Slide 1 School of Engineering and Applied Science Center of Rail Safety-Critical Excellence Center...

School of Engineeringand Applied ScienceCenter of Rail Safety-Critical Excellence

Centerof Rail

Safety-Critical Excellence

BRIEFING

September 2002


USA RAIL SAFETY BRIEFING AGENDA

•Center of Rail Safety-Critical Excellence Overview

•SEAS Interdisciplinary Collaboration

•International University Collaboration

•FRA Safety Rule Making Participation

•Performance-based Rail Safety Enforcement Rule

•Major Risk USA Assessment Projects

•Risk Assessment Tool Set Overview

•Proposed UVA – China Collaboration


Center of Rail Safety-Critical Excellence - Overview

•MISSION: Develop and maintain railroad performance-based safety enforcement standards, risk assessment methodologies and tool sets that support global rail industry safety enforcement.

•OBJECTIVES: Provide a Monte Carlo risk assessment systems simulation methodology with web-based tool sets and education that is Federal Railroad Administration (FRA) and Association of American Railroads (AAR) compliant.

•STRATEGY: Implement a UVA School of Engineering and Applied Science (SEAS) interdisciplinary Rail Center of Safety-Critical Excellence staffed with a permanent research staff, faculty from Electrical and Computer Engineering, Systems Information and Engineering, Civil Engineering, and Cognitive Psychology Laboratory. Establish global university - industry collaboration.

•EXPECTED RESULTS: Global application of performance-based safety standards, risk assessment methodologies, validated & verified tool sets and education.


SEAS Interdisciplinary Collaboration

•Center is based on a SEAS interdisciplinary collaboration with the Association of American Railroads (AAR) and industry suppliers:

Electrical and Computer Engineering Department Monte Carlo systems approach to risk assessment Probabilistic advanced safety train control

Systems Information and Engineering Department Historical data mining for validation & verification Human-factors for probabilistic safety behavior

Civil Engineering Department Guideway structures probabilistic behavior models Crash-worthiness / accident severity

Mechanical and Aerospace Engineering Department Maglev levitation safety hazards and performance

Cognitive Measurements Laboratory Probabilistic human-factors for safety measurements


International University Collaboration

•Collaboration is underway with the following German technical universities:

Technical University of Braunschweig

Technical University of Dresden


FRA Safety Enforcement Rule Making

•Center has participated since 1997 in the preparation of the FRA performance-based safety standard rule making that includes the following:

Railroad Safety Program Plan

Defines the Safety Plan process a railroad operator will follow

Railroad Product Safety Plan

Requires that a Product Safety Plan be written for each system that is deployed by the railroad operator

Product Safety Plan must include:Traffic Flow DensityHuman-factorsQuantified Risk AssessmentExtensive Safety-Critical DocumentationDocumentation Configuration Control & Test PlanOperational Rule Book


Performance-based Rail Safety Enforcement Rule

•Performance-based safety standards require the quantification of safety as a societal cost risk versus train miles traveled

•A Product Safety Plan is required for each system that is deployed by a railroad and the following quantification must be demonstrated:

•Risk NEW << Risk Old

Train Miles Traveled

High Degree of Confidence

Compliance to Coverage for all Safety-Critical Devices


Major Center USA Risk Assessment Projects

•CSX: Communication-based Traffic Management (CBTM) 126 mile line Unit coal trains and other mixed mode traffic

•New York City Transit (NYCT): Communication-based Train Control (CBTC) 22 mile dual track line with crossovers High performance transit railway operations 60 second headways and 30 second train station dwell time

•Lockheed Martin: Illinois Department of Transportation (IDOT) Positive Train Control (PTC)

126 mile line with mixed mode operations High speed passenger (110 MPH) trains and freight

•Maglev, Inc: City of Pittsburgh, “Pennsylvania Project” 45 miles dual crossover guideway with 250 MPH planned speeds Passenger & light freight operation

•FRA: Web-based predictive risk assessment methodologies and tool set


Risk Assessment Tool Set Overview

•PROOF-OF-SAFETY: RISK VERSUS TRAIN MILES TRAVELED

Subject to: Traffic throughput density Basic principles of safety Assumptions Constraints Operational rule book compliance Track plan infrastructure: track plan, guideway, bridges, crossings Train movement dynamics multi-dimensional model Signaling and control system multi-state probabilistic model Human-factors probabilistic model Train severity mishap model Proof-of-correctness (Hazard-free validation) Proof-of-safety risk (Non-hazard-free verification) Coverage compliance of all processor-based subsystems


Axiomatic Safety-Critical Assessment Process (ASCAP) Features

•ASCAP is FRA performance-based standard compliant

•Monte Carlo large-scale train-centric simulation

•Operates on a web-based parallel processing mini-super computer

•ASCAP structure is Unified Modeling Language compliant

•Calculates Events Passed at Danger based on a dynamic train movement model and probabilistic behavior of wayside devices and human-factors – dispatchers, train crews and maintenance-of-way workers

•Events Passed at Danger are an automatic generation of fault trees

•Calculates mishap-pairs: train-to-train collisions, etc. and crash-worthiness severity as societal cost based on history of accidents and/or real-time performance-based simulation


SIGNIFICANT ASCAP MODELS

•Probabilistic device behavior:

•Rule book compliance/non-compliance

•A.I. blackboard outcomes

•Human-factors safety behaviors and compliance

•Train dynamic movement model – discrete & continuous

•Accident severity societal cost

•Events passed at danger


Event Passed at Danger (EPAD) Concept

YARD A

YARD B

Train 1 Train 2

S

CRASH

•Train 1 crew sees red signal as green & proceeds

•Train 1 has generated an EPAD

•Simulation changes from discrete event to continuous

•Based on train crew behavior(s) the trains may stop

•Train 1 crew has violated the rule book compliance


MISHAP CONCEPT

Train A Train B

Potential Mishap

Braking Too Late

Switch

Train B should have taken the siding

Discrete Event Simulation

Continuous Simulation


Decision Maker Risk Containment Region

Risk

Train Miles Traveled

RiskContainement

Region

Min Coverage

Max Coverage

Societal Cost


ASCAP++ Tool SET

ModelLibrary

Model Builder Risk Profile Generation Module

MTTHE TargetAllocation Module

Application-Independent Mishap Simulation EngineModelDatabase

Track Configuration Population

Object Population

Central Office Devices Wayside Devices

Train Consists Maintenance Vehicles On-Board Devices

Create Scheduling and RoutingAlgorithms

Select Train Line-Specific SeverityDatabase

Object/AgentBehavioral State

Statistics

Mishap Logscontaining

MishapIntersection plusLast 6 Passed atDanger Events

for AffectedTrain(s)

Simulation Outputs

Initialize N-Train System

Instantiate Track InfrastructureObjects

Instantiate Stationary and MobileObjects

Instantiate Agents Initiate Scheduling and Routing

Global Simulation Control

Terminate Simulations if Enough Train-Miles have been Accumulated

Schedule and Inject Periodic PreventativeMaintenance

Train N Simulation

Processor-Based Sub-System X

Specify Simulation Control andResults Output Format Parameters

StandardClasses of

Objects andAgents for

ASCAP++InternalFormat

Object Class M Risk Profile Generation

PerformanceMetric Calculation

String Charts Traffic

Throughput Traffic Delays Hazard-free/

Violation-freeOperation

SystemPerformance

Analysis Module

Dynamic Movement Model for Train 1Identifies Next Train/Object Time and

Space Intersection

Train 1 Simulation

Solve Object/Agent ProbabilisticModels to Find Probability of Being in

Each Possible State

Use Monte Carlo Techniques to SelectBehavioral State of Each Object/Agent

Blackboard Intersection OutcomeResolution to Determine Train

Movement Modality

Event Logging

Update Object/Agent BehavioralState Counters

Log any Train Movement Passedat Danger Events

If Required, Continue Using DetailedTrain Movement Model

N

Y

Create Mishap Log Entry Terminate Affected Simulation(s) Replace Affected Objects Repair Known Failed Objects

Terminate Simulation and Clean-up

YPotentialMishap?

