System approach to safety

The work of the Systems Approach to Safety team focuses on the development of 1) methods and tools for analyzing safety and dependability, and 2) the engineering of critical complex systems in the railway domain. They aim to meet society’s expectations for safe and efficient transport services, with reduced costs for users and minimal environmental impact, particularly by conducting research dedicated to guided transport. These works have the following objectives:

• Managing the life cycle of control-command systems in guided transport, addressing both internal and external risks (from design to operational functioning) by applying a systems approach to analyze complex interactions. This approach facilitates the development of railway control-command safety demonstrations. It ultimately contributes to the commissioning of new, functionally complex railway systems.

• Supporting the implementation of safe autonomous mobility by developing safety assessment tools for autonomous vehicle functions, particularly autonomous trains. These functions integrate new characteristics based on artificial intelligence (AI). They must maintain reliability, availability, and safety levels, in a way that is at least globally equivalent to existing systems (GAME principle) to those of conventional systems (non-autonomous).

Our ambition today is to support key technological breakthroughs currently occurring in the guided transport domain, particularly in the following aspects:

1. ongoing advancements in developing new railway control-command and signaling systems, which abstract from the notion of physical block sections.

2. the development of autonomous mobile systems that integrate AI-based functions. Our work focuses on challenges specific to autonomous trains while leveraging cross-fertilizations with other transport modes.

The main research questions explored by the Systems Approach to Safety team include:

• Engineering of critical complex systems, with a focus on requirements engineering and safety engineering,

• Supervision, encompassing risk analysis, fault detection, diagnosis and prognosis,

• Safety assessment of AI-integrated functions in autonomous vehicles.

1 – Engineering of next-generation railway control-command and signaling systems

Given the growing demand for railway mobility services and the need for the railway sector to remain competitive with other transport modes, introducing new paradigms for more optimal railway traffic management has become essential. In particular, developing railway control-command and signaling systems based on the "moving block" operational concept is a subject that mobilizes academic and industrial actors within the railway community. Such systems can deliver significant gains in capacity while reducing infrastructure and operational costs. This mode of operation is known as ETCS level 3 in the ERTMS (European Rail Traffic Management System) standard for railway control-command and signaling. Alongside block virtualization, balise virtualization aims to reduce infrastructure costs by reducing the number of physical balises required for train localization. Virtual balises rely on on-board systems integrating GNSS (Global Navigation Satellite Systems) to recalibrate position error drifts.

Requirements engineering aspect ETCS level 3 specifications are currently under development. Achieving stable specifications demands substantial work in requirements engineering. Specifically, techniques for refining and formalizing requirements to produce rigorous, sound, and consistent specifications are highly relevant in this context. ESTAS contributes to these techniques, leveraging extensive expertise in critical systems requirements engineering.

• European projects:

  • X2RAIL-4 (2019-2023) (with Railenium)

  • X2RAIL-5 (2020-2023) (with Railenium)

• National projects:

  • LCHIP (2017-2020)

  • NextRegio3 (2015-2018) (with Railenium)

  • PERFECT (2012- 2015)

  • FerroCOTS (2010-2013)

Safety Analysis, Including the Use of Formal Methods The deployment of ETCS level 3 introduces groundbreaking changes in train spacing management. Specifically, transferring two critical functions traditionally managed by the ground system –localization and integrity monitoring– to the onboard system requires the development of appropriate safety analysis approaches and tools. This includes, in particular, the safety analysis of the GNSS-based railway localization function, the engineering of the On-board Train Integrity (OTI) monitoring function, and the safety analysis functions based on wireless communication systems.

Beyond supporting the "safety approach" for these changes, there is an increasing demand to reduce costly and time-consuming on-site testing (cf. Shift2Rail’s "Zero on-site testing" axis). ESTAS addresses these challenges by developing model-based risk analysis techniques.

• European projects:

  • PERFORMINGRAIL (2020-2023)

  • TAURO (2020-2023) (with Railenium)

  • X2RAIL-4 (2019-2023) (with Railenium)

  • X2RAIL-5 (2020-2023) (with Railenium)

  • GaLoROI (2012-2014)

2 – Risk Analysis and Supervision

ESTAS has extensive experience in risk analysis techniques and operational safety. This work has notably focused on adapting existing techniques to address challenges specific to guided transport applications. The research carried out at ESTAS on this area encompasses:

1. Allocation of safety targets for railway control-command functions. This is a critical aspect of safety analysis as it helps guide technological and architectural decisions while ensuring the design of appropriate safety barriers.

2. Development of risk quantification techniques for railway applications. This work is particularly focused on level crossings and explores both model-oriented and data-oriented techniques (e.g., Bayesian networks).

3. Advancement of diagnosis and prognosis techniques using discrete models. Fundamental contributions have been made in this area, improving developed algorithms efficiency, expanding the types of faults considered (permanent faults, intermittent faults, etc.), incorporating time factors, and implementing new verification methods.

• European projects:

  • Pods4Rail (with Railenium) (2023-2026)

  • FLEXY (with Railenium, starting 2023)

  • SAFER-LC (2017-2019)

  • NeTIRail (2015-2018)

  • ERSAT-GGC (2017-2019)

• National projects:

  • PANsafer (2008-2011)

  • SIL Project (2013-2015)

  • ELSAT2020 (2015-2022)

3 – Safety Analysis of Autonomous Vehicles

The development of autonomous vehicles is currently generating significant interest within academic and industrial communities, with safety and performance issues at the core of this dynamic. The introduction of autonomous railway operations represents a major breakthrough in several respects. The human loop, which plays a significant role in operating procedures and the qualification process, will be progressively replaced by embedded automated functions integrating AI-based algorithms. However, a key challenge is the lack of adequate methods and tools to qualify the behavior of AI-based systems. Such means are essential for certifying and deploying autonomous vehicles.

Formal approaches for AI evaluation Our work aims to explore abstraction techniques and formal approaches for evaluating AI. Additionally, we are investigating the use of control techniques to analyze the behavior of AI-based systems, an innovative avenue with promising potential.

On the one hand, fundamental research on AI qualification seeks to formalize key challenges and offer adaptable solutions for various autonomous systems (cars, trains, robots, etc.). On the other hand, involvement in projects such as PRISSMA, TASV, or TAF enables ESTAS to address real-world issues and effectively integrate them into ongoing research efforts.

Regulatory Aspect Another important consideration in the qualification of autonomous vehicles is regulatory compliance. In both the rail and automotive sectors, the creation of a safety case must explicitly outline the technical and functional characteristics of the vehicle within its operating environment, as well as provide evidence of its safety relative to the safety targets. The content of such a safety case and the methodology for its evaluation are areas where railway sector practices, which are relatively well-defined and standardized, can offer valuable insights. Addressing these issues is a significant challenge for the harmonization of legislation and regulations concerning autonomous vehicles across various European countries.

• National projects:

  • Ferromobile (2023-2026)

  • Train Autonome service Voyageur (TASV) (with Railenium) (2018-2023)

  • Train Autonome Fret (TAF) (with Railenium) (2018-2023)

  • TC-Rail (with Railenium) (2017-2021)

  • PRISSMA (2021-2023)

Actions and initiatives, in collaboration with institutional, academic, and industrial partners 

• “Railway Systems Safety” Chair created in June 2022, associating Université Gustave Eiffel, CERTIFER Association, and GAPAVE (grouping of APAVE associations)

• RSSRail Conferences:

  • RSSRail2019

  • RSSRail2022

  • RSSRail2023

• IFAC CTS’2021 Conference

• CRISIS 2024 Conference