自動駕駛系統架構與失效策略設計以及安全分析研究

Abstract

安全為自動駕駛發展之核心條件，因此本研究致力於提出一套符合車用電子電機系統功能安全標準之系統架構與失效策略設計以及安全分析之方法。本論文以ISO26262標準以及SAE J3016標準為車輛安全的主要標竿，在車輛系統設計時期，將設計執行域定義或可稱為系統安全使用條件、失效安全分析、模擬情景設計、監控車輛系統狀態以及事故失效應對處理，上述五個部分進行分析及設計。 因此，根據系統架構分析及設計，得到以下結果：1. 可以藉由安全分析及驗證，建立出安全的系統架構。2. 針對現存的系統架構進行安全性的分析，如果分析結果為安全，可根據分析結果進行修改。3. 從安全分析得到的安全需求中，得知每個安全需求對車輛系統的重要程度，以及如果因為技術或者成本的關係，無法達到某個安全需求時，車輛將有可能在何種場域及情況下發生事故。4. 車輛系統進行SIL以及HIL安全驗證時，得知該如何設計情境以及測試的優先順序為何。5. 為了在大量的車輛即時監控資料中，依照重要程度的不同進行監控，因此分析各項監控資料的重要程度。6. 為了減少設計以及分析的時間，所以採取模組化的結構進行安全分析。

Safety is the core condition for the development of automatic driving. Therefore, this study aims to propose a system architecture, failure strategy design and safety analysis method that meet the functional safety standards of automotive electrical and electronic systems. ISO26262 and SAE J3016 standards are the main standards for vehicle safety. During the vehicle system design period, Operational Design Domain definition or can be called the system safe use conditions, failure safety analysis, simulation scenario design, monitoring vehicle system status and incident failure response, the above five parts are analyzed and designed. Therefore, according to the system architecture analysis and design, the following results are obtained: 1. Secure system architecture can be built through security analysis and verification. 2. This method can be used to conduct a security analysis of the existing system architecture, and if the results of the analysis are not secure, the results can be modified based on the analysis. 3. From the safety analysis, we know how important each safety requirement is to the vehicle's system, and in what fields and situations the vehicle is likely to be involved in an accident if this safety requirement cannot be achieved because of technology or cost. 4. When a vehicle system performs SIL and HIL safety verification, it knows how the scenario should be designed and what the testing priorities should be. 5. In order to monitor according to the level of importance in a large amount of real-time vehicle surveillance data, the level of importance of each surveillance data was analyzed. 6. In order to reduce design and analysis time, a modular structure is adopted for safety analysis.