Marina Aguado, PhD, Associated Professor - University of the Basque Country (UPV/EHU)
Next generation train control communication architectures: Cybersecurity and resilience aspects.
The European vision for the future of rail in 2050 embraces an integrated, sustainable and safe high-speed passenger, freight and urban mass transport service. To turn this vision into reality, research in key areas such as traffic signalling systems and safety analysis plays a crucial role. Traffic signalling systems make use of specific railway communication technologies subject to, on one hand, a most challenging electromagnetic environment such as the railway one and on the other, to an evolution towards IP technologies. At this session, we will cover the evolution of traffic signalling systems. The current approach is moving away from dedicated circuit-switched technology and towards advanced mobile technologies based on IP and shared medium access. This approach introduces huge opportunities but also new risk scenarios. We present how electromagnetic disturbances, noise and rough conditions may disrupt the railway communication architectures resulting in the introduction of a potential risk into the railway operation. The main goal of our research is to establish the link between noisy and rough conditions and the Quality of Service or Key Performance Indicators (KPIs) of a Railway Control Signalling System (RCSS). We will present methodologies and tools to increase resilience while reducing potential technical risks and promoting an efficient, integrated, sustainable and safe transport mode. Last but not least, we will present a RCSS simulation analysis framework to validate new communication strategies and to decrease deployment cycle activities.
_______________________________________________
Ralf Borndörfer, Professor, Dr. habil., The Zuse Institute Berlin, Germany
Vehicle rotation planning for ICE highspeed trains
The long distance department of Deutsche Bahn operates about 250 highspeed train sets of different types, transporting some 340,000 passengers per day. Clearly, the efficient use of this rolling stock is of prime importance to ensure the smoothness and the profitability of this operation and must be planned with great care. The resulting vehicle rotation planning problem (VRPP) turns out to be a large-scale and difficult combinatorial optimization problem, that includes the simultaneous computation of rotations for the individual vehicles, their maintenance and parking, and their composition to trains, subject to constraints on facility capacities, turning times, operational regularity, and more, over a day horizon of several days. This talk reports on the results of an ongoing research project with DB on this topic. The project started in 2009 and lead to development of a vehicle rotation optimizer ROTOR that is used today within DB's planning system FEO. ROTOR is based on a hypergraph model of train rotations that is solved using a novel coarse-to-fine column generation approach. This method allows to deal with very large problem instances by searching through representations of the problems on varying levels of detail, that are determined in an adaptive way. With this method, one can analyze the effects of operational constraints such as regularity or turning times, that, in a sense, are supposed to increase the robustness of the railway operations, onto the costs. It turns out that such constraints can be enforced without need for further vehicles, but at some additional cost.
_______________________________________________
Jan Peleska, Professor at Bremen University, Germany.
Hand in Glove: Complete Bounded Model Checking and Testing of Interlocking Systems
In this presentation we focus on automated model-based testing of route-based interlocking systems. Having a design model at hand that has been completely verified with respect to its safety properties (this is done in a previous step using bounded model checking and inductive reasoning), this model can also be used for model-based testing. We show how complete test suites can be applied in practice, if a novel equivalence class testing strategy is applied in combination with a compositional testing strategy. “Complete” testing strategies are capable of detecting any deviation from the reference model, provided that the implementation behaviour is reflected by a member of a given fault domain. We justify why these strategies are preferable over intuitive testing heuristics, because their strength is still superior to that of intuitive random approaches, even when applied against implementations outside the fault domain. The work presented here has been applied to “real-world” interlocking system designs that are part of the new Danish high-speed train network which is currently under construction.
_______________________________________________