A Safety Analysis Technique Using STAMP/STPA for Electronic Interlocking System

Author: Tetuya Takata
Co-authors: Akira Asano and Hideo Nakamura
Day: Aspect Day 1
Session: Safety (Reserve paper)

Fail-safe technology has been the foundation of the safety of previous signal systems. The fundamental principle is to build systems so that when a malfunction occurs in part of the system, red signals are always triggered and trains are stopped. In recent systems, however, software is essential and the scale of that software is growing in size. At present, there is no such thing as fail-safe software, and high reliability is ensured through approaches such as writing easy-to-understand software, and carrying out thorough inspection. In this paper, STAMP/STPA is used to conduct analysis on signal systems with large-scale software. Detailed safety analysis is carried out with STAMP/STPA, using electronic interlocking system as an example. Then an assessment approach is described, suited to the purpose of Phase 3: Risk analysis of railway RAMS (IEC62278), as well as a method of summarizing the results of that assessment as a hazard log.