SlideShare a Scribd company logo

Model-Based Approaches for Railway Safety, Reliability & Security

Francesco Flammini
Francesco Flammini

Invited Talk by Francesco Flammini at the 6th International Workshop on Verification and Evaluation of Computer and Communication Systems (VECoS'12) CNAM, Paris, France August 27-28, 2012 co-located with 18th International Symposium on Formal Methods (FM 2012) http://fm2012.cnam.fr

TechnologyBusiness
1 of 23
6th International Workshop on Verification and Evaluation of Computer and Communication Systems CNAM, Paris, France, August 27-28, 2012 Model-Based Approaches for Railway Safety, Reliability and Security Dr. Francesco Flammini Ansaldo STS Italy – Innovation & Competitiveness IEEE Computer Society Italy Chapter francesco.flammini@ieee.org
Outline • Introduction to modern railway control systems • The need for model-based approaches • Succesful applications • Future developments VECoS’12, Francesco Flammini 2
Catastrophic Failures in Railways • Some relevant rail accidents – Recent (July 23° 2011): Wenzhou (China) high-speed train collision, 40 killed, 192 injured – Most catastrophic: Amagasaki (Japan), 107 killed, 555 injuried – One of the oldest – Waterloo station, 1803 • Some sources – http://en.wikipedia.org/wiki/List_of_rail_accidents_(2010-2019) – http://danger-ahead.railfan.net/ VECoS’12, Francesco Flammini 3
Computer-Based Railway Control Systems Control System Sensor Actuator System System ENVIRONMEN T • Safety-Critical Railway Control Systems: – Interlocking Systems – management of train route and signals in stations – Traffic Management Systems – management of train headways (trackside) – Train Control Systems – management of train movement (on-board) • Evolution from relays based to computer based → more complex failure modes • Embedded real-time reactive systems increasingly complex: – large, distributed, heterogeneous • Dependability attributes of interest: – Reliability Availability Mantainability Safety Security (RAMSS) • Important to evalutate such attributes in: – early development stages to support design choices ( fault forecasting) – verification and validation phase, to demonstrate compliance to RAMSS standard ( assessment / certificafion) VECoS’12, Francesco Flammini 4
Automatic Train Protection Systems HMI TRAFFIC MANAGEMENT TRAIN CONTROL INTERLOCKING PHYSICAL CONTROL ENTITIES Adjacent IXL TRACK CIRCUIT Automation WAN System SIGNAL SWITCH POINT VECoS’12, Francesco Flammini ROUTE Communication 5 Man Machine IXL Central Computer STATION Interface Processing Unit
Threats of system dependability Designers and Management Staff Normal Users Developers Users Data Network Maintainers Computer-Based Electrical Connections Control System Power Supply Vandals, Hackers, Terrorists Vibrations Temperature Moisture Electromagnetic Fields Environmental Cosmic Radiation Factors VECoS’12, Francesco Flammini 6
The core of most control systems • Triple Modular Redundancy (TMR) Unit A Unit B Unit C • Many other fault-tolerance mechanisms – Design diversity Exclusion Exclusion Exclusion Logic – Error Correcting Codes A-B Logic B-C Logic A-C – Defensive programming – … Voter VECoS’12, Francesco Flammini 7
Objectives of dependability assessment • Extensive simulation with real systems is unfeasible • We need to evaluate RAMSS attributes of interest with models as much as possible: – Holistic • System level failure modes – Realistic • Correct behavior with not too many conservative assumptions – Maintainable • No hyper-skills required to build and modify them – Efficient • Quick to build and evaluate on normal computers – Assessable • Readable and low error prone – … VECoS’12, Francesco Flammini 8
New frontiers in dependability modeling • Multi-paradigm approaches, involving: – Multi-formalism modeling – Meta-modeling – Model-abstraction and transformation • Choice of the modeling approach most suited to the: • Objective of the analysis (performability, security, maintainability, etc.) • Constituent subsystems (small embedded device, workstation, etc.) • Abstraction layers (hardware, software state-machine, software functions, etc.) • Advantages: – Modular or compositional approach • Divide ed impera • Incremental, multi-level / hierarchical • Reuse (model libraries) – They allow for a trade-off among: • Ease of use • Expressive power • Solving efficiency VECoS’12, Francesco Flammini 9
Experience report 1: issues • Main problem: – evaluate system availability with respect to system-level failure modes to demonstrate compliance to RAM requirements • Unfeasible with traditional single-formalism stochastic modeling approaches: – Queueing Networks ➪ limited expressiveness (no failure modeling) – Fault Trees ➪ limited expressiveness (no performance modeling) – Stochastic Petri Nets ➪ ungovernable complexity and limited efficiency (state space explosion) – … • Further problem: – how to evaluate the effect of real-world repair strategies (e.g. preventive maintenance, limited resources, etc)? VECoS’12, Francesco Flammini 10
Experience report 1: solution AVAILABILITY MODEL (overall system, BN) PERFORMABILITY MODEL MAINTAINABILITY MODEL RELIABILITY MODEL (network / software, GSPN) (on-board, FT) (trackside, RFT) • F. Flammini, M. Iacono, S. Marrone, N. Mazzocca: "Using Repairable Fault Trees for the evaluation of design choices for critical repairable systems". In: Proceedings of the 9th IEEE Symposium on High Assurance Systems Engineering , HASE’05, Heidelberg, Germany, October 12-14, 2005: pp. 163-172 • F. Flammini, S. Marrone, N. Mazzocca, V. Vittorini: “Modelling System Reliability Aspects of ERTMS/ETCS by Fault Trees and Bayesian Networks". In: Safety and Reliability for Managing Risk: Proceedings of the 15th European Safety and Reliability Conference (published in September 1st 2006), ESREL’06, Estoril, Portugal, September 18-22, 2006: pp. 2675-2683 VECoS’12, Francesco Flammini 11
Experience report 2: issues • Main problem: – evaluate TMR safety in presence of imperfect maintenance • Existing GSPN model assuming perfect maintenance hardly extensible – Low maintenability – Very limited efficiency • No other single formalism approach usable to solve the overall problem • Further problem: – how to improve the maintenability of the existing GSPN-based safety model? VECoS’12, Francesco Flammini 12
Experience report 2: solution Finite State Machine OR Continuous Tim e Markov Chain OR Tim ed Autom ata REPAIR MODELS at different levels of detail (environmental & human factors, CTMC) Maintenance m odel im plem entation Choice of the m odel M aintenance M odel Interface Operational Status Com position Fault Events (OK, KO, Up w ith fault, etc.) (Transient, Permanent, etc.) Failure M odel Interface Choice of the m odel Hazardous Failure Erroneous output from voter One erroneous output and Same error in input data of both units Same error from the two Combination of latent errors Failure m odel voter failure units im plem entation Activation of Latent error Latent error errors of in A in B both A and B Erroneous Erroneous Erroneous output from Voter failure output from output from one unit A B EXISTING SAFETY MODEL Fault Tree Bayesian Netw ork GSPN (hardware, GSPN) + expressiveness, com plexity, realism - solving efficiency, readability, m aintainability • Flammini, F., Marrone, S., Mazzocca, N., Vittorini, V.: A new modelling approach to the safety evaluation of N-modular VECoS’12, Francesco Flammini redundant computer systems in presence of imperfect maintenance. In: Reliability Engineering & System Safety, Vol. 94, Issue 9, September 2009: pp. 1422–1432 13
