Outline 1. Background 2. System Performance: QoS 3. From Aviation to Railway 4. Hazard Analysis 5. Conclusion Hazard Analysis for GNSS-based Train Localisation Unit with Model Based Approach According to EGNOS SoL and Railway RAMS Debiao Lu , Daohua Wu, Prof. Dr.-Ing. Dr. h.c. Eckehard Schnieder Institute for Traffic Safety and Automation Engineering, TU Braunschweig, Germany IAIN 2012, Cairo
1. Background GNSS for Railways • ERTMS (European Railway Traffic Management System) • ETCS • GSM-R • requires self-sustaining train localisation. • GNSS has capability locating everywhere on the globe, with 24 hours a day. • EGNOS provide services for safety-related system plus integrity monitoring. • The SoL service is intended to support a wide range of transport domains. Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 2
1. Background Safety Requirements EGNOS has safety of life requirements: Nevertheless, the main objective of the EGNOS SoL service is to support civil aviation operations down to Localizer Performance with Vertical guidance (LPV). A summary of Safety of Life (SoL) service performance requirements for civil aviation is provided, both requirements for Non Precision and Precision Approaches have been issued by ICAO. US RTCA DO-254 US RTCA DO-178B Railway safety-related applications need to satisfy railway standards and legislations. Functional Safety (IEC 61508) EN 50126 (RAMS), EN 50129 EN 50128 Differences! Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 3
2. Quality of Service (QoS) How to categorise? Object Category Concept Event 1 n Relation Property Intentionality Abstraction 1 n Characteristic 1 n Quantity 1 1 Value Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 4
2. Quality of Service (QoS) Quality descriptions in GNSS Domain GNSS QoS : Accuracy, Continuity, Availability and Integrity Quality of Concept EGNOS SoL Reliability Property Accuracy (Continuity Integrity Risk) Reliability of Alarm Limit Precision Availability of Availability of Characteri Time-To-Alarm Integrity Trueness (Horizontal/ Accuracy (Horizontal/ Integrity (TTA) stic Service Vertical) Performance Vertical) Performance (Integrity Risk) Measurement Standard Percentage/ Confidence Percentage/ Quantity Deviation of Deviation Percentage Time Percentage Time Interval Inteveral Time Interval the Position (2 sigma) Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 5
2. Quality of Service (QoS) Quality descriptions in Railway domain Railway QoS : Reliability, Availability, Maintainability and Safety Quality of Concept Railway RAMS Safety Maintainability Availability Reliability Property SIL allocated by Reliability Maintainability Availability Failure Rate Failure Probability Tolerable Characteristic Probability Probability Probability Hazard Rate f ( t ) Hazard Rate Reliability Probability Failure Probability MTTF up M ( t ) Quantity A MTTR Distribution THR Distribution Distribution up MTTF MTTR R ( t ) up Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 6
2. Quality of Service (QoS) Quality descriptions in Railway domain as a whole Object Item, System, Ressource (external) Dependability Ressource Maintenance maintenance performance defect MTTR up state fault Availability down state availability performance MTBF V = MTTF Operation MTTF + F failure reliability performance MTTF VDI 4004 Part 5 Draft Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 7
2. Quality of Service (QoS) Railway and GNSS QoS Comparison Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 8
3. From Aviation to Railway EGNOS SoL service performance requirements EGNOS SoL Service Performance Requirements (ICAO) Horizontal Vertical Time-to- Horizontal Vertical Typical Accuracy Accuracy Integrity Alert Alert Limit Alert Limit Continuity Availability Operation (95%) (95%) (TTA) (HAL) (VAL) 1x10 -4 /h En-route 3.7 km 7.4 km 0.99 to 1x10 -7 /h (continental low N/A 5 min N/A to (2.0 NM) (4 NM) 0.99999 density) 1x10-8/h 1x10 -4 /h En-route 0.74 km 1.85 km 0.99 to 1x10 -7 /h N/A 15s N/A to Terminal (0.4 NM) (1 NM) 0.99999 1x10-8/h 1x10 -4 /h Non precision 220 m 556 m 0.99 to N/A 1x10 -7 /h 10s N/A to approach (720 feet) (0.3 NM) 0.99999 1x10 -8 /h Approach 1x10 -7 1x10 -6 /15 s operations with to 16 m 20 m 40 m 50m 0.99 to 10s to 2x10 -7 vertical (52 feet) (66 feet) (130 ft) (164 feet) 0.99999 8x10 -6 /15 s guidance approach Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 9
3. From Aviation to Railway SoL relation to RAMS Railway QoS Aviation QoS Value 8x10 -6 /15 s Reliability Continuity Risk Availability Availability 0.99 to 0.99999 Maintainability Related to Availability 2x10 -7 /approach Safety Integrity Risk From Integrity Risk to Safety Aviation: Integrity Risk (per approach 150 seconds) Railway: Safety (Tolerable Hazard Rate per hour per function) Per approach to per hour • formal way • certifiable way • applicable way Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 10
3. From Aviation to Railway Integrity and PFH Integrity is ability of the system to provide timely warnings to user of when the system should not be used for navigation. Requires to provide timely warnings only when GNSS SIS cannot be used. IR is defined as unacceptable probability of dangerous failure per operation . It does not require to guarantee integrity over some period of time. It is guaranteed by continuity, but only for, the most critical phase of operation. Safety is defined as freedom from unacceptable risk of harm. [EN 50126] The risk is defined in safety-related systems by means of Probability of dangerous Failure per Hour ( PFH ). Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 11
3. From Aviation to Railway Petri Net Petri Net: formal modelling tool (different forms in this presentation) Graphical and Mathematical modelling tools graphical tool p2 visual communication aid mathematical tool t2 state equations, algebraic equations, etc t1 p1 Suitable for: p4 • Concurrent • Asynchronous • Distributed • Parallel • Nondeterministic • Stochastic systems t3 p3 Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 12
3. From Aviation to Railway Translation Integrity to Hazard Rate 1 hour state initial state up state period 1 up state period 2 up state period 3 up state period 24 ... faulty state faulty state faulty state ... 24 approaches 24 x 150s = 1 hour Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 13
3. From Aviation to Railway Reliability Continuity : The ability of the system to perform its function without interruption during the intended operation. Reliability : The probability that an item can perform a required function under given conditions for a given time interval (t1, t2). initial state up state faulty state Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 14
3. From Aviation to Railway Quantitative Numbers 1 hour state initial state up state period 1 up state period 2 up state period 3 up state period 24 initial state up state faulty state ... faulty state faulty state faulty state ... Transition Proportion Transition Proportion Work 0.0416666 Work 0.00416271 1.96555x10 -7 7.8651x10 -6 Fail Fail 4.7x10 -6 1.9x10 -3 THR(/hour) Reliability(/hour) Safety Reliability Railway QoS Value Aviation QoS Value 1.9x10 -3 /hour 8x10 -6 /15 s Reliability Continuity Risk Availability 0.99 to 0.99999 Availability 0.99 to 0.99999 Maintainability Related to Availability 4.7x10 -6 /hour 2x10 -7 /approach Safety Integrity Risk Hazard Analysis for GNSS-based Train Localisation Unit with Model Based approach According to EGNOS SoL and Railway RAMS | 02.10.2012 | M. Sc. Debiao Lu | IAIN 2012 | Slide 15
Recommend
More recommend
