CN113111501B - Functional safety and expected functional safety fusion analysis method - Google Patents
Functional safety and expected functional safety fusion analysis method Download PDFInfo
- Publication number
- CN113111501B CN113111501B CN202110352345.3A CN202110352345A CN113111501B CN 113111501 B CN113111501 B CN 113111501B CN 202110352345 A CN202110352345 A CN 202110352345A CN 113111501 B CN113111501 B CN 113111501B
- Authority
- CN
- China
- Prior art keywords
- safety
- functional
- function
- control
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2111/00—Details relating to CAD techniques
- G06F2111/04—Constraint-based CAD
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2111/00—Details relating to CAD techniques
- G06F2111/08—Probabilistic or stochastic CAD
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2119/00—Details relating to the type or aim of the analysis or the optimisation
- G06F2119/02—Reliability analysis or reliability optimisation; Failure analysis, e.g. worst case scenario performance, failure mode and effects analysis [FMEA]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T90/00—Enabling technologies or technologies with a potential or indirect contribution to GHG emissions mitigation
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Evolutionary Computation (AREA)
- Geometry (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The invention provides a fusion analysis method for functional safety and expected functional safety, which comprises the following steps: s1, performing related item definition and functional design specification; s2, carrying out danger and operability analysis, namely HAZOP, for identifying and evaluating failure forms of related items; s3, hazard analysis and risk assessment are carried out, namely the HARA is obtained, the function safety HARA and the expected function safety HARA are fused, ASIL grade, safety targets and verification targets are obtained, and the function failure forms of related items are obtained according to the step S2 and are further analyzed; s4, establishing a system safety control structure, wherein the system safety control structure is designed according to the related item definition and the functional design specification in the step S1. The invention has the beneficial effects that: the functional safety and expected functional safety fusion analysis method provides necessary support for ensuring high reliability and safety of the intelligent driving system, comprises a fusion development flow and STPA fusion analysis method, and provides reference basis for calculation of system verification indexes.
Description
Technical Field
The invention belongs to the technical field of intelligent network automobiles, and particularly relates to a functional safety and expected functional safety fusion analysis method.
Background
With the rapid development of intelligent networked and automated driving automobiles, the design of highly reliable and safe automotive electronic systems is increasingly receiving attention from all parties, where functional safety and intended functional safety are an integral part of the automated driving automobile system design. ISO 26262 and ISO 21448 are industry standards for functional safety and intended functional safety of automotive electronic/electrical systems. Functional safety refers to "unreasonable risk caused by abnormal performance of the electronic and electrical system" in which functional safety focuses on whether the system can enter a safe state after failure to avoid greater harm, or reduces the occurrence probability of harm by safety measures, rather than the original function or performance of the system. The expected functional safety refers to "no unreasonable risk caused by the damage caused by the insufficient expected function or the misuse of the foreseeable personnel", namely, the expected functional safety focuses on the damage caused by the insufficient expected function, the performance limitation of the elements of the electronic and electric system and the misuse of the personnel at the whole vehicle level, rather than the failure of the electronic and electric system. Therefore, in order to ensure the reliability and safety of the intelligent driving system, two development processes and analysis methods are indispensable, and it is important how to efficiently integrate functional safety and intended functional safety. The invention mainly aims at the fusion analysis method of functional safety and expected functional safety, and realizes functional safety development and expected functional safety development in one development period, thereby shortening the development period, obtaining comprehensive safety requirements and reducing the occurrence probability of harm. The invention introduces the concept of fusion development and provides necessary support for the development of the intelligent driving system.
Disclosure of Invention
In view of the above, the present invention aims to provide a functional safety and expected functional safety fusion analysis method, which enables an intelligent driving system to have high reliability and safety and high development efficiency, integrates the development flows of ISO 26262 and ISO 21448 based on the development concepts of functional safety and expected functional safety, fuses the two standard requirements into one system for development, shortens the overall development period, and can comprehensively identify system-level hazards to obtain complete safety requirements.
In order to achieve the above purpose, the technical scheme of the invention is realized as follows:
a functional safety and expected functional safety fusion analysis method comprises the following steps:
s1, performing related item definition and functional design specification;
s2, carrying out danger and operability analysis, namely HAZOP, for identifying and evaluating failure forms and danger events of related items;
s3, hazard analysis and risk assessment are carried out, namely the HARA is obtained, the function safety HARA and the expected function safety HARA are fused, ASIL grade, safety targets and verification targets are obtained, and the function failure forms of related items are obtained according to the step S2 and are further analyzed;
s4, establishing a system safety control structure, wherein the system safety control structure is designed according to the related item definition and the functional design specification in the step S1;
s5, identifying unsafe control behaviors and analyzing reasons;
s6, determining safety constraint conditions to obtain safety requirements;
s7, verifying and confirming.
