CN112348334A - Security analysis process generation method, device, equipment and storage medium - Google Patents
Security analysis process generation method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112348334A CN112348334A CN202011167911.5A CN202011167911A CN112348334A CN 112348334 A CN112348334 A CN 112348334A CN 202011167911 A CN202011167911 A CN 202011167911A CN 112348334 A CN112348334 A CN 112348334A
- Authority
- CN
- China
- Prior art keywords
- safety
- development
- expected
- functional
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0633—Workflow analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/25—Fusion techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Educational Administration (AREA)
- Physics & Mathematics (AREA)
- Development Economics (AREA)
- Operations Research (AREA)
- Game Theory and Decision Science (AREA)
- General Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- Marketing (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Stored Programmes (AREA)
Abstract
The invention belongs to the technical field of automatic driving, and discloses a safety analysis process generation method, a safety analysis process generation device, safety analysis process generation equipment and a storage medium, wherein the method comprises the following steps: when the automatic driving development items are obtained, obtaining a development process of functional safety and an analysis process of expected functional safety according to the automatic driving development items; establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety; fusing the functional safety development process with the mapping relation with an analysis process with expected functional safety to generate a fusion result; and generating a safety analysis process based on the automatic driving vehicle according to the fusion result so as to carry out automatic driving development according to the safety analysis process. By the aid of the method, the development process of functional safety can be fused with the analysis process of expected functional safety, the safety analysis process based on automatic driving is generated, automatic driving development is carried out according to the safety analysis process, and safety and reliability of the automatic driving development process are guaranteed.
Description
Technical Field
The invention relates to the technical field of automatic driving, in particular to a safety analysis process generation method, a safety analysis process generation device, safety analysis process generation equipment and a storage medium.
Background
As the field of autopilot development continues, autopilot systems become increasingly complex, and various complex sensing systems and algorithms have been introduced that, when functioning properly, may, in some cases, affect autopilot safety. The main causes of 8-up autopilot accidents that occurred between 2016 and 2018 are design defects of the autopilot system and driver mishandling.
The current draft of ISO/PAS 21448-. While the ISO21448 draft provides only a basic framework for analysis procedures of expected functional safety, and a part of the sections need to refer to ISO 26262. In order to ensure that the automatic driving vehicle can safely and reliably go on the road, how to set up a safe and reliable automatic driving safety analysis flow becomes a problem that each automatic driving manufacturer must think.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a safety analysis process generation method, a safety analysis process generation device, safety analysis equipment and a storage medium, and aims to solve the technical problem of improving the safety of an automatic driving development process.
In order to achieve the above object, the present invention provides a method for generating a security analysis process, which comprises the following steps:
when the automatic driving development items are obtained, obtaining a development process of functional safety and an analysis process of expected functional safety according to the automatic driving development items;
establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety;
fusing the development process with the mapping relation and the analysis process with the expected function safety to generate a fusion result;
and generating a safety analysis process based on the automatic driving vehicle according to the fusion result so as to carry out automatic driving development according to the safety analysis process.
Optionally, the step of mapping the development process of functional security with the analysis process of expected functional security includes:
establishing a mapping relation between the development interface protocol and the safety plan of the functional safety and the development process of the expected functional safety;
establishing a mapping relationship between the function definition, hazard identification and risk assessment of the functional safety and the concept and design of the expected functional safety;
and establishing a mapping relation between the test verification of the functional safety and the confirmation and verification of the expected functional safety.
Optionally, the step of mapping the development process of functional security with the analysis process of expected functional security includes:
analyzing coverage of the functional security and the expected functional security;
and establishing a mapping relation according to the coverage scope of the functional safety and the expected functional safety.
Optionally, the step of fusing the functional safety development process with the mapping relationship with the analysis process with the expected functional safety to generate a fusion result includes:
unifying and standardizing the function specifications of the function safety development process with the mapping relation and the analysis process with the expected function safety to generate a unified function specification;
unifying and standardizing the project definitions of the functional safety development process with the mapping relation and the analysis process with the expected functional safety to generate standard unified project definitions;
and fusing the development process with the mapping relation and the analysis process with the expected function safety according to the function specification unified by the standard and the project definition unified by the standard to generate a fusion result.
