Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

Evaluation of Safety Cases in The

Domain of Automotive Engineering
Venkata Satya Rahul Kosuru Ashwin Kavasseri Venkitaraman
Independent Researcher Independent Researcher
MS (Electrical and Computer Engineering) MS (Electrical Engineering)
Sunnyvale, CA – 94085, USA Fremont, CA- 94536, USA

Abstract:- Manufacturers of automobiles have been II. BACKGROUND INFORMATION

under intense pressure from the demand laws and market
needs to develop complex and feature-rich vehicles. Such The assignment of an ASIL is through evaluation of the
kind of new functionality play an active role significantly three parameters of risks, exposure, severity, and
in driving which is possessing new difficulties in ensuring controllability. Severity in this case refers or considers the
the vehicle’s safety. The cases of safety primary constitute impacts to the people’s life because of the potential failure.
a technique proven to systematically utilize the Exposure is primarily targeting the likelihood of the conditions
information in existence about the system, its context of under which the failure would practically results into the safety
development and environment so that its safety can be hazards. Controllability on the other hand determines the
shown. In this paper, there is presentation of a safety case degree with which the driver will be in a position of controlling
construction for a vehicles cruise control system with the the vehicle should there be a breach to the goals of safety
concentration on the automotives’ domain-specific because of malfunctioning or failure. The method of ISO
models. In the study, there was identification of generic 26262 assists in the provision of guidance on the way the
case modules of safety as well as several patterns which assignment of ASIL is to be done for the hazard once
reoccur and will assist in the simplification of the future exposure, severity as well as controllability are obtained
automotive safety cases development. (Iturbe et al.2018).

Keywords:- Functional Safety, ASIL Integrity, Fault In the next step, there is concept development of a
Mitagtion, Risk and Hazard Analysis and, Severity of functional safety for each safety goal. The concept of the
exposure. functional safety defines the requirements of functional safety
within the context of the architecture of the vehicle including
I. INTRODUCTION detection of the fault as well as mechanisms of failure
mitigation to ensure satisfaction of the goals of safety. Then
Functional Safety refers to the unreasonable risk absence there is development of the concept of technical safety to
because of the hazards caused by the behavior of specify the requirements of technical safety within the
manufacturing of the electronic/ electrical systems. The architecture of the system. The concept of the technical safety
primary objective of ISO 26262 is ensuring that safety factors is the basis for the derivation of software and hardware
are considered from the earliest concepts to the retirement requirements which are utilized in the product development.
point of the vehicle. To ensure safety of the vehicle, the life The requirement of safety needs to be traced, validated, and
cycle of automotive safety in standard outline would capture properly managed through the development of the product to
description of the entire life cycle production. There are ensure that the product is delivered as safe as possible.
requirements of specific steps in each phase of the life cycle of
safety (Becker et al.2018). One of the steps which is most
important at the life cycle of safety start is the Risk and Hazard III. OBJECTIVES AND RESEARCH STUDY
Analysis of the potential hazards commonly referred to as the
HARA stage. This results into a system of integration known The objective of this research will be primarily to
as ASIL or classification system of an Automotive Safety establish safety assurance methods which are usable for the
Integrity Level for the hazards and the overall safety systems of automotives involving software. In particular, the
formulation. The goals of safety primarily refer to the safety aim is discovering reusable patterns, structures as well as
levels required by a component or a system to function without processes in the safety assurance which supports certain
necessarily posing threats to the entire vehicle. practical applications in Automotive Electronics Engineering.