Further, the related item definitions and functional design specifications described in step S1 include descriptions of the intended functions, functional interactions, interfaces, performance goals and system assumptions of the system.
Further, the risk and operability analysis in step S2 includes the following steps: first, determining a failure form of a function by a keyword, the keyword including a loss of function, a function exceeding expectations, a function being less than expectations, a function misdirection, accidentally providing a function, and a failure of a function updated as expected; then, analyzing the influence on the whole vehicle after the function is invalid and the harm on personnel; and finally, determining a hazard event, and providing basic support for hazard analysis and risk assessment in the step S3.
Further, in step S3, a driving scenario is selected according to the operation mode, driving condition, and environmental condition, and the exposure rate E, the severity S, and the controllability C are determined to obtain the ASIL level and the functional security target, and when S >0 and C >0, an expected functional security verification target is defined for the acceptance of the triggering event.
Further, the functional safety target is the highest-level safety requirement, and an ASIL grade is allocated to the safety target, and in step S4, the ASIL grade is only allocated to the safety requirement related to failure of the electronic and electric system;
the intended functional security verification objective is to define acceptance criteria during use of the intended function to reduce risk to a reasonable level and to use the concept of functional security ASIL level to determine the verification objective.
Further, the system security control structure in step S4 includes signal interaction, personnel decision and environmental factors among the functional modules, and explicitly indicates a control signal and a feedback signal, and each control signal existing in the control structure can be used as a control behavior.
Further, the unsafe control actions described in step S5 may lead to abnormal actions and interactions of the components, and system failure;
identifying unsafe control actions includes: firstly, determining each control action according to the control signal in the step S4; the unsafe control behavior is then determined from the 4 classifications of unsafe control behavior given by the STPA analysis method: 1) Does not provide the required control actions; 2) Providing control behavior when not needed; 3) Too early or too late or wrong time provides control behavior; 4) Proper control behavior ceases too early or for too long; finally, cause analysis is performed based on unsafe control actions, analyzing each element associated with the control actions, and the limitations of the elements pose a possible hazard.
Further, the safety constraint condition in the step S6 is determined according to cause analysis of unsafe control behaviors, and safety mechanisms, algorithm requirements, sensor performance requirements and driver behavior requirements are considered;
the safety requirements in step S6 include functional safety requirements and expected functional safety requirements, and the safety requirements are obtained after refinement by the safety constraint conditions, wherein the safety requirements related to failure of the electronic and electrical system are assigned ASIL levels corresponding to the safety targets.
Further, the verification in step S7 includes sensor verification, decision algorithm verification, actuator verification, integrated system verification, and security requirement verification;
the validation includes hazard analysis and risk assessment, security requirement validation, and assessment of residual risk in unknown scenarios.
Compared with the prior art, the functional safety and expected functional safety fusion analysis method has the following beneficial effects:
(1) The invention provides a functional safety and expected functional safety fusion analysis method based on the fusion development requirements of functional safety and expected functional safety; by establishing a functional safety and expected functional safety fusion analysis model, the damage caused by failure of an electronic and electric system, insufficient expected functions and misuse of personnel is comprehensively analyzed; the development efficiency of the intelligent driving system is improved, the development period is shortened, and comprehensive system-level hazard and safety requirements can be obtained.
(2) The functional safety and expected functional safety fusion analysis method provided by the invention provides necessary support for ensuring the high reliability and safety of the intelligent driving system, comprises a fusion development flow and an STPA fusion analysis method, and also provides reference basis for calculating the system verification index.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention. In the drawings:
FIG. 1 is a schematic diagram of a method for analyzing fusion of functional safety and expected functional safety according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a functional safety and intended functional safety fusion process according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a safety control structure of an ACC system according to an embodiment of the invention.
Detailed Description
It should be noted that, without conflict, the embodiments of the present invention and features of the embodiments may be combined with each other.
The invention will be described in detail below with reference to the drawings in connection with embodiments.