Experience report 3: issues • Main problem: – perform system functional verification of the European Railway Traffic Management System / European Train Control System (ERTMS/ETCS) • Issues: – extensive testing unfeasible due to system complexity (test-case number explosion) – testing required for both nominal and degraded conditions – unstable system requirements specification • Further problem: – How to detect missing requirements in order to improve system specification? (validation) VECoS’12, Francesco Flammini 14
Experience report 3: solution 1. Model-based testing (dynamic verification) Partial_Supervision_1 Train Moving in a 1: Receive TAF Granted / Send Disconnection Request Disconnection_1 Disconnection Request Staff Responsible Mode Sent by the RBC – Automatic generation and reduction of the test-suite using 2: Receive standstill Position Report in TAF zone / Send TAF Request reference abstract models like Finite State Machines Partial_Supervision_2 Waiting for TAF 1: Receive TAF Granted / Send MA in Full Supervision Full_Supervision_1 Train Moving in Full Granted Supervision • F. Flammini, N. Mazzocca, A. Orazzo: “Automatic instantiation of abstract tests to specific configurations for large critical control systems”. In: Journal of Software Testing, Verification & Reliability (STVR), Vol. 19, Issue 2, pp. 91-110 • F. Flammini, P. di Tommaso, A. Lazzaro, R. Pellecchia, A. Sanseviero: "The Simulation of Anomalies in the Functional Testing of the ERTMS/ETCS Trackside System". In: Proceedings of the 9th IEEE Symposium on High Assurance Systems Engineering, LOGIC SPECIFICATION HASE’05, Heidelberg, Germany, October 12-14, 2005: pp. 131-139 Req. xx.yy: When the MA verification process is activated, the RBC Logic shall verify the status of the track circuits assigned to the MA and then […] ... UML MODEL verification of compliance 2 1) CLASS DIAGRAMS 2) SEQUENCE DIAGRAMS 3) STATECHARTS 2. Model-based code inspection MA -attributes MA TC MA_state1 +operations() 1 (static verification) verify_cond() Send_MA TC op() -attributes MA_state2 – Use of UML-based reverse * +operations() reverse 3 refactoring engineering and refactoring engineering 1 LOGIC CODE PROCESS MA; VARIABLES process_status, control, … COMMANDS send_MA, … COMMAND send_MA: • Flammini, F., Lazzaro, A., Mazzocca, N.: Modeling of Logic Code for Reverse Engineering, IF cond ASSIGN “ok” TO VARIABLE “control” Verification and Refactoring. In: The International Journal of Safety & Security Engineering, AND SEND AUTOMATIC COMMAND “op” TO PROCESS “TC” ... Vol. 1, no. 1, February 2011: pp. 77-94 VECoS’12, Francesco Flammini 15
Experience report 4: issues • Main problem: – Quantitative security risk assessment to support the design of protection mechanisms and evaluate the return on investment • Issues: – Traditional reliability modeling formalisms (e.g. Fault Trees) inadequate for security modeling (e.g. no support for interdependant basic events) – Complexity in vulnerability modeling • Further problem: – How to demonstrate to the customer the optimality of security system design (e.g. size of subsystems)? VECoS’12, Francesco Flammini 16
Experience report 4: solution RISK MODEL BAYESIAN NETWORKS STOCHASTIC PETRI NETS Threat Frequency Threat Vulnerability Attractivity Model Other assets' attractivity Model Likelihood of attack Intrinsic robustness Accessibility Existing protections Asset failure Aggregated asset failure Dependant asset failure R P V D Component asset failure Influencing asset failure Event Tree Fault Tree Threat Consequences Model Sistema Ferroviario Railway System * 1 1 1 Fixed Equip. Fisso Mobile Equip. Mobile EVENT TREES / CLASS DIAGRAMS 1 Infrastruct. Infrastruttura 1 1 * Controllo e Segnalamento Signalling & Control 1 * Rotabile Rolling S. 1 1 1 1 * 1 1 1 1 Rete di TLC Network Serv. Car Carrello Stock Merci Treno Train Passeng. Train Treno Passeggeri * Line sect. Tratto di linea Manag. & Maint. Gestione e manutenzione Segnaletica Signal Station Stazione 1 1 1 1 1 1 1 1 * * 1 0..1 0..1 1 * * * * SST Ground Rete TLC-LD WAN GSM-R Rete GSM-R 1 Locomotive Locomotore Switch Deviatoio Track Binario Tunnel Galleria Service S. Staz. Servizio * 1 1 1 1 * 1 1 1 Staz. Passeggeri Passenger S. Bridge Ponte Balise HMI TMR RTM 1 1 SSB 1 CdB Track Circ. 1 1 Sistema sensoriale 1 1 Sens. system 1 1 1 Temp. Ch. RTB 1 1 BTM DMI Sistema di attuazione Act. system • Genetic algorithms employed to automatically maximize the ROI while fulfilling external budget constraints • Flammini, F., Gaglione, A., Mazzocca, N., Pragliola, C.: Automatic Optimization of Security System Design by Quantitative Risk Assessment and Genetic Algorithms. In: International Journal of Risk Analysis and Management (IJRAM), Vol. 15, No. 2/3, 2011: pp. 205-221 • Flammini, F., Mazzocca, N., Moscato, F., Pappalardo, A., Pragliola, C., Vittorini, V.,: Multiformalism techniques for critical infrastructure modeling. In: International Journal of Systems of Systems Engineering (IJSSE), Vol. 2, No. 1, 2010: pp. 19-37 VECoS’12, Francesco Flammini 17
• Are models useful only for dependability prediction and assessment? VECoS’12, Francesco Flammini 18
Experience report 5: issues • Main problem: – On-line detection of threats for early warning and decision support • Issues: – Integration and reasoning of multi-sensor data – Need for real-time detection models • Further problem: – How to quantify uncertainity? VECoS’12, Francesco Flammini 19
Experience report 5: solution DETECT Engine Scenario Repository Detected attack scenario Event History Alarm level (1, 2, 3, ...) EVENT TREES BAYESIAN NETWORKS NEURAL NETWORKS 2, <5’ →, <10’ IMS/SAW IR CAM 1 CAM 2 MIC CWA CWA FALL RUN FALL RUN SCREAM • Flammini, F., Mazzocca, N., Pappalardo, A., Pragliola, C., Vittorini, V.: Augmenting surveillance system capabilities by exploiting event correlation and distributed attack detection. In: Proc. 2011 Intl. Workshop on Security and Cognitive Informatics for Homeland Defence (SeCIHD’11), co -located with ARES’11, A M. Tjoa et al. (Eds.), LNCS 6908, pp. 191-204 • Flammini, F., Pappalardo, A., Pragliola, C., Vittorini, V.: A robust approach for on-line and off-line threat detection based on event tree similarity analysis. In: Proc. Workshop on Multimedia Systems for Surveillance (MMSS) in conjunction with 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance, Klagenfurt, Austria, August 29-30, 2011: pp. 414-419 VECoS’12, Francesco Flammini 20
Work-in-progress & future developments • Definition of appropriate Model Driven Engineering (MDE) frameworks supporting Domain Specific Languages (DSL) and M2M transformations to enable high-level UML (annotated) modeling and automatic generations of solvable models DAM-RAIL (derived from UML MARTE-DAM profile) • Bernardi, S, Flammini, F., Marrone, S., Merseguer, J., Papa, C., Vittorini, V.: Model-driven availability evaluation of railway control systems. In: Proc. 30th Intl. Conf. on Computer Safety, Reliability & Security, SAFECOMP’11, Naples, September 19-21, 2011: pp. 467-479 VECoS’12, Francesco Flammini 21
Further reading Flammini, F. (2012). Railway Safety, Reliability, and Security: Technologies and Systems Engineering, IGI Global, doi:10.4018/978-1-4666-1643-1 VECoS’12, Francesco Flammini 22
Thank you for your kind attention Questions?

Recommended

Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...Francesco Flammini
 
Railway safety
Railway safetyRailway safety
Railway safetyGTClub
 
ERTMS Presentation
ERTMS PresentationERTMS Presentation
ERTMS PresentationMartyn Tobin
 
ETCS
ETCSETCS
ETCSRanveer Beniwal
 
Dubai metro paper in IRSE magazine
Dubai metro paper in IRSE magazineDubai metro paper in IRSE magazine
Dubai metro paper in IRSE magazineShiv Mohan CEng, PMP, PGDBA ,MIRSE,MIEEE,MIET
 
Railway Engineering: signaling, interlocking, train control system
Railway Engineering: signaling, interlocking, train control systemRailway Engineering: signaling, interlocking, train control system
Railway Engineering: signaling, interlocking, train control systemBathla Tuition Centre
 
indian railway signal system ppt
indian railway signal system pptindian railway signal system ppt
indian railway signal system pptVimal Tripathi
 
automation of railway gate using verilog, Documentation
automation of railway gate using verilog, Documentation automation of railway gate using verilog, Documentation
automation of railway gate using verilog, Documentation chendrashekar pabbaraju
 

Recommended

Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...
Model-Based Approaches for Railway Safety, Reliability and Security: The Expe...Francesco Flammini
 
Railway safety
Railway safetyRailway safety
Railway safetyGTClub
 
ERTMS Presentation
ERTMS PresentationERTMS Presentation
ERTMS PresentationMartyn Tobin
 
ETCS
ETCSETCS
ETCSRanveer Beniwal
 
Dubai metro paper in IRSE magazine
Dubai metro paper in IRSE magazineDubai metro paper in IRSE magazine
Dubai metro paper in IRSE magazineShiv Mohan CEng, PMP, PGDBA ,MIRSE,MIEEE,MIET
 
Railway Engineering: signaling, interlocking, train control system
Railway Engineering: signaling, interlocking, train control systemRailway Engineering: signaling, interlocking, train control system
Railway Engineering: signaling, interlocking, train control systemBathla Tuition Centre
 
indian railway signal system ppt
indian railway signal system pptindian railway signal system ppt
indian railway signal system pptVimal Tripathi
 
automation of railway gate using verilog, Documentation
automation of railway gate using verilog, Documentation automation of railway gate using verilog, Documentation
automation of railway gate using verilog, Documentation chendrashekar pabbaraju
 
Masters Report.PDF
Masters Report.PDFMasters Report.PDF
Masters Report.PDFDon W. Lewis
 
Paper id 28201413
Paper id 28201413Paper id 28201413
Paper id 28201413IJRAT
 
Shen_Presentation_CBTC_Conf_2011
Shen_Presentation_CBTC_Conf_2011Shen_Presentation_CBTC_Conf_2011
Shen_Presentation_CBTC_Conf_2011Jian Shen
 
Anti collision device
Anti collision deviceAnti collision device
Anti collision devicesvsanthoshkumar
 
PolCorridor User Forum, Prague, 25 September 2003
PolCorridor User Forum, Prague, 25 September 2003PolCorridor User Forum, Prague, 25 September 2003
PolCorridor User Forum, Prague, 25 September 2003Antonio Bove
 
ERTMS Fact Sheet 3 - ERTMS levels
ERTMS Fact Sheet 3 - ERTMS levelsERTMS Fact Sheet 3 - ERTMS levels
ERTMS Fact Sheet 3 - ERTMS levelsUNIFE2012
 
LIGHTSCENE on 21 May 2015 - Level Crossings
LIGHTSCENE on 21 May 2015 - Level CrossingsLIGHTSCENE on 21 May 2015 - Level Crossings
LIGHTSCENE on 21 May 2015 - Level CrossingsInstitution of Lighting Professionals
 
Rail Alliance Event on 25/02/15: Lighting & Level Crossings Presentation
Rail Alliance Event on 25/02/15: Lighting & Level Crossings PresentationRail Alliance Event on 25/02/15: Lighting & Level Crossings Presentation
Rail Alliance Event on 25/02/15: Lighting & Level Crossings PresentationInstitution of Lighting Professionals
 
G041024547
G041024547G041024547
G041024547IOSR-JEN
 
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of view
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of viewERTMS Fact Sheet 13 - ERTMS from the drivers’ point of view
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of viewUNIFE2012
 
University master on cargo transport rpas 2017 ver 1
University master on cargo transport rpas 2017 ver 1University master on cargo transport rpas 2017 ver 1
University master on cargo transport rpas 2017 ver 1Panagiotis (Panos) Xefteris
 
Smart traffic management system with its advantages
Smart traffic management system with its advantages Smart traffic management system with its advantages
Smart traffic management system with its advantages JosephCraven4
 
Few remarkable advancement in railways around the globe
Few remarkable advancement in railways around the globeFew remarkable advancement in railways around the globe
Few remarkable advancement in railways around the globeSHASHANKKUMAR426
 
Amit porject
Amit porjectAmit porject
Amit porjectAmit kumar
 
Nav Topic 8 automatic direction finder
Nav Topic 8 automatic direction finderNav Topic 8 automatic direction finder
Nav Topic 8 automatic direction finderIzah Asmadi
 
REU spring 2016
REU spring 2016REU spring 2016
REU spring 2016Jack Yuan
 
Towards railway virtual coupling
Towards railway virtual couplingTowards railway virtual coupling
Towards railway virtual couplingFrancesco Flammini
 
The Hyperbolic Radio System
The Hyperbolic Radio SystemThe Hyperbolic Radio System
The Hyperbolic Radio SystemNzar Braim
 
Ar10x96 barricade how to for construction personnel
Ar10x96 barricade how to for construction personnelAr10x96 barricade how to for construction personnel
Ar10x96 barricade how to for construction personnelRyan Sueoka
 
saftey and health
saftey and healthsaftey and health
saftey and healthChris Shriver
 
railway_plant_layout
railway_plant_layoutrailway_plant_layout
railway_plant_layoutRajshree Tiwari
 
Report on running room facilities
Report on running room facilitiesReport on running room facilities
Report on running room facilitiesSrinivasaRao Guduru
 

More Related Content

What's hot

Masters Report.PDF
Masters Report.PDFMasters Report.PDF
Masters Report.PDFDon W. Lewis
 
Paper id 28201413
Paper id 28201413Paper id 28201413
Paper id 28201413IJRAT
 
Shen_Presentation_CBTC_Conf_2011
Shen_Presentation_CBTC_Conf_2011Shen_Presentation_CBTC_Conf_2011
Shen_Presentation_CBTC_Conf_2011Jian Shen
 
PolCorridor User Forum, Prague, 25 September 2003
PolCorridor User Forum, Prague, 25 September 2003PolCorridor User Forum, Prague, 25 September 2003
PolCorridor User Forum, Prague, 25 September 2003Antonio Bove
 
ERTMS Fact Sheet 3 - ERTMS levels
ERTMS Fact Sheet 3 - ERTMS levelsERTMS Fact Sheet 3 - ERTMS levels
ERTMS Fact Sheet 3 - ERTMS levelsUNIFE2012
 
Rail Alliance Event on 25/02/15: Lighting & Level Crossings Presentation
Rail Alliance Event on 25/02/15: Lighting & Level Crossings PresentationRail Alliance Event on 25/02/15: Lighting & Level Crossings Presentation
Rail Alliance Event on 25/02/15: Lighting & Level Crossings PresentationInstitution of Lighting Professionals
 
G041024547
G041024547G041024547
G041024547IOSR-JEN
 
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of view
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of viewERTMS Fact Sheet 13 - ERTMS from the drivers’ point of view
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of viewUNIFE2012
 
University master on cargo transport rpas 2017 ver 1
University master on cargo transport rpas 2017 ver 1University master on cargo transport rpas 2017 ver 1
University master on cargo transport rpas 2017 ver 1Panagiotis (Panos) Xefteris
 
Smart traffic management system with its advantages
Smart traffic management system with its advantages Smart traffic management system with its advantages
Smart traffic management system with its advantages JosephCraven4
 
Few remarkable advancement in railways around the globe
Few remarkable advancement in railways around the globeFew remarkable advancement in railways around the globe
Few remarkable advancement in railways around the globeSHASHANKKUMAR426
 
Nav Topic 8 automatic direction finder
Nav Topic 8 automatic direction finderNav Topic 8 automatic direction finder
Nav Topic 8 automatic direction finderIzah Asmadi
 
REU spring 2016
REU spring 2016REU spring 2016
REU spring 2016Jack Yuan
 
Towards railway virtual coupling
Towards railway virtual couplingTowards railway virtual coupling
Towards railway virtual couplingFrancesco Flammini
 
The Hyperbolic Radio System
The Hyperbolic Radio SystemThe Hyperbolic Radio System
The Hyperbolic Radio SystemNzar Braim
 
Ar10x96 barricade how to for construction personnel
Ar10x96 barricade how to for construction personnelAr10x96 barricade how to for construction personnel
Ar10x96 barricade how to for construction personnelRyan Sueoka
 

What's hot (19)

Masters Report.PDF
Masters Report.PDFMasters Report.PDF
Masters Report.PDF
 
Paper id 28201413
Paper id 28201413Paper id 28201413
Paper id 28201413
 
Shen_Presentation_CBTC_Conf_2011
Shen_Presentation_CBTC_Conf_2011Shen_Presentation_CBTC_Conf_2011
Shen_Presentation_CBTC_Conf_2011
 
Anti collision device
Anti collision deviceAnti collision device
Anti collision device
 
PolCorridor User Forum, Prague, 25 September 2003
PolCorridor User Forum, Prague, 25 September 2003PolCorridor User Forum, Prague, 25 September 2003
PolCorridor User Forum, Prague, 25 September 2003
 
ERTMS Fact Sheet 3 - ERTMS levels
ERTMS Fact Sheet 3 - ERTMS levelsERTMS Fact Sheet 3 - ERTMS levels
ERTMS Fact Sheet 3 - ERTMS levels
 
LIGHTSCENE on 21 May 2015 - Level Crossings
LIGHTSCENE on 21 May 2015 - Level CrossingsLIGHTSCENE on 21 May 2015 - Level Crossings
LIGHTSCENE on 21 May 2015 - Level Crossings
 
Rail Alliance Event on 25/02/15: Lighting & Level Crossings Presentation
Rail Alliance Event on 25/02/15: Lighting & Level Crossings PresentationRail Alliance Event on 25/02/15: Lighting & Level Crossings Presentation
Rail Alliance Event on 25/02/15: Lighting & Level Crossings Presentation
 
G041024547
G041024547G041024547
G041024547
 
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of view
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of viewERTMS Fact Sheet 13 - ERTMS from the drivers’ point of view
ERTMS Fact Sheet 13 - ERTMS from the drivers’ point of view
 
University master on cargo transport rpas 2017 ver 1
University master on cargo transport rpas 2017 ver 1University master on cargo transport rpas 2017 ver 1
University master on cargo transport rpas 2017 ver 1
 
Smart traffic management system with its advantages
Smart traffic management system with its advantages Smart traffic management system with its advantages
Smart traffic management system with its advantages
 
Few remarkable advancement in railways around the globe
Few remarkable advancement in railways around the globeFew remarkable advancement in railways around the globe
Few remarkable advancement in railways around the globe
 
Amit porject
Amit porjectAmit porject
Amit porject
 
Nav Topic 8 automatic direction finder
Nav Topic 8 automatic direction finderNav Topic 8 automatic direction finder
Nav Topic 8 automatic direction finder
 
REU spring 2016
REU spring 2016REU spring 2016
REU spring 2016
 
Towards railway virtual coupling
Towards railway virtual couplingTowards railway virtual coupling
Towards railway virtual coupling
 
The Hyperbolic Radio System
The Hyperbolic Radio SystemThe Hyperbolic Radio System
The Hyperbolic Radio System
 
Ar10x96 barricade how to for construction personnel
Ar10x96 barricade how to for construction personnelAr10x96 barricade how to for construction personnel
Ar10x96 barricade how to for construction personnel
 

Viewers also liked

Report on running room facilities
Report on running room facilitiesReport on running room facilities
Report on running room facilitiesSrinivasaRao Guduru
 
indian railway matunga carriage workshop
indian railway matunga carriage workshopindian railway matunga carriage workshop
indian railway matunga carriage workshopChirag Ramakrishnan
 
PPT on Indian railway (LHB coaches)
PPT on Indian railway (LHB coaches)PPT on Indian railway (LHB coaches)
PPT on Indian railway (LHB coaches)kalyan kumar
 

Viewers also liked (8)

saftey and health
saftey and healthsaftey and health
saftey and health
 
railway_plant_layout
railway_plant_layoutrailway_plant_layout
railway_plant_layout
 
Report on running room facilities
Report on running room facilitiesReport on running room facilities
Report on running room facilities
 
Beml limited
Beml limitedBeml limited
Beml limited
 
indian railway matunga carriage workshop
indian railway matunga carriage workshopindian railway matunga carriage workshop
indian railway matunga carriage workshop
 
PPT on Indian railway (LHB coaches)
PPT on Indian railway (LHB coaches)PPT on Indian railway (LHB coaches)
PPT on Indian railway (LHB coaches)
 
corrosion presentation
corrosion presentationcorrosion presentation
corrosion presentation
 
Corrosion.ppt
Corrosion.pptCorrosion.ppt
Corrosion.ppt
 

Similar to Model-Based Approaches for Railway Safety, Reliability & Security

Scooter Seminar
Scooter SeminarScooter Seminar
Scooter Seminaralaxandre
 
SCOOTER - Seminar
SCOOTER - SeminarSCOOTER - Seminar
SCOOTER - Seminaralaxandre
 
SCOOTER SEMINAR
SCOOTER SEMINARSCOOTER SEMINAR
SCOOTER SEMINARalaxandre
 
Lemay Scinteie it-trans-2010, Karlshruhe
Lemay Scinteie it-trans-2010, KarlshruheLemay Scinteie it-trans-2010, Karlshruhe
Lemay Scinteie it-trans-2010, KarlshruheValentin Scinteie
 
Railway ppt fdocuments.in_indian-railway-ppt.pptx.pdf
Railway ppt fdocuments.in_indian-railway-ppt.pptx.pdfRailway ppt fdocuments.in_indian-railway-ppt.pptx.pdf
Railway ppt fdocuments.in_indian-railway-ppt.pptx.pdfAslamNalband
 
Innovation in Airport System by Giuliano D'Auria
Innovation in Airport System by Giuliano D'AuriaInnovation in Airport System by Giuliano D'Auria
Innovation in Airport System by Giuliano D'AuriaALIAS Network
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation processAjay Ohri
 
Events and Urban Control by Ben Anderson and Rachel Gordon
Events and Urban Control by Ben Anderson and Rachel GordonEvents and Urban Control by Ben Anderson and Rachel Gordon
Events and Urban Control by Ben Anderson and Rachel Gordonprogrammable9
 
Malabocchia_ TELECOM
Malabocchia_ TELECOMMalabocchia_ TELECOM
Malabocchia_ TELECOMGoWireless
 
Indian railway-3977545
Indian railway-3977545Indian railway-3977545
Indian railway-39775459586215895
 
K10888 ramratan malav (mechanical measurement & control theory,application)
K10888 ramratan malav (mechanical measurement & control theory,application)K10888 ramratan malav (mechanical measurement & control theory,application)
K10888 ramratan malav (mechanical measurement & control theory,application)9672269693
 
SCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesSCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesChanmeet Singh
 
5b50dc69-4ca7-41ee-a9dd-b4e8b220b4fe.pdf
5b50dc69-4ca7-41ee-a9dd-b4e8b220b4fe.pdf5b50dc69-4ca7-41ee-a9dd-b4e8b220b4fe.pdf
5b50dc69-4ca7-41ee-a9dd-b4e8b220b4fe.pdfSrinidhirkGowda
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityRealTime-at-Work (RTaW)
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityNicolas Navet
 
Intelligent Traffic Controller
Intelligent Traffic ControllerIntelligent Traffic Controller
Intelligent Traffic ControllerRanjan Dhar
 
Systèmes embarqués critiques
Systèmes embarqués critiquesSystèmes embarqués critiques
Systèmes embarqués critiquesMarc Daumas
 
KA6423 P57600 Assignment 3
KA6423 P57600 Assignment 3KA6423 P57600 Assignment 3
KA6423 P57600 Assignment 3armada7000
 

Similar to Model-Based Approaches for Railway Safety, Reliability & Security (20)

Scooter Seminar
Scooter SeminarScooter Seminar
Scooter Seminar
 
SCOOTER - Seminar
SCOOTER - SeminarSCOOTER - Seminar
SCOOTER - Seminar
 
SCOOTER SEMINAR
SCOOTER SEMINARSCOOTER SEMINAR
SCOOTER SEMINAR
 
Lemay Scinteie it-trans-2010, Karlshruhe
Lemay Scinteie it-trans-2010, KarlshruheLemay Scinteie it-trans-2010, Karlshruhe
Lemay Scinteie it-trans-2010, Karlshruhe
 
Railway ppt fdocuments.in_indian-railway-ppt.pptx.pdf
Railway ppt fdocuments.in_indian-railway-ppt.pptx.pdfRailway ppt fdocuments.in_indian-railway-ppt.pptx.pdf
Railway ppt fdocuments.in_indian-railway-ppt.pptx.pdf
 
Innovation in Airport System by Giuliano D'Auria
Innovation in Airport System by Giuliano D'AuriaInnovation in Airport System by Giuliano D'Auria
Innovation in Airport System by Giuliano D'Auria
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation process
 
Events and Urban Control by Ben Anderson and Rachel Gordon
Events and Urban Control by Ben Anderson and Rachel GordonEvents and Urban Control by Ben Anderson and Rachel Gordon
Events and Urban Control by Ben Anderson and Rachel Gordon
 
Malabocchia_ TELECOM
Malabocchia_ TELECOMMalabocchia_ TELECOM
Malabocchia_ TELECOM
 
Indian railway-3977545
Indian railway-3977545Indian railway-3977545
Indian railway-3977545
 
Scada slide
Scada slideScada slide
Scada slide
 
K10888 ramratan malav (mechanical measurement & control theory,application)
K10888 ramratan malav (mechanical measurement & control theory,application)K10888 ramratan malav (mechanical measurement & control theory,application)
K10888 ramratan malav (mechanical measurement & control theory,application)
 
SCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesSCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution Utilities
 
5b50dc69-4ca7-41ee-a9dd-b4e8b220b4fe.pdf
5b50dc69-4ca7-41ee-a9dd-b4e8b220b4fe.pdf5b50dc69-4ca7-41ee-a9dd-b4e8b220b4fe.pdf
5b50dc69-4ca7-41ee-a9dd-b4e8b220b4fe.pdf
 
journal paper
journal paperjournal paper
journal paper
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to security
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to security
 
Intelligent Traffic Controller
Intelligent Traffic ControllerIntelligent Traffic Controller
Intelligent Traffic Controller
 
Systèmes embarqués critiques
Systèmes embarqués critiquesSystèmes embarqués critiques
Systèmes embarqués critiques
 
KA6423 P57600 Assignment 3
KA6423 P57600 Assignment 3KA6423 P57600 Assignment 3
KA6423 P57600 Assignment 3
 

More from Francesco Flammini

TRA Visions Senior Researcher Award 2024.pdf
TRA Visions Senior Researcher Award 2024.pdfTRA Visions Senior Researcher Award 2024.pdf
TRA Visions Senior Researcher Award 2024.pdfFrancesco Flammini
 
RAILS - Railway Gazette 2023 (Flammini).pdf
RAILS - Railway Gazette 2023 (Flammini).pdfRAILS - Railway Gazette 2023 (Flammini).pdf
RAILS - Railway Gazette 2023 (Flammini).pdfFrancesco Flammini
 
Award-Fedcsis Conference 2023.pdf
Award-Fedcsis Conference 2023.pdfAward-Fedcsis Conference 2023.pdf
Award-Fedcsis Conference 2023.pdfFrancesco Flammini
 
Internationalization of the Curriculum Conference Certificate
Internationalization of the Curriculum Conference CertificateInternationalization of the Curriculum Conference Certificate
Internationalization of the Curriculum Conference CertificateFrancesco Flammini
 