Optionally, the step of fusing the development process with the functional security having the mapping relationship and the analysis process with the expected functional security according to the functional specification unified by the standard and the project definition unified by the standard to generate a fusion result includes:
according to the standard unified function specification and the standard unified project definition, fusing the development interface protocol and the safety plan of the function safety with the analysis development process of the expected function safety to generate a safety development management stage process;
according to the function specification unified by the standard and the project definition unified by the standard, fusing the function definition, hazard identification and risk assessment of the function safety with the concept and design of the expected function safety to generate a product development stage process;
according to the function specification unified by the standard and the project definition unified by the standard, fusing the test verification of the function safety and the confirmation and verification of the expected function safety to generate a product verification stage process;
and obtaining a fusion result according to the safe development management stage process, the product development stage process and the product verification stage process.
Optionally, the step of fusing the functional definition, hazard identification, and risk assessment of functional safety with the concept and design of expected functional safety according to the functional specification unified by the standard and the project definition unified by the standard to obtain a product development stage process includes:
fusing the function definition of the function safety and the system specification and design of the expected function safety into a specification parallel flow;
merging the hazard identification and risk assessment of the functional safety and the hazard identification and risk assessment of the expected functional safety into a risk parallel flow;
merging the functional safety requirement and the technical safety requirement of the functional safety and the trigger condition identification and evaluation of the expected functional safety into a requirement parallel flow;
and generating the product development stage flow according to the standard parallel flow, the risk parallel flow and the requirement parallel flow.
Optionally, the merging of the hazard identification and risk assessment of functional safety and the hazard identification and risk assessment of expected functional safety into a risk parallel flow step includes:
generating a corresponding incidence relation according to the hazard identification and risk assessment of the functional safety and the hazard identification and risk assessment of the expected functional safety;
and when the fault of the automatic driving is analyzed, simultaneously analyzing the fault reasons of the functional safety and the expected functional safety according to the incidence relation.
In addition, in order to achieve the above object, the present invention further provides a security analysis flow generation apparatus, including:
the flow acquisition module is used for acquiring a development flow of functional safety and an analysis flow of expected functional safety according to the automatic driving development items when the automatic driving development items are acquired;
the mapping establishing module is used for establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety;
the flow fusion module is used for fusing the development flow with the mapping relation and the analysis flow with the expected function safety to generate a fusion result;
and the flow generation module is used for generating a safety analysis flow based on the automatic driving vehicle according to the fusion result so as to carry out automatic driving development according to the safety analysis flow.
In addition, in order to achieve the above object, the present invention further provides a security analysis process generation device, including: a memory, a processor, and a security analysis flow generation program stored on the memory and executable on the processor, the security analysis flow generation program configured to implement the steps of the security analysis flow generation method as described above.
In addition, to achieve the above object, the present invention further provides a storage medium having a security analysis flow generation program stored thereon, wherein the security analysis flow generation program, when executed by a processor, implements the steps of the security analysis flow generation method as described above.
When the automatic driving development item is obtained, a development process of functional safety and an analysis process of expected functional safety are obtained according to the automatic driving development item; establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety; fusing the development process with the mapping relation and the analysis process with the expected function safety to generate a fusion result; and generating a safety analysis flow based on automatic driving according to the fusion result so as to carry out automatic driving development according to the safety analysis flow, thereby ensuring the safety and reliability of the automatic driving development process.
Drawings
Fig. 1 is a schematic structural diagram of a security analysis flow generation device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram of a first embodiment of a security analysis flow generation method according to the present invention;
FIG. 3 is a schematic flow chart of a security analysis flow generation method according to a second embodiment of the present invention;
FIG. 4 is a schematic flow chart of a safety analysis flow generation method according to a third embodiment of the present invention;
FIG. 5 is a schematic flow chart of a fourth embodiment of a safety analysis flow generation method according to the present invention;
fig. 6 is a block diagram of a first embodiment of a security analysis flow generation apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a security analysis flow generation device of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the security analysis flow generation device may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in FIG. 1 does not constitute a limitation of the security analysis flow generation apparatus and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a security analysis flow generation program.
In the security analysis flow generation apparatus shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the security analysis flow generation device of the present invention may be provided in the security analysis flow generation device, and the security analysis flow generation device calls the security analysis flow generation program stored in the memory 1005 through the processor 1001 and executes the security analysis flow generation method provided by the embodiment of the present invention.
An embodiment of the present invention provides a method for generating a security analysis flow, and referring to fig. 2, fig. 2 is a flow diagram illustrating a first embodiment of the method for generating a security analysis flow according to the present invention.
In this embodiment, the method for generating a security analysis flow includes the following steps:
step S10: and when the automatic driving development items are obtained, obtaining a development process of functional safety and an analysis process of expected functional safety according to the automatic driving development items.
It should be noted that the execution main body of the embodiment may be a terminal device, such as a computer, which is used for connecting with the autonomous vehicle and testing the functions of the autonomous vehicle. The computer of this embodiment may be a device including a safety analysis flow generation program, or may be a device having a safety analysis flow generation function.
