“Open Proof” for Railway Safety Software - A Potential Way-Out of Vendor Lock-in Advancing to Standardization, Transparency, and Software Security

  • Klaus-Rüdiger Hase
Conference paper


“Open Proof” (OP) is a new approach for safety and security critical systems and a further development of the “Open Source Software” (OSS) movement, not just applying OSS licensing concepts to the final software products itself, but also to the entire life cycle and all software components involved, including tools, documentation for specification, verification, implementation, maintenance and in particular including safety case documents. A potential field of applying OP could be the European Train Control System (ETCS) the new signaling and Automatic Train Protection (ATP) system to replace some 20 national legacy signaling systems in all over the European Union. The OP approach might help manufacturers, train operators, infrastructure managers as well as safety authorities alike to eventually reach the ambitious goal of an unified fully interoperable and still affordable European Train Control and Signaling System, facilitating fast and reliable cross-border rail traffic at state of the art safety and security levels.


ATC ATP Critical Software ETCS EUPL Embedded Control FLOSS Open Proof openETCS Train Control Standardization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The European Railway Agency (ERA): ERTMS Technical Documentation, System requirements Specification - Baseline 3, SUBSET- 026 v300, published 01/01/2010.
  2. 2.
    Thompson, Ken: Reflections on Trusting Trust; Reprinted from Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.
  3. 3.
    Wheeler, David A.: High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS); updated 20/11/2009;
  4. 4.
    Wysopal, Chris; Eng, Chris: Static Detection of Application Backdoors, Veracode Inc., Burlington, MA USA, 2007
  5. 5.
    Poulsen, Kevin, “Borland Interbase backdoor exposed”, The Register, Jan. 2001,\_interbase\_backdoor\_exposed
  6. 6.
    EUROPEAN PARLIAMENT: REPORT on the existence of a global system for the interception of private and commercial communications (ECHELON interception system) (2001/2098(INI)), Part 1: Motion for a resolution: A5-0264/2001, 11. July 2001.\_echelon\\\_en.pdf
  7. 7.
    FINANCIAL TIMES Europe: “Stuxnet worm causes worldwide alarm”, by Joseph Menn and Mary Watkins, Published: Sept. 24, 2010, Pages 1 and 3 or online version:
  8. 8.
    Schweizerische Eidgenossenschaft, UUS: Schlussbericht der Unfalluntersuchungsstelle Bahnen und Schiffe über die Entgleisung von Güterzug 43647 der BLS AG vom Dienstag, 16. Oktober 2007, in Frutigen.\_SB.pdf
  9. 9.
    Klaeren, Herbert: “Skriptum Softwaretechnik”, Universität Tübingen, Okt. 2007,
  10. 10.
    McConnell, Steve: Code Complete, 2nd ed. 2004, Microsoft Press; Redmond, Washington 98052-6399, USA, ISBN 0-7356-1967-0Google Scholar
  11. 11.
    Richard H. Cobb, Harlan D. Mills: Engineering Software under Statistical Quality Control. IEEE Software 7(6): 44-54 (1990)Google Scholar
  12. 12.
    Dvorak, Daniel L., (Editor): NASA Study on Flight Software Complexity, Final Report, California Institute of Technology, 2008 Report:\_FSWC\_Final\_Report.pdf Presentation:
  13. 13.
    Ostrand, T. J. et al: Where the Bugs Are. In: Rothermel, G. (Hrsg.): Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis, Vol. 29, 2004, Pages 86-96; see also: (German)
  14. 14.
    Randell, B.: The NATO Software Engineering Conferences, 1968/1969:
  15. 15.
    Dijkstra, Edsger W.: The Humble Programmer, ACM Turing Lecture 1972.
  16. 16.
    Sukale, Margret: Taschenbuch der Eisenbahngesetze, Hestra-Verlag, 13.Auflage 2002Google Scholar
  17. 17.
    Raymond, Eric Steven: The Cathedral and the Bazaar, version 3.0, 11 Sept. 2000
