In railway train-borne equipment, the Driver Machine Interface (DMI) acts like a bridge between the train driver and the onboard automatic train control system (European Vital Computer, EVC). While the DMI is required to operate in a critical context, current DMIs have no safety requirements. This implies that the EVC may automatically stop the train whenever the DMI is suspected to misbehave, leading to delay of the train, inconvenience for passengers and consequent possible profit loss. For these reasons a DMI with higher safety requirements is worth to be taken into account, even if it implies higher costs. The SAFEDMI European project aims at developing (i) a DMI at Safety Integrity Level 2 (SIL 2) using off-the-shelf components and a simple hardware architecture to reduce costs, and (ii) a SIL 2 wireless communication support for maintenance. This paper describes the architecture of a DMI which satisfies these objectives. The main hardware and software characteristics will be shown, including the proposed error detection techniques and the related fault handling (characterized by a new operational mode that allows DMI to restart silently, thus reducing unexpected train stops).
A resilient SIL 2 Driver Machine Interface for train control systems / A. Ceccarelli;I. Majzik;D. Iovino;F. Caneschi;G. Pinter;A. Bondavalli. - STAMPA. - (2008), pp. 365-374. (Intervento presentato al convegno IEEE DEPCOS-RELCOMEX nel 2008-June) [10.1109/DepCoS-RELCOMEX.2008.33].
A resilient SIL 2 Driver Machine Interface for train control systems
CECCARELLI, ANDREA;BONDAVALLI, ANDREA
2008
Abstract
In railway train-borne equipment, the Driver Machine Interface (DMI) acts like a bridge between the train driver and the onboard automatic train control system (European Vital Computer, EVC). While the DMI is required to operate in a critical context, current DMIs have no safety requirements. This implies that the EVC may automatically stop the train whenever the DMI is suspected to misbehave, leading to delay of the train, inconvenience for passengers and consequent possible profit loss. For these reasons a DMI with higher safety requirements is worth to be taken into account, even if it implies higher costs. The SAFEDMI European project aims at developing (i) a DMI at Safety Integrity Level 2 (SIL 2) using off-the-shelf components and a simple hardware architecture to reduce costs, and (ii) a SIL 2 wireless communication support for maintenance. This paper describes the architecture of a DMI which satisfies these objectives. The main hardware and software characteristics will be shown, including the proposed error detection techniques and the related fault handling (characterized by a new operational mode that allows DMI to restart silently, thus reducing unexpected train stops).
| File | Dimensione | Formato | |
|---|---|---|---|
|
depcos2008.pdf
Accesso chiuso
Tipologia:
Versione finale referata (Postprint, Accepted manuscript)
Licenza:
Tutti i diritti riservati
Dimensione
191.01 kB
Formato
Adobe PDF
|
191.01 kB | Adobe PDF | Richiedi una copia |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
