• 한국신뢰성학회:학술대회논문집
• /
• 한국신뢰성학회 2011년도 춘계학술발표대회 논문집
• /
• pp.271-279
• /
• 2011

Automotive safety integrity level of hardware components can be achieved by satisfying quantitative and qualitative requirements. Based on ASIL, quantitative requirements are composed of hardware architectural metrics and evaluation of safety goal violations due to random hardware failures in ISO 26262. In this paper, the types of hardware failures will be defined and classified. Based on various metrics related with hardware failures, design essentials to achieve hardware safety integrity will be studied specifically. Issues associated with hardware development and assessment process are presented briefly.

• 전기학회논문지
• /
• 제66권9호
• /
• pp.1373-1378
• /
• 2017

This paper presents a basic ECU(Electronic Control Unit) hardware development procedure for the functional safety of in-vehicle network systems. We consider complete hardware redundancy as a safety mechanism for in-vehicle communication network under the assumption of the wired network failure such as disconnection of a CAN bus. An ESC (Electronic Stability Control) system is selected as an item and the required ASIL(Automotive Safety Integrity Level) for this item is assigned by performing the HARA(Hazard Analysis and Risk Assessment). The basic hardware architecture of the ESC system is designed with a microcontroller, passive components, and communication transceivers. The required ASIL for ESC system is shown to be satisfied with the designed safety mechanism by calculation of hardware architecture metrics such as the SPFM(Single Point Fault Metric) and the LFM(Latent Fault Metric).

• 한국신뢰성학회지:신뢰성응용연구
• /
• 제14권1호
• /
• pp.81-91
• /
• 2014

The IEC 61508 standard was established to specify the functional safety of E/E/PE safety-related systems. Safety life cycle to provide the framework and direction for the application of IEC 61508 is included in this standard. In this paper, we describe overviews, objects, scopes, requirements and activities of each phase in safety life cycle. In addition, we introduce safety integrity level(SIL) which is used for verifying the safety integrity requirements of E/E/PE system and perform a case study to estimate hardware SIL by FMEDA. The SIL is evaluated by two criteria. One of them is the architectural constraints which restrict the maximum SIL by combination of SFF and HFT. The other is the probability of failure which is classified into PFD and PFH based on frequency of demand and calculated by safe or dangerous failure rates.

• 전기학회논문지
• /
• 제65권12호
• /
• pp.2030-2036
• /
• 2016

This paper presents a hardware development procedure of the ASB(Active Seat Belt) control system to comply with ISO 26262. The ASIL(Automotive Safety Integrity Level) of an ASB system is determined through the HARA(Hazard Analysis and Risk Assessment) and the safety mechanism is applied to meet the reqired ASIL. The hardware architecture of the controller consists of a microcontroller, H-bridge circuits, passive components, and current sensors which are used for the input comparison. The required ASIL for the control systems is shown to be satisfied with the safety mechanism by calculation of the SPFM(Single Point Fault Metric) and the LFM(Latent Fault Metric) for the design circuits.

• 한국신뢰성학회지:신뢰성응용연구
• /
• 제10권2호
• /
• pp.107-122
• /
• 2010

Functional safety is the part of the overall safety of a system that depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware failures, systematic failures, and environmental changes. One of the essential concepts of functional safety is Safety Integrity Level(SIL). It is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In this paper, each element of SIL assessment will be defined. Based on each element, specific process of SIL selection will be established by using flowchart. The flowchart provides a SIL assessment guideline for functional safety engineers. The proposed theory will be verified by applying to a oil refining plant for SIL assessment.

• 시스템엔지니어링학술지
• /
• 제12권2호
• /
• pp.101-114
• /
• 2016

A model-based systems engineering (MBSE) approach to implementing hardware-based network cybersecurity controls for APR1400 non-safety data network is presented in this work. The proposed design was developed by implementing packet filtering and deep packet inspection functions to control the unauthorized traffic and malicious contents. Denial-of-Service (DoS) attack was considered as a potential cybersecurity issue that may threaten the data availability and integrity of DCS gateway servers. Logical design architecture was developed to simulate the behavior of functions flow. HDL-based physical architecture was modelled and simulated using Xilinx ISE software to verify the design functionality. For effective modelling process, enhanced function flow block diagrams (EFFBDs) and schematic design based on FPGA technology were together developed and simulated to verify the performance and functional requirements of network security controls. Both logical and physical design architectures verified that hardware-based cybersecurity controls are capable to maintain the data availability and integrity. Further works focus on implementing the schematic design to an FPGA platform to accomplish the design verification and validation processes.

