Added ASIL subsection
This commit is contained in:
parent
8b4760e6d1
commit
7a0e13963f
31
mybib.bib
31
mybib.bib
@ -306,7 +306,7 @@ ISSN={Doi:10.1145/2330667.2330683},}
|
||||
issn = {1022-7091},
|
||||
pages = {459--475},
|
||||
numpages = {17},
|
||||
url = {http://dl.acm.org/citation.cfm?id=590564.590572},
|
||||
url = {http://dl.acm.org/citation.cfm\?id=590564.590572},
|
||||
acmid = {590572},
|
||||
publisher = {J. C. Baltzer AG, Science Publishers},
|
||||
address = {Red Bank, NJ, USA},
|
||||
@ -672,6 +672,35 @@ ISSN={0149-144X},}
|
||||
YEAR = "2004"
|
||||
}
|
||||
|
||||
@INPROCEEDINGS{6464473,
|
||||
author={Ward, D.D. and Crozier, S.E.},
|
||||
booktitle={System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on},
|
||||
title={The uses and abuses of ASIL decomposition in ISO 26262},
|
||||
year={2012},
|
||||
pages={1-6},
|
||||
keywords={automotive electrics;automotive electronics;},
|
||||
doi={10.1049/cp.2012.1523},
|
||||
}
|
||||
|
||||
@article{Kafka20122,
|
||||
title = "The Automotive Standard ISO 26262, the Innovative Driver for Enhanced Safety Assessment; Technology for Motor Cars ",
|
||||
journal = "Procedia Engineering ",
|
||||
volume = "45",
|
||||
number = "0",
|
||||
pages = "2 - 10",
|
||||
year = "2012",
|
||||
note = "2012 International Symposium on Safety Science and Technology",
|
||||
issn = "1877-7058",
|
||||
doi = "http://dx.doi.org/10.1016/j.proeng.2012.08.112",
|
||||
url = "http://www.sciencedirect.com/science/article/pii/S1877705812031244",
|
||||
author = "Peter Kafka",
|
||||
keywords = "Historical perspective",
|
||||
keywords = "main normative items",
|
||||
keywords = "Functional unit and functional safety",
|
||||
keywords = "Hardware and software assessment",
|
||||
keywords = "Life cycle considerations",
|
||||
keywords = "Impact on safety assessment performed in automotive industry "
|
||||
}
|
||||
|
||||
@ARTICLE{bubba,
|
||||
AUTHOR = "Ron Mancini",
|
||||
|
||||
@ -1457,12 +1457,55 @@ The overall aim of SIL is to classify the safety of a system,
|
||||
by statistically determining how frequently it can fail dangerously.
|
||||
\fmmdglossFMEDA
|
||||
%
|
||||
\subsection{Automotive Safety Integrity Levels}
|
||||
%
|
||||
%\subsection{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
|
||||
%\subsection{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
|
||||
%FMEA can be used as a term simple to mean Failure Mode Effects Analysis, and is
|
||||
%part of product approval for many regulated products in the EU and the USA...
|
||||
\label{sec:asil}
|
||||
%
|
||||
The EN61508 variant for automotive use, as defined in standard ISO~26262, is known as the Automotive SIL (ASIL)~\cite{Kafka20122}.
|
||||
%
|
||||
Safety instrumented functions (SIFs) for vehicles are assigned ASIL ratings.
|
||||
%
|
||||
ASIL classifications are rated from A to D, where D is the most safety critical.
|
||||
%
|
||||
For instance very critical functions such as the brakes and steering will have the highest ASIL rating of D.
|
||||
%
|
||||
The automotive industry generally uses bought in modules % which must have been tested and approved,
|
||||
typically built by specialist companies.
|
||||
%
|
||||
These modules themselves must have been tested and approved so, for a car manufacturer
|
||||
designing from scratch is not generally financially feasible.
|
||||
%
|
||||
This means that to implement an ASIL SIF designers will usually have to rely on bought in modules.
|
||||
%
|
||||
However, these bought in modules may not be rated to the ASIL level required by the SIF.
|
||||
% %
|
||||
% ASIL functions are therefore often implemented in a modular fashion.
|
||||
%
|
||||
Because of the modular paradigm forced on the designers by having to buy in components
|
||||
a process has been developed called `ASIL~de-composition'~\cite{6464473}.
|
||||
%
|
||||
This allows a highly safety critical function to be implemented
|
||||
with lower ASIL rated components, as long as it can be shown that they
|
||||
have independent failure causes and implement redundancy. % for the SIF.
|
||||
%
|
||||
This is in effect a top down de-composition of safety requirements.
|
||||
%
|
||||
This is rather like the demand for multiple engines on an aircraft
|
||||
that must make a long journeys over the sea to statistically limit
|
||||
the likelihood of one failure cause --- i.e. one engine failure --- causing a serious incident.
|
||||
%
|
||||
The drawback to this redundancy concept is an unexpected common failure mode~\cite{allfour}.
|
||||
%
|
||||
The ASIL philosophy does represent a modular approach to safety analysis.
|
||||
%
|
||||
This makes it of interest to this study, which later proposes a modular failure mode analysis methodology.
|
||||
%
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
\section{FMEA used for Safety Critical Approvals}
|
||||
\fmmdglossDFMEA
|
||||
\subsection{DESIGN FMEA: Safety Critical Approvals FMEA}
|
||||
@ -1482,6 +1525,8 @@ judged to be in critical sections of the product.
|
||||
This could be considered as a design check method, deliberately
|
||||
looking for weaknesses at a theoretical level.
|
||||
%
|
||||
Because design FMEA meetings can have the format of a meeting and discussion
|
||||
it can have the following drawbacks:
|
||||
%\subsection{DESIGN FMEA: Safety Critical Approvals FMEA}
|
||||
%
|
||||
% \begin{figure}[h]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user