基于STPA与时序逻辑的CTCS-3级列控系统安全分析

Safety Analysis of CTCS-3 Train Control SystemBased on STPA and Sequential Logic

中国列车控制系统(Chinese train control system,CTCS)作为一种安全苛求系统,使用前需要经过严格的安全分析和测试。对我国铁路客运干线主要采用的CTCS-3级列控系统而言,由于传统的安全分析方法主要关注单一场景,因而对其复合场景的安全性分析存在欠缺。此外,CTCS-3列控系统对控制时序有严格要求,现有安全分析方法难以有效解决该问题。为解决上述问题,采用基于系统理论的过程分析方法,以便更全面、更准确地分析CTCS-3级列控系统的安全性。首先,在分析CTCS-3级列控系统典型运营场景的基础上,提取由列控系统直接控车的运营场景,并建立分层控制结构模型;其次,结合时序逻辑辨识运营场景的不恰当控制行为,并将各场景中互不冲突的不恰当控制行为组合成复合场景;最后,对复合场景进行分析,辨识导致不恰当控制行为的控制缺陷。仿真结果表明:系统理论的过程分析方法可以实现对CTCS-3级列控系统复合场景功能的安全性分析。

As a safety-critical system,the Chinese train control system(CTCS)needs to undergo rigorous safety analysis and testing before it can be used.For the CTCS-3 level train control system,which is mainly used on the main railway lines in China,the traditional safety analysis method focuses on a single scenario so it which will cause a lack of safety analysis for compound scenarios.In addition,the CTCS-3 column control system has strict requirements on control timing,and the existing safety analysis method is difficult to effectively solve the problem.In order to solve the above problems,a process analysis method based on system theory is used to analyze the safety of the CTCS-3 level column control system in a more comprehensive and accurate way.Firstly,based on the analysis of the typical operation scenarios of CTCS-3 level train control system,the operation scenarios where the train is directly controlled by the train control system are extracted,and a hierarchical control structure model is established.Secondly,the inappropriate control behaviors of the operation scenarios are identified in conjunction with the timing logic,and the inappropriate control behaviors in each scenario that do not conflict with each other are combined to form a composite scenario.Finally,composite scenarios are analyzed to identify control defects that lead to inappropriate control behavior.The results show that the system-theoretic process analysis approach can be implemented to analyze the safety of composite scenario functions in CTCS-3 level train control systems.