Our goal with the Railway System Use Case is to exploit ADMORPH tools to create robust and reliable communication between the train and the ground part of the railway system.

The data transmission system between the train and the ground part of the operator’s system consists of a pair of MCG-GCG communication units (Mobile Communication Units and Ground Communication Unit), as shown in the figure below. The purpose of these units is to interconnect the trusted parts of the on-board system with the trusted parts of the ground system through an untrusted wireless network environment.


The robustness of the system (security and availability of the service) is achieved by the redundancy of communication channels (optimally managed by the systems of various telecommunications operators) and the use of an application that continuously evaluates the status and parameters of transmission channels. Based on the set criteria (security, transmission quality, etc.), the application will adapt the operating mode of the data connection, as illustrated in the following figure.

Use of project tools

To achieve a sufficient level of protection for the trusted part of the MCG and the mutual separation of communication channels A and B, the PikeOS hypervisor is used, which will allow the physical device to be divided into several independent logical parts. For the needs of the use case, the HW of the commercial communication unit, illustrated below, was configured to create three independent parts:

  • two mutually isolated communication parts for Channel A and Channel B, represented by partition A and partition B.
  • a part for the needs of the control application, represented by partition C.

Linux OS is installed in partitions A and B, which allows to easily integrate commercial peripherals. Partition C is without an OS (so-called native PikeOS partition), configured for the needs of the static scheduler CECILE.

In addition to the above system, the MCG may contain other partitions with train diagnostics and control applications, which are not part of the project. The resulting MCG configuration is shown in the next figure, where secure communication between Linux partitions A, B, and control partition C can also be seen. Two pairs of queuing ports are used to communicate with modems. This is one of the system’s security tools.

Application development toolset

The TeamPlay coordination language and the CECILE static scheduler will be used to create the control application. Therefore, a tool was created to convert the output of the CECILE coordination compiler to a format suitable for the Target Compiler and Linker CODEO (Sysgo’s IDE), which generates binary code for the native PikeOS partition. The figure below shows a test application written in TeamPlay and its console output when running on a PikeOS partition.


The integration of the TeamPlay and CECILE development tools for the PikeOS environment completed the second stage of the demonstrator’s development. Verification of the functionality of the test module on the target HW platform was a condition for using the toolkit to create a control application that should reach a level suitable for operational verification of the system