Philippe Bon’s research while affiliated with Gustave Eiffel University and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (70)


Fig. 1. Track plan from the signalling Control Area A to C
Fig. 2. Part of the relay-based system model of the signalling Control Area A
Fig. 3. A part of the DAO design pattern reusable for the relay-based RIS representation
Fig. 4. Conceptual model of the state dependency between the electrical components of the system
Fig. 5. Conceptual model of the system environment and dependencies between objects

+2

Formal Specification of Environmental Aspects of a Railway Interlocking System Based on a Conceptual Model
  • Chapter
  • Full-text available

October 2019

·

188 Reads

·

4 Citations

Lecture Notes in Computer Science

·

·

·

[...]

·

Relay-based Railway Interlocking Systems (RIS) are developed with the objective of controlling the movement of trains in a safe manner. However, these systems are generally specified by informal languages whose analyses are made by human inspection, which are error prone. A previous work presented an approach for specifying these systems in a formal language in order to automatically prove safety properties. Nevertheless, despite the impact of the environment over the system operation, the approach allows only the specification of the electrical components behaviour. Hence, the environment must be considered in the system specification in order to guarantee its safety. This paper presents the application of a higher level of modelling abstraction, conceptual modelling, which may provide a conceptual clarification of the RIS environment. This proposed conceptual model allows a semantic analysis of the environmental impact over the system and the description of other safety properties that have not been considered in the formal specification. In this work, an ontology built for the critical systems modelling is used in order to provide a terminological harmonisation between the physical elements of the system and the environment. The conceptual model allows a safety-oriented improvement of the RIS formal specification as well as it provides a common, shared and unambiguous view of both system and environment.

Download

A model-based system engineering approach to manage railway safety-related decisions

May 2019

·

61 Reads

·

3 Citations

International Journal of Transport Development and Integration

The safety assessment of Safety Critical Systems (SCSs) is a challenging task since it involves different actors and a combination of several knowledge domains. This increases the complexity of the integration of safety requirements into the design model. Consequently, there is a need for a shared model with an unambiguous terminology aiming to avoid misunderstandings between both safety and design teams. In this paper, we propose a model-based system engineering approach in order to support the goal-oriented safety reasoning and to provide a common model between both safety and requirement engineering driven by goals. Furthermore, the present study considers the safety rules development process based on the Organization-based Access Control (Or-BAC) model, which is normally used to improve the security of the information systems. Then, the common vocabulary proposed for the inter- pretation of the considered notions of domains is defined. Moreover, safety requirements are expressed with a high level of abstraction according to the required railway knowledge and the requirement trace- ability process is considered through an up-bottom reasoning using the Unified Modeling Language (UML) diagrams. The proposed approach aims to provide a methodology able to identify safety conditions in order to anticipate risks and to make better safety-related decisions. Finally, the proposed methodology is evaluated through a real accident scenario analysis in order to validate its adaptability to represent real critical situations.


Towards Semantic Interpretation of Goal-Oriented Safety Decisions Based on Foundational Ontology

January 2019

·

16 Reads

·

9 Citations

Journal of Computers

Semantic interpretation of a knowledge domain is usually required to provide and formalize its common vocabulary. This task is challenging in the context of Safety Critical Systems (SCSs) development, since it involves both safety and design teams. In the railway domain, there is a lack of a common vocabulary aiming to avoid ambiguities in the safety-related decisions to satisfy goals. To cope with the complexity of this task, the aim of this study is to propose a semantic interpretation of the safety rules development process from a goal-oriented perspective. The safety rules development process is performed according to the Organization-Based Access Control (Or-BAC) model, which is normally used for the information systems security. The proposed approach is based on a foundational ontology in order to interpret safety-related concepts in real-world semantics. It provides relations between safety-related concepts and Unified Foundational Ontology (UFO) concepts. Furthermore, the matching between safety rules, Or-BAC and Goal-Oriented Requirements Engineering (GORE) concepts is considered and formalized in a structured way. The proposed interpretation is evaluated and progressively justified regarding the railway domain knowledge and the current literature.


Analysis and Formal Modeling of Systems Behavior Using UML/Event-B

January 2019

·

50 Reads

·

4 Citations

Journal of Communications

The verification of safety properties of critical systems, such as railway signaling systems, is better achieved by formal reasoning. Event-B as a formal method, allows to get safe and reliable systems. Nevertheless, modeling with Event-B method requires some knowledge on mathematical logic and set theory. In opposition, UML (Unified Modeling Language) is a commonly used graphical language, but it does not guarantee the verification of safety properties. This paper presents an approach combining UML and Event-B. In fact, we focus in this work on modeling the systems behavior with the joint use of some UML behavioral diagrams. The UML models are then translated into Event-B models for the systems validation as well as the verification of safety properties using B tools. This methodology is illustrated by an application on a case study of railway signaling system.



Fig. 2. Simple machine example described in B.
Fig. 3. Graph specification in B of the safe shutdown example.
Case Study Details and Results
A Framework for the Formal Specification of Relay-Based Systems Based on a b-Method Graph Specification

January 2019

·

100 Reads

·

1 Citation

International Journal of Computer and Electrical Engineering

A railway interlocking system is one example of a critical system, and, therefore, it must have a high level of reliability in order to avoid problems that may result on the loss of people's lives. However, many railway systems are still specified using historical relay-based diagrams, whose analysis are made by human inspection, which is error prone. Relay-based diagrams are specified by nodes and cables in a graphical manner, which resemble undirected graphs. This paper presents a framework for the specification of relay diagrams in a formal language, B-method, based on the specification of a graph and its properties. The use of a formal language allows one to prove the correctness of these railway interlocking systems regarding structural properties. This framework has been evaluated by the specification of a case study.






