Research On Component-interaction Fault Analysis Method Of Railway Signalling System

This dissertation studies the relationship between component safety and system safety from the perspective of system theory.After analyzing a large number of safety accidents,the conclusion is drawn as follows:even if no failure occurs to any component of a system,the system is not necessarily safe.This is called the component-interaction fault,which is often overlooked.The component-interaction fault means when accidental or unexpected interactive behaviors occur among components,the improper interactions would probably cause system fault.The safety of the railway signalling system,which is a typical safety-critical system,plays a pivot role in the entire railway transportation system,and the interaction among components within the signalling system is extremely complicated.The traditional safety analysis method which is based on the chain of events has certain limitations in the application of safety analysis.Therefore,it is of great significance to develop a suitable method to identify different types of potential hazard and fault causation,aiming at the component-interaction fault of the railway signalling system.Based on deep studies of the mechanism of the component-interaction fault,this dissertation provides the general classification of the component-interaction fault,and puts forward two sources of hazard that contribute to the component-interaction fault,including hazard sources that are related to system requirement specification,and that are related to component function failure.After that,the method of STPA(STAMP-Based Hazard Analysis),which is a new technology based on system theory,is employed.Extended measures based on formal methods during the implementation of STPA are put forward to analyze the component-interaction fault within a signalling system,which provides a more effective method to identify hazard causation of the system,and to analyze the failure propagation paths.The main contents of the dissertation are as follows:(1)UML(Unified Modeling Language)is adopted to supplement the modeling approaches within STPA;the railway signalling system is portrayed from the two dimensions of system behavior and state evolution,and the extension design for hybrid-oriented modeling is conducted,which contributes to the improvement the accuracy of the model.(2)Conversion rules from UML to HYTECH are given.Based on CFFDN(Component Function Failure Description Notation),text descriptive language of failure model is given to describe component function failures;and integrated algorithm of failure models and normal models is provided to construct HYTECH model which contains component failure descriptions.(3)The method of identifying hazard sources which is based on reachable set computation is researched:using the HYTECH validation tool,the reachable set is calculated with the inappropriate control identified by STPA as the target set.The identification of hazard sources related to system requirement specification is implemented through the reachable set calculation of the system HYTECH model;and the identification of hazard sources related to component function failure is implemented through the reachable set calculation of HYTECH model which contains component failure descriptions.(4)Parallel monitoring technology is recommended to be used to reduce the occurrence possibilities of component-interaction fault,and the working process of the parallel monitoring system is defined.Lastly,methods introduced in this dissertation are used to analyze the hazard causations in the working scenario of the parallel monitoring system,the conclusions of which have validated the integrity of the functional requirement of the parallel monitoring system recommended in this dissertation,and also have provided guidance in identifying hazard sources that cause the system failure.(5)Based on safety constraints network model,this dissertation gives a method of importance calculation combined the local importance and global importance,which realizes the evaluation of the security constraints importance and provides scientific evidence for system designers to conduct risk control.50 figures,16 tables and 74 references.