Automotive systems become increasingly complex due to their functional range and data exchange with the outside world. Until now, functional safety of such safety-critical electrical/electronic systems has been covered successfully. However, the data exchange requires interconnection across trusted boundaries of the vehicle. This leads to security issues like hacking and malicious attacks against interfaces, which could bring up new types of safety issues. Before mass-production of automotive systems, evidences and arguments are required regarding two aspects. Product engineering has been done compliant to specific standards and supports arguments that the system is free of unreasonable safety and security risks. This paper shows a safety and security co-engineering framework, which covers standard compliant process derivation and management, and supports product specific safety and security co-analysis. Furthermore, we investigate processand product-related argumentation and apply the approach to an automotive use case regarding safety and security.Keywords: Safety and security co-engineering • process-and product-based argumentation • process and argumentation patterns • automotive domain • ISO 26262 • SAE J3061
eprints@whiterose.ac.uk https://eprints.whiterose.ac.uk/ Reuse Unless indicated otherwise, fulltext items are protected by copyright with all rights reserved. The copyright exception in section 29 of the Copyright, Designs and Patents Act 1988 allows the making of a single copy solely for the purpose of non-commercial research or private study within the limits of fair dealing. The publisher or other rights-holder may allow further reproduction and re-use of this version -refer to the White Rose Research Online record for this item. Where records identify the publisher as the copyright holder, users can verify any specific terms of use on the publisher's website. TakedownIf you consider content in White Rose Research Online to be in breach of UK law, please notify us by emailing eprints@whiterose.ac.uk including the URL of the record and the reason for the withdrawal request. Model-Based Specification of Safety Compliance Needs for CriticalSystems: A Holistic Generic Metamodel! Abstract!Context: Many critical systems must comply with safety standards as a way of providing assurance that they do not pose undue risks to people, property, or the environment. Safety compliance is a very demanding activity, as the standards can consist of hundreds of pages and practitioners typically have to show the fulfilment of thousands of safety-related criteria. Furthermore, the text of the standards can be ambiguous, inconsistent, and hard to understand, making it difficult to determine how to effectively structure and manage safety compliance information. These issues become even more challenging when a system is intended to be reused in another application domain with different applicable standards.Objective: This paper aims to resolve these issues by providing a metamodel for the specification of safety compliance needs for critical systems. Method: The metamodel is holistic and generic, and abstracts common concepts for demonstrating safety compliance from different standards and application domains. Its application results in the specification of Òreference assurance frameworksÓ for safety-critical systems, which correspond to a model of the safety criteria of a given standard. For validating the metamodel with safety standards, parts of several standards have been modelled by both academic and industry personnel, and other standards have been analysed. We further augment this with feedback from practitioners, including feedback during a workshop. Results:The results from the validation show that the metamodel can be used to specify safety compliance needs for aerospace, automotive, avionics, defence, healthcare, machinery, maritime, oil and gas, process industry, railway, and robotics. Practitioners consider that the metamodel can meet their needs and find benefits in its use. Conclusion:The metamodel supports the specification of safety compliance needs for most critical computer-based and software-intensive systems. The resulting models can provide an effective means of structuring and managing safety compliance infor...
Today’s vehicles are evolving towards smart cars, which will be able to drive autonomously and adapt to changing contexts. Incorporating self-adaptation in these cyber-physical systems (CPS) promises great benefits, like cheaper software based redundancy or optimised resource utilisation. As promising as these advantages are, a respective proportion of a vehicle’s functionality poses as safety hazards when confronted with faultand failure situations. Consequently, a system’s safety has to been sured with respect to the availability of multiple software applications, thus often resulting in redundant hardware resources, such as dedicated backup control units. To benefit from self-adaptation by means of creating efficient and safe systems, this work introduces a safety concept in form of a generic adaptation mechanism (GAM). In detail, this generic adaptation mechanism is introduced and analysed with respect to generally known and newly created safety hazards, in order to determine a minimal set of system properties and architectural limitations required to safely perform adaptation. Moreover, the approach is applied to the ICT architecture of a smart e-car, thereby highlighting the soundness, general applicability, and advantages of this safety concept and forming the foundation for the currently ongoing implementation of the GAM within a real prototype vehicle
Unlike practices in electrical and mechanical equipment engineering, Cyber-Physical Systems (CPS) do not have a set of standardized and harmonized practices for assurance and certification that ensures safe, secure and reliable operation with typical software and hardware architectures. This paper presents a recent initiative called AMASS (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) to promote harmonization, reuse and automation of labour-intensive certification-oriented activities via using model-based approaches and incremental techniques. AMASS will develop an integrated and holistic approach, a supporting tool ecosystem and a self-sustainable community for assurance and certification of CPS. The approach will be driven by architectural decisions (fully compatible with standards, e.g. AUTOSAR and IMA), including multiple assurance concerns such as safety, security and reliability. AMASS will support seamless interoperability between assurance/certification and engineering activities along with third-party activities (external assessments, supplier assurance). The ultimate aim is to lower certification costs in face of rapidly changing product features and market needs.
As vehicles get increasingly automated, they need to properly evaluate different situations and assess threats at run-time. In this scenario automated vehicles should be able to evaluate risks regarding a dynamic environment in order to take proper decisions and modulate their driving behavior accordingly. In order to avoid collisions, in this work we propose a risk estimator based on fuzzy logic which accounts for risk indicators regarding (1) the state of the driver, (2) the behavior of other vehicles and (3) the weather conditions. A scenario with two vehicles in a car-following situation was analyzed, where the main concern is to avoid rear-end collisions. The goal of the presented approach is to effectively estimate critical states and properly assess risk, based on the indicators chosen.
As automated driving vehicles become more sophisticated and pervasive, it is increasingly important to assure its safety even in the presence of faults. This paper presents a simulation-based fault injection approach (Sabotage) aimed at assessing the safety of automated vehicle functions. In particular, we focus on a case study to forecast fault effects during the model-based design of a lateral control function. The goal is to determine the acceptable fault detection interval for permanent faults based on the maximum lateral error and steering saturation. In this work, we performed fault injection simulations to derive the most appropriate safety goals, safety requirements, and fault handling strategies at an early concept phase of an ISO 26262-compliant safety assessment process.
Abstract. As road vehicles increase their autonomy and the driver reduces his role in the control loop, novel challenges on dependability assessment arise. Model-based design combined with a simulation-based fault injection technique and a virtual vehicle poses as a promising solution for an early safety assessment of automotive systems. To start with, the design, where no safety was considered, is stimulated with a set of fault injection simulations (fault forecasting). By doing so, safety strategies can be evaluated during early development phases estimating the relationship of an individual failure to the degree of misbehaviour on vehicle level. After having decided the most suitable safety concept, a second set of fault injection experiments is used to perform an early safety validation of the chosen architecture. This double-step process avoids late redesigns, leading to significant cost and time savings. This paper presents a simulation-based fault injection approach aimed at finding acceptable safety properties for model-based design of automotive systems. We focus on instrumenting the use of this technique to obtain fault effects and the maximum response time of a system before a hazardous event occurs. Through these tangible outcomes, safety concepts and mechanisms can be more accurately dimensioned. In this work, a prototype tool called Sabotage has been developed to set up, configure, execute and analyse the simulation results. The feasibility of this method is demonstrated by applying it to a Lateral Control system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.