Philippe Bon’s research while affiliated with Gustave Eiffel University and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (70)


Securing Automatic Small Railway Vehicles Using Automatic Train Protection
  • Chapter

October 2024

·

4 Reads

·

1 Citation

Simon Collart-Dutilleul

·

Philippe Bon

·




Figure 3. Extract of the architecture of ATO over ETCS
Figure 11. Level 2 sequence diagram for the sub-case "start ATO" of the use case "start travel" of Figure 2
Figure 12. Level 2 sequence diagram for the sub-case "perform travel running ATO" of Figure 2
Engineering for Critical Systems: The Automatic Train Operation over European Train Control System for Freight Trains Use Case
  • Article
  • Full-text available

December 2023

·

111 Reads

·

2 Citations

International Journal of Transport Development and Integration

Download

Modeling Train Systems: From High-Level Architecture Graphical Models to Formal Specifications

May 2023

·

37 Reads

·

3 Citations

Lecture Notes in Computer Science

Model Driven Engineering (MDE) is a software development methodology applied on complex systems, which are composed of many interacting components. This paper proposes a holistic approach based on MDE for modeling and formally verifying the high-level architectures of such systems, in particular railway systems. The approach contains a three-step process. The first one consists in proposing a high-level architecture modeling using SysML. It produces graphical models of system components, represents and documents the system in a simple way to be discussed with stakeholders and allows them to verify if this architecture corresponds to their expected requirements. We have selected diagrams that facilitate SysML high-level architecture design, namely package, block-definition, state-transition and sequence diagrams. The second step consists in transforming SysML models to Event-B formal models. The input meta-models are those of SysML, the output one is the Event-B meta-model. All of them have been adapted to our objectives. The last step is the verification of Event-B formal specifications using provers, model-checkers and animators. Formal specifications are specifically recommended for complex critical systems with high level of integrity to verify their correctness, accuracy and to allow a complete check of the entire system states and properties. We illustrate this approach on a case study of emerging standard of the ATO system running over ERTMS where compliance with the normative documents will ensure the achievement of a number of safety objectives while providing a graphical representation understandable by domain experts.KeywordsModel-driven engineeringHigh-level architectureSysMLModel transformationSafetyCorrect by constructionEvent-B method




Identifying Alterability States of a Single Track Railway Line Control System

September 2022

·

28 Reads

·

7 Citations

International Journal of Computers, Communications & Control (IJCCC)

In the context of automation and deployment of computer based control systems, a specific application on French railway line is proposed on low traffic single track railway lines. The issue of updates requires thorough consideration. In the case of low traffic single track railway lines, handling the removal of a shunting track, which role is to allow trains to circulate in both directions of a same line, the issue of timing the update to the control system is particularly critical. Indeed, a wrongly timed update could lead to a deadlock, while one or more trains are expected to travel while respecting safety constraints on the blocked infrastructure. This paper studies the application of works from the field of dynamic software updating, specifically the works of Panzica La Manna et al. [12]. Using their results on a graph based model of a single track rail line, it identifies alterability states that ensure safety constraints are respected at all times without causing deadlocks. These results are then used to discuss the pertinence of using concepts from dynamic software updating in the context of railway systems.




Citations (43)


... Luxton and Marinov (2020) discuss risk assessment regarding terrorist attacks on railway systems and suggest implementing a revised passenger searching mechanism to efficiently identify and eliminate any suspicious objects and individuals in order to ensure passenger and rail infrastructure protection. In case of a CBRNe scenario, this would imply not only the use of adapted sensors for detection of chemical or radiological substances (e.g., Collart-Dutilleul et al., 2018), but also good levels of staff training, public awareness and cooperation with the highly trained CBRNe first responders (e.g., firefighters, civil protection, ambulance, law enforcement agencies (LEAs) or even the military), as pointed out by Havârneanu and Petersen (2019). ...