As shown in fig. 1 to 3, the present invention provides a method for analyzing fusion of functional safety and expected functional safety, which specifically comprises the following steps:
step 1: related item definitions and functional design specifications;
the related items define and function design specifications describing the intended functions, functional interactions, interfaces, performance goals, system assumptions, and the like of the system.
Step 2: hazard and operability analysis (HAZOP);
the HAZOP analysis is used to identify and evaluate failure modes of related items that may cause harm, thereby potentially damaging vehicle occupants, other vehicles and occupants, or other personnel. First, determining a failure form of a function by a keyword, the keyword including a loss of function, a function exceeding expectations, a function being less than expectations, a function misdirection, accidentally providing a function, and a failure of a function updated as expected; then, analyzing the influence on the whole vehicle after the function is invalid and the harm on personnel; and finally, determining a hazard event, and providing basic support for hazard analysis and risk assessment in the step 3.
Step 3: hazard Analysis and Risk Assessment (HARA);
the HARA is fused with the functional safety HARA and the expected functional safety HARA, the functional failure mode obtained in the step 2 is further analyzed, driving scenes are selected according to the operation mode, driving conditions and environmental conditions, the exposure rate E, the severity S and the controllability C are determined to obtain ASIL grades and functional safety targets, and meanwhile, when S >0 and C >0, the expected functional safety verification targets are defined for the acceptance of triggering events.
The ASIL rating is determined by referring to table 4 of the ISO 26262 standard;
the functional safety target is the highest-level safety requirement, and ASIL grade is allocated to the safety target, and in step 4, the ASIL grade is only allocated to the safety requirement related to failure of the electronic and electric system;
the intended function security verification goal is to define acceptance criteria during use of the intended function to reduce risk to a reasonable level. I.e. the incidence of an accident caused by a function is equal to or less than the current incidence of the same accident caused by a human being, the function is considered risk-acceptable, thus P Hazard ACC ≤P Hazard Human 。
The concept of a functional security ASIL level is used to determine a verification target. For ASIL D level, the random hardware failure target value of the functional safety requirement is smaller than 10-8h-1, namely the failure does not occur in the system operation for 108h as the target time; for the ASIL C grade and the ASIL B grade, the random hardware failure target value of the functional safety requirement is smaller than 10 < -7 > h < -1 >, namely the failure does not occur in the system operation for 107h and is taken as the target time; accident-free test duration = target time x exposure coefficient x severity coefficient x controllable coefficient. The exposure, severity and controllable coefficients in this formula were determined by looking up tables c.1, c.2 and c.3 of the ISO 21448 standard, respectively, according to the e\s\c scale. Or according to ISO 21448, calculating a verification target through traffic statistics data and safety margin, wherein the accident-free mileage or duration tau is obtained as follows:
where λ is the target event rate, α is the confidence level, x is the mileage or duration that human drivers average to experience between events, and y is the safety margin.
Step 4: establishing a system safety control structure;
the system safety control structure is designed according to the related item definition and the functional design specification in the step 1, and comprises signal interaction, personnel decision and environmental factors among the functional modules, wherein control signals and feedback signals are explicitly shown, and each control signal existing in the control structure can be used as a control behavior.
Step 5: identifying unsafe control behaviors and analyzing reasons;
the unsafe control behavior can lead to abnormal behavior and interactions of the components, as well as system failure. First, each control behavior is determined according to the control signal in step 4; the unsafe control behavior (UCA) is then determined from the 4 classifications of unsafe control behaviors given by the STPA analysis method: 1) Does not provide the required control actions; 2) Providing control behavior when not needed; 3) Too early or too late (or wrong time) provides control behavior; 4) Proper control behavior ceases too early or for too long; finally, cause analysis is performed based on unsafe control actions, analyzing each element associated with the control actions, and the limitations of the elements pose a possible hazard.
Step 6: and determining the safety constraint condition to obtain the safety requirement.
The safety constraint condition is determined according to cause analysis of unsafe control behaviors, and safety mechanisms, algorithm requirements, sensor performance requirements, driver behavior requirements and the like are considered.
The safety requirements comprise functional safety requirements and expected functional safety requirements, and the safety requirements are obtained after the safety constraint conditions are refined. Wherein the security requirements associated with the failure of the electrical and electronic system assign an ASIL level corresponding to the security objective.
Step 7: verification and validation.
