Philippe Bon’s research while affiliated with Gustave Eiffel University and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (70)


A Set of Design-oriented Scientific Tools to Assist Abstract B Machine Specification
  • Article

August 2011

·

31 Reads

·

2 Citations

·

Philippe Bon

·

The B method is known to be efficient, as a process of certifiable software implementation building in the domain of guided transports. There is important work to be performed using the informal specification before entering the B process. The upstream requirement analysis may be assisted with some graphical tools using UML notations. Nevertheless, the main problem to be solved may be the choice of the adequate tool. Currently, there are several kinds of diagrams in the UML notation and they are partially redundant. Considering a more general point of view, a main human contribution is to choose the representation which is specifically adapted to the considered assessment problem.


Table 1 .
Table 4 . Markings Corresponding to the State Classes of the p-Time Model
Fig. (5). Level crossing case study.
Table 6 . Markings Corresponding to the State Classes of the t-Time Model
A Formal Model of Requirements
  • Article
  • Full-text available

January 2011

·

395 Reads

·

2 Citations

This paper introduces a methodology to analyze the safety of timed discrete event systems. Our case-study is the level crossing, a critical component for the safety of railway systems. First, our goal is to take out the forbidden state highlighted by a p-time Petri net modelling. This model deals with the requirements of the considered system and has to contain all the constraints that have to be respected. Then we describe a process identified as a solution for the system functioning. This method consists in exploring all the possible behaviors of the system by means of the construction of state classes. Finally, we check if the proposed process corresponds to the model of requirements previously built.

Download

Functioning mode Management and formal assessment of safety

July 2010

·

2 Reads

IFAC Proceedings Volumes

This paper presents a methodology to assist the safety assessment of timed discrete event systems. The methodology is illustrated on a level crossing case-study. It is a critical component for the safety of railway systems. The first step consists in decomposing the system functioning into different functioning modes. Then under specific assumptions, a model is provided for each functioning. Then, our goal is to take out the forbidden state highlighted by a p-time Petri net modelling. This model deals with the requirements of the considered system and has to contain all the constraints that have to be respected. Considering a proposed technological solution, its global functioning is also decomposed in several modes. As a latter, the model of the solution can be assessed, mode by mode. This assessment is achieved comparing the state classes deduced from the requirement model and the state classes of the proposed solution.



Taking advantage of some complementary modeling methods to meet critical system requirement specification

August 2008

·

10 Reads

·

6 Citations

This paper aims at showing how it is possible to combine the advantages of highlevel Petri nets and the B method in order to design safety applications. In the railway critical software domain, safety requirements are obviously severe. Indeed, the passing from an informal specification to a formal one is a crucial point in critical software development. High-level Petri nets combine three important features: a graphical representation, a dynamic behaviour and an abstraction of the treatments. The B method allows one to pass from an abstract specification to a concrete implementation. We propose an approach that integrates the structuring and modelling of the system behaviour by means of coloured Petri nets from semi-formal specifications and the generation of a B abstract specification from this Petri net. Keywords: railway critical systems, safety, formal methods, model translation, high-level Petri nets, B method. 1 Introduction The technological progress of safety automation in railway systems involves a growing complexity of functional safety requirements. Thereby, this leads to the use of some technical tools for analysis and command synthesis that are more and more complex and efficient in order to respect the requirements. Moreover, the introduction of new European standards for railway safety has led one to reconsider critical system requirement specifications modelling.