  18. 18.
    Pfleeger, Charles P.; Pfleeger, Shari Lawrence: Security in Computing. Fourth edition. ISBN 0-13-239077-9Google Scholar
  19. 19.
    Biggerstaff, Ted J.: A Perspective of Generative Reuse, Technical Report, MSR-TR-97-26,1997, Microsoft Corporation
  20. 20.
    Rix, Malcolm: “Case Study of a Successful Firmware Reuse Program,” WISR (Workshop on the Institutionalization of Reuse), Palo Alto, CA,.
  21. 21.
    Watts S. Humphrey; Winning with Software: An Executive Strategy, 2001 by Addison-Wesley, 1st Edition; ISBN-10: 0-201-77639-1Google Scholar
  22. 22.
    UNU-MERIT, (NL): Economic impact of open source software on innovation and the competitiveness of the Information and Communication Technologies (ICT) sector\_en.pdf
  23. 23.
    Free Software Foundation, Inc.; 51 Franklin Street, Boston, MA 02110-1301, USA:
  24. 24.
    David A. Wheeler: Open Source Software (OSS or FLOSS) and the U.S. Department of Defense, November 4, 2009;
  25. 25.
    European Commission, European Union Public License - EUPL v.1.1, Jan. 9, 2009.
  26. 26.
    European Commission, iDABC, European eGovernment Services; OSOR; Guideline on public procurement of Open Source Software, March 2010,\%20-final.pdf
  27. 27.
    Wikipedia, terminology: “Copyleft”
  28. 28.
    Eclipse Foundation, “About the Eclipse Foundation”,\#about
  29. 29.
    TOPCASED: The Open Source Toolkit for Critical Systems;
  30. 30.
    Duhoux, Maarten: “Respecting EN 50128 change control requirements using BugZilla variants”, Signal+Draht, Heft 07+08/2010, EurailPress\_082010-1.html
  31. 31.
    DIN EN 50128; VDE 0831-128:2009-10; Railway applications - Communication, signal-ling and processing systems - Software for railway control and protection systems; version prEN 50128:2009; Beuth Verlag, Germany, (index only)
  32. 32.
    Wheeler, David A.: Countering the Trusting Trust through Diverse Double- Compiling (DDC) 2009 PhD dissertation, George Mason University, Fairfax, Virginia
  33. 33.
  34. 34.
    Jan Peleska: Formal Methods and the Development of Dependable Systems, Habilitationsschrift, Bericht Nr. 9612, Universität Bremen, 1996.
  35. 35.
    Anne E. Haxthausen, Jan Peleska and Sebastian Kinder: A formal approach for the construction and verification of railway control systems, Journal: Formal Aspects of Computing. Published online: 17 December 2009. DOI: 10.1007/s00165-009-0143-6 Springer, ISSN 0934-5043 (Print) 1433-299X (Online)
  36. 36.
    Lorenz Däubler, Michael Meyer zu Hörste, Gert Bikker, Eckehard Schnieder; Formale Spezifikation von Zugleitsystemen mit STEP, iVA, Techn. Univ. Braunschweig, 2002;\_STEP.pdf
  37. 37.
    Padberg, J. and Jansen, L. and Heckel, R. and Ehrig, H.: Interoperability in Train Control Systems: Specification of Scenarios Using Open Nets; in Proc. IDPT 1998 (Integrated De-sign and Process Technology), Berlin 1998, pages 17 - 28Google Scholar
  38. 38.
    Gary Rathwell: Stone Soup Development Methodology: Last updated December 5, 2000
  39. 39.
    AUTOSAR (AUTomotive Open System ARchitecture);
  40. 40.
    PLCopen; Molenstraat 34, 4201 CX Gorinchem, NL,:
  41. 41.
    UIC/ERRI A200: ETCS, European Train Control System, Overall Project Declaration including the contribution to be made by UIC, Utrecht, NL, Jan. 1992Google Scholar
  42. 42.
    UIC/ERRI A200: Brochure ETCS, European Train Control System, The new standard train control system for the European railways, Aug. 1993, 2nd. Rev. Oct. 1995Google Scholar
  43. 43.
    Johannes Feuser, Jan Peleska: Security in Open Model Software with Hardware Virtualization - The Railway Control System Perspective. Univ. Bremen, 2010

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  1. 1.Deutsche Bahn AGMünchenGermany

Personalised recommendations