVENT TREES
• We have already implemented a genetic algorithm to automatically maximize the return on
investment while fulfilling external budget constraints
• Flammini, Mazzocca, Infrastructures”
F. Flammini, A. Gaglione, N. Mazzocca, C. Pragliola: “Quantitative Security Risk Assessment and Management for Railway Transportation Infrastructures”. In:
Proc. 3rd International Workshop on Critical Information Infrastructures Security, CRITIS’08, Frascati (Rome), Italy, October 13-15, 2008: pp. 213-223
Infrastructures CRITIS’ 13- 213-
• F. Flammini, V. Vittorini, N. Mazzocca, C. Pragliola: “A Study on Multiformalism Modelling of Critical Infrastructures”. In: Proc. 3rd International Workshop on
Flammini, Vittorini, Mazzocca, Infrastructures”
Critical Information Infrastructures Security, CRITIS’08, Frascati (Rome), Italy, October 13-15, 2008: pp. 395-402
CRITIS’ 13- 395-
DCDS’09, Francesco Flammini
17
18. Future developments
• Methodology Start of Mission Hand-Over
OPi 1
OPi 2
r
ye
La
– Definition of appropriate
(Gen eralized
es
(Generalized
r
Stocha stic) OP3 Stoch astic)
du
Petri Net Petri Net
oce
Pr
Start of Mission Train 1 Hand-Over Train 2
multiformalism
r
ye
La
rs
Fin ite State Machine
ye
(Gen eralized
re s
(Gen eralized
r
La
Level 0 /
ye
Level 1 Level 2 Level 3 Sto ch astic) OP3 Sto ch astic)
du
STM
La
re
OP2 Petri Net Petri Net
oce
La twa
es
Pr
od
Unfit t ed
are Sof
r
composition operators
ye
gM
rdw at e
t in
Ha e di
OFF SB SR OS Full Supervision
e ra
m
Op
te r
In
System Failure
Finite S tate Ma chine
• Applications
OP1 Ba yesia n Network
TRACKSIDE SUBSYSTEM
r
ye
v5
La
are
fa il 11
rdw
fa il SS 1
v3 v4
fa il 2
Ha
Sy stem Failure
– New case-studies, e.g.
case-studies,
T ransm it t in g
fa il 3
fail SS 2 Correct T elegram
v1 v2
fa il 4
(Repa irab le) Fau lt Tree
r
ye
Non
La
Transmitting Default
r
ye
Transmitting Telegram (safe failure)
ON-BOARD SUBSYSTEM 1
are
La
...
system level safety
ftw
are
So
rdw
Transmitting Uncorrect
Telegram (unsafe failure)
Ha
Start of Mission Hand-Over
evaluation
r
ye
BALISE 1
La
r
ye
es
(Genera lized (Generalized
...
La
ur
Stocha stic) OP3 Stocha stic)
BALISE K
La ode s
ed
Petri Net Petri Net
Ha e rat Proc
r
M
ye
LINESIDE SUBSYSTEM
rdw ing
are
GROUND SUBSYSTEM
Op
ON-BOARD SUBSYSTEM n
• Flammini, Iacono, Marrone, Moscato, Vittorini: framework”
G. Di Lorenzo, F. Flammini, M. Iacono, S. Marrone, F. Moscato, V. Vittorini: “The software architecture of the OsMoSys multisolution framework”. In: Proc. 2nd
VALUETOOLS’ 23-
International Conference on Performance Evaluation Methodologies and Tools, VALUETOOLS’07, Nantes, France, October 23-25, 2007: pp. 1-10 1-
DCDS’09, Francesco Flammini
18
19. • Are models useful only for dependability
assessment?
prediction and assessment?
DCDS’09, Francesco Flammini
19
20. Experience report 5: issues
• Main problem:
problem:
– On-line detection of threats for early warning and
On-
decision support
• Issues:
Issues:
– Integration and reasoning of multi-sensor data
multi-
– Need for real-time detection models
real-
• Further problem:
problem:
– How to quantify uncertainity?
uncertainity?
DCDS’09, Francesco Flammini
20
21. Experience report 5: solution
DETECT Engine
Scenario
Repository
Detected
attack
scenario
Event
History Alarm level
(1, 2, 3, ...)
EVENT TREES
BAYESIAN NETWORKS
NEURAL NETWORKS
• Flammini, Mazzocca, critical infrastructures”
F. Flammini, A. Gaglione, N. Mazzocca, C. Pragliola: “DETECT: a novel framework for the detection of attacks to critical infrastructures”. In: Safety, Reliability and
(eds
eds), ESREL’ 22- 105-
Risk Analysis: Theory, Methods and Applications – Martorell et al. (eds), Proceedings of ESREL’08, Valencia, Spain, 22-25 September 2008: pp. 105-112
• F. Flammini, A. Gaglione, N. Mazzocca, V. Moscato, C. Pragliola: “Wireless Sensor Data Fusion for Critical Infrastructure Security”. In: Advances in Soft
Flammini, Mazzocca, Moscato, Security”
CISIS’ 23-
Computing Vol. 53: Proc. International Workshop on Computational Intelligence in Security for Information Systems, CISIS’08, Genoa, Italy, October 23-24, 2008:
92-
pp. 92-99
DCDS’09, Francesco Flammini
21
22. Thank you for your kind attention
Questions?
Questions?