ETCS On-board Unit Safety Testing: Saboteurs, Testing Strategy and Results
Downloads
It is necessary to verify the faults tolerance of the European Train Control System (ETCS) on-board unit even if these faults are uncommon. Traditional test methods defined and used in ETCS do not allow to check this, so it is necessary to develop a new mechanism of tests. This paper presents the design and implementation of a saboteur applied to the railway sector. The main purpose of the saboteur is the fault injection in the communication interfaces. By means of a virtual laboratory it is possible to simulate actual train journeys to test the ETCS on-board unit. Making use of the saboteurs and the virtual laboratory it is possible to analyse the behaviour of the train in the presence of unexpected faults, and to verify that the decisions taken are correct to ensure the required safety level. Therefore, this work shows a testing strategy based on different kinds of train journeys when faults are injected, and the analysis of the results.
Downloads
CENELEC. EN50129, Railway applications - Communication, signalling and processing systems - Safety related electronic systems for signalling. Brussels: CENELEC; 2005.
UNISIG. SUBSET-076, ERTMS/ETCS Class 1, test plan. Brussels: UNISIG; 2009.
UNISIG. SUBSET-094, Functional Requirements for an on board Reference Test Facility. Brussels: UNISIG; 2009.
International Union Of Railways. ETCS [Internet]. 2015 Aug 08 [cited 2016 Apr 26]. Available from: http://www.uic.org/ETCS
The European Rail Traffic Management System. ERTMS in 10 questions [Internet]. 2014 Jan 14 [cited 2016 Apr 20]. Available from: http://www.ertms.net/?page_id=23
RSSB. GE/GN8605 ETCS System Description. London: RSSB; 2010.
UNISIG. SUBSET-091, Safety Requirements for the Technical Interoperability of ETCS in Levels 1 & 2. Brussels: UNISIG; 2009.
CEDEX. Eurocab Madrid-Seville European tests (EMSET), Cordis FP4. Madrid: CEDEX; 1999.
UIC. Integrated European Signalling System (INESS). Paris: UIC; 2012.
UNISIG. SUBSET-088, ETCS Application Levels 1 & 2 - Safety Analysis. Brussels: UNISIG; 2012.
UNISIG. SUBSET-085, Test Specification for Eurobalise FFFIS no 3. Brussels: UNISIG; 2012.
UNISIG. SUBSET-103, Test Specification for Euroloop no 1. Brussels: UNISIG; 2012.
CENELEC. EN61508, Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems. Brussels: UNISIG; 2000.
Mendizabal J. Methodology & Tools for the Design & Verification of SIL4 SW Based on MDD [PhD thesis]. San Sebastian: University of Navarra; 2012.
Hsueh M-C, Tsai TK, Iyer RK. Fault injection techniques and tools. IEEE Computer Society. 2002 Aug;30(4):75-82.
Karlsson J, Folkesson P, Arlat J, Crouzet Y, Leber G, Reisinger J. Application of Three Physical Fault Injection Techniques to the Experimental Assessment of the MARS Architecture. IEEE Int’l Working Conference on Dependable Computing for Critical Applications; 1998; California, USA.
Looker N, Munro M, Xu J. A comparison of network level fault injection with code insertion. 29th Annual International Computer Software and Applications Conference; 2005 Jul 26-28; Edinburgh, Scotland. California: IEEE; 2005.
Arlat J, Crouzet Y. Comparison of physical and software-implemented fault injection techniques. IEEE Transactions on Computers. 2003 Sept;52(9):1115-1133.
Baraza JC, Gracia J, Gil D, Gil PJ. A prototype of a VHDL-based fault injection tool: Description and application. Journal of Systems Architecture. 2002 Apr;47(10):847-867.
Folkesson P, Svensson S, Karlsson J. A comparison of simulation based and scan chain implemented fault injection. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing; 1998 Jun 23-25. IEEE; 2002.
Ejlali A, Miremadi SG, Zarandi H, Asadi G, Sarmadi SB. A Hybrid Fault Injection Approach Based on Simulation and Emulation Co-operation. International Conference on Dependable Systems and Networks; 2003 Jun 22-25; San Francisco, USA. IEEE; 2003.
Solas G, Mendizabal J, Valdivia L, Añorga J, Adín I, Podhorski A, et al. Development of an Advanced Laboratory for ETCS applications. Transport Research Arena Conference; 2016 Apr 18-21; Warsaw, Poland. Padova: Elsevier; 2016.
Solas G, Valdivia L, Añorga J, Podhorski A, Mendizabal J, Pinte S, Marcos L. Virtual Laboratory for on-board ETCS equipment. IEEE 18th International Conference on Intelligent Transportation Systems; 2015 Sept 15-18; Canary, Spain. IEEE; 2015.
Sondi P, Berbineau M, Kassab M, Wahl M, Gransart C, Lemaire E, Mariano G, et al. Virtual lab based on co-simulation to include impairments of wireless telecommunication such as GSM-R in the evaluation of ERTMS International Union of Railway. Transport Research Arena Conference; 2014 Apr 14-17; Paris, France.
Aguado M, Pinedo C, Lopez I, Ugalde I, de Las Munecas C, Rodriguez L, Jacob E. Towards zero on-site testing: Advanced traffic management & control systems simulation framework including communication KPIs and response to failure events. IEEE 6th International Symposium on Wireless Vehicular Communications; 2014 Sept 14-15; Vancouver, Canada. IEEE; 2014.
CEIT, ESOL, FRAUNHOFER, NSL, TRIT, UGLA, INTEGRASYS. EATS: ETCS Advanced Testing and Smart Train Positioning System, FP7 agreement nr. 31419. Brussels: CEIT; 2012.
Ferier L, Lukicheva S, Pinte S. Formal Methods Applied to Industrial Complex Systems. 1st ed. Hoboken, USA: John Wiley & Sons, Inc; 2014.
European Railway Agency. ETCS driver machine interface. Brussels: European Railway Agency; 2009.
UNISIG. SUBSET-026, System requirements Specification - Baseline 3. Brussels: UNISIG; 2010.
