Functional Safety of Automated Driving Systems: Does ISO 26262 Meet the Challenges?
Today’s innovative automated driving systems (ADS) functions are realised by highly interconnected and networking cyber-physical systems based on existing automated driving assistance systems (ADAS). These interconnections increase the complexity of so-called systems of systems, because automation requires information and interaction with its environment. All possible interactions must be known for the definition of the intended system behaviour in order to identify any malfunctions of ADS, which may propagate over the system boundaries and influence other systems to fail in a harmful way. Hidden links are able to affect unwanted operational system states so that they cannot be perceived as failure modes. For that reason, functional safety is an important topic for reduction of safety-critical risk to cause failures in complex automotive systems.
The chapter presented discusses the application of the automotive functional safety standard ISO 26262 in context of ADS. The following main topics are highlighted: Complexity of automated driving systems, issues concerning availability and reliability, importance of the concept phase and the role of the driver. Furthermore, proposals are made on how to handle these challenges and for feasible enhancements of the current ISO 26262 standard. Existing and promising methods are discussed that deal with the increasing complexity for the development of future ADS.
KeywordsADAS Automated driving Functional safety Fail-safe Fail-operational ISO 26262 Safe state
- 2.International Organization for Standardization, ISO 26262—Road Vehicles—Functional Safety, Part 1–10. ISO/TC 22/SC 32—Electrical and Electronic Components and General System Aspects, 15 Nov 2011Google Scholar
- 3.European Commission, CARE Project: Road Safety Evolution in the EU, Mar 2015, [On-line] http://ec.europa.eu/transport/road\_safety/pdf/observatory/historical\_evol.pdf. Accessed 12 Oct 2015Google Scholar
- 5.SAE International, SAE J3016—Taxonomy and Definitions for Terms Related to On-Road Motor Vehicle Automated Driving Systems. J3016-201401, 1 Jan 2014Google Scholar
- 6.National Highway Traffic Safety Administration (NHTSA), Preliminary Statement of Policy Concerning Automated Vehicles, 30 May 2013, [On-line] http://www.nhtsa.gov/staticfiles/rulemaking/pdf/Automated\_Vehicles\_Policy.pdf. Accessed 12 Oct 2015Google Scholar
- 7.Austrian Federal Act, Governing the Liability for a Defective Product (Product Liability Act). 21 Jan 1988, [On-line] www.ris.bka.gv.at/Dokumente/BgblPdf/1988\_99\_0/1988\_99\_0.pdf. Accessed 12 Oct 2015Google Scholar
- 8.International Electrotechnical Commission, IEC 61508—Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, 2nd edn. TC 65/SC 65A—System aspects, 4 Apr 2010Google Scholar
- 10.N. Leveson, Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, Jan 2012, [On-line] https://mitpress.mit.edu/books/engineering-safer-world. Accessed 12 Oct 2015
- 11.H. Butz, Safety and Fault Tolerance in a Complex Human Centred Automation Environment. Innovation Forum Embedded Systems, Munich, 24 Apr 2009, [On-line] http://bicc-net.de/events/innovation-forum-embedded-systems. Accessed 12 Oct 2015
- 12.H. Butz, Systemkomplexität methodisch erkennen und vermeiden, in Anforderungsmanagement in der Produktentwicklung, R. Jochem, K. Landgraf (Hrsg) (Symposion Publishing GmbH, Düsseldorf, 2011), pp. 183–217Google Scholar
- 13.Stanford Encyclopedia of Philosophy, Emergent Properties, 28 Feb 2012, [On-Line] http://plato.stanford.edu/archives/spr2012/entries/properties-emergent. Accessed 12 Oct 2015
- 14.D. Campos et al., Egas–collaborative biomedical annotation as a service. Proc. Fourth BioCreative Challenge Evaluation Workshop 1, 254–259 (2013)Google Scholar