Safety requirements and p-time Petri nets: A Level Crossing case study

November 2006

·

28 Reads

·

25 Citations

Maximum staying time specifications often ensue from validity intervals and safety requirements. Therefore there is a need for modelling this kind of constraints. There are some studies in the state of the art dealing with train traffic modes with timed Petri net. Nevertheless, these kinds of results do not integrate the safety requirements we want to deal with. In this paper, we explain the reasons which lead us to use p-time Petri nets in order to model a well known case study: a level crossing benchmark. Level crossings are critical components of the European railway network. Nevertheless some accurate time specifications are used in order to fulfill some safety requirements. As the time specifications are difficult to deal with, this paper proposes to apply a dedicated modelling tool which can be found in the literature


Formalisation and simulation of operating rules using coloured Petri nets

June 2006

·

20 Reads

·

4 Citations

The operational rules safety assessment of rail systems is a key element of the rail success to improve the competitiveness. In this context, the goal of this paper is to present a process for a safety analysis of operating rules. The first step of this process describes the operating rules and their formalisation using coloured Petri nets by means of a systematic method. The second step concerns the simulation of the resulting nets to check their properties. A group of ERTMS (European Rail Traffic Management System) operating rules, stemmed from HEROE (Harmonization of European rail Rules for Operating) project concerning the departure of a train will be used as an example. These rules are \“Departure”, \“Train preparation”, \“Permission of train movement authority” and \“Written orders”. Starting with a reminder of our systematic method of description based on coloured Petri nets (CPN), we show that the main advantage of this method is to standardize the rules description. Then, the properties of the resulting Petri nets are checked with appropriate tools, with a view to verifying liveness and to detecting possible deadlocks. Finally, we think that the process of formalisation and simulation will allow to check the consistency and the integrity of operating rules. 1 Introduction From the perspective to harmonize the European railway system, ERTMS (European Rail Traffic Management System) [1], which is the new European standard for train control systems, has been developed and must be implemented for upgrades of high-speed and conventional lines in accordance to the European Commission laws.


Figure 1: An usecase diagram.  
Figure 2: A sequence diagram.  
Figure 3: Class diagram.  
Figure 4: State transition diagram of level crossing control system.  
From UML to B – a level crossing case study

June 2006

·

655 Reads

·

11 Citations

The goal of this paper is to show how it is possible to combine the advantages of Unified Modelling Language (UML) and of the B method in order to design safety applications. We investigate how the Unified Modeling Langage (UML), can be used to formally specify and verify critical railways systems. A benefit of using UML is it status as an international standard (OMG) and its widespread use in the software industry. B is a formal method for the incremental development of specifications and their refinements down to an implementation. In the railway critical software domain, safety requirements are obviously severe. It is very important to keep requirements traceability during software development process even if the different used models are informal, semi formal or formal. Keywords: B method, formal development, level crossing, software verification. 1 Introduction In spite of progress carried out in software development, designing a complex system while respecting its safety requirements, remains very hard. During the critical software development process, safety and security requirements must be traced from informal specification to code generation. So we need to trace them in the different models: informal, semi formal or formal ones. We present a new method here to transform a semi formal modelling to a formal specification which enables them to be traced. This method will be applied to a railways case study, where safety requirements are very strict. We study a level crossing case study taking into account French particularities. This article is made up 3 parts. Firstly, we describe the case study. In the following part we present the principles of UML and we give a part of semi formal modelling of the level crossing. In the last part


Citations (43)


... Luxton and Marinov (2020) discuss risk assessment regarding terrorist attacks on railway systems and suggest implementing a revised passenger searching mechanism to efficiently identify and eliminate any suspicious objects and individuals in order to ensure passenger and rail infrastructure protection. In case of a CBRNe scenario, this would imply not only the use of adapted sensors for detection of chemical or radiological substances (e.g., Collart-Dutilleul et al., 2018), but also good levels of staff training, public awareness and cooperation with the highly trained CBRNe first responders (e.g., firefighters, civil protection, ambulance, law enforcement agencies (LEAs) or even the military), as pointed out by Havârneanu and Petersen (2019). ...

Reference:

Preparing railway stakeholders against CBRNe threats through better cooperation with security practitioners
A passenger flow oriented security and safety approach in international railway stations
  • Citing Conference Paper
  • April 2018

... Noise data are generated by incorrect operation when drivers are nervous. This information has a greater impact on a small number of data sets [24], so this part only focuses on a small number of data sets. Considering the classification performance and computational cost, the redundant and noisy data are filtered by the KNN-based method. ...

