Using UML Diagrams for System

Safety and Security Environment

Analysis

Flávio Monteiro Rachel

Paulo Sérgio Cugnasca
Safety Analysis Group
São Paulo University, Brazil

1
 Summary

• Introduction;
• The Updated Object-Oriented System Proposed;
•System Engineering;
•Analysis;
• Project, construction and validation.
• Conclusions.

2
Introduction
• In 2003, a viability analysis of using predictive fuzzy
logic for train control was initiated;
• This study has some aspects:
• The use of Object-Oriented Approach;
• The use of predictive fuzzy logic itself;
• The safety aspect;
• The use of predictive fuzzy logic as an AI tool is
avoided by European standards (like EN 50123);
• The use of UML diagrams to analyse safety/security
environments is now analysed.
3
The Updated Object-Oriented System Proposed
• During the original object-oriented system project
development, there were detected some operational
needs that were not supported by the previous version;
• The operational team has different needs for
performance, according to operational demand on
users;
• This problem was solved by including a new system
input called Time or Performance Level;
• So, the project rebuilding was started in order to add
this new feature to the system.

4
The Proposed Object-Oriented Control System
•The UML uses several diagrams for static, dynamic and
method aspects project characterization.

Safety/Security Static Dimension

- Class diagram
Dimension - Associations
- Aggregations, inheritances

Method Dimension
- Algorithms Dynamic Dimension
- Methods - Sequence diagram
- Equations - Interaction diagram
- Rules - State diagram

5
The Proposed Object-Oriented Control System
Software Artefacts
- Problem Understanding
SYSTEM - Business Plan
ENGINEERING
- Static and Dynamic Modelling
- Prototype
ANALYSIS
- Dimensioning (HW/SW)
IMPROVEMENTS - Technical Specifications
PROJECT
(Modules)
- Integration Plan
CONSTRUCTION
- Codification
- Integration
VALIDATION
- Homologation

6
System Engineering – ATC Schematic Diagram

ATP Controller
ATC
ATO Controller

Position
Logic Control Box Control
Tachometers

Programmed
Stop Antenna

Track Signal
Antenna
7
System Engineering – IDEF0 Level 0 Diagram
Movement
Rules

Commanded Brake/
Speed Propulsion

Real ATC
Speed
Programmed
Stop (Automatic Train Control)
Amount of
Time or Brake/
Performance Propulsion
Level

Track Signal Operator

Antenna
Programmed Tachometer
Stop
Antenna

8
System Engineering – IDEF0 Level 1 Diagram
Movement
Rules Programmed
Stop

Commanded Brake/
Speed Propulsion
Real Train Amount of
Speed Movement Brake/Propulsion
Time or
Performance
Level
Programmed
Stop Programmed
Stop

Programmed
Operator Stop
Tachometer
Track Antenna
Signal
Antenna

9
Analysis – Class Diagram
Performance Legend :

Speed
Performance Level Operator
Class
Name
Speed
SetPerfLvl() Class
Attributes
SetSpd() BrkOn()
ReadSpd() ReadPerfLvl() TrkOn() Class
Procedures
Commanded
Speed
Commanded
Inheritance
Speed
SetComSpd() Propulsion
Programmed
ReadComSpd()
Intensity Stop
Type
State
Real On()
Speed Off()
CalcSpd()
Real ReadInt()
Speed SetInt()
ReadTyp()
SetReaSpd() SetTyp()
ReadReaSpd()

Brake Traction

Intensity Intensity

On() On()
Off() Off()

10
Analysis – State Diagram
Accident

Train Proximity
Stopped
Motor Train
Speed = 0
On

Motor Brakes
Off On

Train Speed Train Unsafe

Accelerating Brakes Maintaining Brakes Braking Condition
Off Off
Programmed
Stop Programmed Brakes
Programmed Stop
Stop Failure

Programmed
Programmed
Stop
Stop
End

Train Proximity

11
Analysis – Sequence Diagram
: Commanded : Real : Logic
: Propulsion : Motor : Brakes
Speed Speed Box
e2 = Speed
Commanded Maintaning
Speed
Real e3 = Train
Speed Braking
(> Commanded
Speed) Brake

Brakes On

Brake Failure
Speed Decrease
Real
Speed
Unsafe
(> Commanded
e5 = Unsafe
Speed) Brake
Speed Condition
Brakes On
(>Commanded Emergency
Emergency Brakes On
Speed Decrease
Speed) Brake
Real
e2 = Speed Maintaning or
Speed
(= Commanded
Brake
e0 Failure
= Stopped Train
Speed) Brake
Off Brakes Off
e0 = Train
Accident Speed Maintaning
Stopped
e1= Train Accelerating or
e3 = Train Braking
Scenario 2 - Speed Control - Train Braking
Scenario 5 – Unsafe Scenario – Brake Failure

12
Control Systems – Direct Control System

Process
(System)

Direct Control
System

13
Control Systems – Supervisory Control System

Process
(System)

Control
System

Supervisory
Control System

14
Project, Construction and Validation
• The next step is to put the plans into practice,
implementing all functions by means of hardware and/or
software;
• The use of UML diagrams made the improvements
implementation much easier and consistent to the
original project;
• The UML diagrams can be used to identify potential risk
scenarios and to map dangerous or unsafe conditions to
the systems. However, they not substitute the traditional
risk analysis.

15
Conclusions
• The object-oriented approach brought the main
advantage to the improvements implementation: the ease
of project rebuilding;
•European standards avoid the use of AI tools. However,
the use of predictive fuzzy logic revealed itself as a
suitable solution for control systems applications;
• The solution was found implementing a supervisory
control system (ATP) to monitor the direct control
system (ATO) in order to ensure safe system operation;
• UML diagrams can be used efficiently for
safety/security environment analysis. However, it does
not substitute the traditional risk analysis tools.
16
 Flávio Monteiro Rachel
fmrachel@metrosp.com.br
flavio.rachel@poli.usp.br
Phone: +55 11 3444-1445
Fax : +55 11 5012-2842

17