WO2003075104A2 - Einrichtung und verfahren zur beurteilung und erzielung von sicherheit bei systemen sowie entsprechendes computerprogramm - Google Patents
Einrichtung und verfahren zur beurteilung und erzielung von sicherheit bei systemen sowie entsprechendes computerprogramm Download PDFInfo
- Publication number
- WO2003075104A2 WO2003075104A2 PCT/DE2003/000329 DE0300329W WO03075104A2 WO 2003075104 A2 WO2003075104 A2 WO 2003075104A2 DE 0300329 W DE0300329 W DE 0300329W WO 03075104 A2 WO03075104 A2 WO 03075104A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- error
- functional structure
- component
- errors
- systems
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C5/00—Registering or indicating the working of vehicles
- G07C5/008—Registering or indicating the working of vehicles communicating information to a remotely located station
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W50/00—Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
- B60W2050/0001—Details of the control system
- B60W2050/0002—Automatic control, details of type of controller or control system architecture
- B60W2050/0004—In digital systems, e.g. discrete-time systems involving sampling
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W50/00—Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
- B60W2050/0001—Details of the control system
- B60W2050/0043—Signal treatments, identification of variables or parameters, parameter estimation or state estimation
- B60W2050/0044—In digital systems
- B60W2050/0045—In digital systems using databus protocols
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60W—CONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
- B60W50/00—Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
- B60W50/02—Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
- B60W50/0205—Diagnosing or detecting failures; Failure detection models
- B60W2050/021—Means for detecting failure or malfunction
Definitions
- the invention relates to a device and a method for assessing the security of systems, in particular in a motor vehicle, in an early phase of product development, and to a corresponding computer program or computer program product according to the preambles of the independent claims.
- the method according to the preamble of the independent claim corresponding category is called CARTRONIC ® based security analysis (CSA) and carried out accordingly by the facility or when the computer program is executed.
- CSA CARTRONIC ® based security analysis
- the development phase is an abstract way of looking at a system, ie it is known which functions the system should perform and how these functions interact. However, it has not yet been determined how these functions will be implemented (e.g. hardware, software, mechanics).
- This abstract perspective can be represented by the CARTRONIC ® structuring concept, which is independent of the automobile manufacturer and supplier. This structuring concept forms the basis for the CARTRONIC ® based security analysis.
- the increasing complexity, particularly of the motor vehicle system is due on the one hand to the increasing complexity and number of the individual subsystems, but is also significantly influenced by their increasing networking.
- the complexity of the motor vehicle system can be controlled by structuring the subsystems according to CARTRONIC ® , taking into account the interactions with other subsystems.
- the CARTRONIC ® structuring concept (see Bertram, T., - Bitzer, R.; Mayer, R.; Volkhart, A.; 1998, CARTRONIC - An open architecture for networking the control Systems of an automobile, Detroit / Michigan USA, SAE 98200 ) is based on an object-oriented approach.
- the motor vehicle system is structured into logical functional units that communicate with one another via standardized interfaces.
- CARTRONIC ® is a structuring concept for all control and regulation systems of a vehicle.
- the concept contains modular and expandable architectures for "Function” and "security” on the basis of agreed formal structuring and modeling rules.
- An architecture is to be understood here as the structuring system (rules) as well as its implementation in a concrete structure.
- the functional architecture encompasses all control and regulation tasks occurring in the vehicle.
- the tasks of the system network are assigned to so-called functional components, the interfaces of the components (functional interfaces) and their interaction are defined.
- the security architecture extends the functional architecture by elements that guarantee the safe operation of the system network.
- UML Unified Modeling Language
- Another form of representation results from mapping in UML (Unified Modeling Language), which also facilitates porting to a computer system.
- UML Unified Modeling Language
- the mapping of a CARTRONIC 119 functional structure into a UML model is described in (Torre Flores, P.; Läpp, A.; Hermsen, W.; Schirmer, J.; Walther, M.; Bertram, T .; Petersen, J .; 2001, Integration of a structuring concept for vehicle control Systems into the Software development process using UML modeling methods, Detroit / Michigan USA, SAE 2001-01-0066).
- the basic structure for structuring is the functional component.
- a functional component represents a function in the motor vehicle system.
- the term functional component instead of the term functional component, only the term component is used in favor of a compact representation.
- the components can be refined in the course of development
- the higher-level function is in turn composed of components within the refinement (detailing), the individual parts of the higher-level function represent.
- the structuring rules describe permitted communication relationships within the architecture of the overall vehicle. A distinction is made between structuring rules that define the communication relationships on the same level of abstraction and in higher and lower levels, taking into account the specified boundary conditions. Furthermore, the structuring rules clarify the forwarding of communication relationships into the detailing of another functionality.
- Control elements, sensors and estimators are equivalent information providers and one
- the invention relates to a device, in particular a computer system, and a computer program or
- Computer program product as well as a method for performing a safety analysis in systems, in particular in a motor vehicle, the systems or the at least one system consisting of several components between which there are communication relationships, the components and their communication relationships being a functional structure of the systems or the at least one system form, errors advantageously being determined as a function of and ⁇ the functional structure
- the invention shows a device, in particular a computer system, and a computer program or computer program product, and a method for achieving a predefinable security level in systems, in particular in a motor vehicle, the systems or at least one system consisting of several components, between which
- a safety analysis is thus advantageously carried out in an early phase of product development, in order to recognize problem areas in good time and the early integration of safety measures into the functional structure (“safety through design”).
- the security analysis according to the invention is therefore expediently also represented as an iterative analysis and improvement process.
- the method for assessing the security of systems can advantageously be represented on the basis of CARTRONIC® " functional structures or CARTRONIC ⁇ -UML models, but can also be applied to other system models.
- the method is expediently carried out using the CSA table.
- Global effects of errors are identified and evaluated using the CSA table. It documents error dependencies of components and
- Misconduct is caused by functional structure errors (FS errors) in components or communications.
- Communication errors (orders, requests) are taken into account in the target component of the communication.
- FS errors in queries are taken into account in the source component of the communication.
- Malfunction of the components is assigned to the global impact. This not only enables an assessment of global conditions, but also which components of the functional structure are responsible for this.
- the method is integrated in a CARTRONIC ® -based development process. This promotes a formal, systematic approach.
- the security measures are mapped in particular in a CARTRONIC ® - UML model. This enables a formal verification against specified product requirements or the product specification. A validation of the product specification is also possible with this procedure.
- Figure 2 shows the CARTRONIC ® functional structure of an exemplary considered brake system.
- FIG. 3 shows an example of a UML modeling of the CARTRONIC function structure according to FIG. 2.
- Figure 4 shows the table header of the CSA table with the global effects.
- FIG. 5 shows the assignment of the effects of errors to the security levels in a flow graph.
- Figure 6 shows an example of an assessment of the global impact.
- FIG. 7 shows the propagation of errors in the functional structure or the assignment of FS errors to the global effects.
- Figure 9 shows the classification of the CSA in a development process, in particular according to the V-model
- the security analysis described below is based on the CARTRONIC ® functional structure or the CARTRONIC ® UML model of the system under consideration.
- the CARTRONIC ® UML model is the mapping of a CARTRONIC ® functional structure into the UML (Unified modeling language). The mapping into the UML provides a formalized and more precisely specified representation which facilitates an automated implementation of the invention.
- the CARTRONIC ® based security analysis is a procedure for systematic security analysis at an abstract system level and thus supports the development credo "safety through design".
- the procedure for CARTRONIC ® based security analysis described in a previous publication (Bertram, T .; Dominke, P.; Müller, B., 1999, The Safety-Related Aspect of CARTRONIC, Detroit / Michigan USA, SAE '99, Session Code PC 26) is fundamentally revised and expanded to include the analysis of structural error dependencies and the causes of which are described in an abstract manner, for example "errors present” or “errors not present”
- the method thus represents an abstraction of the FMEA (Failure Mode and Effects Analysis or Failure Possibility and Effect Analysis), which is expanded to include structural analysis
- the FMEA is a recognized methodical procedure for the analysis, evaluation and documentation of systems, components and manufacturing processes and serves primarily to avoid errors.
- the intention of the CSA is not to replace an FMEA, but only to support the system developers in the early development phase in identifying potential danger spots.
- Global effects are physical effects that affect the overall motor vehicle system through actuators. You will be noticed by sensors (or a vehicle driver) through loss of function (e.g.
- Functional structure errors are errors that a
- FS error causes are reasons for a component to behave incorrectly.
- the reason for a component to malfunction is the presence of FS errors.
- FS errors can be further divided into refined error types. The refined types of errors are then again the cause of the FS errors.
- the refined types of errors can be:
- Component is active in an uncontrolled manner
- Figure 1 shows the procedure of the CARTRONIC ® based security analysis.
- the procedure can be structured as follows:
- Step 1 Identify global impacts based on the CARTRONIC ® functional structure or the
- Step 3 Analysis of FS error causes (see definition
- Step 4 Assignment of a component's misconduct to the global effects
- Step 5 Measures for error detection and / or
- Security structure step 7 verification of the resulting functional
- Brake system coordinator, brake actuator and brake light In the logical, hierarchical functional structure of CARTRONIC ® , the components of the brake system coordinator and brake actuator are in the detailing of the brake system.
- the components N02r1e.n distributor, propulsion and brake system are details of the propulsion and brake.
- propulsion and braking is a detailing of the vehicle movement.
- the brake light component is in the detailing of light and light signals, which is a detailing of exterior lighting. This in turn is a refinement of the visibility and signaling components in the body and interior.
- the detailing of the vehicle movement and body and interior are placed on the vehicle level.
- the vehicle level is the top level of the CARTRONIC ® functional structure.
- the torque distributor is responsible for distributing the torque requests of the driver.
- the brake system coordinator component in the detailing of the brake system ensures that the moments are implemented by request 03 to the brake actuator and with request R3 that Activation of the brake light, so that the driver's request is signaled to following vehicles.
- the CSA table provides an assignment of a malfunction of an individual component to error dependencies within the functional structure.
- the FS errors documented in the CSA table can be those listed above
- Error types can be refined.
- the refined types of errors can be interpreted at the abstract system level as the cause of the FS errors.
- the "internal effects" are assigned to the global effects. In this way, complex dependencies between
- Step 1 identify global impacts
- the actuators which are controlled by the subsystem under consideration, represent the interfaces to the environment.
- the environment means the motor vehicle as a whole.
- the actuators for the example system shown in FIG. 2 and FIG. 3 are the brake system or, in the detailing, the brake actuator, the Propulsion and the brake light. Only those global effects are considered and, for example, recorded in a computer system that are the responsibility of the subsystem to be examined. For example, it does not make sense for you to have the Adaptive Cruise Control (ACC) subsystem that controls the braking system
- ACC Adaptive Cruise Control
- FIG. 4 shows the table header with the global effects of the CSA table.
- Step 2 Assess global impacts through security levels The assessment of the global effects is based on the requirement classes defined in DIN V 19250.
- the requirement classes in the standard are generally defined for MSR protective devices (MSR - measuring, controlling, regulating). The requirements set out there cannot be directly applied to motor vehicles. The points flow in this standard
- safety levels There are objections to adapted “requirement classes” for automobiles, which are referred to as safety levels (SL) in the context of the CSA.
- SL safety levels
- the assignment of the safety levels to the effects of errors is shown in the risk graph of FIG. 5.
- the frequency of events is to be understood as the target quantity that must be at least fulfilled by the later implementation of a component.
- An a priori verification of the event frequencies is generally not possible, since reliable data is often only available after a series application. However, it is possible to subsequently compare the setpoint of the event frequency associated with a security level with a recorded actual value. If there is a discrepancy, ie the event frequency actually determined is greater than the permissible event frequency of a security level, we must
- FIG. 6 shows the assessment of the global effects of the braking system by means of security levels.
- a braking system is an extremely important functionality of a motor vehicle, which must be guaranteed under all circumstances.
- the global impact "no braking effect” generally represents a threat to life and limb that cannot be controlled by the driver. Therefore, security level SL4 must be assigned here.
- security level SLl is assigned because here in As a rule, it can be assumed that maximum minor injuries can be expected, e.g. due to rear-end collisions with low speed difference. In individual cases, there may be a risk to life and limb that is manageable, e.g. switch on the hazard warning lights.
- Step 3 functional structure failure cause analysis
- the root cause analysis asks the question: What causes a component to malfunction ⁇ torque distributor, propulsion, brake system, brake system coordinator, brake actuator, brake light ⁇ ?
- the cause analysis examines what could lead to a malfunction of the CARTRONIC ® components (torque distributor, propulsion, brake system, brake system coordinator, brake actuator, brake light). A misconduct is investigated by Components and their details, insofar as they are known.
- the CARTRONIC ® function structure of the system under consideration is adopted in the "Function structure" header of the CSA table.
- the CARTRONIC ® function structure is adopted in the "Components malfunction" column (see Figure 7).
- FS errors of the communication relationships that are relevant for the component are also taken into account. If an FS error in a communication relationship causes misconduct, an assignment to the functional structure is also made, which reflects the type and name of the communication under consideration.
- the type of communication relationship is identified with the uppercase initial letter of the English expression of communication. As a result, an "0" is used for an order, an "R” for a request, and an "I” for an inquiry. An underscore follows the type of communication " _ ", followed by the name of the communication relationship (eg I_I1).
- a malfunction of the component torque distributor (fc. ⁇ ) Is due to the fact that a component error in the component torque distributor (fc 1 ) itself
- the brake system component (fc 2 ) has malfunctioned
- the entries in the CSA table for the example shown in FIG. 2 can be seen in FIG. 8, in particular FIG. 8a.
- the column brake system (brake system (fc 2 ) is the envelope of the brake system coordinator and brake actuator) of the "functional structure" must be used for the cause analysis
- the CSA table thus enables logical error dependencies to be tracked.
- the columns of the function structure with many entries e.g. column torque distributor (fc x ) and column propulsion (fc 3 ), are important components, since an error affects large parts of the system.
- Step 4 Mapping a component's misconduct to its global impact
- step 1 the global impacts identified in step 1 are assigned to the components whose misconduct causes a global impact. These components are the system interfaces (see step 1).
- the component Nominal distributor (fC j ) in the functional structure is assigned to the line Brake actuator malfunction (fc 22 ), ie an FS error in the Torque distributor component can cause the brake actuator to malfunction. It can be concluded from this that a malfunction of the torque distributor component can also cause the global effects of the brake actuator. The global effects of a malfunction of the brake actuator ("no braking effect” and "insufficient braking effect”) are thus also
- an FS error in the torque distributor component can cause propulsion to malfunction (fc 3 ).
- a malfunction of the torque distributor component can therefore also have the global effects of "uncontrolled acceleration” and "no acceleration”.
- An FS error in the torque distributor component can cause the brake light (fc 4 ) to behave incorrectly.
- a malfunction of the torque distributor component can cause the global effects "no display” and "continuous display”.
- a malfunction of the brake system (fc 2 ) as a shell of the components brake system coordinator (fc 2X ) and brake actuator (fc 22 ) can cause the global effects of all its components in the detailing.
- Step 4.1 Assign security levels to component malfunction
- Step 5 measures for error detection and / or control
- Table 2 Compilation of measures for error detection and control for functional components.
- the measures indicate possibilities for recognizing and mastering the abstract causes. These abstract causes can be understood as error modes (types of errors) of the more general FS errors (see definition 3). At a high level of abstraction, measures can be specified that are already evident in an early development phase.
- Redundant structures can be used in later development phases, i.e. with detailed knowledge of the implemented topology can be converted into cost-effective measures. Examples of this are codes for error detection and correction.
- the plain text information in the tables is in the program or
- Computer system can be shortened and assigned by coding.
- Step 6 CARTRONIC ® - security structure
- the CARTRONIC ® representation of a system can be mapped into a CARTRONIC 81 -UML model (FIG. 3).
- CARTRONIC ® representation of a system
- UML is also an internationally standardized language.
- the extension must include the mapping of measures for error detection and control, the partitioning of the functions on control units and the representation of temporal and logical processes.
- the expanded structure can be used to document the security measures used.
- a representation in which structure, functionality and topology are included is also suitable for future quantitative system analyzes, in particular for automated implementation.
- FIG. 12 shows the classification of the CSA in a development process.
- the development process used is based on the V-model.
- the V-Modell is a federal development standard for IT systems. It is possible to adapt the V-Modell to specific project conditions. This process is called tailoring. Activities (activities) and their products are defined in the V-Modell.
- the incremental, iterative V-model (UV-model) adapted for the CARTRONIC ® based development process is applied on the three levels system level, subsystem level and partial realization level.
- the IIV model is navigated along the arrows. It is possible to go from the left to the right side of a level of the V-model (test cases) and back (iterations). Several increments are also possible between the levels.
- the motor vehicle is viewed as a whole.
- the subsystem level details the overall motor vehicle system in subsystems. These subsystems can be, for example, the engine control, the brake system, the transmission or an adaptive cruise control.
- the subsystem level represents the subsystems of the motor vehicle independently of the implementation, ie only the functionality but not the technical implementation is considered. On the
- each subsystem is further detailed. A decision is made about a topology and whether a function as software, computer hardware, hydraulics, electronics, electrics, mechanics, etc. is implemented. A corresponding subsystem is then created and, if necessary, the software is implemented.
- a requirements analysis is carried out on the left side of the V model and a draft is drawn up. The right side of the IIV model is used for integration and verification of the draft created at the corresponding level.
- a validation can be carried out at the system level. A validation checks whether the system specification meets the requirements placed on it. The verification, however, checks a product against the specification. The steps 1 to 5 are described in the
- Step 6 is implemented in the design phase of the subsystem level. Based on the considerations in step 5, namely that a specification of measures for error detection and control often only makes sense with a known system topology, one is recommended
- step 5 and step 6 on the partial realization level.
- the system topology ie the partitioning of the functionalities on control units, is carried out and the functional realizations are defined.
- the CSA as described here is mainly used at the subsystem level. However, it is advantageous to continue the CSA at the partial realization level.
- a requirement analysis is carried out, how security measures are to be designed depending on the topology and the implementation of the subsystem, and a corresponding draft is made. This design and its integration can be verified on the right side of the IIV model.
- the invention shown can run automatically on a computer system.
- steps 1 to 7 can be stored as program code and executed in a device, in particular a computer system, in order to carry out a method according to the invention.
- a device in particular a computer system
- a transfer of the program via networks such as the Internet from one memory to another memory or network participant is also included.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Testing And Monitoring For Control Systems (AREA)
- Hardware Redundancy (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP03706283A EP1483745A2 (de) | 2002-03-01 | 2003-02-06 | Einrichtung und verfahren zur beurteilung und erzielung von sicherheit bei systemen sowie entsprechendes computerprogramm |
US10/506,372 US7469170B2 (en) | 2002-03-01 | 2003-02-06 | Device and method for assessing the safety of systems and for obtaining safety in system, and corresponding computer program |
JP2003573502A JP4382494B2 (ja) | 2002-03-01 | 2003-02-06 | システムにおける安全性を判定し,かつその安全性を得るための装置,方法および対応するコンピュータプログラム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10208866.7 | 2002-03-01 | ||
DE10208866A DE10208866A1 (de) | 2002-03-01 | 2002-03-01 | Einrichtung und Verfahren zur Beurteilung und Erzielung von Sicherheit bei Systemen sowie entsprechendes Computerprogramm |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003075104A2 true WO2003075104A2 (de) | 2003-09-12 |
WO2003075104A3 WO2003075104A3 (de) | 2004-04-01 |
Family
ID=27675137
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2003/000329 WO2003075104A2 (de) | 2002-03-01 | 2003-02-06 | Einrichtung und verfahren zur beurteilung und erzielung von sicherheit bei systemen sowie entsprechendes computerprogramm |
Country Status (5)
Country | Link |
---|---|
US (1) | US7469170B2 (de) |
EP (1) | EP1483745A2 (de) |
JP (1) | JP4382494B2 (de) |
DE (1) | DE10208866A1 (de) |
WO (1) | WO2003075104A2 (de) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2448351B8 (en) * | 2007-04-12 | 2017-03-01 | It Acs Ltd | Method and apparatus for active system safety |
US7920988B2 (en) * | 2008-11-13 | 2011-04-05 | Caterpillar Inc. | Capturing system interactions |
EP2221679B1 (de) * | 2009-02-11 | 2012-06-06 | Siemens Aktiengesellschaft | Verfahren zur logischen Verschaltung von Sicherheitskreisen in einer industriellen Automatisierungsordnung und Projektierungseinrichtung zur Durchführung des Verfahrens |
JP5549665B2 (ja) | 2011-12-28 | 2014-07-16 | 株式会社デンソー | 車両制御装置及びソフトウェア部品 |
US20130282190A1 (en) * | 2012-04-24 | 2013-10-24 | General Electric Company | System and method for configuration and management of power plant assets |
US20150032643A1 (en) * | 2013-07-23 | 2015-01-29 | Micropilot Inc. | Product configuration method and system using failure mode design |
US9639450B2 (en) | 2015-06-17 | 2017-05-02 | General Electric Company | Scalable methods for analyzing formalized requirements and localizing errors |
DE102016206586A1 (de) * | 2016-04-19 | 2017-10-19 | Zf Friedrichshafen Ag | Verfahren zum Generieren von Fehlerspeichereinträgen in einem Fehlerspeicher einer Getriebesteuerung |
WO2023145491A1 (ja) * | 2022-01-25 | 2023-08-03 | 株式会社デンソー | 運転システムの評価方法及び記憶媒体 |
WO2023145490A1 (ja) * | 2022-01-25 | 2023-08-03 | 株式会社デンソー | 運転システムの設計方法及び運転システム |
WO2023223431A1 (ja) * | 2022-05-17 | 2023-11-23 | 三菱電機株式会社 | 車両走行データ記録装置および車両走行データ可視化装置 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19639424A1 (de) * | 1995-09-25 | 1997-03-27 | Siemens Ag | Entwurfsverfahren für die Anlagentechnik und rechnergestütztes Projektierungssystem zur Verwendung bei diesem Verfahren |
DE10015114A1 (de) * | 2000-03-28 | 2001-10-04 | Bosch Gmbh Robert | Verfahren und Vorrichtung zur Modellierung eines mechatronischen Systems in einem Kraftfahrzeug |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS62291537A (ja) | 1986-06-11 | 1987-12-18 | Nippon Denso Co Ltd | 車両用総合診断装置 |
JPH0827650B2 (ja) | 1988-04-18 | 1996-03-21 | 株式会社日立製作所 | 異常予知支援装置 |
JP2890815B2 (ja) | 1990-11-08 | 1999-05-17 | 三菱電機株式会社 | プラントの異常診断装置 |
JP2658600B2 (ja) | 1991-01-30 | 1997-09-30 | 日産自動車株式会社 | 車両の制御装置 |
JPH06123642A (ja) | 1992-10-13 | 1994-05-06 | Toshiba Corp | プラント異常診断方法及びプラント異常診断装置 |
JPH09146630A (ja) | 1995-11-24 | 1997-06-06 | Jatco Corp | 故障診断装置 |
DE19611944C2 (de) * | 1996-03-26 | 2003-03-27 | Daimler Chrysler Ag | Integrierter Schaltkreis zur Kopplung eines mikrokontrollierten Steuergerätes an einen Zweidraht-Bus |
JP2001100835A (ja) | 1999-09-29 | 2001-04-13 | Toshiba Corp | プラント状態監視システム |
US6684349B2 (en) * | 2000-01-18 | 2004-01-27 | Honeywell International Inc. | Reliability assessment and prediction system and method for implementing the same |
JP3770053B2 (ja) * | 2000-05-26 | 2006-04-26 | 三菱ふそうトラック・バス株式会社 | 車両用ネットワークの通信復帰判定方法 |
US6816798B2 (en) * | 2000-12-22 | 2004-11-09 | General Electric Company | Network-based method and system for analyzing and displaying reliability data |
US6577971B2 (en) * | 2001-08-06 | 2003-06-10 | Johnson Controls Technology Company | System and method for evaluating craftsmanship |
-
2002
- 2002-03-01 DE DE10208866A patent/DE10208866A1/de not_active Ceased
-
2003
- 2003-02-06 JP JP2003573502A patent/JP4382494B2/ja not_active Expired - Fee Related
- 2003-02-06 WO PCT/DE2003/000329 patent/WO2003075104A2/de active Application Filing
- 2003-02-06 US US10/506,372 patent/US7469170B2/en not_active Expired - Fee Related
- 2003-02-06 EP EP03706283A patent/EP1483745A2/de not_active Ceased
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19639424A1 (de) * | 1995-09-25 | 1997-03-27 | Siemens Ag | Entwurfsverfahren für die Anlagentechnik und rechnergestütztes Projektierungssystem zur Verwendung bei diesem Verfahren |
DE10015114A1 (de) * | 2000-03-28 | 2001-10-04 | Bosch Gmbh Robert | Verfahren und Vorrichtung zur Modellierung eines mechatronischen Systems in einem Kraftfahrzeug |
Non-Patent Citations (1)
Title |
---|
TORSTEN BERTRAM, PETER DOMINKE, BERND MÜLLER: "The Safety-Related Aspect of CARTRONIC" SAE TECHNICAL PAPER SERIES, INTERNATIONAL CONGRESS AND EXPOSITION, DOC. NO. 1999-01-0488, 4. März 1999 (1999-03-04), XP002251848 Detroit, Michigan, USA in der Anmeldung erwähnt * |
Also Published As
Publication number | Publication date |
---|---|
EP1483745A2 (de) | 2004-12-08 |
DE10208866A1 (de) | 2003-09-04 |
US20050223263A1 (en) | 2005-10-06 |
WO2003075104A3 (de) | 2004-04-01 |
JP2005518992A (ja) | 2005-06-30 |
JP4382494B2 (ja) | 2009-12-16 |
US7469170B2 (en) | 2008-12-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE102006017824B4 (de) | Methode zum Konstruieren einer Diagnosefunktion | |
DE10223880B4 (de) | Verfahren zur gegenseitigen Überwachung von Komponenten eines dezentral verteilten Rechnersystems | |
EP3709166B1 (de) | Verfahren und system zur sicheren signalmanipulation für den test integrierter sicherheitsfunktionalitäten | |
EP3644148B1 (de) | Testterminal für tests an einer fahrzeug-infrastruktur | |
WO2003075104A2 (de) | Einrichtung und verfahren zur beurteilung und erzielung von sicherheit bei systemen sowie entsprechendes computerprogramm | |
DE10331873A1 (de) | Verfahren zur Überwachung verteilter Software | |
DE19927657A1 (de) | Partitionierung und Überwachung von softwaregesteuerten Systemen | |
DE102017211433A1 (de) | Verfahren zum Durchführen eines Funktionstests eines Steuergeräts in einem Hardware-in-the-Loop-Test, HIL-Test, sowie HIL-Prüfstand und Steuergerät | |
DE102019134053A1 (de) | Verfahren zur kontinuierlichen Absicherung im Fahrversuch applizierter automatisierter Fahrfunktionen | |
EP3306295A1 (de) | Verfahren und vorrichtung zum testen elektronischer steuerungen, insbesondere zum testen von automobilsteuerungen | |
WO2008095518A1 (de) | Anwendung einer verteilten diagnosearchitektur in autosar | |
EP3935463B1 (de) | Verfahren und vorrichtung zum betreiben eines automatisierten fahrzeugs | |
WO2005003972A2 (de) | Verfahren zu überprüfung der sicherheit und zuverlässigkeit softwarebasierter elektronischer systeme | |
DE10331872A1 (de) | Verfahren zur Überwachung eines technischen Systems | |
EP1894101A1 (de) | Verfahren und vorrichtung zum überwachen eines unerlaubten speicherzugriffs einer rechenvorrichtung, insbesondere in einem kraftfahrzeug | |
WO2005001692A2 (de) | Verfahren und vorrichtung zur überwachung eines verteilten systems | |
EP3933593A1 (de) | Verfahren und computerprogramm zum testen eines technischen systems | |
DE102018217728A1 (de) | Verfahren und Vorrichtung zum Schätzen von mindestens einer Leistungskennzahl eines Systems | |
DE102013200932A1 (de) | Verfahren und Vorrichtung zur Überwachung einer Funktion eines Motorsteuergeräts zum Einsatz in einem Motorsystem mit einem Verbrennungsmotor | |
DE102018209835B3 (de) | Verfahren zum Betreiben einer Steuervorrichtung eines Geräts sowie Konfigurationssystem für eine Steuervorrichtung eines Geräts | |
DE102022211737A1 (de) | Verfahren zum Ermitteln von Regeln für eine Überwachungsvorrichtung | |
DE102022207612A1 (de) | Computer-implementiertes Verfahren zur Verifikation einer Softwarekomponente einer automatisierten Fahrfunktion | |
DE102021211620A1 (de) | Verfahren und System zur automatischen Erzeugung eines eingebetteten Quellcodes für die elektronische Steuereinheit eines AD/ADAS-Strassenfahrzeugs | |
DE102022211725A1 (de) | Verfahren zur Überwachung von Schnittstellen zwischen einer Software-Applikation und einem Steuergerät | |
EP4086773A1 (de) | Computerimplementiertes verfahren zum automatischen bereitstellen eines hinweises für testprozesse |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT SE SI SK TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REEP | Request for entry into the european phase |
Ref document number: 2003706283 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003706283 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003573502 Country of ref document: JP |
|
WWP | Wipo information: published in national office |
Ref document number: 2003706283 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10506372 Country of ref document: US |