Skip to main content

SAFE architecture for Robust distributed Application Integration in roLling stock

Periodic Reporting for period 2 - SAFE4RAIL (SAFE architecture for Robust distributed Application Integration in roLling stock)

Reporting period: 2017-10-01 to 2018-12-31

Safe4RAIL provided the baseline for a fundamentally simplified embedded computing and networked Train Control and Management System (TCMS) platform, for modular integration and certification of all safety-, time- and mission-critical train functions, including distributed hard real-time controls, safety signals and functions up to Safety Integrity Level (SIL) 4.
The generic embedded platform architecture provided by Safe4RAIL allows mixed-criticality integration and virtualization to host critical and non-critical functions on reconfigurable computing and networking resources based on the Drive-by-Data networking concept using deterministic Ethernet and the Functional Distribution Framework middleware concept. These two concepts together compose the Integrated Modular Platform for next-generation TCMS (NG-TCMS. The Safe4RAIL simulation and testing environment is based on the hardware abstraction and domain separation concepts allowing rapid deployment and testing of applications, e.g. by supporting early functional integration testing long before vehicle integration. The results of Safe4RAIL were demonstrated with a SIL4 brake-by-wire system safety concept. Finally, the project provided recommendations for standardization of NG-TCMS platforms. Safe4RAIL reduced the lifecycle and operating cost and minimizes time-to-market by: (1) minimized physical complexity: reduced weight, wiring, connector and computer count, increased part commonality, reliability and availability (2) supporting streamlined approaches to verification/testing, validation, reuse, and (re)certification (3) incorporating reconfiguration and modular certification to reduce system integration and recommissioning costs. Safe4RAIL results encouraged the interoperability as well as efficient, safe and secure interconnections of technical solutions among European railway providers, boosting the worldwide competitiveness and preserving the global leadership of the European transport industry.
The Safe4RAIL project started with a State-of-the-Art analysis for avionic, automotive and railway domains, whereby the respective requirements for all associated levels were collected and defined. Based on the analysis, the concept for design and methodology for NG-TCMS up to SIL4 was established. This includes the Drive-by-Data networking platform and the Functional Distribution Framework middleware concept.
For Drive-by-Data, the communication concept was further refined, and proof-of-concept implementations were developed for: (a) Railway Ethernet Switch Core, (b) Integration of Ethernet Network with software Framework, (c) Network Simulation and Modelling environment (d) Network Verification environment, and (e) Network Configuration tool. For the Functional Distribution Framework, the reference architecture solution was finalized, three instantiations and proof-of-concepts based on a) INTEGRITY, b) PikeOS and c) AUTOSAR were developed.
Furthermore, concepts for the distributed simulation framework concept for efficient co-simulation at different sites, and a simulation environment for the validation of TCMS interfaces to ground systems including testing of compliance to relevant railway standards was defined. For this “Virtual placement in the market”, proof-of-concept implementations were developed for a) the distributed simulation framework and b) the Train2Ground Test Environment (T2G TE) and are evaluated using example test cases, real hardware and real MCG implementations.
Finally, the application domain “Brake-by-Wire” focused on the safety aspects related to the development of a Brake-by-wire system, specifically when integrated in a NG-TCMS platform. Within this domain, we completed the systematic safety analysis with two FTA examples to allocate the THR targets, the completion of development for the train emergency brake up to the definition of the requirements applied to Electronic Control devices for hardware and software, and the requirements applied to the IMP. Furthermore, the Hazard Analysis was completed, and safety assessment activities were performed.
In addition to the technological results, Safe4RAIL has provided contributions on the general technical standards such as IEEE802.3 rail specific standard e.g. IEC61375, or safety and security standards e.g. CENELEC.
Moreover, Safe4RAIL has provided significant results with respect to collaboration and dissemination activities. Several dissemination activities have been organized, e.g. ( Safe4RAIL’s Mid-Term Conference in Prague, 25.1.2018 Safe4RAIL integrated demo at InnoTrans in Berlin, 18-21.9.2018).
19 technical paper has been published during the project period for more details please see the project website. Additionally, the project website has been set up, flyers and a poster have been created, project newsletters were released, a podcast recorded as well as a final video summarizing the results made publicly accessible.
Integrated Modular Platform (IMP) Concept: IMP is the facilitation of system integration, interfacing and information transfer from one application partition to another application partition in the networked system. It focuses on all system integration capabilities required to define an integrated modular platform which can host different TCMS, door control, braking, safety or other non-critical functions in one system.
Networking Concept: The Drive-by-Data concept is built using the partitioning mechanisms in the form of “deterministic Ethernet dataflows” and separate the logical/temporal behaviour. The concept of the train-wide network virtual bus is introduced as a form to simplify the configuration of inter-consist communication and ensure that all consists have full access to state information of all other consists in a timely manner.
Middleware Concept: The Functional Distribution Framework concept allows modular integration of TCMS applications, and hosts distributed safety-critical and non-critical application side-by-side on the same hardware platform in distributed NG-TCMS systems. The goal of this mixed-criticality application is to provide solutions to fulfil functional safety-critical and non-critical requirements and non-functional requirements that support functional distribution, interoperability, reconfiguration, deterministic inter-partition communication, hardware and communication abstraction and virtual coupling of services.
Simulation framework: a network centric simulator that allows co-simulating End Device models with network models to gain insight into the functionality, timing, reliability and safety of the TCMS from a network point of view. The framework ensures the validations of TCMS by means of automation and fault injection tests. This framework is composed of a Simulation Framework, in charge of electro-mechanical and functional simulation, and a Communication Emulator, in charge of providing communication among all the different devices in the TCMS.
T2G TE: design of tools for testing T2G interfaces of an on-board (mobile) communication gateway (MCG) and ground communication gateway (GCG), Such test tools include MCG and GCG simulators, controllable hardwired or wireless data link, ground application simulator, and support automatic tests.
Brake-by-Wire concept: Safety, Verification and Validation activities, assuring that the Brake-by-wire system is designed fulfilling the requirements stated in the CENELEC standards also in the context of the NG-TCMS.
Safe4RAIL Project Logo
Safe4RAIL Technical Approach