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021Francesco Flammini
 
Digital Twins for Trustworthy Autonomy
Digital Twins for Trustworthy AutonomyDigital Twins for Trustworthy Autonomy
Digital Twins for Trustworthy AutonomyFrancesco Flammini
 
IEEE Intelligent Transportation Systems Conference 2020 - Low-Power Wide-Area...
IEEE Intelligent Transportation Systems Conference 2020 - Low-Power Wide-Area...IEEE Intelligent Transportation Systems Conference 2020 - Low-Power Wide-Area...
IEEE Intelligent Transportation Systems Conference 2020 - Low-Power Wide-Area...Francesco Flammini
 
Science of Computer Programming, Certificate of Reviewing
Science of Computer Programming, Certificate of ReviewingScience of Computer Programming, Certificate of Reviewing
Science of Computer Programming, Certificate of ReviewingFrancesco Flammini
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Ansaldo STS Innovation award 2009
Ansaldo STS Innovation award 2009Ansaldo STS Innovation award 2009
Ansaldo STS Innovation award 2009Francesco Flammini
 
Ansaldo STS Innovation Award 2014 - Francesco Flammini
Ansaldo STS Innovation Award 2014 - Francesco FlamminiAnsaldo STS Innovation Award 2014 - Francesco Flammini
Ansaldo STS Innovation Award 2014 - Francesco FlamminiFrancesco Flammini
 
IoT Research & Education at LNU
IoT Research & Education at LNUIoT Research & Education at LNU
IoT Research & Education at LNUFrancesco Flammini
 
Francesco Flammini - talk at DISCORAIL'19
Francesco Flammini - talk at DISCORAIL'19Francesco Flammini - talk at DISCORAIL'19
Francesco Flammini - talk at DISCORAIL'19Francesco Flammini
 
Smart-Troubleshooting Symbiotic Autonomous Systems in the Connected Society
Smart-Troubleshooting Symbiotic Autonomous Systems in the Connected SocietySmart-Troubleshooting Symbiotic Autonomous Systems in the Connected Society
Smart-Troubleshooting Symbiotic Autonomous Systems in the Connected SocietyFrancesco Flammini
 
SuccesfulGrantApplications_Jan 23, 2017_certificate-506560
SuccesfulGrantApplications_Jan 23, 2017_certificate-506560SuccesfulGrantApplications_Jan 23, 2017_certificate-506560
SuccesfulGrantApplications_Jan 23, 2017_certificate-506560Francesco Flammini
 

More from Francesco Flammini (20)

TRA Visions Senior Researcher Award 2024.pdf
TRA Visions Senior Researcher Award 2024.pdfTRA Visions Senior Researcher Award 2024.pdf
TRA Visions Senior Researcher Award 2024.pdf
 
RAILS - Railway Gazette 2023 (Flammini).pdf
RAILS - Railway Gazette 2023 (Flammini).pdfRAILS - Railway Gazette 2023 (Flammini).pdf
RAILS - Railway Gazette 2023 (Flammini).pdf
 
Award-Fedcsis Conference 2023.pdf
Award-Fedcsis Conference 2023.pdfAward-Fedcsis Conference 2023.pdf
Award-Fedcsis Conference 2023.pdf
 
Internationalization of the Curriculum Conference Certificate
Internationalization of the Curriculum Conference CertificateInternationalization of the Curriculum Conference Certificate
Internationalization of the Curriculum Conference Certificate
 
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
 
Appreciation Certificate
Appreciation CertificateAppreciation Certificate
Appreciation Certificate
 
Digital Twins for Trustworthy Autonomy
Digital Twins for Trustworthy AutonomyDigital Twins for Trustworthy Autonomy
Digital Twins for Trustworthy Autonomy
 
IEEE GCAIIoT 2020 certificate
IEEE GCAIIoT 2020 certificateIEEE GCAIIoT 2020 certificate
IEEE GCAIIoT 2020 certificate
 
IEEE Intelligent Transportation Systems Conference 2020 - Low-Power Wide-Area...
IEEE Intelligent Transportation Systems Conference 2020 - Low-Power Wide-Area...IEEE Intelligent Transportation Systems Conference 2020 - Low-Power Wide-Area...
IEEE Intelligent Transportation Systems Conference 2020 - Low-Power Wide-Area...
 
Science of Computer Programming, Certificate of Reviewing
Science of Computer Programming, Certificate of ReviewingScience of Computer Programming, Certificate of Reviewing
Science of Computer Programming, Certificate of Reviewing
 
ACM DSP appointment letter
ACM DSP appointment letter ACM DSP appointment letter
ACM DSP appointment letter
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
 
Ansaldo STS Innovation award 2009
Ansaldo STS Innovation award 2009Ansaldo STS Innovation award 2009
Ansaldo STS Innovation award 2009
 
Ansaldo STS Innovation Award 2014 - Francesco Flammini
Ansaldo STS Innovation Award 2014 - Francesco FlamminiAnsaldo STS Innovation Award 2014 - Francesco Flammini
Ansaldo STS Innovation Award 2014 - Francesco Flammini
 
IoT Research & Education at LNU
IoT Research & Education at LNUIoT Research & Education at LNU
IoT Research & Education at LNU
 
Francesco Flammini - talk at DISCORAIL'19
Francesco Flammini - talk at DISCORAIL'19Francesco Flammini - talk at DISCORAIL'19
Francesco Flammini - talk at DISCORAIL'19
 
Smart-Troubleshooting Symbiotic Autonomous Systems in the Connected Society
Smart-Troubleshooting Symbiotic Autonomous Systems in the Connected SocietySmart-Troubleshooting Symbiotic Autonomous Systems in the Connected Society
Smart-Troubleshooting Symbiotic Autonomous Systems in the Connected Society
 
SuccesfulGrantApplications_Jan 23, 2017_certificate-506560
SuccesfulGrantApplications_Jan 23, 2017_certificate-506560SuccesfulGrantApplications_Jan 23, 2017_certificate-506560
SuccesfulGrantApplications_Jan 23, 2017_certificate-506560
 
Attestato FLAMMINI ISO 14298
Attestato FLAMMINI ISO 14298Attestato FLAMMINI ISO 14298
Attestato FLAMMINI ISO 14298
 
IEEE-SMC-TCHS 2016
IEEE-SMC-TCHS 2016IEEE-SMC-TCHS 2016
IEEE-SMC-TCHS 2016
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Model-Based Approaches for Railway Safety, Reliability & Security

