A Hazard Analysis Method For High-Speed Railway Train Control System Based On The STPA-SPN

With the continuous development of computer and network technologies,the High-speed Railway Train Control System(HRTCS)has more complicated functions and complex interactions.At the same time,it has to be facing new challenges in terms of system hazard analysis.However,the traditional methods currently applied based on brainstorming and experience science have made it difficult to carry out unsafe scenario identification and hazard casual factors analysis for complex systems.Thus,this paper proposes a hazard analysis method based on System Theoretic Accident Model and Process(STPA)and Stochastic Petri Net(SPN),which can identify the hazard and its causes in HRTCS.Firstly,this paper reviews typical methods applied in the railway field and their application from the view of the accident model they based on.The applicability of various methods for HRTCS is analyzed,and the advantages and disadvantages of methods are summarized.Through comparison,it is found that the STPA method based on the system-theoretic safety thought is more suitable for the technical features and development trend of the HRTCS.However,this method still has some defects in engineering application.Secondly,to cope with the problem that the control flaw definition in the STPA method is too general and lack of guidance.the paper defines the control flaw types for HRTCS application.The component-level failure modes of the train control equipment are summarized based on the fault statistics of the HRTCS.And the types of control flaw are further extracted to assist the follow-up analysis of the casual factors based on the role of the train control equipment in the control loop.Moreover,to cope with the problem that it does not have auxliary tool when STPA is used to the hazard analysis of the train control system,the STPA tool is designed and programmed.Thirdly,to cope the problem that the STPA method does not give a clear process for top-level hazards definition,the paper proposes a top-level hazard identification method based on external interaction scenario.The operation scenarios of the train control system are divided according to its operational process,the interaction activities of the system with the outside are extracted based on these scenarios,and the abnormal interaction actions within control of the system are identified as top-level hazard.The top-level hazard identification process with a standard structure of hazards description is proposed.Through the traversal of the scenario,the comprehensiveness of the top-level hazard is ensured,and the identification process of the hazard scenario is more reasonable and complete.Fourthly,to cope with the problem that the SPTA cannot model the detail controllogic and message transition for lower level design of complex system and the absence of tool-aided support for hazard causal analysis,the paper proposes an integrated hazard analysis method combining STPA with SPN,and the application process of the method.In concept phase,after the definition of system-level hazards and safety constraints,the hierarchical control structure and process models are built to describe the system activities in different scenario.The STPA method is used for the identification of the unsafe actions.In the architecture phase,the SPN model is used to describe the workflow and control logic involved in the scenario.In the hazard analysis phase,the hazard causal factors are analyzed based on the SPN model reachability graph and the status matrix,and the corresponding safety requirements are deduced.Finally,the STPA-SPN method is applied to the hazard analysis of high-speed train control system for the scenario of temporary speed restriction and track occupancy check in section signaling.The unsafe control actions leading to hazards and the control flaws are identified.The safety requirements derived from the unsafe control actions are proposed for the improvement of high-speed train control system.