Best Practices for Advanced Modeling of Safety Mechanisms in an FTA

Philipp Kilian; Armin Kohler; Patrick Van Bergen; Markus Worz; Martin Schneider; Thorsten Groh; Tihomir Tomanic; Martin Dazer

doi:10.1109/ACCESS.2023.3284751

IEEE Access (Jan 2023)

Best Practices for Advanced Modeling of Safety Mechanisms in an FTA

Philipp Kilian,
Armin Kohler,
Patrick Van Bergen,
Markus Worz,
Martin Schneider,
Thorsten Groh,
Tihomir Tomanic,
Martin Dazer

Affiliations

Philipp Kilian: ORCiD; Institute of Machine Components, University of Stuttgart, Stuttgart, Germany
Armin Kohler: ORCiD; Cross-Domain Computing Solutions, Product Area Integrating Devices-Engineering Vehicle Systems (XC-AN/EPI1), Robert Bosch GmbH, Gerlingen-Schillerhöhe, Germany
Patrick Van Bergen: ORCiD; Cross-Domain Computing Solutions, Product Area Integrating Devices-Engineering Vehicle Systems (XC-AN/EPI1), Robert Bosch GmbH, Gerlingen-Schillerhöhe, Germany
Markus Worz: Cross-Domain Computing Solutions, Product Area Integrating Devices-Engineering Vehicle Systems (XC-AN/EPI1), Robert Bosch GmbH, Gerlingen-Schillerhöhe, Germany
Martin Schneider: Development E/E-Systems Functional Safety, Audi AG, Ingolstadt, Germany
Thorsten Groh: Development E/E-Systems Functional Safety, Audi AG, Ingolstadt, Germany
Tihomir Tomanic: Development Power Supply System Functional Safety Porsche AG, Weissach, Germany
Martin Dazer: ORCiD; Institute of Machine Components, University of Stuttgart, Stuttgart, Germany

DOI: https://doi.org/10.1109/ACCESS.2023.3284751
Journal volume & issue: Vol. 11
pp. 60109 – 60129

Abstract

Read online

To cope with the megatrends electrification, automated driving, and connectivity, new functionalities and electric and/or electronic systems must be developed, which require a safe power supply. This leads to increased functional safety requirements for the power supply system, particularly regarding availability. Fault tolerance measures can be implemented to comply with a safety goal (SG) specifying a safety-related availability requirement. To verify an architecture concerning the residual risk of an SG violation, several quantitative target values are provided in ISO 26262. This technical elaboration presents a systematic and holistic approach how to gain benefit in the quantitative evaluation from cyclic safety mechanisms (SMs)– in a fault tolerant item– which have a fault handling time interval (FHTI) longer than the fault tolerant time interval. Modelling cyclic SMs only based on conventional AND-gates is not sufficient. Instead, the fault sequence is differentiated to enable ISO 26262-compliance. Within this paper, an innovative approach including its mathematical background is presented how cyclic SMs can be modelled in a fault tree analysis– with focus on multiple-point faults. The results are verified by a Monte-Carlo-Simulation. Besides the scalability of the approach regarding the number of considered cyclic SMs, the relevant FHTI of each cyclic SM can be considered in a traceable and comprehensible manner.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords