Allocating imprecise safety targets in satellite-based localization systems used in railway signaling operations.

Summary Several European actors of railways and GNSS (Global Navigation Satellite System) are committed to develop a safe on-board train positioning system including satellite localization technologies to enable the ETCS (European Train Control System) to manage rail traffic more efficiently. Known risky situations can arise when operating this system, especially when GNSS signals are disturbed. No robust predictive error model exists today to characterize degradations due to local propagation phenomena around the train reception antenna. Different failure detection mechanisms are available to mitigate risks. Nevertheless, such available processes still suffer from safety flaws mainly due to strong model hypotheses on error distributions associated to system measurements. Recent European projects on GNSS have adopted the existing apportionment principles to allocate safety targets, in terms of tolerable hazard rates (THRs), to functions managing feared events due to GNSS. However, the top-down analysis of the allocation process imposes strong requirements for the developed (or in development) dedicated mechanisms. The paper proposes an original method for handling THRs no longer as crisp values but as intervals to take into account both aleatory and epistemic uncertainties of the models used for failure detection and the environmental effect. The proposed allocation methodology based on the common Fault Tree Analysis and interval propagation methods considers model and data uncertainties adding versatility to the allocation method recommended by the standard EN50126.