robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added ASIL subsection

Browse Source
This commit is contained in:
Robin P. Clark 2013-09-27 17:45:34 +01:00
parent 8b4760e6d1
commit 7a0e13963f
2 changed files with 79 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
mybib.bib
View File

@ -306,7 +306,7 @@ ISSN={Doi:10.1145/2330667.2330683},}
issn = {1022-7091}, issn = {1022-7091},
pages = {459--475}, pages = {459--475},
numpages = {17}, numpages = {17},
url = {http://dl.acm.org/citation.cfm?id=590564.590572}, url = {http://dl.acm.org/citation.cfm\?id=590564.590572},
acmid = {590572}, acmid = {590572},
publisher = {J. C. Baltzer AG, Science Publishers}, publisher = {J. C. Baltzer AG, Science Publishers},
address = {Red Bank, NJ, USA}, address = {Red Bank, NJ, USA},
@ -672,6 +672,35 @@ ISSN={0149-144X},}
YEAR = "2004" YEAR = "2004"
} }
@INPROCEEDINGS{6464473,
author={Ward, D.D. and Crozier, S.E.},
booktitle={System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on},
title={The uses and abuses of ASIL decomposition in ISO 26262},
year={2012},
pages={1-6},
keywords={automotive electrics;automotive electronics;},
doi={10.1049/cp.2012.1523},
}
@article{Kafka20122,
title = "The Automotive Standard ISO 26262, the Innovative Driver for Enhanced Safety Assessment; Technology for Motor Cars ",
journal = "Procedia Engineering ",
volume = "45",
number = "0",
pages = "2 - 10",
year = "2012",
note = "2012 International Symposium on Safety Science and Technology",
issn = "1877-7058",
doi = "http://dx.doi.org/10.1016/j.proeng.2012.08.112",
url = "http://www.sciencedirect.com/science/article/pii/S1877705812031244",
author = "Peter Kafka",
keywords = "Historical perspective",
keywords = "main normative items",
keywords = "Functional unit and functional safety",
keywords = "Hardware and software assessment",
keywords = "Life cycle considerations",
keywords = "Impact on safety assessment performed in automotive industry "
}
@ARTICLE{bubba, @ARTICLE{bubba,
AUTHOR = "Ron Mancini", AUTHOR = "Ron Mancini",

53
submission_thesis/CH2_FMEA/copy.tex
View File

@ -1457,12 +1457,55 @@ The overall aim of SIL is to classify the safety of a system,
by statistically determining how frequently it can fail dangerously. by statistically determining how frequently it can fail dangerously.
\fmmdglossFMEDA \fmmdglossFMEDA
% %
\subsection{Automotive Safety Integrity Levels}
% %
%\subsection{ FMEDA - Failure Modes Effects and Diagnostic Analysis} \label{sec:asil}
%\subsection{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
%FMEA can be used as a term simple to mean Failure Mode Effects Analysis, and is
%part of product approval for many regulated products in the EU and the USA...
% %
The EN61508 variant for automotive use, as defined in standard ISO~26262, is known as the Automotive SIL (ASIL)~\cite{Kafka20122}.
%
Safety instrumented functions (SIFs) for vehicles are assigned ASIL ratings.
%
ASIL classifications are rated from A to D, where D is the most safety critical.
%
For instance very critical functions such as the brakes and steering will have the highest ASIL rating of D.
%
The automotive industry generally uses bought in modules % which must have been tested and approved,
typically built by specialist companies.
%
These modules themselves must have been tested and approved so, for a car manufacturer
designing from scratch is not generally financially feasible.
%
This means that to implement an ASIL SIF designers will usually have to rely on bought in modules.
%
However, these bought in modules may not be rated to the ASIL level required by the SIF.
% %
% ASIL functions are therefore often implemented in a modular fashion.
%
Because of the modular paradigm forced on the designers by having to buy in components
a process has been developed called `ASIL~de-composition'~\cite{6464473}.
%
This allows a highly safety critical function to be implemented
with lower ASIL rated components, as long as it can be shown that they
have independent failure causes and implement redundancy. % for the SIF.
%
This is in effect a top down de-composition of safety requirements.
%
This is rather like the demand for multiple engines on an aircraft
that must make a long journeys over the sea to statistically limit
the likelihood of one failure cause --- i.e. one engine failure --- causing a serious incident.
%
The drawback to this redundancy concept is an unexpected common failure mode~\cite{allfour}.
%
The ASIL philosophy does represent a modular approach to safety analysis.
%
This makes it of interest to this study, which later proposes a modular failure mode analysis methodology.
%
\section{FMEA used for Safety Critical Approvals} \section{FMEA used for Safety Critical Approvals}
\fmmdglossDFMEA \fmmdglossDFMEA
\subsection{DESIGN FMEA: Safety Critical Approvals FMEA} \subsection{DESIGN FMEA: Safety Critical Approvals FMEA}
@ -1482,6 +1525,8 @@ judged to be in critical sections of the product.
This could be considered as a design check method, deliberately This could be considered as a design check method, deliberately
looking for weaknesses at a theoretical level. looking for weaknesses at a theoretical level.
% %
Because design FMEA meetings can have the format of a meeting and discussion
it can have the following drawbacks:
%\subsection{DESIGN FMEA: Safety Critical Approvals FMEA} %\subsection{DESIGN FMEA: Safety Critical Approvals FMEA}
% %
% \begin{figure}[h] % \begin{figure}[h]