In the research and development project AutomatedTrain, DB InfraGO AG and eight other partners are testing fully automated, driverless train dispaching and parking trips as well as automated activation and shutting down of trains. This requires reliable environment perception through sensor fusion. The perception must meet the requirements of safety integrity level SIL 1 or SIL 2. The CENELEC standards, in particular EN 50126-1/2, EN 50129 and EN 50716, form the regulatory framework for this.

The core task was to create a system and software safety architecture for a safe onboard HPC platform. This architecture had to meet the requirements for SIL 2 systems, cybersecurity in accordance with EN 50159 and high-performance demands.

The central challenge was to resolve target conflicts between safety, cost-effectiveness and flexibility. This involved balancing:

• Safety/cybersecurity vs. COTS: safety and security requirements versus the use of Commercial Off-The-Shelf (COTS) components.
• Safety vs. high performance: ensuring safety integrity on non-safe high-performance hardware.
• Safety vs. dynamic configuration: ensuring safety with dynamically loadable applications. 

To master this task, a structured approach with the following steps was taken:

• Systematic Alignment: Continuous alignment of the architecture with the overall system level.
• Mixed Approach: Combination of top-down and bottom-up approaches.
• Traceability: Consistent traceability from requirements to the architecture.
• Communication: Continuous exchange with project partners and stakeholders.
• Best Practices: Consideration of findings from comparable projects (e.g. in the ERJU context).

The result is an implementable and approvable system and software safety architecture for the platform. It conforms to the relevant CENELEC standards and forms the basis for automated driving functions.