IJISRT22SEP670 www.ijisrt.com 493

 Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
 Research Questions Eliciting requirements of the systems as way of
 What are some of the possible cases of safety of modules avoiding the hazards: With the help of the car’s conceptual
in the domain of automotives engineering? model as well as the environment itself, there was eliciting
 What are some of the reoccurring patterns in cases of safety several requirements needed by the car to ensure avoidance of
in the automotives engineering? hazard. The point of focus therefore was to ensure that the car
 How can cases of safety utilizing existing domain –specific never increases in speed in case it reaches the speed target
models in the automotives engineering or automotive (Chen, Jiao, and Zhao 2020).
domain be improved?
Breaking down the requirements of the system: There
IV. METHODOLOGY ON CASE CONSTRUCTION was consideration of the functional models on the subsystem,
systems, and function level. Here, the subsystem and system
A. Subject Selection model assist in:
In this research, there was selection of one case as well  Differentiating between the cars provided acceleration and
as several subjects opportunistically. The study has utilized a environment in the case of declining roads
3-step process for the construction of cases of safety for real  Identification of the abstract functionality of the engine as
components of automotives. Particularly, there was the single point for the provided acceleration of the car.
investigation of the applications and structure of the models  Identification of the split sub-requirements between the
which guide the safety cases construction. The top-down subsystems
process for the argumentation about requirements of safety  Splitting between electrics, mechanics, and software
and legible argumentation involved functions regarding cruise control as a correspondence to a
single functional model in the form of software function
B. Safety Case Identification actual realization.
 Identification of hazards
 Eliciting requirements of the system to help in hazards B. Modular Construction of The Safety Case Study
avoidance. In the considered case study, the cruise control
 Breaking down the system’s requirements up to the point functionality depends on the target speed and current speed of
of component realization through use of the following input signals accuracy and validity. To allow for the provision
argumentations: of safety arguments for the case that such kind of the signals
 Evidence provision that realization of the component meets are never correct, there was employment of fault model in the
the requirements imposed case of safety using standard failure modes for the signals
 Derivation of Functional safety requirements for system deemed to be relevant. This leads into various sub-
level (Hardware and Software) requirements for different failure modes of the input signal
 Derivation of Technical safety requirements for system failure hence provision of argumentation for activation of fail-
level (Hardware and Software) safe mode actively.
 Derivation of sub-system safety requirements (Software-
Safety Requirements) and (Hardware – Design Safety The modular model construction can be exploited
Requirements) immediately for safety cases modular construction. To
demonstrate cases of modular safety, this study included a
 Splitting the hardware components into sub-components,
scenario of sensor supplied with the corresponding supplied
requirement definition as in continuation of step (iii)
cases of safety. In the case of sensor, there was construction
 Splitting requirements into other sub-units as for the step
of a safety case corresponding to the electronic circuit custom
(iii)
structure as well as functions of the software which is known
 Derive the requirements for Fault Tolerant Time Interval for pre-processing the raw input for the practical use of the
of a potential hazard cause dues to fault in (hardware or component’s software (Nag et al.2019). This can be presented
software). Where Fault Tolerant Time Interval (FTTI) shall diagrammatically as shown below:
always be greater than sum of Fault Occurrence (FO) +
Fault Detection Time (FDT) + Fault Reaction Time (FRT)

V. CONSTRUCTION OF SAFETY USE CASE

For the control of cruise, the construction of the case of

safety was primarily instantiated as follows:
Fig 1:- Signal processing /flow
A. Hazard Identification
The hazard analyzed was that the vehicle’s speed was VI. MODULES OF SAFETY CASES
higher than that which had been set by the driver. For the
cruise control, it would be considered as the most relevant The safety critical systems which are software intensive
hazard since excessive speed maybe subject to other like in the case of use a combination of mechanic, like
consequences legally besides leading to harm of the equipment automotive vehicles, software components, electric/electronic
and persons. among others in the implementation of their functionality
overall. As per the provision of ISO 26262, all systems which

IJISRT22SEP670 www.ijisrt.com 494

Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
are related to safety and constitutes total safety combinations into consideration. They include the car’s driver, the personnel
from all the domain needs to be taken into consideration in the responsible for maintenance and the passengers. The module
cases of safety so that safety argumentations can be suitably is containing user’s assumption as well as their behavior. The
supported. To ensure that there was structuring of various driver’s reaction time is very important for cruise control. In
safety components, there was construction of a safety case addition, there is description of the situations of the
architecture which was made up of safety case modules. environment by the modules like declining roads and inclining
roads, wind from various directions, wet surface which all
A. Safety Qualification Procedure On Use Case affect the car’s deceleration and acceleration.
The standards of certification take into consideration
both the process of development and development of the
product. As a result, the best option of safety needs to ensure
coverage of both areas.