Are OtherObject/Agent

Interactions Triggered bySame Train/Object

Intersection?

Y

N

TrueMishap?

Object Class 1 Risk Profile GenerationGenerate Five Risk

Containment Regions

Fault Coverage Failure Rate Preventative Maintenance Corrective Maintenance Human Repair Coverage

Derive Fault Coverage Target fromSelected Operational Risk Profile(s)

Determine Relevant OperationalRisk Profile(s) for

Processor-Based Sub-system 1

Processor-Based Sub-System 1

Ris

k

106 Train Miles

Axiomatic Safety-Critical Assessment Process (ASCAP++) Toolset Overview

N

Random Injection ofDevice Faults

Object Behaviors

Random Injection ofBroken Rail, Landslides,and Geological Hazards

Track Object Behaviors

Random Injection ofHuman Responsiveness,

Compliance, andCoverage Faults

Agent Behaviors

Po

siti

on

Time

Mishap Log Analysis

Examine Next Mishap

Accident ?

Y

Determine Likelihood ofOccurrence

Calculate System Riskwith Confidence Level

Determine Societal Cost

N

Create Hazard Log Entry

Compare withSupplier's Qualitative

Risk Assessments(PHA, FMECA, etc.)

Sev/Hazard Freq Mitigation

Prelimin Hazard Analysis

Derail II/D Use ofdue to TrainOvrspd Speed Enforcmnt

Center of RailroadSafety-Critical Excellence

Revision: 07Date: May 9, 2002

Prepared: E. CutrightApproved: T. Giras

Axiomatic Safety-Critical Assessment Process (ASCAP++) Toolset Overview

Define Stationary Objects

Define Mobile Objects

Define Track Infrastructure Objects,with Associated Geographical

Characteristics (Grade, Elevation,Super-elevation, Curvature)

Agent Population

Train Dispatcher Maintenance of Way Worker Train Crew Train Operator

Define Human Agents

Direct Traffic Control (DTC) Traffic Control System (TCS) Centralized Train Control (CTC) Positive Train Control (PTC) Communication-Based Train

Control (CBTC) Magnetic Levitation (Maglev)

Select Control System Type

Highway GradeCrossings

Switch Machines Track Circuits Active/Passive Beacons Etc.

Track Objects

InterlockingControllers

Signals Wayside Signage Landslide Detectors Etc.

Stationary Objects

Train Consists Maintenance Vehicles Positioning Systems Track Circuit Readers On-Board Displays Etc.

Mobile Objects

Train Dispatcher Maintenance of Way

Worker Train Crew Etc.

Agents

each Control System Type

Project Decision Makers SelectDesired Operational Risk Profiles


Proposed – China/USA Collaboration

•A China/USA university partnership is proposed that provides FRA compliant risk assessment for the major rail projects in China:

Duplicate a Center of Rail Safety-Critical Excellence in China for: High Speed Rail Maglev Transit Railways

Technology transfer of Federal Railroad Administration (FRA) risk assessment compliant methodologies, tool sets and education to China

Technology transfer would take place with UVA implementing the risk assessment of a major China rail project with Chinese graduate students at UVA

Methodologies and tool sets would be supported via the web as graduate students return to China

Chinese university would have a seat on the UVA Advisory Board to provide technical direction oversight. Likewise, Chinese Center would have a technical Advisory Board with a UVA member

Slide 1 School of Engineering and Applied Science Center of Rail Safety-Critical Excellence Center...

Documents

Transcript of Slide 1 School of Engineering and Applied Science Center of Rail Safety-Critical Excellence Center...