Safety enhancement design method and control strategy for CCU of high-speed train

Abstract

The Train Control and Monitoring System (TCMS) is the communication command center of the train, and the Central Control Unit (CCU) is its core component, which should achieve SIL4 safety integrity level defined in standard EN50129. Comparing the current CCU safety mode of dual-machine hot standby to the double 2 out of 2 (2oo2) structure, this paper find that the latter performances better in security. So a new CCU architecture with enhanced safety is proposed, the double 2oo2 structure is applied to the CCU design, and the Markov failure probability model is established to analyze its safety quantitatively. The CCU based on double 2oo2 redundant structure could meet the failure safety principle of composite fail-safety and reactive fail-safety stipulated in the SIL4 safety integrity level, and its Tolerable Functional Failure Rate (TFFR) could reach the requirements of the SIL4. As another important part of RAMS (Reliability, Availability, Maintainability, and Safety), the reliability of this CCU architecture is evaluated both qualitatively and quantitively. According to the results, the double 2oo2 structure could greatly improve the safety of the TCMS and can be used in railway signal system with SIL4 safety integrity requirements.