ATRIUM -- Architecting Under Uncertainty for ISO 26262 compliance

TL;DR

This paper introduces ATRIUM, a process for designing Preliminary Architectural Assumptions in ISO 26262 safety standards, demonstrated through a case study on automated heavy vehicle systems, enhancing safety design under uncertainty.

Contribution

The paper presents ATRIUM, a novel process for consistent and flexible design of PAA in automotive safety, incorporating legacy system information and uncertainty management.

Findings

ATRIUM accelerates PAA refinement process

It enables integration of legacy system data into safety design

It improves documentation and tracking of architectural assumptions

Abstract

The ISO 26262 is currently the dominant standard for assuring functional safety of electrical and electronic systems in the automotive industry. The Functional Safety Concept (FSC) subphase in the standard requires the Preliminary Architectural Assumptions (PAA) for allocation of functional safety requirements (FSRs). This paper justifies the need for, and defines a process ATRIUM, for consistent design of the PAA. ATRIUM is subsequently applied in an industrial case study for a function enabling highly automated driving at one of the largest heavy vehicle manufacturers in Europe, Scania CV AB. The findings from this study, which contributed to ATRIUM's institutionalization at Scania, are presented. The benefits of the proposed process include (i) a fast and flexible way to refine the PAA, and a framework to (ii) incorporate information from legacy systems into safety design and (iii) rigorously track and document the assumptions and rationale behind architectural decisions under uncertain information. The contributions of this paper are the (i) analysis of the problem (ii) the process ATRIUM and (iii) findings and the discussion from the case study at Scania. Keywords: ISO 26262, functional safety, automation, HCV, HGV, architectures, highly automated driving, ATRIUM, decision making, architecting, uncertainty management