The verification comprises sensor verification, decision algorithm verification, actuator verification, integrated system verification and security requirement verification;
the validation includes hazard analysis and risk assessment, security requirement validation, and assessment of residual risk in unknown scenarios.
The functional safety and intended functional safety fusion analysis methods of the present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all embodiments of the invention are shown. Taking the control output braking torque function of the adaptive cruise control system (ACC) as an example, the implementation process of the fusion development of the functional safety and the intended functional safety will be described in detail.
The following is a specific implementation procedure of the embodiment:
step 1: related item definitions and functional design specifications;
the self-adaptive cruise control system collects front vehicle information through a camera and a radar and sends the front vehicle information to the ACC controller, the ACC controller receives the front vehicle speed and distance signals to make a decision, and a braking torque request signal is sent to the braking control module to conduct deceleration braking. Meanwhile, when the ACC controller detects that the brake pedal is pressed down, the ACC function is exited and the ACC state is displayed on the HMI.
Step 2: hazard and operability analysis (HAZOP);
in this embodiment, the control of the ACC system to output the braking torque is taken as an example, and the HAZOP analysis is performed, where the failure modes include failure to output the braking torque, output too small braking torque, output too large braking torque, and accidentally provide braking torque, and all the three failure modes belong to the hazard event.
TABLE 1 HAZOP analysis Table
Step 3: hazard Analysis and Risk Assessment (HARA);
for the control output braking torque function of the embodiment, the safety goal is to avoid outputting unexpected braking torque, the ASIL grade is ASIL C, and the random hardware failure target value is smaller than 10 according to the functional safety requirement -7 h -1 I.e. system operation 10 7 h no failure occurs as a target time, i.e., no accident test duration=target time×exposure coefficient×severity coefficient×controllable coefficient=10 7 h×1×1×0.1=10 6 h, namely controlling the accident-free test duration of the output braking torque function to be not less than 10 6 h。
Table 2 hazard analysis and risk assessment table
Step 4: establishing a system safety control structure;
the ACC system safety control structure of this embodiment is shown in fig. 3, and an exemplary diagram of the safety control structure is shown with the control output brake torque function of the ACC system as an important point.
Step 5: identifying unsafe control behaviors and analyzing reasons;
the control behavior CA1 of this embodiment, ACC controller, sends a brake torque request signal to the brake control module, and the cause analysis for unsafe control behaviors UCA1-H1, UCA1-H2, UCA1-H3, and UCA1-H4 is shown in Table 3.
TABLE 3 unsafe control behavior and cause analysis Table
Step 6: and determining the safety constraint condition to obtain the safety requirement.
The cause analysis according to step 5 yields security constraints and refines the security requirements, including functional security requirements and expected functional security requirements, and assigns ASIL levels to functional security requirements, as shown in table 4.
Table 4 safety requirement table
Step 7: verification and validation.
The present embodiment includes the verification and validation of table 2 and table 4, the verification content includes sensor verification, decision algorithm verification and security requirement verification, and the validation content includes hazard analysis and risk assessment validation, security requirement validation and validation target validation.
In summary, the invention provides a functional safety and expected functional safety fusion analysis method based on the requirements of functional safety and expected functional safety development flow. On the basis of guaranteeing the reliability and safety of the intelligent driving vehicle, the development period of the system is shortened, the functional safety and the expected functional safety are subjected to fusion analysis, and a full-period development flow and an implementation method are provided. The invention not only ensures the reliability and safety requirements of the intelligent driving system, but also greatly shortens the development period of the system.