  • 1. 6th International Workshop on Verification and Evaluation of Computer and Communication Systems CNAM, Paris, France, August 27-28, 2012 Model-Based Approaches for Railway Safety, Reliability and Security Dr. Francesco Flammini Ansaldo STS Italy – Innovation & Competitiveness IEEE Computer Society Italy Chapter francesco.flammini@ieee.org
  • 2. Outline • Introduction to modern railway control systems • The need for model-based approaches • Succesful applications • Future developments VECoS’12, Francesco Flammini 2
  • 3. Catastrophic Failures in Railways • Some relevant rail accidents – Recent (July 23° 2011): Wenzhou (China) high-speed train collision, 40 killed, 192 injured – Most catastrophic: Amagasaki (Japan), 107 killed, 555 injuried – One of the oldest – Waterloo station, 1803 • Some sources – http://en.wikipedia.org/wiki/List_of_rail_accidents_(2010-2019) – http://danger-ahead.railfan.net/ VECoS’12, Francesco Flammini 3
  • 4. Computer-Based Railway Control Systems Control System Sensor Actuator System System ENVIRONMEN T • Safety-Critical Railway Control Systems: – Interlocking Systems – management of train route and signals in stations – Traffic Management Systems – management of train headways (trackside) – Train Control Systems – management of train movement (on-board) • Evolution from relays based to computer based → more complex failure modes • Embedded real-time reactive systems increasingly complex: – large, distributed, heterogeneous • Dependability attributes of interest: – Reliability Availability Mantainability Safety Security (RAMSS) • Important to evalutate such attributes in: – early development stages to support design choices ( fault forecasting) – verification and validation phase, to demonstrate compliance to RAMSS standard ( assessment / certificafion) VECoS’12, Francesco Flammini 4
  • 5. Automatic Train Protection Systems HMI TRAFFIC MANAGEMENT TRAIN CONTROL INTERLOCKING PHYSICAL CONTROL ENTITIES Adjacent IXL TRACK CIRCUIT Automation WAN System SIGNAL SWITCH POINT VECoS’12, Francesco Flammini ROUTE Communication 5 Man Machine IXL Central Computer STATION Interface Processing Unit
  • 6. Threats of system dependability Designers and Management Staff Normal Users Developers Users Data Network Maintainers Computer-Based Electrical Connections Control System Power Supply Vandals, Hackers, Terrorists Vibrations Temperature Moisture Electromagnetic Fields Environmental Cosmic Radiation Factors VECoS’12, Francesco Flammini 6
  • 7. The core of most control systems • Triple Modular Redundancy (TMR) Unit A Unit B Unit C • Many other fault-tolerance mechanisms – Design diversity Exclusion Exclusion Exclusion Logic – Error Correcting Codes A-B Logic B-C Logic A-C – Defensive programming – … Voter VECoS’12, Francesco Flammini 7
  • 8. Objectives of dependability assessment • Extensive simulation with real systems is unfeasible • We need to evaluate RAMSS attributes of interest with models as much as possible: – Holistic • System level failure modes – Realistic • Correct behavior with not too many conservative assumptions – Maintainable • No hyper-skills required to build and modify them – Efficient • Quick to build and evaluate on normal computers – Assessable • Readable and low error prone – … VECoS’12, Francesco Flammini 8
  • 9. New frontiers in dependability modeling • Multi-paradigm approaches, involving: – Multi-formalism modeling – Meta-modeling – Model-abstraction and transformation • Choice of the modeling approach most suited to the: • Objective of the analysis (performability, security, maintainability, etc.) • Constituent subsystems (small embedded device, workstation, etc.) • Abstraction layers (hardware, software state-machine, software functions, etc.) • Advantages: – Modular or compositional approach • Divide ed impera • Incremental, multi-level / hierarchical • Reuse (model libraries) – They allow for a trade-off among: • Ease of use • Expressive power • Solving efficiency VECoS’12, Francesco Flammini 9
  • 10. Experience report 1: issues • Main problem: – evaluate system availability with respect to system-level failure modes to demonstrate compliance to RAM requirements • Unfeasible with traditional single-formalism stochastic modeling approaches: – Queueing Networks ➪ limited expressiveness (no failure modeling) – Fault Trees ➪ limited expressiveness (no performance modeling) – Stochastic Petri Nets ➪ ungovernable complexity and limited efficiency (state space explosion) – … • Further problem: – how to evaluate the effect of real-world repair strategies (e.g. preventive maintenance, limited resources, etc)? VECoS’12, Francesco Flammini 10
  • 11. Experience report 1: solution AVAILABILITY MODEL (overall system, BN) PERFORMABILITY MODEL MAINTAINABILITY MODEL RELIABILITY MODEL (network / software, GSPN) (on-board, FT) (trackside, RFT) • F. Flammini, M. Iacono, S. Marrone, N. Mazzocca: "Using Repairable Fault Trees for the evaluation of design choices for critical repairable systems". In: Proceedings of the 9th IEEE Symposium on High Assurance Systems Engineering , HASE’05, Heidelberg, Germany, October 12-14, 2005: pp. 163-172 • F. Flammini, S. Marrone, N. Mazzocca, V. Vittorini: “Modelling System Reliability Aspects of ERTMS/ETCS by Fault Trees and Bayesian Networks". In: Safety and Reliability for Managing Risk: Proceedings of the 15th European Safety and Reliability Conference (published in September 1st 2006), ESREL’06, Estoril, Portugal, September 18-22, 2006: pp. 2675-2683 VECoS’12, Francesco Flammini 11
  • 12. Experience report 2: issues • Main problem: – evaluate TMR safety in presence of imperfect maintenance • Existing GSPN model assuming perfect maintenance hardly extensible – Low maintenability – Very limited efficiency • No other single formalism approach usable to solve the overall problem • Further problem: – how to improve the maintenability of the existing GSPN-based safety model? VECoS’12, Francesco Flammini 12
  • 13. Experience report 2: solution Finite State Machine OR Continuous Tim e Markov Chain OR Tim ed Autom ata REPAIR MODELS at different levels of detail (environmental & human factors, CTMC) Maintenance m odel im plem entation Choice of the m odel M aintenance M odel Interface Operational Status Com position Fault Events (OK, KO, Up w ith fault, etc.) (Transient, Permanent, etc.) Failure M odel Interface Choice of the m odel Hazardous Failure Erroneous output from voter One erroneous output and Same error in input data of both units Same error from the two Combination of latent errors Failure m odel voter failure units im plem entation Activation of Latent error Latent error errors of in A in B both A and B Erroneous Erroneous Erroneous output from Voter failure output from output from one unit A B EXISTING SAFETY MODEL Fault Tree Bayesian Netw ork GSPN (hardware, GSPN) + expressiveness, com plexity, realism - solving efficiency, readability, m aintainability • Flammini, F., Marrone, S., Mazzocca, N., Vittorini, V.: A new modelling approach to the safety evaluation of N-modular VECoS’12, Francesco Flammini redundant computer systems in presence of imperfect maintenance. In: Reliability Engineering & System Safety, Vol. 94, Issue 9, September 2009: pp. 1422–1432 13
  • 14. Experience report 3: issues • Main problem: – perform system functional verification of the European Railway Traffic Management System / European Train Control System (ERTMS/ETCS) • Issues: – extensive testing unfeasible due to system complexity (test-case number explosion) – testing required for both nominal and degraded conditions – unstable system requirements specification • Further problem: – How to detect missing requirements in order to improve system specification? (validation) VECoS’12, Francesco Flammini 14
  • 15. Experience report 3: solution 1. Model-based testing (dynamic verification) Partial_Supervision_1 Train Moving in a 1: Receive TAF Granted / Send Disconnection Request Disconnection_1 Disconnection Request Staff Responsible Mode Sent by the RBC – Automatic generation and reduction of the test-suite using 2: Receive standstill Position Report in TAF zone / Send TAF Request reference abstract models like Finite State Machines Partial_Supervision_2 Waiting for TAF 1: Receive TAF Granted / Send MA in Full Supervision Full_Supervision_1 Train Moving in Full Granted Supervision • F. Flammini, N. Mazzocca, A. Orazzo: “Automatic instantiation of abstract tests to specific configurations for large critical control systems”. In: Journal of Software Testing, Verification & Reliability (STVR), Vol. 19, Issue 2, pp. 91-110 • F. Flammini, P. di Tommaso, A. Lazzaro, R. Pellecchia, A. Sanseviero: "The Simulation of Anomalies in the Functional Testing of the ERTMS/ETCS Trackside System". In: Proceedings of the 9th IEEE Symposium on High Assurance Systems Engineering, LOGIC SPECIFICATION HASE’05, Heidelberg, Germany, October 12-14, 2005: pp. 131-139 Req. xx.yy: When the MA verification process is activated, the RBC Logic shall verify the status of the track circuits assigned to the MA and then […] ... UML MODEL verification of compliance 2 1) CLASS DIAGRAMS 2) SEQUENCE DIAGRAMS 3) STATECHARTS 2. Model-based code inspection MA -attributes MA TC MA_state1 +operations() 1 (static verification) verify_cond() Send_MA TC op() -attributes MA_state2 – Use of UML-based reverse * +operations() reverse 3 refactoring engineering and refactoring engineering 1 LOGIC CODE PROCESS MA; VARIABLES process_status, control, … COMMANDS send_MA, … COMMAND send_MA: • Flammini, F., Lazzaro, A., Mazzocca, N.: Modeling of Logic Code for Reverse Engineering, IF cond ASSIGN “ok” TO VARIABLE “control” Verification and Refactoring. In: The International Journal of Safety & Security Engineering, AND SEND AUTOMATIC COMMAND “op” TO PROCESS “TC” ... Vol. 1, no. 1, February 2011: pp. 77-94 VECoS’12, Francesco Flammini 15
  • 16. Experience report 4: issues • Main problem: – Quantitative security risk assessment to support the design of protection mechanisms and evaluate the return on investment • Issues: – Traditional reliability modeling formalisms (e.g. Fault Trees) inadequate for security modeling (e.g. no support for interdependant basic events) – Complexity in vulnerability modeling • Further problem: – How to demonstrate to the customer the optimality of security system design (e.g. size of subsystems)? VECoS’12, Francesco Flammini 16
  • 17. Experience report 4: solution RISK MODEL BAYESIAN NETWORKS STOCHASTIC PETRI NETS Threat Frequency Threat Vulnerability Attractivity Model Other assets' attractivity Model Likelihood of attack Intrinsic robustness Accessibility Existing protections Asset failure Aggregated asset failure Dependant asset failure R P V D Component asset failure Influencing asset failure Event Tree Fault Tree Threat Consequences Model Sistema Ferroviario Railway System * 1 1 1 Fixed Equip. Fisso Mobile Equip. Mobile EVENT TREES / CLASS DIAGRAMS 1 Infrastruct. Infrastruttura 1 1 * Controllo e Segnalamento Signalling & Control 1 * Rotabile Rolling S. 1 1 1 1 * 1 1 1 1 Rete di TLC Network Serv. Car Carrello Stock Merci Treno Train Passeng. Train Treno Passeggeri * Line sect. Tratto di linea Manag. & Maint. Gestione e manutenzione Segnaletica Signal Station Stazione 1 1 1 1 1 1 1 1 * * 1 0..1 0..1 1 * * * * SST Ground Rete TLC-LD WAN GSM-R Rete GSM-R 1 Locomotive Locomotore Switch Deviatoio Track Binario Tunnel Galleria Service S. Staz. Servizio * 1 1 1 1 * 1 1 1 Staz. Passeggeri Passenger S. Bridge Ponte Balise HMI TMR RTM 1 1 SSB 1 CdB Track Circ. 1 1 Sistema sensoriale 1 1 Sens. system 1 1 1 Temp. Ch. RTB 1 1 BTM DMI Sistema di attuazione Act. system • Genetic algorithms employed to automatically maximize the ROI while fulfilling external budget constraints • Flammini, F., Gaglione, A., Mazzocca, N., Pragliola, C.: Automatic Optimization of Security System Design by Quantitative Risk Assessment and Genetic Algorithms. In: International Journal of Risk Analysis and Management (IJRAM), Vol. 15, No. 2/3, 2011: pp. 205-221 • Flammini, F., Mazzocca, N., Moscato, F., Pappalardo, A., Pragliola, C., Vittorini, V.,: Multiformalism techniques for critical infrastructure modeling. In: International Journal of Systems of Systems Engineering (IJSSE), Vol. 2, No. 1, 2010: pp. 19-37 VECoS’12, Francesco Flammini 17
  • 18. • Are models useful only for dependability prediction and assessment? VECoS’12, Francesco Flammini 18
  • 19. Experience report 5: issues • Main problem: – On-line detection of threats for early warning and decision support • Issues: – Integration and reasoning of multi-sensor data – Need for real-time detection models • Further problem: – How to quantify uncertainity? VECoS’12, Francesco Flammini 19
  • 20. Experience report 5: solution DETECT Engine Scenario Repository Detected attack scenario Event History Alarm level (1, 2, 3, ...) EVENT TREES BAYESIAN NETWORKS NEURAL NETWORKS 2, <5’ →, <10’ IMS/SAW IR CAM 1 CAM 2 MIC CWA CWA FALL RUN FALL RUN SCREAM • Flammini, F., Mazzocca, N., Pappalardo, A., Pragliola, C., Vittorini, V.: Augmenting surveillance system capabilities by exploiting event correlation and distributed attack detection. In: Proc. 2011 Intl. Workshop on Security and Cognitive Informatics for Homeland Defence (SeCIHD’11), co -located with ARES’11, A M. Tjoa et al. (Eds.), LNCS 6908, pp. 191-204 • Flammini, F., Pappalardo, A., Pragliola, C., Vittorini, V.: A robust approach for on-line and off-line threat detection based on event tree similarity analysis. In: Proc. Workshop on Multimedia Systems for Surveillance (MMSS) in conjunction with 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance, Klagenfurt, Austria, August 29-30, 2011: pp. 414-419 VECoS’12, Francesco Flammini 20
  • 21. Work-in-progress & future developments • Definition of appropriate Model Driven Engineering (MDE) frameworks supporting Domain Specific Languages (DSL) and M2M transformations to enable high-level UML (annotated) modeling and automatic generations of solvable models DAM-RAIL (derived from UML MARTE-DAM profile) • Bernardi, S, Flammini, F., Marrone, S., Merseguer, J., Papa, C., Vittorini, V.: Model-driven availability evaluation of railway control systems. In: Proc. 30th Intl. Conf. on Computer Safety, Reliability & Security, SAFECOMP’11, Naples, September 19-21, 2011: pp. 467-479 VECoS’12, Francesco Flammini 21
  • 22. Further reading Flammini, F. (2012). Railway Safety, Reliability, and Security: Technologies and Systems Engineering, IGI Global, doi:10.4018/978-1-4666-1643-1 VECoS’12, Francesco Flammini 22
  • 23. Thank you for your kind attention Questions?