Almost all new functions in a modern car have to be integrated into the existing EE-Architecture of the automobile. It is a challenge by itself to achieve a correct functional behavior across a complex network of various communication systems, gateways and multifunctional electronic control units. The method of physical distribution of sub-functions into such a network and the following functional consolidation of the decomposition have been used for years and will not change. The functional safety of the growing number of direct interventions into vehicle dynamics systems like steering, braking, and acceleration must be carefully analyzed.
Does the standard hazard analysis and risk assessment provide enough information to develop dependable safety architectures? Do we understand the impact of consecutive faults and what may cause them to be triggered? Do we fully understand the functionality of carry-over electronics?
This paper reports on a concept to increase transparency of connected risks in a distributed and complex architecture. It describes an approach to extend the standard hazard analysis and risk assessment. All physical elements are taken into account, which are allocated to the function under investigation. Initially it deals with the question how to determine the safety integrity of all those distributed elements, each of which contributes in a certain role to fulfill the main function. It describes an approach to build a global risk model, which defines the relation of functional criticality of the elements and the associated integrity levels. Furthermore, it shows how the risk model is mapped to the physical vehicle architecture. For example, the resulting “foot print” will provide initial integrity requirements for control units, gateways, sensors and actuators.
Lastly, it outlines the idea to utilize the analysis results to increase the overall vehicle safety integrity for all on-board systems. The consolidation of the analyses of different vehicle functions will automatically identify the accumulation of critical integrity requests for global elements of the vehicle EE-Architecture. Thus the overall vehicle safety architecture can be developed in an iterative way to achieve high effectiveness by balanced measures for functional safety.