Abstract

One of the major challenges of automated driving systems (ADS) is showing that they drive safely. Key to ensuring safety is eliciting a complete set of top-level safety requirements (safety goals). This is typically done with an activity called hazard analysis and risk assessment (HARA). In this paper we argue that the HARA of ISO 26262:2018 is not directly suitable for an ADS, both because the number of relevant operational situations may be vast, and because the ability of the ADS to make decisions in order to reduce risks will affect the analysis of exposure and hazards. Instead we propose a tailoring using a quantitative risk norm (QRN) with consequence classes, where each class has a limit for the frequency within which the consequences may occur. Incident types are then defined and assigned to the consequence classes; the requirements prescribing the limits of these incident types are used as safety goals to fulfil in the implementation. The main benefits of the QRN approach are the ability to show completeness of safety goals, and make sure that the safety strategy is not limited by safety goals which are not formulated in a way suitable for an ADS.

BibTeX

@inproceedings{warg2020quantitative,
  title       = {The quantitative risk norm -- a proposed tailoring of {HARA} for {ADS}},
  author      = {Warg, Fredrik and Skoglund, Martin and Thors{\'e}n, Anders and Johansson, Rolf and Br{\"a}nnstr{\"o}m, Mattias and Gyllenhammar, Magnus and Sanfridson, Martin},
  booktitle   = {International Conference on Dependable Systems and Networks Workshops (DSN-W)},
  year        = {2020},
  organization = {IEEE/IFIP}
}