Title
Beyond sotif Black swans and formal methods
Author
Saberi, A.K.
Hegge, J.
Fruehling, T.
Groote, J.F.
Publication year
2020
Abstract
The ISO 26262 standard addresses system failures and the need to mitigate them safely. However, the standard is only implicit regarding the safety of the intended functionality. One should concede that a system without failures, operating in the specified design boundaries should be safe. None the less, the new ISO/PAS 21448 standard on Safety of the Intended Functionality (SOTIF) only explicitly addresses unintended functionality as it pertains to the design of the product, purportedly in the absence of any system, element or component failures. How can this have happened? What guarantees that contemporary complex computer steered systems always behave well under normal circumstances without showing any unexpected and deviant behavior that can be potentially hazardous to the user? How can this conundrum be amended? This paper explores the actual reality of failures in complex systems that rely on complex sub-systems to produce the desired functionality. We challenge the notion that the ISO 26262 and the ISO 21488 standards are presently sufficient in its guidance to resolve this enigma.
Subject
Automated Driving
Functional Safety
ISO 26262
ISO/PAS 21448
SOTIF
To reference this document use:
http://resolver.tudelft.nl/uuid:a502dfd7-796b-4830-b5e3-5eb3510ee224
DOI
https://doi.org/10.1109/syscon47679.2020.9275888
TNO identifier
955272
Publisher
Institute of Electrical and Electronics Engineers Inc.
ISBN
9781728153650
Source
SYSCON 2020 - 14th Annual IEEE International Systems Conference, Proceedings, 14th Annual IEEE International Systems Conference, SYSCON 2020, 24 August 2020 through 27 August 2020
Document type
conference paper