• 한국전자통신학회논문지
• /
• 제8권12호
• /
• pp.1905-1910
• /
• 2013

논문은 유도 루프식 열차제어시스템에 대하여 준 정량적 안전무결성 등급(Safety Integrity Level : SIL)할당 방법을 적용하여 안전무결성 등급을 할당한 결과이다. 유도 루프식 열차제어시스템은 ATS장치, 지상ATP장치, 차상ATP장치, 지상ATO장치, 차상ATO 지상장치 하드웨어 및 소프트웨어로 구성되어 있으며, 안전무결성 등급 할당은 각 서브시스템에 대한 안전무결성 등급을 의미한다. 준 정량적 방법의 세 원칙에 근거하여, 열차제어시스템을 구성하고 있는 서브시스템에 대한 안전무결성 등급을 할당하였다.

• International Journal of Control, Automation, and Systems
• /
• 제4권1호
• /
• pp.105-112
• /
• 2006

The main function of a reactor protection system is to maintain the reactor core integrity and the reactor coolant system pressure boundary. Generally, the reactor protection system adopts the 2-out-of-m redundant architecture to assure a reliable operation. This paper describes the safety assessment of a digital reactor protection system using the fault tree analysis technique. The fault tree technique can be expressed in terms of combinations of the basic event failures such as the random hardware failures, common cause failures, operator errors, and the fault tolerance mechanisms implemented in the reactor protection system. In this paper, a prediction method of the hardware failure rate is suggested for a digital reactor protection system, and applied to the reactor protection system being developed in Korea to identify design weak points from a safety point of view.

• 한국안전학회지
• /
• 제27권5호
• /
• pp.64-69
• /
• 2012

The concept of SIL is applied in the most of all standards relating to functional system safety. However there are problems for the people to apply SIL to their plants. as these standards don't include sufficient informations. In this regards, this paper will suggest the direction of SIL application and concept based on IEC 61508 and IEC 61511. A Safety Integrity Level(SIL) is the discrete level(one out of possible fours), corresponding to a range of the probability of an E/E/PE (Electric/Electrical/Programmable Electrical) safety-related system satisfactorily performing the specific safety functions under all the stated conditions within a stated period of time. SIL can be divided into the target SIL(or required SIL) and the result SIL. The target SIL is determined by the risk analysis at the analysis phase of safety lifecycle and the result SIL is calculated during SIL verification at the realization phase of safety lifecycle. The target SIL is determined by the risk analysis like LOPA(Layer Of Protection Analysis), Risk Graph, Risk Matrix and the result SIL is calculated by HFT(Hardware Fault Tolerance), SFF(Safe Failure Fraction) and PFDavg(average Probability of dangerous Failure on Demand). SIL is applied to various areas such as process safety, machinery(road vehicles, railway application, rotating equipment, etc), nuclear sector which functional safety is applied. The functional safety is the part of the overall safety relating to the EUC and the EUC control system that depends on the correct functioning of the E/E/PE safety-related systems and other risk reduction measures. SIL is applied only to the functional safety of SIS(Safety Instrumented System) in safety. EUC is the abbreviation of Equipment Under Control and is the equipment, machinery, apparatus or plant used for manufacturing, process, transportation, medical or other activities.

• Journal of Electrical Engineering and Technology
• /
• 제10권4호
• /
• pp.1915-1920
• /
• 2015

ISO 26262 is an international standard for the functional safety of electric and electronic systems in vehicles, and this standard has become a major issue in the automotive industry. In this paper, a functional safety compliant electronic control unit (ECU) for an electric power steering (EPS) system and a demonstration purposed EPS system are developed, and a software and hardware structure for a safety critical system is presented. EPS is the most recently introduced power steering technology for vehicles, and it can improve driver’s convenience and fuel efficiency. In conformity with the design process specified in ISO 26262, the Automotive Safety Integrity Level (ASIL) of an EPS system is evaluated, and hardware and software are designed based on an asymmetric dual processing unit architecture and an external watchdog. The developed EPS system effectively demonstrates the fault detection and diagnostic functions of a functional safety compliant ECU as well as the basic EPS functions.