We present the case study developed in the context of the 4SECURail project and the approach used for its formal modeling and analysis. Starting from a simple SysML/UML behavioral model of the system requirements, three formal models have been developed using three different frameworks, namely UMC, ProB, and CADP/LNT. The paper shows how the different ways to represent and analyze the system from the three different points of view allow us to take advantage of the resulting diversity.SubLayer (SAI) of the SUBSET-098. These two components are the main actors that support the creation/deletion of safe communication lines and protect the transmission of messages exchanged on such lines. In particular, the CSL is responsible for requesting the activation -and in case of failure, the re-establishment -of the communication line, for continuously controlling its liveliness, and for the forwarding of the handover transaction messages. The SAI is responsible for ensuring the absence of excessive delays, repetitions, losses, or re-ordering of messages during their transmissions. This is achieved by adding sequence numbers and time-related information to the RBC messages. The RBC/RBC communication line consists of two sides that are properly configured as "initiator" and "called". With respect to ETCS/ERTMS Class 1 System Requirements Specification FIS for RBC/RBC Handover RBC-RBC Safe Communication Interface EuroRadio FIS