• Proceedings of the Korean Reliability Society Conference
• /
• 2011.06a
• /
• pp.271-279
• /
• 2011

Automotive safety integrity level of hardware components can be achieved by satisfying quantitative and qualitative requirements. Based on ASIL, quantitative requirements are composed of hardware architectural metrics and evaluation of safety goal violations due to random hardware failures in ISO 26262. In this paper, the types of hardware failures will be defined and classified. Based on various metrics related with hardware failures, design essentials to achieve hardware safety integrity will be studied specifically. Issues associated with hardware development and assessment process are presented briefly.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.9
• /
• pp.1373-1378
• /
• 2017

This paper presents a basic ECU(Electronic Control Unit) hardware development procedure for the functional safety of in-vehicle network systems. We consider complete hardware redundancy as a safety mechanism for in-vehicle communication network under the assumption of the wired network failure such as disconnection of a CAN bus. An ESC (Electronic Stability Control) system is selected as an item and the required ASIL(Automotive Safety Integrity Level) for this item is assigned by performing the HARA(Hazard Analysis and Risk Assessment). The basic hardware architecture of the ESC system is designed with a microcontroller, passive components, and communication transceivers. The required ASIL for ESC system is shown to be satisfied with the designed safety mechanism by calculation of hardware architecture metrics such as the SPFM(Single Point Fault Metric) and the LFM(Latent Fault Metric).

• Journal of Applied Reliability
• /
• v.14 no.1
• /
• pp.81-91
• /
• 2014

The IEC 61508 standard was established to specify the functional safety of E/E/PE safety-related systems. Safety life cycle to provide the framework and direction for the application of IEC 61508 is included in this standard. In this paper, we describe overviews, objects, scopes, requirements and activities of each phase in safety life cycle. In addition, we introduce safety integrity level(SIL) which is used for verifying the safety integrity requirements of E/E/PE system and perform a case study to estimate hardware SIL by FMEDA. The SIL is evaluated by two criteria. One of them is the architectural constraints which restrict the maximum SIL by combination of SFF and HFT. The other is the probability of failure which is classified into PFD and PFH based on frequency of demand and calculated by safe or dangerous failure rates.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.12
• /
• pp.2030-2036
• /
• 2016

This paper presents a hardware development procedure of the ASB(Active Seat Belt) control system to comply with ISO 26262. The ASIL(Automotive Safety Integrity Level) of an ASB system is determined through the HARA(Hazard Analysis and Risk Assessment) and the safety mechanism is applied to meet the reqired ASIL. The hardware architecture of the controller consists of a microcontroller, H-bridge circuits, passive components, and current sensors which are used for the input comparison. The required ASIL for the control systems is shown to be satisfied with the safety mechanism by calculation of the SPFM(Single Point Fault Metric) and the LFM(Latent Fault Metric) for the design circuits.

• Journal of Applied Reliability
• /
• v.10 no.2
• /
• pp.107-122
• /
• 2010

Functional safety is the part of the overall safety of a system that depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware failures, systematic failures, and environmental changes. One of the essential concepts of functional safety is Safety Integrity Level(SIL). It is defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In this paper, each element of SIL assessment will be defined. Based on each element, specific process of SIL selection will be established by using flowchart. The flowchart provides a SIL assessment guideline for functional safety engineers. The proposed theory will be verified by applying to a oil refining plant for SIL assessment.

• Journal of the Korean Society of Systems Engineering
• /
• v.12 no.2
• /
• pp.101-114
• /
• 2016

A model-based systems engineering (MBSE) approach to implementing hardware-based network cybersecurity controls for APR1400 non-safety data network is presented in this work. The proposed design was developed by implementing packet filtering and deep packet inspection functions to control the unauthorized traffic and malicious contents. Denial-of-Service (DoS) attack was considered as a potential cybersecurity issue that may threaten the data availability and integrity of DCS gateway servers. Logical design architecture was developed to simulate the behavior of functions flow. HDL-based physical architecture was modelled and simulated using Xilinx ISE software to verify the design functionality. For effective modelling process, enhanced function flow block diagrams (EFFBDs) and schematic design based on FPGA technology were together developed and simulated to verify the performance and functional requirements of network security controls. Both logical and physical design architectures verified that hardware-based cybersecurity controls are capable to maintain the data availability and integrity. Further works focus on implementing the schematic design to an FPGA platform to accomplish the design verification and validation processes.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1905-1910
• /
• 2013

This paper demonstrates the result of Safety Integrity Level (SIL) allocation for IL-type Train Control System(IL-TCS), by applying the semi-quantitative approach. IL-type TCS is defined in this paper as the set of Hardware and Software ATS equipment, Track-side ATP equipment, On-board ATP equipment, Track-side ATO equipment, On-board ATO equipment. SIL allocation is performed for these constituent subsystems of TCS. Based on three principles of the semi-quantitative method, the SIL allocation process is performed for the subsystems composing TCS.

• International Journal of Control, Automation, and Systems
• /
• v.4 no.1
• /
• pp.105-112
• /
• 2006

The main function of a reactor protection system is to maintain the reactor core integrity and the reactor coolant system pressure boundary. Generally, the reactor protection system adopts the 2-out-of-m redundant architecture to assure a reliable operation. This paper describes the safety assessment of a digital reactor protection system using the fault tree analysis technique. The fault tree technique can be expressed in terms of combinations of the basic event failures such as the random hardware failures, common cause failures, operator errors, and the fault tolerance mechanisms implemented in the reactor protection system. In this paper, a prediction method of the hardware failure rate is suggested for a digital reactor protection system, and applied to the reactor protection system being developed in Korea to identify design weak points from a safety point of view.

• Journal of the Korean Society of Safety
• /
• v.27 no.5
• /
• pp.64-69
• /
• 2012

The concept of SIL is applied in the most of all standards relating to functional system safety. However there are problems for the people to apply SIL to their plants. as these standards don't include sufficient informations. In this regards, this paper will suggest the direction of SIL application and concept based on IEC 61508 and IEC 61511. A Safety Integrity Level(SIL) is the discrete level(one out of possible fours), corresponding to a range of the probability of an E/E/PE (Electric/Electrical/Programmable Electrical) safety-related system satisfactorily performing the specific safety functions under all the stated conditions within a stated period of time. SIL can be divided into the target SIL(or required SIL) and the result SIL. The target SIL is determined by the risk analysis at the analysis phase of safety lifecycle and the result SIL is calculated during SIL verification at the realization phase of safety lifecycle. The target SIL is determined by the risk analysis like LOPA(Layer Of Protection Analysis), Risk Graph, Risk Matrix and the result SIL is calculated by HFT(Hardware Fault Tolerance), SFF(Safe Failure Fraction) and PFDavg(average Probability of dangerous Failure on Demand). SIL is applied to various areas such as process safety, machinery(road vehicles, railway application, rotating equipment, etc), nuclear sector which functional safety is applied. The functional safety is the part of the overall safety relating to the EUC and the EUC control system that depends on the correct functioning of the E/E/PE safety-related systems and other risk reduction measures. SIL is applied only to the functional safety of SIS(Safety Instrumented System) in safety. EUC is the abbreviation of Equipment Under Control and is the equipment, machinery, apparatus or plant used for manufacturing, process, transportation, medical or other activities.

• Journal of Electrical Engineering and Technology
• /
• v.10 no.4
• /
• pp.1915-1920
• /
• 2015

ISO 26262 is an international standard for the functional safety of electric and electronic systems in vehicles, and this standard has become a major issue in the automotive industry. In this paper, a functional safety compliant electronic control unit (ECU) for an electric power steering (EPS) system and a demonstration purposed EPS system are developed, and a software and hardware structure for a safety critical system is presented. EPS is the most recently introduced power steering technology for vehicles, and it can improve driver’s convenience and fuel efficiency. In conformity with the design process specified in ISO 26262, the Automotive Safety Integrity Level (ASIL) of an EPS system is evaluated, and hardware and software are designed based on an asymmetric dual processing unit architecture and an external watchdog. The developed EPS system effectively demonstrates the fault detection and diagnostic functions of a functional safety compliant ECU as well as the basic EPS functions.