It should be understood that, when performing the automated driving development, an analysis process for planning the expected functional safety and a development process for the functional safety are required for the automated driving development matters.
It is understood that the development process of the functional safety can be a development process of a road vehicle functional safety (ISO26262), and ISO26262 is a functional safety standard established by the international organization for standardization on eight passenger cars weighing no more than 3.5 tons in total and characterized by safety-related electronic and electrical systems. The analysis process of the expected functional safety can be an analysis process of a draft for a road vehicle-expected functional safety standard (ISO/PAS 21448-.
In specific implementation, when the automatic driving development is performed, the safety of the automatic driving needs to be ensured through a development process of functional safety and an analysis process of expected functional safety at the same time.
Step S20: and establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety.
Further, the mapping the development process of the functional security with the analysis process of the expected functional security includes: analyzing coverage of the functional security and the expected functional security; and establishing a mapping relation according to the coverage scope of the functional safety and the expected functional safety.
It should be understood that, before the mapping relationship is established, the coverage categories of the functional safety and the expected functional safety should be analyzed, and the subsequent steps are performed on the development flow of the functional safety and the analysis flow of the expected functional safety with the same coverage categories, such as: the functional safety is provided with hazard identification and risk assessment, and the expected functional safety is also provided with hazard identification and risk assessment, so that the hazard identification and risk assessment are the same coverage range of the functional safety and the expected functional safety.
It should be noted that the development process with functional safety and the analysis process with expected functional safety have correlation, and a mapping relationship is established between the development process with correlation and the analysis process, for example: the development process of functional safety includes a process of testing whether a vehicle sensor fails to cause a safety accident, and the analysis process of expected functional safety includes a process of testing whether the vehicle sensor fails to cause a safety accident due to insufficient performance, wherein the testing dimensions of the vehicle sensor and the safety accident are different, but the testing items have correlation, so that a mapping relation can be established.
Step S30: and fusing the development process with the mapping relation and the analysis process with the expected function safety to generate a fusion result.
In specific implementation, the development process with the mapping relation and the analysis process with the expected function safety are fused, namely the processes with the correlation are fused, so that the development time can be reduced while the safety during automatic driving development is ensured, and the fused processes are more comprehensive.
Step S40: and generating a safety analysis process based on automatic driving according to the fusion result so as to carry out automatic driving development according to the safety analysis process.
It should be noted that the safety analysis process based on the automatic driving is generated according to the process obtained by fusion, then the safety analysis process is used for developing the automatic driving, and when all the processes are passed and no abnormal result exists, the automatic driving can be ensured to be safe and reliable.
In the embodiment, when the automatic driving development event is obtained, a development process of functional safety and an analysis process of expected functional safety are obtained according to the automatic driving development event; establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety; fusing the development process with the mapping relation and the analysis process with the expected function safety to generate a fusion result; and generating a safety analysis flow based on automatic driving according to the fusion result so as to carry out automatic driving development according to the safety analysis flow, thereby ensuring the safety and reliability of the automatic driving development process.
Referring to fig. 3, fig. 3 is a schematic flow chart of a security analysis flow generation method according to a second embodiment of the present invention.
Based on the first embodiment, the step S20 of the method for generating a security analysis flow of this embodiment includes:
step S21: and establishing a mapping relation between the development interface protocol and the safety plan of the functional safety and the development process of the expected functional safety.
It should be noted that the development interface protocol includes an agreement between the customer and the supplier, which specifies the responsibility of the parties to exchange activities, evidence or work products. The security plan includes plan management and guidance for the execution of project security activities including dates, milestones, tasks, deliverables, responsibilities and resources.
Step S22: and establishing a mapping relation between the function definition, the hazard identification and the risk assessment of the function safety and the concept and design of the expected function safety.
It should be understood that the function definition includes system functions such as: an automatic cruise system; tire pressure monitoring systems, and the like. Hazard identification and risk assessment include: identifying and categorizing the hazards of items creates a safety goal that must be met to prevent or reduce these hazards, avoiding unreasonable risks. The concept of expected functional security includes: there is no danger of insufficient intended function or of mishandling by reasonably foreseen personnel. By sensing the system of the internal or external environment, the expected functional or performance limitations of the system may lead to potentially dangerous behavior, such as: the function cannot normally understand the surrounding environment conditions or operate safely. Designs where functional safety is desired include designs for functions such as: sensor performance requirements.
Step S23: and establishing a mapping relation between the test verification of the functional safety and the confirmation and verification of the expected functional safety.
