diff --git a/mybib.bib b/mybib.bib index 14f4057..6b62b66 100644 --- a/mybib.bib +++ b/mybib.bib @@ -306,7 +306,7 @@ ISSN={Doi:10.1145/2330667.2330683},} issn = {1022-7091}, pages = {459--475}, numpages = {17}, - url = {http://dl.acm.org/citation.cfm?id=590564.590572}, + url = {http://dl.acm.org/citation.cfm\?id=590564.590572}, acmid = {590572}, publisher = {J. C. Baltzer AG, Science Publishers}, address = {Red Bank, NJ, USA}, @@ -672,6 +672,35 @@ ISSN={0149-144X},} YEAR = "2004" } +@INPROCEEDINGS{6464473, +author={Ward, D.D. and Crozier, S.E.}, +booktitle={System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on}, +title={The uses and abuses of ASIL decomposition in ISO 26262}, +year={2012}, +pages={1-6}, +keywords={automotive electrics;automotive electronics;}, +doi={10.1049/cp.2012.1523}, +} + +@article{Kafka20122, +title = "The Automotive Standard ISO 26262, the Innovative Driver for Enhanced Safety Assessment; Technology for Motor Cars ", +journal = "Procedia Engineering ", +volume = "45", +number = "0", +pages = "2 - 10", +year = "2012", +note = "2012 International Symposium on Safety Science and Technology", +issn = "1877-7058", +doi = "http://dx.doi.org/10.1016/j.proeng.2012.08.112", +url = "http://www.sciencedirect.com/science/article/pii/S1877705812031244", +author = "Peter Kafka", +keywords = "Historical perspective", +keywords = "main normative items", +keywords = "Functional unit and functional safety", +keywords = "Hardware and software assessment", +keywords = "Life cycle considerations", +keywords = "Impact on safety assessment performed in automotive industry " +} @ARTICLE{bubba, AUTHOR = "Ron Mancini", diff --git a/submission_thesis/CH2_FMEA/copy.tex b/submission_thesis/CH2_FMEA/copy.tex index 0aabc4a..e39c7ea 100644 --- a/submission_thesis/CH2_FMEA/copy.tex +++ b/submission_thesis/CH2_FMEA/copy.tex @@ -1457,12 +1457,55 @@ The overall aim of SIL is to classify the safety of a system, by statistically determining how frequently it can fail dangerously. \fmmdglossFMEDA % +\subsection{Automotive Safety Integrity Levels} % -%\subsection{ FMEDA - Failure Modes Effects and Diagnostic Analysis} -%\subsection{ FMEDA - Failure Modes Effects and Diagnostic Analysis} -%FMEA can be used as a term simple to mean Failure Mode Effects Analysis, and is -%part of product approval for many regulated products in the EU and the USA... +\label{sec:asil} % +The EN61508 variant for automotive use, as defined in standard ISO~26262, is known as the Automotive SIL (ASIL)~\cite{Kafka20122}. +% +Safety instrumented functions (SIFs) for vehicles are assigned ASIL ratings. +% +ASIL classifications are rated from A to D, where D is the most safety critical. +% +For instance very critical functions such as the brakes and steering will have the highest ASIL rating of D. +% +The automotive industry generally uses bought in modules % which must have been tested and approved, +typically built by specialist companies. +% +These modules themselves must have been tested and approved so, for a car manufacturer +designing from scratch is not generally financially feasible. +% +This means that to implement an ASIL SIF designers will usually have to rely on bought in modules. +% +However, these bought in modules may not be rated to the ASIL level required by the SIF. +% % +% ASIL functions are therefore often implemented in a modular fashion. +% +Because of the modular paradigm forced on the designers by having to buy in components +a process has been developed called `ASIL~de-composition'~\cite{6464473}. +% +This allows a highly safety critical function to be implemented +with lower ASIL rated components, as long as it can be shown that they +have independent failure causes and implement redundancy. % for the SIF. +% +This is in effect a top down de-composition of safety requirements. +% +This is rather like the demand for multiple engines on an aircraft +that must make a long journeys over the sea to statistically limit +the likelihood of one failure cause --- i.e. one engine failure --- causing a serious incident. +% +The drawback to this redundancy concept is an unexpected common failure mode~\cite{allfour}. +% +The ASIL philosophy does represent a modular approach to safety analysis. +% +This makes it of interest to this study, which later proposes a modular failure mode analysis methodology. +% + + + + + + \section{FMEA used for Safety Critical Approvals} \fmmdglossDFMEA \subsection{DESIGN FMEA: Safety Critical Approvals FMEA} @@ -1482,6 +1525,8 @@ judged to be in critical sections of the product. This could be considered as a design check method, deliberately looking for weaknesses at a theoretical level. % +Because design FMEA meetings can have the format of a meeting and discussion +it can have the following drawbacks: %\subsection{DESIGN FMEA: Safety Critical Approvals FMEA} % % \begin{figure}[h]