Fockel, Markus:

Safety Requirements Engineering for Early SIL Tailoring.

Dissertation, Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, Dec 2018


The high degree of innovation in mechatronic systems domains leads to so-called cyber-physical systems (CPS) that are characterized by their complex functionality and communication with their surroundings. The safety-criticality of such systems is categorized into so-called safety integrity levels (SIL) that are defined by safety standards like ISO 26262. A determined SIL not only describes the risk of potential harm, it also dictates the required degree of rigor to be applied in the development of a system to prevent hazards. A high SIL requires the application of safety measures with a high degree of rigor in all phases of development, and, thus, implies high safety effort. SIL tailoring is a means to reduce safety effort by assigning subsystems with a lower SIL if they are separated from more critical subsystems or fulfill redundant safety requirements. To plan the required safety effort, SIL tailoring possibilities should be identified as early as possible, i.e., already during requirements analysis. Due to the complexity of CPS, it is difficult to identify valid SIL tailorings. The validity of SIL tailorings has to be analyzed based on failure propagation paths through the system and to be assured by arguments compiled in a safety case. The contribution of this thesis is a systematic, tool-supported SIL tailoring process applied in safety requirements engineering. The process uses model-based formal requirements specification, and provides a catalog of requirement patterns to support the specification of high quality safety requirements. Based on these formal requirements, automatically, failure propagation models are generated and SILs allocated to subsystems. This minimizes the safety analysis effort to a review task. Finally, a safety case with arguments for the validity of the applied SIL tailorings is automatically derived from the generated analysis results to automate its maintenance for consistency.




