Advanced Vehicle Control and Safety Systems (AVCSS) involve several safety critical functions such as vehicle longitudinal and lateral control. It is required that the system be able to prevent or mitigate hazardous conditions. The system must be capable of tolerating failures and, when failures are no longer tolerable, be fail-safe. In order to verify the safety of a system, an assessment or evaluation methodology must be developed and implemented prior to implementation of new technologies such that errors in the processes of specification, design, development, and integration can be revealed in order to prevent hazardous consequences. Since some AVCSS technologies will begin to be implemented widely in the next few years (such as adaptive cruise control), timely development of a sound safety assessment/evaluation method for AVCSS is crucial. INRETS “French Institute of Research in the Transports and Their Safety ” and California PATH (Partners for Advanced Transit and Highways) of University of California at Berkeley collaborate, by using a case study related to a significant part of the Advanced Vehicle Control and Safety of Systems (AVCSS), to set up a common approach for developing and validating a safe and operating system. The joint research project aims to create a synergy between INRETS’ expertise in safety verification of automated transportation systems and PATH’s knowledge in the implementation of AVCSS. As one example of AVCSS, frontal collision avoidance systems (FCAS) for ground vehicles is used as the target of the current study. The approach to conduct safety assessment should follow the following steps: (1) Identification of primary problems and safety goals. For example, the goals of FCAS are to minimise the number of frontal collisions and to reduce the severity of accidents. (2) Identify solutions for the targeted problems. To achieve the safety goals, solutions may come from several approaches, such as increasing the headway of driving, installing collision mitigation devices, or increasing the reliability of vehicles and their parts. (3) Conduct trade-off studies at the system level. While contemplating on the various solutions, there are usually conflicting demands or consequences that must be balanced. For example, while increasing headway will provide a safer environment for driving, it will lead to a reduced capacity of highways. Even though safety may be a primary objective, it can not be accomplished without sacrificing the operation efficiency. Therefore, trade-off studies must be conducted to determine the implications of adopting a certain design and the sensitivity of selecting operating parameters. (4) Define safety requirements. Once the trade-off studies are carried out to understand the benefits and risks of various approaches at the system level, safety requirements should be established. These safety requirements are defined at certain acceptable levels, due to the balance of all considerations. For example, the allowable number of accidents for every hour of operation should be kept below a specified number. One complication regarding the definition of safety requirement is the balance of accident severity and frequency. The other is that often only estimates can be provided at this stage without a fully implemented design. (5) Functional decomposition. In this task, the solution for the targeted problem is decomposed into finer granularity based on its functions. For instance, a FCAS is separated into sensing, processing, warning, and actuation. Each sub-function is then decomposed further into lower layers. The task can be carried out into the lowest physical representation, such as individual sensors or signal processing circuits. (6) Conduct hazard analysis. With the safety requirements and functional decomposition in place, hazard analysis should be conducted. The contents of hazard analysis include the identification of hazard types, severity, frequency, risk levels, and safety integrity levels. To assist these analysis, probability modelling and analysis, fault tree models (FTM) and failure mode effect and criticality analysis (FMECA) are standard procedures. (7) Establish safety criteria and safety measures. This step involves the determination of indicators or standards that can be compared to the measurements of the system to judge the safety performance of a prototype or operational system. This report documents the efforts taken in the joint project and the methodology adopted with the consensus between the researchers at PATH and INRETS. The findings from this project serve as a foundation for conducting a systematic process for safety assessment and certification for AVCSS. (Author/publisher)
Abstract