Analysis of ISO 26262 Compliant Techniques for the Automotive Domain

The ISO 26262 standard denes functional safety for automotive E/E systems. Since the publication of the rst edition of this standard in 2011, many dierent safety techniques complying to the ISO 26262 have been developed. However, it is not clear which parts and (sub-) phases of the standard are targeted by these techniques and which objectives of the standard are particularly addressed. Therefore, we carried out a gap analysis to identify gaps between the safety standard objectives of the part 3 till 7 and the existing techniques. In this paper the results of the gap analysis are presented such as we identied that there is a lack of mature tool support for the ASIL sub-phase and a need for a common platform for the entire product development cycle

Analysis of ISO 26262 Compliant Techniques for the Automotive Domain

The ISO 26262 standard denes functional safety for automotive E/E systems. Since the publication of the rst edition of this standard in 2011, many dierent safety techniques complying to the ISO 26262 have been developed. However, it is not clear which parts and (sub-) phases of the standard are targeted by these techniques and which objectives of the standard are particularly addressed. Therefore, we carried out a gap analysis to identify gaps between the safety standard objectives of the part 3 till 7 and the existing techniques. In this paper the results of the gap analysis are presented such as we identied that there is a lack of mature tool support for the ASIL sub-phase and a need for a common platform for the entire product development cycle

Assurance Benefits of ISO 26262 compliant Microcontrollers for safety-critical Avionics

The usage of complex Microcontroller Units (MCUs) in avionic systems constitutes a challenge in assuring their safety. They are not developed according to the development requirements accepted by the aerospace industry. These Commercial off-the-shelf (COTS) hardware components usually target other domains like the telecommunication branch. In the last years MCUs developed in compliance to the ISO 26262 have been released on the market for safety-related automotive applications. The avionic assurance process could profit from these safety MCUs. In this paper we present evaluation results based on the current assurance practice that demonstrates expected assurance activities benefit from ISO 26262 compliant MCUs.Comment: Submitted to SafeComp 2018: http://www.es.mdh.se/safecomp2018

Development and Validation of Functional Model of a Cruise Control System

Modern automobiles can be considered as a collection of many subsystems working with each other to realize safe transportation of the occupants. Innovative technologies that make transportation easier are increasingly incorporated into the automobile in the form of functionalities. These new functionalities in turn increase the complexity of the system framework present and traceability is lost or becomes very tricky in the process. This hugely impacts the development phase of an automobile, in which, the safety and reliability of the automobile design should be ensured. Hence, there is a need to ensure operational safety of the vehicles while adding new functionalities to the vehicle. To address this issue, functional models of such systems are created and analysed. The main purpose of developing a functional model is to improve the traceability and reusability of a system which reduces development time and cost. Operational safety of the system is ensured by analysing the system with respect to random and systematic failures and including safety mechanism to prevent such failures. This paper discusses the development and validation of a functional model of a conventional cruise control system in a passenger vehicle based on the ISO 26262 Road Vehicles - Functional Safety standard. A methodology for creating functional architectures and an architecture of a cruise control system developed using the methodology are presented.Comment: In Proceedings FESCA 2016, arXiv:1603.0837

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt

Exploring the impact of different cost heuristics in the allocation of safety integrity levels

Contemporary safety standards prescribe processes in which system safety requirements, captured early and expressed in the form of Safety Integrity Levels (SILs), are iteratively allocated to architectural elements. Different SILs reflect different requirements stringencies and consequently different development costs. Therefore, the allocation of safety requirements is not a simple problem of applying an allocation "algebra" as treated by most standards; it is a complex optimisation problem, one of finding a strategy that minimises cost whilst meeting safety requirements. One difficulty is the lack of a commonly agreed heuristic for how costs increase between SILs. In this paper, we define this important problem; then we take the example of an automotive system and using an automated approach show that different cost heuristics lead to different optimal SIL allocations. Without automation it would have been impossible to explore the vast space of allocations and to discuss the subtleties involved in this problem

ISO 26262 Compliant Automatic Requirements-Based Testing for TargetLink

International audienceThis paper presents an automatic method that has been developed in order to support international standards regarding functional safety, like ISO 26262 for automotive and DO178B for aeronautics. It describes a seamless and integrated method to formalise requirements based on pattern specification automatons and generated C-observer code. Based on such C-Observers then requirements based functional tests can be generated and formal verification can be automated as the generated C-code observers are integrated into a test and verification tool environment. The advantage of such approach includes the possibility to enable requirements-based test case generation, automatic test execution and analysis and test quality measurement by automatic generation of requirements coverage and traceability reports. The described method is in-line with the software quality standards as it is for example specified in the new automotive standard for functional safety ISO 26262. The approach has already been implemented in a first instance for the Matlab/Simulink models and production code generation with TargetLink from dSPACE