Abstract
Keywords - functional safety, risk analysis, standardization, risk diagram, risk matrix
Future driver assistance (DAS) systems will be able to take over more and more parts of the primary driving tasks. For this reason not only authorities but also customers and manufacturers rate reliability and safety of such systems as highly important.
A risk analysis is a suitable instrument for identifying and evaluating system weak points. This evaluation is the basis for any decision about safety relevant measures during design, test and implementation of the system. More over the developed approach considers current state and future development of standards for official approval and homologation for road service.
The contribution describes the entire process for realizing a semi-quantitative scenario-based risk analysis for future DAS, based on the safety life-cycle defined in IEC 61508. This approach was chosen because it enables the consideration of existing incident and field data as well as expert´s estimations and experiences. Starting with a structured identification of potential scenarios for the operation of the system, we determine the target functions which have to be fulfilled to realize the systems functionality.
If a malfunction or a damaging event occurs, either has to be analyzed due to its risk share. This is carried out similar to a fault tree analysis (FTA) with a top-down approach by using a risk matrix. It is investigated which hazards and root causes are the underlying reasons for the damaging event. Moreover, the probability of occurrence of these releasing events and the measure of damage to be expected are estimated. Taking the approach a step further, we examine how to counteract damaging events with high risk potentials. Therefore safety measures are assigned to root causes, hazards and the damaging event itself, in order to minimize the risk. Whether an efficient risk reduction can be reached, is verified by means of repeated risk assessment. It is essential that this risk assessment includes those measures which influence the probability of occurrence and the measure of damage. Eventually, the entirety of measures which decrease the risk posed by the new system to an acceptable remaining risk has been summarized to form specific safety concepts for design, test and implementation of the new system. The aim is to ensure, that there follows no higher risk from the operation of a vehicle with the new system than from the operation of a conventional equipped vehicle in every foreseeable traffic situation.
Within the scope of this paper, a methodology developed by the TÜV SÜD Group for performing the various analytical steps and ultimate derivation of the safety concept will be presented. Among others, this methodology has been successfully used during the entire safety life-cycle of a system in conjunction with a research project by Volkswagen Research. For purposes of demonstration, this methodology is applied by way of example to various points of a sample system (in this case an abstract ACC system).