Search Results

Exposure in ISO 26262 is defined as the state of being in an operational situation that can be hazardous if coincident with the failure mode under analysis. An operational situation is defined as a scenario that can occur during a vehicle's life with examples given such as driving, parking, or maintenance. Accurately predicting exposure is one of the more difficult tasks in the ASIL determination. ISO 26262 Part 3 attempts to provide guidance in Annex B through tables of potential operational situations and associated exposure levels. However, the contents of these tables may not allow for an accurate prediction of exposure and may lead to an exposure value that is too high or too low. In this paper, we describe a potential method for determining exposure that considers a potential mishap scenario as a composition of multiple coincident operational situations rather than considering a single operational situation as indicated in the tables in Annex B of Part 3.

Today's vehicles contain a number of safety-critical systems designed to help improve overall vehicle safety. Such systems may control vital vehicle functions such as steering, braking and/or propulsion independently of the driver. In today's vehicles, much emphasis has been placed on helping ensure that these safety-critical vehicle systems operate as intended. Applying rigorous system safety engineering principles in developing these safety-critical automotive systems helps ensure that they operate as desired and expected. Less emphasis has been placed to-date on helping ensure cybersecurity of cyber-physical automotive systems. However, this is changing as both the world and the automotive industry become more aware of the potential ramifications of cyber-attacks on vehicles.

Execution of a software safety program is an accepted best practice to help verify that potential software hazards are identified and their associated risks are mitigated. Successful execution of a software safety program involves selecting and applying effective analysis methods and tasks that are appropriate for the specific needs of the development project and that satisfy software safety program requirements. This paper describes the effective application of a set of software safety methods and tasks that satisfy software safety program requirements for many applications. A key element of this approach is a tightly coupled fault tree analysis and failure modes and effects analysis. The approach has been successfully applied to several automotive embedded control systems with positive results.

A requirement of many modern safety-critical automotive applications is to provide failsafe operation. Several analysis methods are available to help confirm that automotive safety-critical systems are designed properly and operate as intended to prevent potential hazards from occurring in the event of system failures. One element of safety-critical system design is to help verify that the software and microcontroller are operating correctly. The task of incorporating failsafe capability within an embedded microcontroller design may be achieved via hardware or software techniques. This paper surveys software failsafe techniques that are available for application within a microcontroller design suitable for use with safety-critical automotive systems. Safety analysis techniques are discussed in terms of how to identify adequate failsafe coverage.

In this paper, we review existing software safety standards, guidelines, and other software safety documents. Common software safety elements from these documents are identified. We then describe an adaptable software safety process for automotive safety-critical systems based on these common elements. The process specifies high-level requirements and recommended methods for satisfying the requirements. In addition, we describe how the proposed process may be integrated into a proposed system safety process, and how it may be integrated with an existing software development process.

A new generation of software-controlled vehicle systems promises to help enhance vehicle safety, performance and comfort. As these new, often complex systems are added, system safety programs are followed to help eliminate potential hazards. An important part of planning for a safety program is to understand applicable standards. This paper identifies, reviews, categorizes, and summarizes the importance of several applicable standards for incorporation in a system safety program.

Hazard analysis plays an important role in the development of safety-critical systems. Hazard analysis techniques have been used in the development of conventional automotive systems. However, as future automotive systems become more sophisticated in functionality, design, and applied technology, the need for a more comprehensive hazard analysis approach has arisen. In this paper, we describe a comprehensive hazard analysis approach for system safety programs. This comprehensive approach involves applying a number of hazard analysis techniques and then integrating their results. This comprehensive approach attempts to overcome the narrower scope of individual techniques while obtaining the benefits of all of them.

Steer-by-wire and other “by-wire” systems (as defined in the paper) offer many passive and active safety advantages. To help ensure these advantages are achieved, a comprehensive system-safety process should be followed. In this paper, we review standard elements of system safety processes that are widely applied in several industries and describe the main elements of our proposed analysis process for by-wire systems. The process steps include: (i) creating a program plan to act as a blueprint for the process, (ii) performing a variety of hazard analysis and risk assessment tasks as specified in the program plan, (iii) designing and verifying a set of hazard controls that help mitigate risk, and (iv) summarizing the findings. Vehicle manufacturers and suppliers need to work together to create and follow such a process. A distinguishing feature of the process is the explicit linking of hazard controls to the hazards they cover, permitting coverage-based risk assessment.