TY - GEN
T1 - A Safety Argumentation for Fail-Operational Automotive Systems in Compliance with ISO 26262
AU - Schmid, Tobias
AU - Schraufstetter, Stefanie
AU - Wagner, Stefan
AU - Hellhake, Dominik
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/11
Y1 - 2019/11
N2 - For highly automated driving, fail-operational driving systems are indispensable to prevent hazardous situations in case of an E/E failure. That requires redundant system design and enhanced safety analysis for ensuring fault tolerance and further operation. Existing work addresses attributes of fail-operational systems relevant for safety, however the sufficiency of safety analysis has not been investigated. We therefore aim to identify relevant safety aspects for fail-operational systems in ISO 26262 which require analysis to ensure compliance. Further we deduce a fault model for a fail-operational driving system containing the relevant failure modes. By consolidating the fault-model and ISO 26262 into a safety argumentation using the goal structure notation we provide a safety argumentation for a fail-operational driving system sufficient according to ISO 26262. Whereas conventional fail-silent systems can be analysed on the sub-system level, fail-operational systems requires overarching analysis on the system level. We therefore determine objectives of this analysis, structure those according to the necessary level and determine the relations given by mutual contributions. With our work, we provide a framework for safety argumentation of a fail-operational driving system in compliance with ISO 26262 regarding safety analysis.
AB - For highly automated driving, fail-operational driving systems are indispensable to prevent hazardous situations in case of an E/E failure. That requires redundant system design and enhanced safety analysis for ensuring fault tolerance and further operation. Existing work addresses attributes of fail-operational systems relevant for safety, however the sufficiency of safety analysis has not been investigated. We therefore aim to identify relevant safety aspects for fail-operational systems in ISO 26262 which require analysis to ensure compliance. Further we deduce a fault model for a fail-operational driving system containing the relevant failure modes. By consolidating the fault-model and ISO 26262 into a safety argumentation using the goal structure notation we provide a safety argumentation for a fail-operational driving system sufficient according to ISO 26262. Whereas conventional fail-silent systems can be analysed on the sub-system level, fail-operational systems requires overarching analysis on the system level. We therefore determine objectives of this analysis, structure those according to the necessary level and determine the relations given by mutual contributions. With our work, we provide a framework for safety argumentation of a fail-operational driving system in compliance with ISO 26262 regarding safety analysis.
KW - Fail-operational
KW - Functional safety
KW - Goal structuring notation
KW - Safety analysis
KW - Safety case
UR - http://www.scopus.com/inward/record.url?scp=85080111428&partnerID=8YFLogxK
U2 - 10.1109/ICSRS48664.2019.8987656
DO - 10.1109/ICSRS48664.2019.8987656
M3 - Conference contribution
AN - SCOPUS:85080111428
T3 - 2019 4th International Conference on System Reliability and Safety, ICSRS 2019
SP - 484
EP - 493
BT - 2019 4th International Conference on System Reliability and Safety, ICSRS 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th International Conference on System Reliability and Safety, ICSRS 2019
Y2 - 20 November 2019 through 22 November 2019
ER -