Information Technology Reference
In-Depth Information
“Open Proof” for Railway Safety Software -
A Potential Way-Out of Vendor Lock-in
Advancing to Standardization, Transparency,
and Software Security
Klaus-Rüdiger Hase
Deutsche Bahn AG, Richelstrasse 3, 80634 München, Germany
Klaus-Ruediger.Hase@DeutscheBahn.com
Abstract. “Open Proof” (OP) is a new approach for safety and se-
curity critical systems and a further development of the “Open Source
Software” (OSS) movement, not just applying OSS licensing concepts
tothefinalsoftwareproductsitself,butalsototheentirelifecycleand
all software components involved, including tools, documentation for
specification, verification, implementation, maintenance and in par-
ticular including safety case documents. A potential field of applying
OP could be the European Train Control System (ETCS) the new
signaling and Automatic Train Protection (ATP) system to replace
some 20 national legacy signaling systems in all over the European
Union. The OP approach might help manufacturers, train operators,
infrastructure managers as well as safety authorities alike to eventu-
ally reach the ambitious goal of an unified fully interoperable and still
affordable European Train Control and Signaling System, facilitating
fast and reliable cross-border rail tra
c at state of the art safety and
security levels.
Keywords: ATC, ATP, Critical Software, ETCS, EUPL, Embedded Con-
trol, FLOSS, Open Proof, openETCS, Train Control, Standardization.
1
Introduction
The European Train Control System (ETCS, [1]) is intended to replace sev-
eral national legacy signaling and train control systems all across Europe.
The system consists of facilities in infrastructure and on-board units (OBU).
Especially for the ETCS on-board equipment the degree of functional com-
plexity to be implemented is expected to be significantly higher than in con-
ventional systems. In terms of technology, this is mostly done by software in
so-called embedded control system implementations. While electronic hard-
ware is getting continuously cheaper, the high complexity of the safety critical
software has caused significant cost increases for development, homologation
and maintenance of this technology. This has raised questions for many rail-
way operators with respect to the economy of ETCS in general.
