CARS 2015 - Critical Automotive applications: Robustness & Safety, September 2015.
Abstract: According to the functional safety standard for road vehicles, ISO 26262, the list of safety goals shall be shown to be complete. Especially when considering highly automated driving, this may lead to the formulation of very general hazardous event. On the one hand this may make it easier to show completeness, but on the other hand it may cause that too strong ASIL attributes are allocated on too much of the implementation, implying unnecessary high cost. This position paper claims that carefully chosen explicit failure models in the hazard definitions, will generally enable more cost-efficient and still safe E/E systems for road vehicles. This is especially important for highly automated driving and autonomous vehicles, where many safety goals may have an impact on a large part of the entire E/E architecture.