Fig 3:- Vehicle Deceleration and Acceleration Graph work

VII. RESULTS AND DISCUSSIONS

Results are conducted to analyze the safety use case

study from research (example: taking velocity of car journey)
when a potential hazard occurs and how the safety system
detects the fault and mitigate the potential hazardous
Fig 2:- Safety development domain occurrence. For the discussion patterns of safety conducted as
explained below:
In this case, there was focus on the product part. In the
case of the cruise control, it was important to have the product- A. Case Patterns of Safety
related safety structure case channeled into system’s In addition to the use of overall structure module, there
arguments in various levels of abstractions as well as was employment of patterns of safety cases as the primary
arguments about the system’s user and the environment. building block. The section therefore gives a summary of the
patterns as well as their manner of utilization. Finally, there is
B. User and Environment presentation of brief examples from the identified patterns.
The argument on safety of the system will only be valid
in case the system and people from the surrounding and taken

Pattern Number of About

usages

Using fault model 4 It was utilized during safety consideration of

the failures of the speed sensors or the cruise
control common failure mode for the cruise
control.

IJISRT22SEP670 www.ijisrt.com 495

Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Split by architecture 4 In the cases where there was an architecture
prescribed by specifications in existence or
models, such kind of constraints were utilized
in detailing safety case.
.

Logical transformations 4 In most of the cases, goals are situations

logical combination which are admirable and
therefore need for their occurrence or
otherwise. Through various situation’s
combinations, such kind of combination
potentially be overcomplicated or just get
along.

(Results continued...)
Pattern Number of About
usages
Design of logical transformation 4 This case, there was checking whether it was
possible for the applications of patterns of
logical transformation which helps in the
resolution of the logical combinations

Model’s formal elicitation 3 Model transformation designed for safety use

case developing PID controller
Splitting by items 3 Each item is further split to requirements level
Pattern Identification 2 Safe patterns are identified at each
requirement for use case considered
Calculation of property probability 1 A probability calculation conducted
Contain and detect fault 1 Fault detection criteria for hazardous
occurrence
Expectations failed 1 Number of failures expected for one cause
Fail-safe 1 Mitigations for fault occurrences
Redundant signals 1 Establishing redundancy in both hardware and
software as safety mechanism
Table 1