Engineering for Critical Systems: The Automatic Train Operation over European Train Control System for Freight Trains Use Case

International Journal of Transport Development and Integration

... This formal verification consists in discharging a set of proof obligations generated from the Event-B specification. This proof obligations are of type invariant preservation, feasibility of non-deterministic actions and well-defined-ness [18]. Finally, the main methodological contribution is a SysML based approach for system modelling and refinement-based approach for conformance assessment. ...

Modeling Train Systems: From High-Level Architecture Graphical Models to Formal Specifications
  • Citing Chapter
  • May 2023

Lecture Notes in Computer Science

·

·

Philippe Bon

·

[...]

·

... By repeatedly adjusting the environmental model and our own model, we eventually learn to operate in an unknown environment. This also ensure the security of systems [18,19,6,20]. ...

Identifying Alterability States of a Single Track Railway Line Control System

International Journal of Computers, Communications & Control (IJCCC)

... The literature review related to ERTMS implementation issues is extensive and covers a wide spectrum of issues starting from development of the formal methods for signalling and interlocking systems [2][3]11], through the issues related to the automatic protection systems [23], safety problems [9], risk assessment [4,17], ERTMS capacity [14], communication [12], challenges connected with introduction of ETCS Level 3 [10] and finally the implementation problems [13]. Despite so many publications available from the scientific world, there are no known studies that can serve as sources providing a basis for the further analysis presented in this article, other than documents of the manufacturers of ERTMS equipment and issued by ERA. ...

A Colored Petri Net Model for Control Problem of Border Crossing Under Constraints
  • Citing Conference Paper
  • May 2022

... AI regulations must raise trust levels and encourage users to upload their private information online. Policymakers and legislators should collaborate to develop a robust artificial intelligence regulatory framework and control systems for the preventing abuse of personal data [143]. In addition, global-scale agreements must be adopted with common goals that are flexible and accommodate global contexts. ...

SoREn, How Dynamic Software Update Tools Can Help Cybersecurity Systems to Improve Monitoring and Actions

JOURNAL OF UNIVERSAL COMPUTER SCIENCE

... The importance of interoperability in the railway sector and especially at the level of signaling has aroused interest globally in the world [15], but especially on the European continent where mobility between countries is obvious. Thus, several initiatives focusing on interoperability have emerged as listed in [2] with a focus on managing interfaces in borders as mentioned in [16]. We consider as examples: a. ERTMS: The ERTMS [4] is the standard system managing the interpretation of signaling information by the onboard system to significantly increase the safety, efficiency of rail transport, and cross-border interoperability of rail transport in Europe. ...

Crossing Border in the European Railway System: Operating Modes Management by Colored Petri Nets
  • Citing Chapter
  • March 2021

... As Europe is the continent that offers the most interconnected railway network between countries, the European community has carried out several projects with a view to meeting this need for interoperability [2]. However, only European rail traffic management system (ERTMS) [3] has been able to reach the stage of deployment at the continental level and this system is in deployment in many countries outside Europe because it offers standard requirements that facilitate the purchase process through a large number of suppliers of subsystems are different. However, the interoperability between interlockings themselves still needed to get better use of the technological evolution of computer interlocking, especially on borders between countries. ...

Designing Operating Rules for ERTMS Transnational Lines
  • Citing Chapter
  • March 2021

... Its role is to prevent problems such as misrouting and collisions during train operation [2], while monitoring important information such as each train's geographic location, speed, and direction in realtime to ensure safe train operation. During the long-term operation of railway signals, the interlocking control system will inevitably experience malfunctions, which can be caused by the aging of the control equipment or sudden situations [3]. If these malfunctions are not diagnosed in a timely manner, they may lead to serious accidents in railway operation. ...

Towards safe and secure computer based railway interlocking systems
  • Citing Article
  • July 2020

International Journal of Transport Development and Integration