By Alexander Damisch
In my last blog, I discussed the changing mass transit landscape and the shift to commercial-off-the-shelf (COTS) technologies to meet the industry’s changing demands. In addition to price sensitivities and system complexities facing manufacturers, changes in security regulations, unknown safety and security threats, and an increasing amount of electronic systems with the potential for exposure to safety and security breaches, are causing regulatory bodies and insurance companies to demand that operators have the latest safety systems installed to protect against large scale accidents — and this significantly impacts development.
Safety is paramount in any mass transportation system, from local trams to high-speed cross country trains. The standards governing safety systems have been evolving over time, and we're starting to learn from markets, such as aerospace, about the appropriate architectural concepts and model-based designs required to achieve effective certification standards.
The complexity of interdependent devices is a growing challenge with the higher speeds and increased frequency on the tracks required to transport more people in less time with lower costs. The two latest incidents in China show how critical safety is, especially for a modernized and quickly growing infrastructure. Two accidents in a short time frame, demonstrate that the threat scenario is a real one.
Modern transportation infrastructure requires communication between many intercommunicating control systems. Regulators start to shift focus more towards the functional assessment of the whole system, and away from pure device level/source code level certification.
New technologies are also changing the way the safety regulations can be implemented. Multicore processors can provide separation by running safety-critical routines on one dedicated core with certified software, while new features such as networking and user interfaces can be run on other processors without influencing the safety-critical elements of the system. This allows developers to use commercial or open source software and add new features, including localisation for new markets, much more easily and quickly without having to re-certify large parts of the system.
There is now a trend toward both time and space separation with separate blocks of software to keep the actions separate and enable independence between partitions running different levels of criticality, allowing for more complex features and functions without dramatically increasing costs, and places more emphases on safety standards during the development process.
The majority of the effort is not necessarily in the development of the software, but in all of the cases the verification and validation of software that is required to demonstrate that the software conforms to the standards. As an alternative, commercial certifiable software can provide these certification artifacts and tools, dramatically speeding up the development process. This allows the engineer to integrate the software effectively and easily into the design, illuminating the need to design around a complete 'solution' from a third party supplier.
This approach allows the equipment maker to differentiate its design quickly from the competition and provide more features and added value to the operator. Designers are also making more use of open source software such as Linux. It can take much development time to get open source software running, and the lack of long-term maintenance, longevity support, and obsolescence management can be a major problem with product lifecycle requirements of the transportation industry. However, COTS suppliers, such as Wind River, can supply supported versions of open source software, including Linux, on particular platforms that avoid these problems.
Key enablers for these architectural concepts are separation or virtualization technologies that can also be used to provide both space and time separation, allowing different operating systems to be added, but more importantly, adding safety and security to these systems. These software separation technologies can provide significantly higher safety and security by creating small, highly safe and secure partitions that protect access to the rest of the system and make the system less vulnerable. Stay tuned for my next blog post as I discuss connectivity trends and challenges in mass transit.