IJISRT22SEP670 www.ijisrt.com 496

Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
B. Electric Circuit of automotive and who maybe lacking specific automotive
There was utilization of the electric circuit module in the safety for the experience in engineering.
argument about the failure resistance and correctness of the
electric circuits. There could be specific dependencies to the REFERENCES
module of mechanical design for example when it comes to
the vibration or temperature exposure of the parts of electric [1]. Becker, C., Yount, L., Rozen-Levy, S. and Brewer, J.,
circuits. The signal’s validity was analyzed as well as their 2018. Functional safety assessment of an automated lane
behavior of transmission from the sensors’ speed to the cruise centering system (No. DOT-VNTSC-NHTSA-17-01).
control function. United States. Department of Transportation. National
Highway Traffic Safety Administration.
C. Safety Cases Usage With The Requisite Models [2]. Chen, L., Jiao, J. and Zhao, T., 2020. A Novel Hazard
Using safety case architecture for automotive as Analysis and Risk Assessment Approach for Road
introduced in various sections, there was illustration on the Vehicle Functional Safety through Integrating STPA
way to link the cases of safety with the respective models used with FMEA. Applied Sciences, 10(21), p.7400.
in the process of development. Through utilization of the
safety case context in linking the said models, there is proper [3]. Iturbe, X., Venu, B., Jagst, J., Ozer, E., Harrod, P.,
grounds for argumentation in the case of safety hence making Turner, C. and Penton, J., 2018. Addressing functional
assumptions which are explicit prior to their justification. To safety challenges in autonomous vehicles with the arm
this end, there was structuring of safety as per the structure of TCL S architecture. IEEE Design & Test, 35(3), pp.7-
the system to be developed or under development. In addition, 14.\
there was use models of development as requirements and [4]. Nag, P., Ghanekar, U. and Harmalkar, J., 2019, March.
information source for the cases of safety as sink for the posed A novel multi-core approach for functional safety
assumptions in the cases of safety (Trovao 2020). compliance of automotive electronic control unit
according to ISO 26262. In 2019 IEEE 5th
D. Safety Case Structure And Accordance Model International Conference for Convergence in
The safety case that is product-based as constituted was Technology (I2CT) (pp. 1-5). IEEE.
driven by the requirements with the respect that the building [5]. Pancik, J., Drgona, P. and Paskala, M., 2020. Functional
goal satisfies requirements of safety. Considering the fact that Safety for Developing of Mechatronic Systems–Electric
the case of safety is product-based, those kinds of the Parking Brake Case Study. Communications-Scientific
requirements were assigned to certain elements only through letters of the University of Zilina, 22(4), pp.134-143.
provision of the link between the artifact in the model of [6]. Pisoni, F., Avellone, G., Di Grazia, D., Silverio, A.,
development as well as the corresponding context in the case Durand, J., Garcia, J., Tijero, E.D. and Falletti, E., 2019,
of safety. To allow for the provision of similar structure in the September. GNSS functional safety for the autonomous
argument of safety case and in the model of system due to vehicle. In Proceedings of the 32nd International
safety cases, there was splitting of requirements of safety as Technical Meeting of the Satellite Division of The
per the design’s sub-components. Institute of Navigation (ION GNSS+ 2019) (pp. 1696-
1706).
VIII. CONCLUSION [7]. Rajasimha, R.C., Arjun, V. and Chandrashekhar, H.G.,
2022. Supplemental FMEA for Monitoring and System
From this research, it has been established that functional Response of Electronic power steering control system
safety of any product constitutes parts which are essential for functional safety (No. 2022-28-0404). SAE Technical
the development of the product, and it should be addressed as Paper.
early as possible in the phase of conceptualization and then [8]. Scharfenberg, G., Elis, L. and Hofmann, G., 2019,
considered through the entire life cycle of the product. In the September. New Design Methodology–Using VHDL-
case of ISO 26262 a clear method and engineering guideline AMS Models to Consider Aging Effects in Automotive
is offered to at least or avoid failures of the system and mitigate Mechatronic Circuits for Safety Relevant Functions.
random failures of the Electronic and Electrical System’s In 2019 International Conference on Applied
failure alongside their hardware counterparts. The Electronics (AE) (pp. 1-5). IEEE.
requirements of the derived functional safety need to be [9]. Trovao, J.P., 2020. Automotive electronics under the
implemented from the lowest possible level to the extreme COVID-19 shadow [Automotive Electronics]. IEEE
upper level both from the hardware and software perspective. Vehicular Technology Magazine, 15(3), pp.101-108.
It forms the basis of proving that the E/E-Systems added are [10]. Xie, G., Peng, H., Huang, J., Li, R. and Li, K., 2019.
free of the safety risks that are unreasonable. Energy-efficient functional safety design methodology
using ASIL decomposition for automotive cyber-
The engineering approach which would be considered as physical systems. IEEE Transactions on Reliability.
pragmatic is the utilization of the existing knowledge or
simply the utilization of the industry’s memory. The focus
therefore needs to be on ISO 26262 framework series and the
guidelines should be set based on the same. This approach will
be very useful particularly for the newcomers in the industry

IJISRT22SEP670 www.ijisrt.com 497