Those of ordinary skill in the art will appreciate that the elements and method steps of each example described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the elements and steps of each example have been described generally in terms of functionality in the foregoing description to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in this application, it should be understood that the disclosed methods and systems may be implemented in other ways. For example, the above-described division of units is merely a logical function division, and there may be another division manner when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted or not performed. The units may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention, and are intended to be included within the scope of the appended claims and description.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
Claims (2)
1. The fusion analysis method for functional safety and expected functional safety is characterized by comprising the following steps:
s1, performing related item definition and functional design specification;
s2, carrying out danger and operability analysis, namely HAZOP, for identifying and evaluating failure forms and danger events of related items;
s3, hazard analysis and risk assessment are carried out, namely the HARA is obtained, the function safety HARA and the expected function safety HARA are fused, ASIL grade, safety targets and verification targets are obtained, and the function failure forms of related items are obtained according to the step S2 and are further analyzed;
s4, establishing a system safety control structure, wherein the system safety control structure is designed according to the related item definition and the functional design specification in the step S1;
s5, identifying unsafe control behaviors and analyzing reasons;
s6, determining safety constraint conditions to obtain safety requirements;
s7, verifying and confirming;
the related item definitions and functional design specifications described in step S1 include descriptions of the intended functions, functional interactions, interfaces, performance goals and system assumptions of the system;
the risk and operability analysis in step S2 includes the steps of: first, determining a failure form of a function by a keyword, the keyword including a loss of function, a function exceeding expectations, a function being less than expectations, a function misdirection, accidentally providing a function, and a failure of a function updated as expected; then, analyzing the influence on the whole vehicle after the function is invalid and the harm on personnel; finally, determining a hazard event, and providing basic support for hazard analysis and risk assessment in the step S3;
in step S3, a driving scene is selected according to an operation mode, driving conditions and environmental conditions, an exposure rate E, a severity S and a controllability C are determined to obtain an ASIL grade and a functional safety target, and meanwhile, when S >0 and C >0, an expected functional safety verification target is defined for the acceptance of a triggering event;
the functional safety target is the highest-level safety requirement, ASIL grade is allocated to the safety target, and in step S3, the ASIL grade is only allocated to the safety requirement related to failure of the electronic and electric system;
defining acceptance criteria to reduce risk to a reasonable level during use of the intended function security verification target for the intended function; and using the concept of functional security ASIL level to determine a verification target;
the system safety control structure in the step S4 comprises signal interaction, personnel decision and environmental factors among the functional modules, and clearly shows control signals and feedback signals, wherein each control signal in the control structure can be used as a control behavior;
the unsafe control actions described in step S5 may lead to abnormal actions and interactions of the components, as well as system failure;
identifying unsafe control actions includes: firstly, determining each control action according to the control signal in the step S4; the unsafe control behavior is then determined from the 4 classifications of unsafe control behavior given by the STPA analysis method: 1) Does not provide the required control actions; 2) Providing control behavior when not needed; 3) Too early or too late or wrong time provides control behavior; 4) Proper control behavior ceases too early or for too long; finally, cause analysis is carried out according to unsafe control behaviors, each element related to the control behaviors is analyzed, and possible damage is caused by the limitation of the elements;
the safety constraint conditions in the step S6 are determined according to cause analysis of unsafe control behaviors, and safety mechanisms, algorithm requirements, sensor performance requirements and driver behavior requirements are considered;
the safety requirements in step S6 include functional safety requirements and expected functional safety requirements, and the safety requirements are obtained after refinement by the safety constraint conditions, wherein the safety requirements related to failure of the electronic and electrical system are assigned ASIL levels corresponding to the safety targets.
2. A functional safety and prospective functional safety fusion analysis method according to claim 1, characterized in that: the verification in the step S7 comprises sensor verification, decision algorithm verification, actuator verification, integrated system verification and security requirement verification;
the validation includes hazard analysis and risk assessment, security requirement validation, and assessment of residual risk in unknown scenarios.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110352345.3A CN113111501B (en) | 2021-03-31 | 2021-03-31 | Functional safety and expected functional safety fusion analysis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110352345.3A CN113111501B (en) | 2021-03-31 | 2021-03-31 | Functional safety and expected functional safety fusion analysis method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113111501A CN113111501A (en) | 2021-07-13 |
