Dependability Construction Research Of Train-centric CBTC System Based On STPA And CPN

Dependability construction refers to a self-verifiable method to form the dependability of the system for the development procedure in a systematic way.Train-centric CBTC(Tc CBTC)system is one of the novel Communication-based Train Control(CBTC)systems and is based on train operation plans and real-time positions to realize the autonomous resource management function and the active interval protection function,etc.Tc CBTC has been proven to be safer,more efficient,more flexible,more economic and easier to deploy than traditional ground-centric CBTC.The dependability construction of Tc CBTC system is of great significance because the architecture of Tc CBTC system has changed a lot and on-board facilities are of higher functional coupling degree.Utilizing the System-Theoretical Process Analysis(STPA)and Colored Petri Net(CPN),the main content of the thesis covers the following four aspects in order to achieve the dependability construction of Tc CBTC system:(1)According to the division of the facilities,the newly-introduced functional requirements of the facilities are analyzed by various forms,such as flow charts,sequence charts and block diagrams.Intelligent Train Supervision(ITS),Train Management Center(TMC),Object Controller(OC),Intelligent Vehicle On-board Controller(IVOC)are analyzed in turn.The focus is on the analysis of Train-Train Communication Management(TTCM)unit,Route Resource Management(RRM)unit,Movement Authority Calculation Unit(MAU)of IVOC.(2)On the basis of the functional requirements,the altered safety requirements of the altered functions are analyzed by STPA method.In STPA Step0,the system-level accidents and system-level hazards are defined.Additionally,a hierarchical control structure diagram is constructed.In STPA Step1,the Unsafe Control Actions(UCAs)of the three altered functions are obtained,i.e.,Temporary Speed Restriction(TSR)setting and generation function,the autonomous resource management function and the active interval protection function.In STPA Step2,the refined UCAs and causal factors are obtained.By comparing the results with other methods,it is proven that STPA can find more causal factors in terms of the quantity,types and details.(3)Communication module and safety communication module are established from the Train-Train(T2T)link procedure and Railway Signal Safety Communication Protocol-II(RSSP-II)to research the feasibility of T2 T link and the uncertainty of the delay.In the proposed two models of T2 T link,the requirements of the basic model properties are satisfied.The specific safety requirements are verified.In terms of the probability and values,the delay of the T2 T link satisfies the Quality of Service(Qo S)requirements of Long Term Evolution for Metro(LTE-M)for providing the CBTC service.(4)Following the top-down modelling idea,a hierarchical CPN model of Tc CBTC system is constructed based on the hierarchical control structure diagram and functional requirements,where the IVOC model is the core modelling issue.Simulation results prove that the logical functions are correctly implemented and the basic model properties are satisfied.The results of Computation Tree Logic(CTL)queries verify the safety requirements.Besides,the safety requirements from STPA results are verified.