A Safety Analysis Method For High-speed Railway Train Control System In Requirements Phase Based On STPA

As a core technology and key equipment in high-speed railway, the High-speed Railway Train Control System (HRTCS) plays a vital role in ensuring the safety and the efficiency of the high-speed train. Once the safety problems of the HRTCS are emerging, it will cause traffic disruptions, and even train crash. Therefore, in order to ensure the safety of HRTCS, the scientific and effective safety analysis methods shall be performed in each phase of the HRTCS life-cycle to analyze and control the hazard, where the hazard analysis in the system requirements phase, as the early phase of system life-cycle, is the important premise for the system safety design and the safety assessment, and is significant to ensuring the safety of the HRTCS. However, with the development of computer, the communication and the control technology, the HRTCS has more complex functions and interactions between the components than the traditional ones, and its behavior temporal characteristic and the hybridity of the system is also more prominent. All of these bring a huge challenge for the safety analysis of the HRTCS.In the thesis, on the basis of the system-theoretic safety analysis thought, a safety analysis method of high-speed railway train control system based on STPA (System-theory Process Analysis) is proposed. To be more specific, on the basis of research on the behavior temporal characteristic of the HRCS, a new temporal logic called Control Action Temporal Logic (CATL) is defined and its reduction rules are proposed, which are introduced into the system-theoretic hazard analysis process. Based on the CATL, a formal description language and a solution algorithm for identifying inadequate control actions leading to hazards are defined, which provide the scientific and effective method for researching the hazard causal mechanism and the evolution law. Furthermore, the classification of control flaws of the HRTCS in requirements phase is researched, based on which a Function Failure Description Notation (FFDN), an algorithm for integrating the formal models, and a formal identification method are proposed to identify the root hazard causal factors more accurately and efficiently.The innovation of the thesis is as follows:(1) The study, for the characteristics of the HRTCS and its system requirements specification, proposes a variety ways combined with the hierarchical control block diagram, the UML state chart, the process model form and the function list to depict the safety model of the HRTCS, which could make the analysts describe the system more accurately.(2) The study proposes the CATL logic for the temporal relations between the control actions in HRTCS, which can be used for describing the temporal relations between the control actions in the HRTCS. In addition, the reduction rules of CATL are researched and proved based on the syntax and semantics of CATL. With these rules, the complex CATL expressions can be simplified to equivalent and simple forms, which could contribute to the analysis of actual control actions.(3) The study proposes a control action relation model (CARM) for the various relations between control actions of the HRTCS, and defines the symbolic description language of CARM to depict the relations between control actions. Moreover, an algorithm for identifying inadequate control actions and their temporal relations are defined.(4) The study proposes the FFDN to depict the function failures in the HRTCS system, and then defines the algorithm for models integration to integrate the system behavior model and the fault model. Based on such integrated model, the mature formalized tool is applied to the identification of hazard causal factors, which reduces the influence of subjective experience on the results to some extent.The thesis ends with the safety analysis of a study case in CTCS-3in requirements phase, by means of the method proposed in this thesis. And the inadequate control actions leading to hazards and the control flaws are identified, which actually are the direct causes and the root causes of system hazard. The safety constraints derived from the inadequate control actions provide the basis for the improvement of system requirements specification, and the control flaws are the premise and necessary condition for developing the safety requirements specification.