- 15.IAV GmbH—Ingenieurgesellschaft Auto und Verkehr, Standardized E-Gas Monitoring Concept for Gasoline and Diesel Engine Control Units, Version 6, 22 Sept 2015, [On-Line] https://www.iav.com/en/publications/technical-publications/etc-monitoring-concepts. Accessed 12 Oct 2015
- 16.International Electrotechnical Commission, IEC 60812—Analysis techniques for system reliability—Procedure for failure mode and effects analysis (FMEA), TC 56—Dependability, 26 Jan 2006Google Scholar
- 17.International Electrotechnical Commission, IEC 61025—Fault tree analysis (FTA). TC 56—Dependability, 13 Dec 2006Google Scholar
- 18.S. Friedenthal, A. Moore, S. Rick, A Practical Guide to SysML: The Systems Modeling Language, 3rd edn. (Morgan Kaufmann, Amsterdam, 2014)Google Scholar
- 19.H. Martin et al., Model-based Engineering Workflow for Automotive Safety Concepts. No. 2015-01-0273, SAE Technical Paper, 2015Google Scholar
- 22.J.-P. Blanquart et al., Towards cross-domains model-based safety process, methods and tools for critical embedded systems: The CESAR approach, in Computer Safety, Reliability, and Security, ed. by F. Flammini, S. Bologna, V. Vittorini. Lecture Notes in Computer Science, vol. 6894 (Springer, Berlin, 2011), pp. 57–70CrossRefGoogle Scholar
- 23.A. Baumgart et al., A model-based design methodology with contracts to enhance the development process of safety-critical systems, in Software Technologies for Embedded and Ubiquitous Systems, ed. by S.L. Min, R. Pettit, P. Puschner, T. Ungerer. Lecture Notes in Computer Science, vol. 6399 (Springer, Berlin, 2011), pp. 59–70CrossRefGoogle Scholar
- 25.A. Benveniste et al., Contracts for System Design. INRIA, Rapport de recherche RR-8147, Nov 2012, [Online] http://hal.inria.fr/hal-00757488. Accessed 12 Oct 2015
- 26.M. Fischer et al., Modular and scalable driving simulator hardware and software for the development of future driver assistance and automation systems, in New Developments in Driving Simulation Design and Experiments, 2014, pp. 223–229Google Scholar
- 27.M. Karner, et al., System Level Modeling, Simulation and Verification Workflow for Safety-Critical Automotive Embedded Systems. No. 2014-01-0210, SAE Technical Paper, 2014Google Scholar
- 28.M. Krammer, H. Martin et al., System Modeling for Integration and Test of Safety-Critical Automotive Embedded Systems. No. 2013-01-0189, SAE Technical Paper, 2013Google Scholar
- 30.D. Krajzewicz, Traffic simulation with SUMO—Simulation of urban mobility, in Fundamentals of Traffic Simulation, Series: International Series in Operations Research and Management Science, ed. by J. Barceló, vol. 145 (Springer, Berlin, 2010)Google Scholar
- 31.J. Erdmann, Lane-Changing Model in SUMO. German Aerospace Center (2014), [On-Line] http://elib.dlr.de/89233/1/SUMO\_Lane\_change\_model\_Template\_SUMO2014.pdf. Accessed 12 Oct 2015Google Scholar
- 33.M. Klauda et al., Automotive Safety und Security aus Sicht eines Zulieferers, 4 Oct 2013, [On-line] http://subs.emis.de/LNI/ Proceedings/Proceedings210/13.pdf. Accessed 12 Oct 2015
- 34.T. M. Gasser, Legal consequences of an increase in vehicle automation. Bundesanstalt für Straßenwesen, 2013, [On-Line] http://bast.opus.hbznrw.de/volltexte/2013/723/pdf/Legal\_consequences\_of\_an\_increase\_in\_vehicle\_automation.pdf. Accessed 12 Oct 2015Google Scholar
- 35.H. Winner, W. Wachenfeld, Absicherung automatischen Fahrens, in 6.FAS-Tagung München, 29 Nov 2013, [On-Line] http://tubiblio.ulb.tu-darmstadt.de/63810/. Accessed 12 Oct 2015
- 36.B. Walker Smith, SAE Levels of Driving Automation. The Center for Internet and Society at Stanford Law School, 18 Dec 2013, [On-line] http://cyberlaw.stanford.edu/loda. Accessed 12 Oct 2015
- 37.H. Winner et al., Handbuch Fahrerassistenzsysteme, 3. Auflage. ATZ/MTZ-Fachbuch, (Springer Fachmedien, Berlin, 2015)Google Scholar
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (http://creativecommons.org/licenses/by-nc/2.5/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.