Development of safety-related software for railway signalling applications
Since 1997 intecs has developed “fail-safe” software for railway signalling applications conforming to the applicable standards (CENELEC EN 50128). In the following some examples are listed:
Design, development, and test of the core software used on a standard platform based on the Motorola MC68xxx processor and utilised for realising onboard and ground-based signalling equipments.
Design, development, and test of the Euroradio stack. The Euroradio communication stack enables communication between onboard and ground devices within the European Rail Traffic Management System (ERTMS). The communication stack is structured according to the ISO/OSI standard.
Design, development, and test of the application software and MMI/DMI (man-machine interface) subsystem specification mounted onboard rolling stock.
Intecs is involved in the development of a number of support tools for the design and generation of the telegrams of bit sequences utilised by railway signalling equipments (SCMT, SSC, ERTMS). Furthermore, intecs design and develop simulators for railway systems for test and system integration activities. The languages most commonly used are: ANSI C, C++, C#, Assembler, ADA 83, ADA 95.
Reverse Engineering software
Railway systems developed for use in safety-related applications must demonstrate that the development process has been followed is conformant to the applicable standards (i.e.CENELEC).
For this purpose it is often necessary to carry out reverse engineering activities in order to reconstruct, from the written code (produced according the standard), the documented required by the standards (e.g. architectural design, detailed design, software requirements, etc.) intecs possesses the tools and capabilities for carrying out such activities.
Currently intecs operates on the ANSI C, C++ and assembler languages and uses suitable Sw tools for management of requirements for the compilation of architectures documents.
Unless otherwise specified by the client, the V-lifecycle is adopted.
The documents produced are strictly conformant to the CENELEC standards relative to the applicable SIL (Safety Integrity Level).
Software Verification, Hardware & Software Integration and Testing
Intecs carries out activities in software testing and verification as well as hardware integration testing on systems utilised in railway signalling, in conformance with the CENELEC EN 50128 and EN 50129 standards
The purpose is to verify for the required Safety Integrity Level, through tests, that the software of a particular phase has been developed in a correct manner and consistently with the input requirements for that phase.
Furthermore, it must be demonstrated that the software and hardware interact correctly in order to implement their functionality.
To this purpose, the Software Verification Plan and Software Test Plan are produced. After each verification, a Verification Report is produced, which states whether the software has passed the tests.
The verification is carried out by a team that is independent from the developers to the extent required by the Safety Integrity Level.
The types of tests that intecs carries out are:
Module/Unit tests, used to verify the detailed design requirements. These tests are executed both on the host computer and on the target computer.
Software integration tests, used to verify the software architecture requirements. These tests are prepared on the host computer and executed on the target. Black box and equivalence-class approaches are employed.
Hardware/software integration tests, used to verify the architectural requirements that describe the interaction of the software with the underlying hardware.
Black box, equivalence-class, and manual inspection approaches are used. For the execution of these tests intecs uses
Cantata (IPL) for module tests
custom-built tools for integration testing.
For hardware/software integration testing intecs prepares the Hardware/Software Integration Test Plan and the Hardware/Software Integration Test Report. All executed tests are traced to the applicable requirements.
Independent Software Validation
Intecs carries out activities in software validation on systems utilised in railway signalling, in conformance with the CENELEC standards.
The purpose is to analyse an test the hardware/software system to verify its conformance with the software requirements specification, with particular reference to the functional requirements and the safety requirements related to the applicable Safety Integrity Level.
For this activity, intecs prepares the Software Validation Plan and the Software Validation Report. The activity is carried out through the use of simulators provided by the client or developed by intecs.
The simulator permits the simulation of a real environment which is generally hostile or difficult to access.
All executed tests are traced back to the software requirements.
All tests are also repeatable in the real system execution environment.
The software validation is carried out by a team that is independent from the developers to the extent required by the Safety Integrity Level. In particular, for Safety Integrity Level 4, the validator and the verifier may not respond to the same superior.
intecs, with its Verification and Validation structure, is able to guarantee the independence of the two above-described roles.
System RAMS Activity (Reliability, Availability, Maintainability, Safety)
Intecs performs this activity in conformance with the CENELEC 50126 standard relative to the lifecycle and RAMS (Reliability, Availability, Maintainability and Safety).
Intecs is able to carry out the following:
System level safety analyses:
Preliminary Hazard Analysis using HAZOP (HAZard and Operability study) techniques
Hazard Analysis by FMECA (Failure Mode Effect and Criticality Analysis) and FTA (Fault Tree Analysis) techniques
Definition of RAM requirements with parameter calculations (i.e. MTBF, etc.):
Verification and validation at system level
Production of documentation conformant to CENELEC standards
Verification of documentation
Production of Validation Report and Safety Case
System & Software Safety Assessment
Intecs performs activities of assessment of safety-related software development for railway signalling applications.
The purpose of the assessment is to demonstrate that the system is suitable to the applicable safety standards for the design and construction of railway equipments. Both the aspects related to the production of the system (generic product) and those related to the preparation of the data utilised for the installation (generic and specific application) and operation of the equipments are evaluated. Organisational aspects as well as those aspects related to quality and safety management are likewise evaluated.
Specific attention is dedicated to verification and validation activities generally complemented by a testing
session on the supplier’s premises, in the presence of the assessor. The activities are carried out through auditing and checklist techniques. The reference standards are the sector-related CENELEC standards (e.g. EN 50128 for software, EN 50126 and 50129 for the system). For this activity, intecs has an Attestation of Qualification of Suppliers N. QF01/05 issued by the designated authority for railway interoperability according to the European Directive 96/48/CE and 2001/16/CE, TÜV Rheinland Berlin Branderburg.
Functional Assessment of Railway Systems
Systems used to support railway signalling originate as “generic applications” and become “specific applications” when they are configured for a specific context. These two types of applications arise out of the System Requirement Specifications that describe the relevant project application in the form of requirements.
intecs has acquired a profound knowledge of the railway signalling domain through specialised courses and training on the job. In addition, it has extensive familiarity with the new signalling systems, both Italian (SCMT, SSC) and European for the highspeed network (ERTMS/ETCS).
With these qualifications, intecs has carried out and continues to carry out activities for functional assessment of specific applications for various kinds of signalling.
The assessment activity is carried out by analysing the project documentation provided by the client with respect to the requirements defined in the System Requirements Specification issued both by the railway authorities (e.g. RFI SpA, Trenitalia SpA) and by the international standardisation organisations (e.g. UNISIG, UIC, etc.). The activity is performed by means of checklists and databases for tracing the requirements back to the project documentation. During the activity non-conformances and related observations are highlighted, which are then recorded in the Functional Assessment Report. In addition, intecs has carried out activities for the elaboration of system specifications (SRF, Vol 1, Vol 2, Vol 3, Vol 4) relative to SCMT, SSC and ERTMS, ground and onboard systems, with handling of additional specifications or change requests provided by the railway authorities raised during the operational phase.
Verification of SCMT, ERTMS Signalling Apparatus
intecs performs verification and validation activities for railway equipments that is configured with the SCMT, ERTMS signalling system. Starting from the schematic plans and the various tables provided by the client (data tables, distance tables, inclination tables, etc.), as well as the documentation provided by the railway authority (railway schematic plans, operational programs), intecs performs the following functional verification activities:
Verification of the consistence and correctness of the documentation
Verification of the positioning rules of the balises
Validation of the information sent to the train
For the railway sector, intecs presents a portfolio of the following products:
SIRIO: a safety-related system (CENELEC SIL4), based on radar technology, for detection of falling objects, in proximity of bridges or tunnel entrance/exit, along railway lines. Each SIRIO node is composed by 4 radar sensors and an outdoor cabinet, interfacing directly a signalling system and a remote monitoring centre.
DEJAMM-R: a monitoring system for the DEtection of JAMMing in Railway networks.
The DEJAMM-R sentinels are autonomous devices that continuously monitor all the downlink and uplink GSM-R bands, which are used for ETCS Level 2 signalling in high-speed rail systems
For the railway sector, intecs is capable of providing several types of training courses, including:
Introduction to the EN 50126/128/129 Standard
Introduction to Risk Management
Principles of Software Engineering: Concepts and Tools
System and software Verification & Validation techniques
UML (Unified Modelling Language)
C, C++, ADA language