It is understood that test validation includes: the method comprises software and hardware integration test, system integration test and finished automobile test. For example: the goal of software security requirement verification is to verify that the embedded software meets the software security requirements. Confirmation of expected functional security includes: the functionality of the system and components should be validated to demonstrate that they do not pose unreasonable risks in a real use case. The verification of the expected functional security includes: the system and components should be validated to show that their behavior in known hazardous scenarios and reasonably foreseen malfunctions is as expected. For example: validation and verification of sensors, software algorithms.
In the embodiment, a mapping relation is established between the development interface protocol and the safety plan of the functional safety and the development process of the expected functional safety; establishing a mapping relationship between the function definition, hazard identification and risk assessment of the functional safety and the concept and design of the expected functional safety; and establishing a mapping relation between the test verification of the functional safety and the confirmation and verification of the expected functional safety. The method establishes a mapping relation between the function safety and the expected function, lays a foundation for the generation of a safety analysis process, ensures the generation of a perfect safety analysis process, carries out automatic driving development according to the safety analysis process, and ensures the safety and reliability of the automatic driving development process.
Referring to fig. 4, fig. 4 is a schematic flow chart of a security analysis flow generation method according to a third embodiment of the present invention.
Based on the first embodiment, the step S30 of the method for generating a security analysis flow of this embodiment includes:
step S31: and uniformly standardizing the functional specification of the functional safety development process with the mapping relation and the analysis process with the expected functional safety to generate the functional specification with uniform standard.
It can be understood that, when merging the development process with mapping function safety with the analysis process with expected function safety, the function specification of the process to be merged should be merged, and the function specification is a standard of the system function to be tested, for example: the standard ejection speed of the airbag in the event of a vehicle collision accident, etc.
Step S32: and uniformly standardizing the project definitions of the functional safety development process with the mapping relation and the analysis process with expected functional safety to generate standard uniform project definitions.
It should be understood that, when merging a development process with mapping function safety with an analysis process with expected function safety, a project definition of a process to be merged should be unified, where the project definition is a system function to be tested, and the project definition includes: anti-lock braking system, automatic parking auxiliary system, safety air bag, etc.
And fusing the development process with the mapping relation and the analysis process with the expected function safety according to the function specification unified by the standard and the project definition unified by the standard to generate a fusion result.
Further, the fusing the development process with the mapping relationship and the analysis process with the expected functional safety according to the functional specification unified by the standard and the project definition unified by the standard to generate a fused result, including:
step S33: and fusing the development interface protocol and the safety plan of the functional safety with the development process of the expected functional safety according to the functional specification unified by the standard and the project definition unified by the standard to generate a safety development management stage process.
It should be noted that, the safety development management stage process is a preparation process before product development, and includes: development time planning, development task planning, and the like.
Step S34: and fusing the function definition, hazard identification and risk assessment of the function safety with the concept and design of the expected function safety according to the function specification unified by the standard and the project definition unified by the standard to generate a product development stage process.
It is understood that the product development phase flow is a test phase of product development, including: determining test items, determining test methods, testing according to the test plan, improving according to the test results, and the like.
Step S35: and according to the function specification unified by the standard and the project definition unified by the standard, fusing the test verification of the function safety and the confirmation and verification of the expected function safety to generate a product verification stage process.
It should be understood that the product validation phase flow is a subsequent step in the development of the product, including: verifying system functional performance, accuracy, etc.
Step S36: and obtaining a fusion result according to the safe development management stage process, the product development stage process and the product verification stage process.
In specific implementation, the functional safety with the mapping relation and the expected functional safety are fused to obtain three stage flows, and the three stage flows are necessary flows in the automatic driving development process.
In the embodiment, the function specifications of the function safety development process with the mapping relation and the analysis process with the expected function safety are unified and standardized to generate the function specification with unified standard; unifying and standardizing the project definitions of the functional safety development process with the mapping relation and the analysis process with the expected functional safety to generate standard unified project definitions; according to the function specification unified by the standard and the project definition unified by the standard, fusing a development interface protocol and a safety plan of the function safety with a development process of the expected function safety to generate a safety development management stage process, fusing the function definition, hazard identification and risk assessment of the function safety with the concept and design of the expected function safety to generate a product development stage process, fusing the test verification of the function safety with the confirmation and verification of the expected function safety to generate a product verification stage process; and obtaining a fusion result according to the safe development management stage process, the product development stage process and the product verification stage process.
Referring to fig. 5 and fig. 5, fig. 5 is a schematic flow chart of a security analysis flow generation method according to a fourth embodiment of the present invention.
Based on the third embodiment, the step S34 of the method for generating a security analysis flow of this embodiment includes:
step S341: and fusing the function definition of the function safety with the system specification and design of the expected function safety into a specification parallel flow.
It should be noted that the system specification includes: the expected function and sub-function purposes, the performance index required to be achieved, the starting of the expected function, the exit condition, the Level of the vehicle automation and the like. The design of the intended function includes: and (3) building a system architecture, defining the dependency interaction relationship among subsystems, defining system functions, related faults and the like.
In a specific implementation, when a specification parallel flow is performed, the function definition of the functional security is executed in parallel with the system specification and design of the expected functional security. For example: when defining the failure of the safety air bag, the condition that the safety air bag is not correctly ejected when a vehicle collides and the ejection time of the safety air bag is too slow is simultaneously defined as the accident of the safety air bag.
Step S342: and merging the hazard identification and risk assessment of the functional safety and the hazard identification and risk assessment of the expected functional safety into a risk parallel flow.
Further, generating a corresponding incidence relation according to the hazard identification and risk assessment of the functional safety and the hazard identification and risk assessment of the expected functional safety; and when the fault of the automatic driving is analyzed, simultaneously analyzing the fault reasons of the functional safety and the expected functional safety according to the incidence relation. For example: when a safety accident is caused by a sensor, whether the safety accident is caused by the failure of the sensor or the insufficient performance of the sensor should be analyzed at the same time.
Step S343: and merging the functional safety requirement and the technical safety requirement of the functional safety and the trigger condition identification and evaluation of the expected functional safety into a requirement parallel flow.
It should be noted that the trigger condition identification and evaluation includes: the trigger condition is systematically analyzed with reference to the same project or experience in the same field. Functional safety requirements include: implement independent security behavior specifications, or implement independent security measures. Technical safety requirements include: the need to perform the relevant functional security requirements.
In a specific implementation, when a requirement parallel flow is performed, the functional safety requirement and the technical safety requirement of functional safety are executed in parallel with the identification and evaluation of the trigger condition of the expected functional safety.
Step S344: and generating the product development stage flow according to the standard parallel flow, the risk parallel flow and the requirement parallel flow.
In the specific implementation, the safety of the automatic driving development is further ensured by a standard parallel flow, a risk parallel flow and a requirement parallel flow in the product development stage of the automatic driving.
In the embodiment, the function definition of the function safety and the system specification and design of the expected function safety are fused into a specification parallel flow; merging the hazard identification and risk assessment of the functional safety and the hazard identification and risk assessment of the expected functional safety into a risk parallel flow; merging the functional safety requirement and the technical safety requirement of the functional safety and the trigger condition identification and evaluation of the expected functional safety into a requirement parallel flow; and generating the product development stage flow according to the standard parallel flow, the risk parallel flow and the requirement parallel flow. The embodiment can further ensure the safety of the automatic driving development by generating a more detailed flow for the product development stage flow.
In addition, an embodiment of the present invention further provides a storage medium, where a security analysis flow generation program is stored on the storage medium, and the security analysis flow generation program, when executed by a processor, implements the steps of the security analysis flow generation method described above.
Referring to fig. 6, fig. 6 is a block diagram of a first embodiment of a security analysis flow generation apparatus according to the present invention.
As shown in fig. 6, a security analysis flow generation apparatus provided in an embodiment of the present invention includes:
the process obtaining module 10 is configured to obtain a development process of functional safety and an analysis process of expected functional safety according to the autopilot development event when the autopilot development event is obtained.
And the mapping establishing module 20 is configured to establish a mapping relationship between the development process of the functional security and the analysis process of the expected functional security.
And the process fusion module 30 is configured to fuse the development process with the mapping relationship and the analysis process with the expected functional safety to generate a fusion result.
And the flow generation module 40 is used for generating a safety analysis flow based on the automatic driving vehicle according to the fusion result so as to carry out automatic driving development according to the safety analysis flow.
It should be understood that the above is only an example, and the technical solution of the present invention is not limited in any way, and in a specific application, a person skilled in the art may set the technical solution as needed, and the present invention is not limited thereto.
In this embodiment, when the autopilot development event is obtained, a development process of functional safety and an analysis process of expected functional safety are obtained according to the autopilot development event; establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety; fusing the development process with the mapping relation and the analysis process with the expected function safety to generate a fusion result; and generating a safety analysis flow based on automatic driving according to the fusion result so as to carry out automatic driving development according to the safety analysis flow, thereby ensuring the safety and reliability of the automatic driving development process.
Further, the mapping establishing module 20 is further configured to establish a mapping relationship between the development interface protocol and the security plan of the functional security and the development process of the expected functional security; the system is also used for establishing a mapping relation between the function definition, the hazard identification and the risk assessment of the function safety and the concept and design of the expected function safety; and establishing a mapping relation between the test verification of the functional safety and the confirmation and verification of the expected functional safety.
Further, the mapping establishing module 20 is further configured to analyze coverage categories of the functional security and the expected functional security; and establishing a mapping relation according to the coverage scope of the functional safety and the expected functional safety.
Further, the process fusion module 30 is further configured to unify and standardize the functional specification of the functional safety development process with the mapping relationship and the analysis process with the expected functional safety, and generate a standard unified functional specification; unifying and standardizing the project definitions of the functional safety development process with the mapping relation and the analysis process with the expected functional safety to generate standard unified project definitions; and fusing the development process with the mapping relation and the analysis process with the expected function safety according to the function specification unified by the standard and the project definition unified by the standard to generate a fusion result.
Further, the process fusion module 30 is further configured to fuse, according to the standard-unified function specification and the standard-unified project definition, the development interface protocol and the safety plan for functional safety with the analysis development process for expected functional safety, so as to generate a safety development management stage process; according to the function specification unified by the standard and the project definition unified by the standard, fusing the function definition, hazard identification and risk assessment of the function safety with the concept and design of the expected function safety to generate a product development stage process; according to the function specification unified by the standard and the project definition unified by the standard, fusing the test verification of the function safety and the confirmation and verification of the expected function safety to generate a product verification stage process; and obtaining a fusion result according to the safe development management stage process, the product development stage process and the product verification stage process.
Further, the process fusion module 30 is further configured to fuse the function definition of the functional security and the system specification and design of the expected functional security into a specification parallel process; merging the hazard identification and risk assessment of the functional safety and the hazard identification and risk assessment of the expected functional safety into a risk parallel flow; merging the functional safety requirement and the technical safety requirement of the functional safety and the trigger condition identification and evaluation of the expected functional safety into a requirement parallel flow; and generating the product development stage flow according to the standard parallel flow, the risk parallel flow and the requirement parallel flow.
Further, the process fusion module 30 is further configured to generate a corresponding association relationship according to the hazard identification and risk assessment of functional safety and the hazard identification and risk assessment of expected functional safety; and when the fault of the automatic driving is analyzed, simultaneously analyzing the fault reasons of the functional safety and the expected functional safety according to the incidence relation.
It should be noted that the above-described work flows are only exemplary, and do not limit the scope of the present invention, and in practical applications, a person skilled in the art may select some or all of them to achieve the purpose of the solution of the embodiment according to actual needs, and the present invention is not limited herein.
In addition, the technical details that are not described in detail in this embodiment may refer to the method for generating a security analysis flow provided in any embodiment of the present invention, and are not described herein again.
In addition, an embodiment of the present invention further provides a storage medium, where a security analysis flow generation program is stored on the storage medium, and the security analysis flow generation program, when executed by a processor, implements the steps of the security analysis flow generation method described above.
Further, it is to be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g. Read Only Memory (ROM)/RAM, magnetic disk, optical disk), and includes several instructions for enabling a terminal device (e.g. a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A safety analysis flow generation method is characterized by comprising the following steps:
when the automatic driving development items are obtained, obtaining a development process of functional safety and an analysis process of expected functional safety according to the automatic driving development items;
establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety;
fusing the development process with the mapping relation and the analysis process with the expected function safety to generate a fusion result;
and generating a safety analysis process based on automatic driving according to the fusion result so as to carry out automatic driving development according to the safety analysis process.
2. The method of claim 1, wherein the step of mapping the development process of functional security to the analysis process of expected functional security comprises:
establishing a mapping relation between the development interface protocol and the safety plan of the functional safety and the analysis development process of the expected functional safety;
establishing a mapping relationship between the function definition, hazard identification and risk assessment of the functional safety and the concept and design of the expected functional safety;
and establishing a mapping relation between the test verification of the functional safety and the confirmation and verification of the expected functional safety.
3. The method of claim 1, wherein the step of mapping the development process of functional security to the analysis process of expected functional security comprises:
analyzing coverage of the functional security and the expected functional security;
and establishing a mapping relation according to the coverage scope of the functional safety and the expected functional safety.
4. The method according to any one of claims 1 to 3, wherein the step of fusing the development process with the mapping function safety with the analysis process with the expected function safety to generate a fusion result comprises:
unifying and standardizing the function specifications of the function safety development process with the mapping relation and the analysis process with the expected function safety to generate a unified function specification;
unifying and standardizing the project definitions of the functional safety development process with the mapping relation and the analysis process with the expected functional safety to generate standard unified project definitions;
and fusing the development process with the mapping relation and the analysis process with the expected function safety according to the function specification unified by the standard and the project definition unified by the standard to generate a fusion result.
5. The method according to claim 4, wherein the step of fusing the development process with the mapping function security and the analysis process with the expected function security according to the function specification unified by the standard and the project definition unified by the standard to generate a fusion result comprises:
according to the standard unified function specification and the standard unified project definition, fusing the development interface protocol and the safety plan of the function safety with the analysis development process of the expected function safety to generate a safety development management stage process;
according to the function specification unified by the standard and the project definition unified by the standard, fusing the function definition, hazard identification and risk assessment of the function safety with the concept and design of the expected function safety to generate a product development stage process;
according to the function specification unified by the standard and the project definition unified by the standard, fusing the test verification of the function safety and the confirmation and verification of the expected function safety to generate a product verification stage process;
and obtaining a fusion result according to the safe development management stage process, the product development stage process and the product verification stage process.
6. The method of claim 5, wherein said step of fusing said functional definition, hazard identification and risk assessment of functional safety with said concept and design of expected functional safety according to said standard-unified functional specification and said standard-unified project definition to generate a product development phase flow comprises:
fusing the function definition of the function safety and the system specification and design of the expected function safety into a specification parallel flow;
merging the hazard identification and risk assessment of the functional safety and the hazard identification and risk assessment of the expected functional safety into a risk parallel flow;
merging the functional safety requirement and the technical safety requirement of the functional safety and the trigger condition identification and evaluation of the expected functional safety into a requirement parallel flow;
and generating the product development stage flow according to the standard parallel flow, the risk parallel flow and the requirement parallel flow.
7. The method of claim 6, wherein the step of fusing the functional safety hazard identification and risk assessment with the expected functional safety hazard identification and risk assessment into a risk parallel flow comprises:
generating a corresponding incidence relation according to the hazard identification and risk assessment of the functional safety and the hazard identification and risk assessment of the expected functional safety;
and when the fault of the automatic driving is analyzed, simultaneously analyzing the fault reasons of the functional safety and the expected functional safety according to the incidence relation.
8. A security analysis flow generation apparatus, comprising:
the flow acquisition module is used for acquiring a development flow of functional safety and an analysis flow of expected functional safety according to the automatic driving development items when the automatic driving development items are acquired;
the mapping establishing module is used for establishing a mapping relation between the development process of the functional safety and the analysis process of the expected functional safety;
the flow fusion module is used for fusing the development flow with the mapping relation and the analysis flow with the expected function safety to generate a fusion result;
and the flow generation module is used for generating a safety analysis flow based on the automatic driving vehicle according to the fusion result so as to carry out automatic driving development according to the safety analysis flow.
9. A security analysis process generation apparatus, comprising: a memory, a processor, and a security analysis flow generation program stored on the memory and executable on the processor, the security analysis flow generation program configured to implement the steps of the security analysis flow generation method of any one of claims 1 to 7.
10. A storage medium having a security analysis flow generation program stored thereon, the security analysis flow generation program, when executed by a processor, implementing the steps of the security analysis flow generation method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011167911.5A CN112348334A (en) | 2020-10-26 | 2020-10-26 | Security analysis process generation method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011167911.5A CN112348334A (en) | 2020-10-26 | 2020-10-26 | Security analysis process generation method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112348334A true CN112348334A (en) | 2021-02-09 |
Family
ID=74359233
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011167911.5A Pending CN112348334A (en) | 2020-10-26 | 2020-10-26 | Security analysis process generation method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112348334A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113111501A (en) * | 2021-03-31 | 2021-07-13 | 中汽研(天津)汽车工程研究院有限公司 | Functional safety and expected functional safety fusion analysis method |
| CN114312778A (en) * | 2022-01-27 | 2022-04-12 | 中国第一汽车股份有限公司 | Method and device for acquiring functional safety requirement of cruise control system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101414720B1 (en) * | 2013-05-31 | 2014-07-04 | 한국철도기술연구원 | Functional safety testing device for train control system software and the method thereof |
| CN109885870A (en) * | 2019-01-09 | 2019-06-14 | 同济大学 | A kind of verification method and system for autonomous driving vehicle expectation function safety |
| CN110333730A (en) * | 2019-08-12 | 2019-10-15 | 安徽江淮汽车集团股份有限公司 | Verification method, platform and the storage medium of automatic Pilot algorithm expectation function safety |
| CN110673590A (en) * | 2019-10-21 | 2020-01-10 | 安徽江淮汽车集团股份有限公司 | Method, device and equipment for judging reliability of automatic driving system and storage medium |
| CN111103866A (en) * | 2019-12-20 | 2020-05-05 | 吉林大学 | Adaptive cruise development and test method based on expected functional safety |
-
2020
- 2020-10-26 CN CN202011167911.5A patent/CN112348334A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101414720B1 (en) * | 2013-05-31 | 2014-07-04 | 한국철도기술연구원 | Functional safety testing device for train control system software and the method thereof |
| CN109885870A (en) * | 2019-01-09 | 2019-06-14 | 同济大学 | A kind of verification method and system for autonomous driving vehicle expectation function safety |
| CN110333730A (en) * | 2019-08-12 | 2019-10-15 | 安徽江淮汽车集团股份有限公司 | Verification method, platform and the storage medium of automatic Pilot algorithm expectation function safety |
| CN110673590A (en) * | 2019-10-21 | 2020-01-10 | 安徽江淮汽车集团股份有限公司 | Method, device and equipment for judging reliability of automatic driving system and storage medium |
| CN111103866A (en) * | 2019-12-20 | 2020-05-05 | 吉林大学 | Adaptive cruise development and test method based on expected functional safety |
Non-Patent Citations (3)
| Title |
|---|
| 文凯;夏珩;裴锋;魏丹;何涛;: "基于ISO 26262的电动四驱混合动力系统功能安全概念设计", 机电工程技术, no. 12 * |
| 李波 等: ""中国功能安全(Functional Safety)和预期功能安全(SOTIF)技术和标准体系研究及进展"", 《中国汽车》, pages 1 - 4 * |
| 纪宏岩;崔书超;孙灿;张进明;: "基于ISO 26262的道路车辆功能安全开发流程解读", 汽车电器, no. 07, pages 1 - 3 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113111501A (en) * | 2021-03-31 | 2021-07-13 | 中汽研(天津)汽车工程研究院有限公司 | Functional safety and expected functional safety fusion analysis method |
| CN113111501B (en) * | 2021-03-31 | 2023-06-02 | 中汽研(天津)汽车工程研究院有限公司 | Functional safety and expected functional safety fusion analysis method |
| CN114312778A (en) * | 2022-01-27 | 2022-04-12 | 中国第一汽车股份有限公司 | Method and device for acquiring functional safety requirement of cruise control system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112348334A (en) | Security analysis process generation method, device, equipment and storage medium | |
| US7818105B2 (en) | Vehicle inspection management system and method | |
| US11001211B2 (en) | Method and system for secure signal manipulation for testing integrated safety functionalities | |
| Bieber et al. | DALculus–theory and tool for development assurance level allocation | |
| US20160170868A1 (en) | Method and apparatus for the automated testing of a subsystem of a safety critical system | |
| Schmittner et al. | Towards a framework for alignment between automotive safety and security standards | |
| CN113110909A (en) | Vehicle instrument testing method and device | |
| KR102418796B1 (en) | FMEA failure mode recommend system | |
| CN113534772A (en) | Fault code clearing method, electronic device and storage medium | |
| KR102268053B1 (en) | Intelligent safety fault diagnostic system of robotic process automation | |
| Dajsuren et al. | Safety analysis method for cooperative driving systems | |
| Rana et al. | Early verification and validation according to iso 26262 by combining fault injection and mutation testing | |
| Conrad et al. | Qualifying Software Tools According to ISO 26262. | |
| US20230024036A1 (en) | Systems and methods for optimizing risk and time in safety certification of cyber-physical systems | |
| Helmig | ISO 26262–Functional Safety in Personal Vehicles: Responsibilities and Liabilities of Functional Safety Managers | |
| Armengaud et al. | Using the CESAR Safety Framework for Functional Safety Management in the context of ISO 26262 | |
| Sandgren et al. | Software safety analysis to support iso 26262-6 compliance in agile development | |
| Oka | Fuzz testing virtual ECUs as part of the continuous security testing process | |
| Kaiser et al. | An AEBS use case for model-based system design integrating safety analyses and simulation | |
| Debouk | Review of the Latest Developments in Automotive Safety Standardization for Driving Automation Systems | |
| Vogelsang et al. | Characterizing implicit communal components as technical debt in automotive software systems | |
| Singer | Methods for change management in automotive release processes | |
| CN111679646A (en) | Formalization-based automobile electronic system safety target confirmation method | |
| Zhou et al. | Quantitative security assurance case for in-vehicle embedded systems | |
| Haixia et al. | Automating the Execution of Safety Guided Test Scenarios in Automated Vehicles Based on STPA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |