ISO 26262 Functional Safety for ADAS and Autonomous Vehicles

Jeffrey Joyce & Simon Diemert

This tutorial is an overview of the application of ISO 26262 to software developed for Advanced Driver Assistance Systems (ADAS) and Autonomous Vehicles. ISO 26262 is an international standard that serves as the basis for the safety certification of software (and hardware) used in automotive systems. This tutorial will outline a functional safety process aligned with ISO 26262 including (1) development of the functional safety concept (2) elaboration of the functional safety concept into a technical safety concept and (3) production of a comprehensive safety case. It will cover a variety of specific technical topics including hazard identification, ASIL determination (risk assessment), definition of safety goals, specifying safety requirements, safety analysis, dependent failure analysis, risk mitigation strategies, safety manual development, hazard-driven safety testing, fault injection testing, formal methods, and the claims/argument/evidence style approach to safety case development. The tutorial will also address planning and management of functional safety as well as "tips" for preparing for an external certification review. The integration of safety and security will be briefly addressed, i.e., how a cybersecurity vulnerability can be a source of safety risk, and how a functional safety process should take account of cybersecurity risk. The final segment of this tutorial will consider the challenges of applying ISO 26262 (and more generally, any approach to functional safety based on conventional principles, concepts and methods) to new paradigms such as Machine Learning (ML). The tutorial presenters have extensive experience in the use of this standard in projects for Automotive OEMs and well-known suppliers. One of the presenters, who contributed to the in the development of the original edition of this international standard, will offer insights into the underlying rationale for aspects of ISO 26262. In addition to presentation of prepared material, participants will have an opportunity to participate in several classroom group exercises designed to enrich their understanding of key concepts. This tutorial is intended for individuals responsible for the planning, management and execution of a functional safety process based for software-intensive real-time systems. While focused primarily on automotive software, many elements of this tutorial should be of interest to participants with an interest in functional safety processes used in other industry sectors such as aerospace, maritime, rail signalling, medical devices, defence and energy. 

EXPECTED OUTCOMES: From this training, participants can: 1. Become familiar with the basic concepts, principles and methods of developing safety-critical software-intensive systems. 2. Gain an understanding of the purpose, scope and structure of ISO 26262. 3. Learn about strategies for achieving compliance with ISO 26262 in an environment designed to support innovation. The value of this training for employers includes: 1. Being prepared to address challenging questions about the suitability of a product for use in a safety-critical application by prospective investors, customers and other stakeholders. 2. Having a "roadmap" for establishing confidence in the safety of a product.

Formal Methods and RTCA DO 178C 

Jeffrey Joyce, Laure Millet, Simon Diemert & Jose Serna

This tutorial provides an introduction to the practical use of formal (mathematical) methods in the development of airborne software. Such methods are based on formal logic and other elements of discrete mathematics. Powerful software tools based on such methods can be used to find defects and other problems in the implementation of software functionality that might otherwise be very difficult to find using conventional methods such as review and test. Participants will learn how formal methods can be selectively applied in the software life cycle to produce certification data in compliance with RTCA DO 178C, which is the primary guidance used by the aerospace industry for the certification of airborne software. Several illustrative examples will be presented in a manner with enough detail that participants should be able to later repeat the examples on their own using open source software tools. One of these examples will demonstrate how functional requirements expressed in natural language can be translated into a formal representation. Another example will demonstrate how formal analysis can be used in the context of model based development to find a defect in the model of a software function. Participants will also learn about a variety of commercial and open source tools that support the use of formal methods. The tutorial also provides an overview of the formal methods supplement of RTCA DO 178C which provide specific guidance for the use of formal methods towards earning certification credit. While motivated by the guided provided in RTCA DO 178C, this tutorial should be of interest to participants from across a variety of other high-assurance industries including automotive, defence, energy, rail signaling and energy where the use of formal methods is recognized and sometimes recommended.

Model-Based Systems Engineering for Industry 4.0, IoT, and Cyber-Physical Systems

Dov Dori

Industry 4.0 is the current industrial revolution which we are experiencing on a daily basis, both professionally and personally. It is characterized by the fusion of physical and cyber (informatical) aspects of systems, as manifested by technologies such as smart manufacturing, Internet of Things (IoT), Cloud computing, location services, and collaborative robotics.
Model-based systems engineering (MBSE) is the emerging approach to formalizing and making systems engineering an effective engineering discipline by positioning formal models as the authoritative source of reference to the system under development throughout its lifecycle.
Industry 4.0 poses new challenges to MBSE, as models of the new generation of systems must be capable of representing on equal footing both the physical and cyber components of any complex system in a direct, intuitive, and humanly accessible way, while maintaining a formal, machine-interpretable approach. This challenge calls for exploring current upper ontologies to devise a minimal universal ontology which can serve s a basis for a language and approach for modeling cyber-physical systems. 
After presenting Industry 4.0 and its unique characteristics, this tutorial surveys upper ontologies and presents the minimal universal ontology of stateful objects and processes that transform them as the basis for ISO 19450 OPM - Object-Process Methodology. We present OPM principles through diverse examples of OPM applications of modeling complex technical and socio-technical systems in diverse domains using OPCloud - a Cloud-based collaborative enterprise software, used by leading Fortune 500 companies. The tutorial involves basic hands-on experience of using OPCloud to give the attendees a taste of modeling systems for the new Industry 4.0 era.

Fundamentals of Systems Analysis

N. Peter Whitehead

Come and join us for a highly interactive session where we will explore the past, present and future of systems. I am motivated by the many presentations that I have attended where I have seen a strong reliance on tool and checklist-based approaches to systems engineering. In practice, far too many systems engineers take an approach where their approach starts with a tool such as SysML, system of systems or system dynamics (aka: systems thinking) and then try to apply it to the problem at hand. Those are useful tools, but they should be incorporated in a balanced cognitive paradigm along with all the other useful tools.
This tutorial will provide a foundation in systems analysis, trace the history of systems analysis to the iChing, and consider how a tool-agnostic approach can improve results for the client. The tutorial will actively engage the class and the experience the respective members bring through discussion and case study analysis. These cases studies facilitate hands-on experience with a system that is familiar to the students, yet one that they are unlikely to have considered systemically. I use the book How to do Systems Analysis, Primer and Casebook, by Gibson, et al. Books will not be provided by IEEE and are not required, but I encourage you to get a copy.
The objectives of the course are: Provide a brief history of systemic thinking and explain some of the modern systems concepts such as information economics, behavioral economics and supply chain management. Introduce an objectives-driven cognitive approach to analyzing any system. Explain the advantages of a systemic approach versus the checklist, systematic approaches so popular in systems engineering education and training as promoted by INCOSE and others. Encourage the students to look at systems with new eyes, in ways that foster innovation. Apply that cognitive paradigm to sample case studies. Discuss the case study results in the group. Inspire the students to learn more about the concept.