| CN113111501B true CN113111501B (en) | 2023-06-02 |
Family
ID=76713464
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110352345.3A Active CN113111501B (en) | 2021-03-31 | 2021-03-31 | Functional safety and expected functional safety fusion analysis method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113111501B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114348009B (en) * | 2022-01-27 | 2024-05-03 | 中国第一汽车股份有限公司 | Functional safety concept stage analysis method and brake control system |
| CN114312778A (en) * | 2022-01-27 | 2022-04-12 | 中国第一汽车股份有限公司 | Method and device for acquiring functional safety requirement of cruise control system |
| TWI824778B (en) * | 2022-10-17 | 2023-12-01 | 財團法人車輛研究測試中心 | System and method with safety of the intended functionality scene collection and self-update mechanism |
| CN115808907A (en) * | 2022-11-17 | 2023-03-17 | 华侨大学 | Verification method and verification system of train control system based on communication |
| CN117261943B (en) * | 2023-11-17 | 2024-03-01 | 中汽研汽车检验中心(常州)有限公司 | Automatic driving expected function safety hazard identification method based on Mili type state machine |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111103866A (en) * | 2019-12-20 | 2020-05-05 | 吉林大学 | Adaptive cruise development and test method based on expected functional safety |
| CN112348334A (en) * | 2020-10-26 | 2021-02-09 | 安徽江淮汽车集团股份有限公司 | Security analysis process generation method, device, equipment and storage medium |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108510185B (en) * | 2018-03-29 | 2020-10-27 | 北京紫晶立方科技有限公司 | Rapid hazard analysis and risk assessment method for road vehicles |
| CN109885870A (en) * | 2019-01-09 | 2019-06-14 | 同济大学 | A kind of verification method and system for autonomous driving vehicle expectation function safety |
| DE102019203251B3 (en) * | 2019-03-11 | 2020-06-18 | Volkswagen Aktiengesellschaft | Process and system for safe signal manipulation for testing integrated safety functionalities |
| CN110333730B (en) * | 2019-08-12 | 2020-08-21 | 安徽江淮汽车集团股份有限公司 | Verification method, platform and storage medium for safety of expected function of automatic driving algorithm |
| CN111679646A (en) * | 2020-04-28 | 2020-09-18 | 华东师范大学 | Formalization-based automobile electronic system safety target confirmation method |
| CN112035954A (en) * | 2020-08-25 | 2020-12-04 | 长春一汽富晟集团有限公司 | Functional safety monitoring system and monitoring method of automatic driving test simulation platform |
| CN112418711A (en) * | 2020-12-07 | 2021-02-26 | 安徽江淮汽车集团股份有限公司 | Method, device, storage medium and device for evaluating damage of expected function of vehicle |
-
2021
- 2021-03-31 CN CN202110352345.3A patent/CN113111501B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111103866A (en) * | 2019-12-20 | 2020-05-05 | 吉林大学 | Adaptive cruise development and test method based on expected functional safety |
| CN112348334A (en) * | 2020-10-26 | 2021-02-09 | 安徽江淮汽车集团股份有限公司 | Security analysis process generation method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113111501A (en) | 2021-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113111501B (en) | Functional safety and expected functional safety fusion analysis method | |
| EP3744584A1 (en) | Vehicle monitoring device, fraud detection server, and control method | |
| CN113065195B (en) | Vehicle information security threat assessment method, device, medium and electronic equipment | |
| CN104272663A (en) | Vehicle-specific network communication management device and communication management method | |
| CN108983758A (en) | A kind of the software protecting method, apparatus and terminal of automotive diagnostic installation | |
| CN110047286A (en) | A kind of analyzing vehicle accident method and device | |
| Stachowski et al. | An assessment method for automotive intrusion detection system performance | |
| WO2018179536A1 (en) | Information processing device, information processing method, program, and recording medium on which said program is stored | |
| CN112182663A (en) | Two-stage safety access system of passenger car and access method thereof | |
| CN116061974A (en) | Data processing method and device for automatic emergency braking system | |
| CN117644880B (en) | Fusion safety protection system and control method for intelligent network-connected automobile | |
| CN113103987B (en) | Vehicle emergency unlocking control system and method | |
| Van Eikema Hommes | Applying system theoretical hazard analysis method to complex automotive cyber physical systems | |
| CN116353511A (en) | Logistics mode control method and system for new energy automobile | |
| CN115550265A (en) | Vehicle-mounted network communication event filtering method, device, equipment and medium | |
| CN114802052A (en) | Trusted environment self-learning method and system for vehicle-mounted network intrusion detection system | |
| CN110254377B (en) | Safety inspection method for central control system of new energy automobile | |
| CN114126959B (en) | Method for checking the permitted use of a rolling chassis | |
| CN112737881B (en) | Communication test method and device for electric vehicle charging equipment and terminal equipment | |
| CN113705961A (en) | Risk level evaluation decomposition method and device based on vehicle powertrain function | |
| CN102104595A (en) | A network component security system | |
| EP4239506A1 (en) | Vehicle-mounted computer, computer program, computer-readable storage medium, and security setting method | |
| CN115626162A (en) | Method and device for determining vehicle function safety | |
| Berdich et al. | Cyberattacks on Adaptive Cruise Controls and Emergency Braking Systems: Adversary Models, Impact Assessment, and Countermeasures | |
| CN115470071A (en) | Vehicle function safety monitoring method and device, vehicle and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |