Abstract
It is necessary to verify the faults tolerance of the European Train Control System (ETCS) on-board unit even if these faults are uncommon. Traditional test methods defined and used in ETCS do not allow to check this, so it is necessary to develop a new mechanism of tests. This paper presents the design and implementation of a saboteur applied to the railway sector. The main purpose of the saboteur is the fault injection in the communication interfaces. By means of a virtual laboratory it is possible to simulate actual train journeys to test the ETCS on-board unit. Making use of the saboteurs and the virtual laboratory it is possible to analyse the behaviour of the train in the presence of unexpected faults, and to verify that the decisions taken are correct to ensure the required safety level. Therefore, this work shows a testing strategy based on different kinds of train journeys when faults are injected, and the analysis of the results.
Highlights
All the railway signalling systems manufacturers have to be compatible with the European Train Control System (ETCS), i.e. the development of any railway product has to meet the standards and tests specified by ETCS
Sent by the Train Interface Unit (TIU) that just informs about the status of some elements and the messages sent by the EVC to change the status of the elements
The TIU saboteur alters the messages that inform about the status, and these produce changes in the Juridical Recording Unit (JRU) but they do not have any effect on the system
Summary
All the railway signalling systems manufacturers have to be compatible with the European Train Control System (ETCS), i.e. the development of any railway product has to meet the standards and tests specified by ETCS. The ETCS standards SUBSET-076 [2] and SUBSET-094 [3] that are used as reference to implement the tests of the ETCS On-Board Unit (OBU) do not list any safety testing. For the case of the ETCS OBU it is possible to simulate that wrong information is received due to different factors that could be the missing of a balise, wrong speed information, wrong balise position, etc. This allows testing of the train in the presence of unexpected faults and observing the behaviour of the on-board computer.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
