Transcript 16. Renzo Matassini- ANSALDO, Architectures for

ANSALDO: BACKGROUND
• experience in dependable Signalling
Automation Systems
• experience in dependable Management
Automation Systems
• experience in installation, commissioning,
Validation Diagnostic and Maintenance of
large automation systems for rail
ANSALDO:
ARCHITECTURES
FOR DEPENDABLE
INFRASTRUCTURES
Ansaldo: Architectures for
dependable infrastructures
• Architecture FEASIBILITY STUDIES
• use of COTS
• DEVELOPMENT OF THE
INFRASTRUCTURE (HW+SW)
• Development of typical APPLICATION
with application SWs belonging to systems
of different integrity level
• VALIDATION
Ansaldo: Architectures for
dependable infrastructures
• SEVERE SAFETY REQUIREMENTS
(reference to CENELEC SIL 4 for RAIL)
• SEVERE AVAILABILITY REQUIREMENTS
• HIGH FAULT TOLERANT PERFORMANCE
• GRACEFULL DEGRADATION
Ansaldo: Architectures for
dependable infrastructures
• PROTECTED COMMUNICATION
BETWEEN SYSTEMS THROUGH CLOSED
AND OPEN NETWORKS
• COMMUNICATION BETWEEN
SIGNALLING EMBEDDED SYSTEMS
• COMMUNICATION BETWEEN
SIGNALLING AND MANAGEMENT
EMBEDDED SYSTEMS
Ansaldo: Architectures for
dependable infrastructures
THIS LEADS TO
• APPLICATION OF DIFFERENT INTEGRITY
LEVEL IN THE SAME PLATFORMS,
• SPATIAL AND TEMPORAL FIREWALLS TO
PROTECT THE HIGHER INTEGRITY
LEVEL APPLICATIONS
Ansaldo: VITAL SW
development and
VALIDATION...
• UML METHODS
• FAULT TREE ANALISYS FOR TOP DOWN
VALIDATION
• REAL TIME UML
• AUTOMATIC CODING
• Sw TEST cases, derived automatically by the
selected methods and tools
• SYSTEM SIMULATION AND MODELLING
Ansaldo: SW VALIDATION:
• EVENT TREE ANALYSIS EXTENDED
TO SW VALIDATION
• SW TEST CASES,
DERIVED AUTOMATICALLY BY THE
SELECTED METHODS AND TOOLS:
the ANSALDO interest is in using the
methods and tools in the validation of a SW
application
WE ARE DEALING WITH LARGE
EMBEDDED SYSTEM
CONCERNING :
• SAFE SIGNALLING
route control,
train protection
• SUPERVISION AND
MANAGEMENT OF
RAIL & TRAFFIC
• PLANT SURVEILLANCE
• TRANSPORT
BUSENESS
A possible example of
APPLICATIONs of different Integrity
level in the same VITAL
COMPUTER :
• SIGNALLING
• DIAGNOSTICS
APPLICATION (e.g. :
Central Interlocking
&
functions and Radio
Block Center functions
• SUPPORT to
in ERTMS level 3)
MAINTENANCE
ANSALDO
DIAGNOSTICS
&
MAINTENANCE
INTELLIGENT SUPPORT TO….
• DIAGNOSTICS ALSO FOR :
PREDICTIVE MAINTENANCE
INTELLIGENT SUPPORT ALSO
TO….
•
•
•
•
design (based on RAMS data from field)
data preparation for configuration of systems
data bases of data collected from field
methods to derive RAMS parameters from
field data
• configuration of systems in factory or in field
• commissioning of Large Automation Plants
• validation
INTELLIGENT SUPPORT...
• suitable data bases (information is
large, and differentiated for
different users belonging to
suppliers and clients )
INTELLIGENT SUPPORT…..
focal topics :
• open infrastructures
• wireless communication
• proactive computing
• embedded systems
• critical infrastructures interdependencies
INTELLIGENT SUPPORT...
dependability:
• fault forecasting for System evaluation
• security requirement are essential
(e.g. access to reserved information must be
forbidden to non authorised personnel,
connection with subsystem of different
integrity level is necessary, intrusion of
hackers must be avoided, etc…)
INTELLIGENT SUPPORT…
ansaldo would like ...
• Participate to the NoE De-fine
• Participate to the IP De-sire for design
& development and testing of suitable
methods
Security Services
Sw Architecture for
INTELLIGENT SUPPORT…:
Application
Services
Basic services
Interoperability Services
Transport services
INTELLIGENT SUPPORT…:
low integrity Sw Requirement
• low cost validation for NON VITAL
APPLICATION, even when implemented in
vital computers
INTELLIGENT SUPPORT…:
Additional lower integrity Sw
Requirements
• INCREMENTALITY:
able to allow in future new
application services even not
initially defined by the
specification
INTELLIGENT SUPPORT…:
Sw Architecture Requirements
• PERVASIVITY:
able to be used also by other clients
with no or minor constraints on
their platforms and SW
architectures
INTELLIGENT SUPPORT…:
Sw Architecture Requirements
• DECENTRALISATION
able to avoid a unique center and a
unique network center to manage
the exchange of data between the
users
INTELLIGENT SUPPORT…:
Sw Architecture Requirements
• EXTENSIBILITY
able to deliver application services
both on old formats or protocols
and on new ones (generally
correspondent to new services)
INTELLIGENT SUPPORT…:
Sw Architecture Requirements
• INTEROPERABILITY
open to all potential new users and
services suppliers
INTELLIGENT SUPPORT…:
Sw Architecture Requirements
• OPEN TO EXTERNAL
able to provide its services and
information through the network,
accessible through Internet
(Buseness to buseness Portal)
INTELLIGENT SUPPORT…:
Sw Architecture Requirements
SECURITY
• to protect the exchange of
information with external
• to protect the internal information
not authorised for external delivery
• to protect the internal information
from intruders