Citations (43)


... Luxton and Marinov (2020) discuss risk assessment regarding terrorist attacks on railway systems and suggest implementing a revised passenger searching mechanism to efficiently identify and eliminate any suspicious objects and individuals in order to ensure passenger and rail infrastructure protection. In case of a CBRNe scenario, this would imply not only the use of adapted sensors for detection of chemical or radiological substances (e.g., Collart-Dutilleul et al., 2018), but also good levels of staff training, public awareness and cooperation with the highly trained CBRNe first responders (e.g., firefighters, civil protection, ambulance, law enforcement agencies (LEAs) or even the military), as pointed out by Havârneanu and Petersen (2019). ...

Reference:

Preparing railway stakeholders against CBRNe threats through better cooperation with security practitioners
A passenger flow oriented security and safety approach in international railway stations
  • Citing Conference Paper
  • April 2018

... Noise data are generated by incorrect operation when drivers are nervous. This information has a greater impact on a small number of data sets [24], so this part only focuses on a small number of data sets. Considering the classification performance and computational cost, the redundant and noisy data are filtered by the KNN-based method. ...

Engineering for Critical Systems: The Automatic Train Operation over European Train Control System for Freight Trains Use Case

International Journal of Transport Development and Integration

... This formal verification consists in discharging a set of proof obligations generated from the Event-B specification. This proof obligations are of type invariant preservation, feasibility of non-deterministic actions and well-defined-ness [18]. Finally, the main methodological contribution is a SysML based approach for system modelling and refinement-based approach for conformance assessment. ...

Modeling Train Systems: From High-Level Architecture Graphical Models to Formal Specifications
  • Citing Chapter
  • May 2023

Lecture Notes in Computer Science

... By repeatedly adjusting the environmental model and our own model, we eventually learn to operate in an unknown environment. This also ensure the security of systems [18,19,6,20]. ...

Identifying Alterability States of a Single Track Railway Line Control System

International Journal of Computers, Communications & Control (IJCCC)

... The literature review related to ERTMS implementation issues is extensive and covers a wide spectrum of issues starting from development of the formal methods for signalling and interlocking systems [2][3]11], through the issues related to the automatic protection systems [23], safety problems [9], risk assessment [4,17], ERTMS capacity [14], communication [12], challenges connected with introduction of ETCS Level 3 [10] and finally the implementation problems [13]. Despite so many publications available from the scientific world, there are no known studies that can serve as sources providing a basis for the further analysis presented in this article, other than documents of the manufacturers of ERTMS equipment and issued by ERA. ...

A Colored Petri Net Model for Control Problem of Border Crossing Under Constraints
  • Citing Conference Paper
  • May 2022

... AI regulations must raise trust levels and encourage users to upload their private information online. Policymakers and legislators should collaborate to develop a robust artificial intelligence regulatory framework and control systems for the preventing abuse of personal data [143]. In addition, global-scale agreements must be adopted with common goals that are flexible and accommodate global contexts. ...

SoREn, How Dynamic Software Update Tools Can Help Cybersecurity Systems to Improve Monitoring and Actions

JOURNAL OF UNIVERSAL COMPUTER SCIENCE

... The importance of interoperability in the railway sector and especially at the level of signaling has aroused interest globally in the world [15], but especially on the European continent where mobility between countries is obvious. Thus, several initiatives focusing on interoperability have emerged as listed in [2] with a focus on managing interfaces in borders as mentioned in [16]. We consider as examples: a. ERTMS: The ERTMS [4] is the standard system managing the interpretation of signaling information by the onboard system to significantly increase the safety, efficiency of rail transport, and cross-border interoperability of rail transport in Europe. ...

Crossing Border in the European Railway System: Operating Modes Management by Colored Petri Nets
  • Citing Chapter
  • March 2021

... As Europe is the continent that offers the most interconnected railway network between countries, the European community has carried out several projects with a view to meeting this need for interoperability [2]. However, only European rail traffic management system (ERTMS) [3] has been able to reach the stage of deployment at the continental level and this system is in deployment in many countries outside Europe because it offers standard requirements that facilitate the purchase process through a large number of suppliers of subsystems are different. However, the interoperability between interlockings themselves still needed to get better use of the technological evolution of computer interlocking, especially on borders between countries. ...

Designing Operating Rules for ERTMS Transnational Lines
  • Citing Chapter
  • March 2021

... Its role is to prevent problems such as misrouting and collisions during train operation [2], while monitoring important information such as each train's geographic location, speed, and direction in realtime to ensure safe train operation. During the long-term operation of railway signals, the interlocking control system will inevitably experience malfunctions, which can be caused by the aging of the control equipment or sudden situations [3]. If these malfunctions are not diagnosed in a timely manner, they may lead to serious accidents in railway operation. ...

Towards safe and secure computer based railway interlocking systems
  • Citing Article
  • July 2020

International Journal of Transport Development and Integration