Reference:

Preparing railway stakeholders against CBRNe threats through better cooperation with security practitioners
A passenger flow oriented security and safety approach in international railway stations
  • Citing Conference Paper
  • April 2018

... Noise data are generated by incorrect operation when drivers are nervous. This information has a greater impact on a small number of data sets [24], so this part only focuses on a small number of data sets. Considering the classification performance and computational cost, the redundant and noisy data are filtered by the KNN-based method. ...

Engineering for Critical Systems: The Automatic Train Operation over European Train Control System for Freight Trains Use Case

International Journal of Transport Development and Integration

... This formal verification consists in discharging a set of proof obligations generated from the Event-B specification. This proof obligations are of type invariant preservation, feasibility of non-deterministic actions and well-defined-ness [18]. Finally, the main methodological contribution is a SysML based approach for system modelling and refinement-based approach for conformance assessment. ...

Modeling Train Systems: From High-Level Architecture Graphical Models to Formal Specifications
  • Citing Chapter
  • May 2023

Lecture Notes in Computer Science

... By repeatedly adjusting the environmental model and our own model, we eventually learn to operate in an unknown environment. This also ensure the security of systems [18,19,6,20]. ...

Identifying Alterability States of a Single Track Railway Line Control System

International Journal of Computers, Communications & Control (IJCCC)

... The literature review related to ERTMS implementation issues is extensive and covers a wide spectrum of issues starting from development of the formal methods for signalling and interlocking systems [2][3]11], through the issues related to the automatic protection systems [23], safety problems [9], risk assessment [4,17], ERTMS capacity [14], communication [12], challenges connected with introduction of ETCS Level 3 [10] and finally the implementation problems [13]. Despite so many publications available from the scientific world, there are no known studies that can serve as sources providing a basis for the further analysis presented in this article, other than documents of the manufacturers of ERTMS equipment and issued by ERA. ...

A Colored Petri Net Model for Control Problem of Border Crossing Under Constraints
  • Citing Conference Paper
  • May 2022

... AI regulations must raise trust levels and encourage users to upload their private information online. Policymakers and legislators should collaborate to develop a robust artificial intelligence regulatory framework and control systems for the preventing abuse of personal data [143]. In addition, global-scale agreements must be adopted with common goals that are flexible and accommodate global contexts. ...

SoREn, How Dynamic Software Update Tools Can Help Cybersecurity Systems to Improve Monitoring and Actions

JOURNAL OF UNIVERSAL COMPUTER SCIENCE

... The importance of interoperability in the railway sector and especially at the level of signaling has aroused interest globally in the world [15], but especially on the European continent where mobility between countries is obvious. Thus, several initiatives focusing on interoperability have emerged as listed in [2] with a focus on managing interfaces in borders as mentioned in [16]. We consider as examples: a. ERTMS: The ERTMS [4] is the standard system managing the interpretation of signaling information by the onboard system to significantly increase the safety, efficiency of rail transport, and cross-border interoperability of rail transport in Europe. ...

Crossing Border in the European Railway System: Operating Modes Management by Colored Petri Nets
  • Citing Chapter
  • March 2021

... As Europe is the continent that offers the most interconnected railway network between countries, the European community has carried out several projects with a view to meeting this need for interoperability [2]. However, only European rail traffic management system (ERTMS) [3] has been able to reach the stage of deployment at the continental level and this system is in deployment in many countries outside Europe because it offers standard requirements that facilitate the purchase process through a large number of suppliers of subsystems are different. However, the interoperability between interlockings themselves still needed to get better use of the technological evolution of computer interlocking, especially on borders between countries. ...

Designing Operating Rules for ERTMS Transnational Lines
  • Citing Chapter
  • March 2021

... Its role is to prevent problems such as misrouting and collisions during train operation [2], while monitoring important information such as each train's geographic location, speed, and direction in realtime to ensure safe train operation. During the long-term operation of railway signals, the interlocking control system will inevitably experience malfunctions, which can be caused by the aging of the control equipment or sudden situations [3]. If these malfunctions are not diagnosed in a timely manner, they may lead to serious accidents in railway operation. ...

Towards safe and secure computer based railway interlocking systems
  • Citing Article
  • July 2020

International Journal of Transport Development and Integration