中国安全科学学报 ›› 2021, Vol. 31 ›› Issue (6): 113-120.doi: 10.16265/j.cnki.issn 1003-3033.2021.06.015

• 安全工程技术 • 上一篇    下一篇

高铁应急调度STAMP/STPA安全性分析

吴海涛1,2,3 副教授, 黎双喜1   

  1. 1 西南交通大学 交通运输与物流学院,四川 成都 611756;
    2 综合交通运输智能化国家地方联合工程实验室,四川 成都 611756;
    3 综合交通大数据应用技术国家工程实验室,四川 成都 611756
  • 收稿日期:2021-03-05 修回日期:2021-05-08 出版日期:2021-06-28 发布日期:2021-12-28
  • 作者简介:吴海涛 (1981—),男,山东烟台人,博士,副教授,主要从事交通运输系统安全性与人因可靠性、交通运输网络可靠性等方面的研究。E-mail: wuhaitao@swjtu.cn。
  • 基金资助:
    国家自然科学基金资助(51605398);四川省科技厅软科学项目(2020JDR0142);成都市科技局软科学项目(2020-RK00-00080-ZF)。

High-speed railway emergency dispatching safety analysis based on STAMP/STPA

WU Haitao1,2,3, LI Shuangxi1   

  1. 1 School of Transportation and Logistics, Southwest Jiaotong University, Chengdu Sichuan 611756, China;
    2 National United Engineering Laboratory of Integrated and Intelligent Transportation, Chengdu Sichuan 611756, China;
    3 National Engineering Laboratory of Comprehensive Transportation Big Data Application Technology,Chengdu Sichuan 611756, China
  • Received:2021-03-05 Revised:2021-05-08 Online:2021-06-28 Published:2021-12-28

摘要: 为克服传统安全分析模型不能评估高铁调度系统中组件之间复杂交互的缺陷,基于系统理论的事故过程模型(STAMP),将高铁应急指挥系统中人员与设备之间交互安全性问题视作系统控制和反馈问题,构建高铁应急调度控制反馈模型,识别系统安全风险与约束;采用系统理论过程分析法(STPA),分析不安全控制行为及诱发不安全控制行为的控制缺陷;基于台高铁脱轨事故实例分析,验证STAMP/STPA应用于高铁应急调度安全分析的有效性。结果表明:构建的高铁应急调度控制反馈模型可分析得到高铁应急调度指挥的风险因素为感知或执行误差、决策失误、接收或执行时延;同时通过该模型可演绎安全约束失效路径。

关键词: 高铁应急调度, 系统理论事故过程模型(STAMP), 系统理论过程分析法(STPA), 交互, 安全约束, 控制缺陷

Abstract: In order to overcome defect that traditional safety analysis models cannot evaluate complex interactions between components in the high-speed railway dispatching system, based on system theory, STAMP treats interaction safety between personnel and equipment in high-speed railway emergency command system as a system control and feedback problem, high-speed railway emergency dispatch control feedback model was constructed, and system safety risks and constrain were identified. STPA was used to analyze unsafe control behavior and control defects inducing unsafe control behavior. Validity of STAMP/STPA applied to safety analysis of high-speed railway emergency dispatch was verified based on case analysis of high-speed railway derailment accident in Taiwan. The results show that risk factors of emergency dispatch command of high-speed railway can be analyzed by feedback model of emergency dispatch control perception or execution error, decision-making error, receiving or execution delay. At the same time, failure path of safety constraint can be deduced by model.

Key words: high-speed railway emergency dispatching, system-theoretic accident model and process (STAMP), system-theoretical process analysis (STPA), interaction, safety constraint, control defects

中图分类号: