A Safety Argumentation for Fail-Operational Automotive Systems in Compliance with ISO 26262

For highly automated driving, fail-operational driving systems are indispensable to prevent hazardous situations in case of an E/E failure. That requires redundant system design and enhanced safety analysis for ensuring fault tolerance and further operation. Existing work addresses attributes of fail-operational systems relevant for safety, however the sufficiency of safety analysis has not been investigated. We therefore aim to identify relevant safety aspects for fail-operational systems in ISO 26262 which require analysis to ensure compliance. Further we deduce a fault model for a fail-operational driving system containing the relevant failure modes. By consolidating the fault-model and ISO 26262 into a safety argumentation using the goal structure notation we provide a safety argumentation for a fail-operational driving system sufficient according to ISO 26262. Whereas conventional fail-silent systems can be analysed on the sub-system level, fail-operational systems requires overarching analysis on the system level. We therefore determine objectives of this analysis, structure those according to the necessary level and determine the relations given by mutual contributions. With our work, we provide a framework for safety argumentation of a fail-operational driving system in compliance with ISO 26262 regarding safety analysis.

[1]  Tim Kelly,et al.  Model-Based Assurance for Justifying Automotive Functional Safety , 2010 .

[2]  Stefan Wagner,et al.  A Systematic Approach Based on STPA for Developing a Dependable Architecture for Fully Automated Driving Vehicles , 2017 .

[3]  Purnendu Sinha Architectural design and reliability analysis of a fail-operational brake-by-wire system from ISO 26262 perspectives , 2011, Reliab. Eng. Syst. Saf..

[4]  Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles , 2022 .

[5]  Adam Schnellbach Fail-Operational Automotive Systems , 2018 .

[6]  Kristian Beckers,et al.  Systematic Derivation of Functional Safety Requirements for Automotive Systems , 2014, SAFECOMP.

[7]  Andreas Herkersdorf,et al.  Fail-operational in safety-related automotive multi-core systems , 2015, 10th IEEE International Symposium on Industrial Embedded Systems (SIES).

[8]  Bernhard Schätz,et al.  A Case Study on Safety Cases in the Automotive Domain: Modules, Patterns, and Models , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[9]  Alexander Kron,et al.  Motion control solutions for automated driving systems at BMW , 2019 .

[10]  Tim Kelly,et al.  The Goal Structuring Notation – A Safety Argument Notation , 2004 .

[11]  Stefan Wagner,et al.  An Approach for Structuring a Highly Automated Driving Multiple Channel Vehicle System for Safety Analysis , 2018, 2018 3rd International Conference on System Reliability and Safety (ICSRS).

[12]  Rolf Isermann Fehlertoleranz bei mechatronischen Systemen , 2016 .

[13]  Ryouhei Hayama,et al.  Fault-tolerant automobile steering based on diversity of steer-by-wire, braking and acceleration , 2010, Reliab. Eng. Syst. Saf..

[14]  Bernhard Schätz,et al.  Model-Based Safety-Cases for Software-Intensive Systems , 2009, Electron. Notes Theor. Comput. Sci..