Integrated Automotive SPICE and safety assessments

Messnarz, Richard; Ross, Hans-Leo; Habel, Stephan; König, Frank; Koundoussi, Abdelhadi; Unterrreitmayer, Jürgen; Ekert, Damjan

doi:10.1002/spip.429

Cited by 22 publications

(10 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The hazards typically include self-steering, blocking of steering, etc. [Messnarz 2009] [Messnarz 2016].…”

Section: Typical Fail-operational Steering Systemmentioning

confidence: 99%

“…Hazard and risk analysis (HARA) and ASIL determination purpose is to determine the safety goals for the item to be able to prevent or mitigate the potential hazardous events caused by the item malfunction. Further elaboration of the safety goals then shall lead among others to the implementation of fault tolerance mechanisms that maintains the item in a safe state (with or without degradation) [ISO 26262 2011] [ISO 26262 2018] [Messnarz 2009] [Messnarz 2016. HARA is item specific; we have performed the analysis on the vehicle level for the "classic" platform vehicle on the market with the intent to identify fail-safe goals of such a classic platform and compare them to the fail-operational safety goals needed for HAD 2-3 design.…”

Section: Experiences With Hazard and Risk Analysis In Had Designmentioning

confidence: 99%

“…These assessments check such functional designs, effect chains and dynamic views. In ISO 26262 e.g., the safety critical signal flow is assessed [Macher 2017], [Macher 2017 b], in Automotive SPICE this is called dynamic view, and in cybersecurity norms [Macher 2017 b], [Messnarz 2020], ], [SAE 2016] this is also called a threat model with cybersecurity critical data, interfaces and functions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Safety Design Strategies in Highly Autonomous Drive Level 2 – Lateral Control Decomposition Concept

Štolfa¹,

Štolfa²,

Simonik³

et al. 2021

jucs

View full text Add to dashboard Cite

The paper is based on an experimental study at VSB TUO Ostrava with a DEMOCAR vehicle that simulates a real car with sensor fusion concept and a vehicle gateway to send and coordinate commands to ECUs to realize and manage autonomous driving. In this experimental study of autonomous driving vehicles control, a HARA (Hazard and Risk Analysis, ISO 26262:2018) has been done on vehicle level and strategies have been defined and implemented to manage safety situations where the car lateral control shall be hand over to a driver when in HAD 2 mode. The issue is that the switching to safe state shall not be done immediately but the vehicle has to stay in safe driving mode – fail-operational up to 4 seconds until a driver can take over. The UECE and other relevant studies show that it can take up to 6 seconds if driver/operator is not in the flow (HAD 3) and up to the 2 seconds when driver is in the flow (HAD 1). The paper makes assumptions and proposals about vehicle lateral control strategy to ensure the smooth take- over of the car by driver and its impact on control software development architectures.

show abstract

“…The hazards typically include self-steering, blocking of steering, etc. [Messnarz 2009] [Messnarz 2016].…”

Section: Typical Fail-operational Steering Systemmentioning

confidence: 99%

Section: Experiences With Hazard and Risk Analysis In Had Designmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Safety Design Strategies in Highly Autonomous Drive Level 2 – Lateral Control Decomposition Concept

Štolfa¹,

Štolfa²,

Simonik³

et al. 2021

jucs

View full text Add to dashboard Cite

show abstract

“…Christopher Preschern, Nermin Kajtazovic, and Christian Kreiner [7] maps SPICE software development processes to functional safety artifacts defined in the safety standard. The selection and verification of IEC 61508 techniques and measures is integrated in the overall SPICE safety system development process.…”

Section: Applying and Evaluating Architectural Iec 61508 Safety Patternsmentioning

confidence: 99%

Applying and Evaluating Architectural IEC 61508 Safety Patterns

Preschern¹,

Kajtazovic²,

Kreiner³

2014

LNSE

View full text Add to dashboard Cite

Abstract-An important step for developing a safety-critical system is the design of its architecture. The IEC 61508 standard provides a set of architectures (1oo2, 2oo3, ...) on a high level. It is left up to the system architect to refine these architectures and to come up with a set of methods which achieve the safety goals of the system. A pool of these methods is listed in part 7 of the IEC 61508 standard. However, especially for novel safety architects choosing appropriate methods and arguing for system safety through the application of these methods is rather difficult.In this paper we present the application of safety patterns in order to address this problem. Our safety patterns connect IEC 61508 methods to the high level architecture to provide a way to reason about a system's safety. We apply a safety pattern to two real case studies and we evaluate the pattern by comparing the IEC 61508 methods suggested by the pattern to the IEC 61508 methods actually chosen by the real system architectures.Index Terms-Design patterns, functional safety, IEC 61508.

show abstract

“…The construction of such systems utilizes quality assurance methodologies such as code reviews, testing and static code analysis. Industry‐relevant frameworks for process‐based quality assurance exist for process maturity (SPICE ) and security (Common Criteria ). A higher capability level in such a framework implies more processes accomplished at a higher level of maturity.…”

Section: Introductionmentioning

confidence: 99%

Where does all this waste come from?

Raschke

Zilli

Loinig³

et al. 2015

J Software Evolu Process

View full text Add to dashboard Cite

Agile development processes are more flexible than conventional ones. They emphasize iterative development and learning over feedback loops. Nevertheless, we experienced some pitfalls in the application of agile processes in dependable software systems. We present here the experiences we gathered in the construction of high-quality industrial software. Moreover, we will digest our experiences into a conceptual model of waste creation. This model will be refined to a case study where we take appropriate measurements in order to provide empirical evidence for it. Finally, we discuss the implications of the developed model, which helps to estimate the trade-off between agile and traditional software processes.

show abstract

Integrated Automotive SPICE and safety assessments

Cited by 22 publications

References 1 publication

Safety Design Strategies in Highly Autonomous Drive Level 2 – Lateral Control Decomposition Concept

Safety Design Strategies in Highly Autonomous Drive Level 2 – Lateral Control Decomposition Concept

Applying and Evaluating Architectural IEC 61508 Safety Patterns

Where does all this waste come from?

Contact Info

Product

Resources

About

Integrated Automotive SPICE and safety assessments

Cited by 22 publications

References 1 publication

Safety Design Strategies in Highly Autonomous Drive Level 2 &ndash; Lateral Control Decomposition Concept

Safety Design Strategies in Highly Autonomous Drive Level 2 &ndash; Lateral Control Decomposition Concept

Applying and Evaluating Architectural IEC 61508 Safety Patterns

Where does all this waste come from?

Contact Info

Product

Resources

About

Safety Design Strategies in Highly Autonomous Drive Level 2 – Lateral Control Decomposition Concept

Safety Design Strategies in Highly Autonomous Drive Level 2 – Lateral Control Decomposition Concept