IEEE 2851-2023
$93.71
IEEE Standard for Functional Safety Data Format for Interoperability within the Dependability Lifecycle (Approved Draft)
Published By | Publication Date | Number of Pages |
IEEE | 2023 | 183 |
New IEEE Standard – Active. A dependability lifecycle of products with focus on interoperable activities related to functional safety and its interactions with reliability, security, operational safety and time determinism are defined in this standard. The standard also describes methods, description languages, data models, and database schema that have been identified as necessary or critical, to enable the exchange/interoperability of data across all steps of the lifecycle encompassing activities executed at intellectual property (IP), system-on-chip (SoC), system and item levels, in a way that allows integration in different application domains such as automotive, industrial, medical and avionics safety critical systems.
PDF Catalog
PDF Pages | PDF Title |
---|---|
1 | Front cover |
2 | Title page |
4 | Important Notices and Disclaimers Concerning IEEE Standards Documents |
8 | Participants |
10 | Introduction |
17 | Contents |
19 | List of Figures |
20 | List of Tables |
21 | 1. Overview 1.1 Scope 1.2 Purpose 1.3 Word usage |
22 | 2. Normative references 3. Definitions, acronyms, and abbreviations 3.1 Definitions |
24 | 3.2 Acronyms and abbreviations |
26 | 4. Dependability management 4.1 Objectives 4.2 Requirements and recommendations 4.2.1 Dependability management process 4.2.2 Product impact analysis—ME, DB |
27 | 4.2.2.1 Product impact analysis—ME 4.2.2.2 Product impact analysis—DB 4.2.3 Development interface agreement (DIA)—DL 4.2.4 Software tools—ME, DB |
28 | 4.2.4.1 Software tools—DB 4.2.4.2 Software tools—ME 4.2.5 Monitoring of parameters for prognostics—DB 4.2.6 Tailoring of dependability activities—ME, DL, DB |
29 | 4.2.6.1 Tailoring of dependability activities—ME 4.2.6.2 Tailoring of dependability activities—DL 4.2.6.3 Tailoring of dependability activities—DB 4.2.7 Dependability case—DB 4.2.8 Confirmation reviews—ME |
30 | 4.2.9 Dependability audit—ME 4.2.10 Dependability assessment—ME |
31 | 4.2.11 Release for production—DB 5. Product definition 5.1 Objectives |
32 | 5.2 General 5.3 Inputs 5.4 Requirements and recommendations 5.4.1 User story, user feature, and addressable market 5.4.2 System/life profile—DL, DB |
33 | 5.4.2.1 System/life profile—DL 5.4.2.2 System/life profile—DB 5.4.3 Hardware/software/system triggering conditions—DB 5.4.4 Operating situations and operating modes—DL, ME 5.4.4.1 Operating situations and operating modes—DL |
34 | 5.4.4.2 Operating situations and operating modes—ME 5.4.5 Item interdependency—DL 5.4.6 External measures for safety and security—DL, DB 5.4.6.1 External measures for safety and security—DL 5.4.6.2 External measures for safety and security—DB |
35 | 5.4.7 System level considerations for enabling deterministic performance—DB 5.4.8 Operating situations, operating modes, performance metrics, and dynamic conditions—DB 5.4.9 Environment use—DB |
36 | 6. Generic requirements elicitation process of dependability lifecycle 6.1 Objectives 6.2 General 6.3 Inputs 6.4 Requirements and recommendations 6.4.1 Safety requirements—ME, DL |
37 | 6.4.1.1 Safety requirements—ME 6.4.1.2 Safety requirements—DL 6.4.2 Concept—DL 6.4.3 Risk level/ automotive safety integrity level (ASIL) alignment matrix—ME |
38 | 6.4.4 Safety goal—DL 6.4.5 Hazards and risks—ME, DB 6.4.5.1 Hazards and risks—ME 6.4.5.2 Hazards and risks—DB 6.4.6 Impact assessment vs. requirements in case of reuse of element(s)—ME, DL |
39 | 6.4.6.1 Impact assessment vs. requirements in case of reuse of element(s)—ME 6.4.6.2 Impact assessment vs. requirements in case of reuse of element(s)—DL 6.4.7 Threat and risk—DL 6.4.8 Platform tuning for safety critical real time applications—ME 6.4.9 Real time considerations for safety analysis—ME |
40 | 6.4.10 Modeling of the radiation working environment—ME 6.4.11 HW and SW requirements traceability—DL 6.4.12 Ensuring deterministic performance for safety applications—ME |
41 | 6.4.13 Common mode failures—DB 6.4.14 Radiation testing requirements for safety analysis—DB 6.4.15 Parameters for real time and safety metrics—DB 6.4.16 Contention/Shared resources of functional safety real time intersections—DB |
42 | 6.4.17 System level considerations for enabling deterministic performance—DB 7. Generic design of dependable architecture 7.1 Objectives 7.2 General |
43 | 7.3 Inputs 7.3.1 Prerequisites 7.4 Requirements and recommendations 7.4.1 Failure mode—DL 7.4.2 Functional safety HW design—DL 7.4.3 Cybersecurity software testing—ME |
44 | 7.4.4 Software architectural design (SAD)—ME, DL 7.4.4.1 Software architectural design (SAD)—ME 7.4.4.2 Software architectural design (SAD)—DL 7.4.5 Artificial intelligence (AI) software configuration and calibration—ME, DL |
45 | 7.4.5.1 Artificial intelligence software configuration and calibration—ME 7.4.5.2 Artificial intelligence software configuration and calibration—DL 7.4.6 Safety mechanism and safety envelope—DL 7.4.7 Automotive safety integrity level (ASIL) decomposition—ME |
46 | 7.4.8 System architectural design—DL 7.4.9 SW design/algorithm impact analysis—ME 7.4.10 Confidence in use of software tools evaluation—ME, DL 7.4.10.1 Confidence in use of software tools evaluation—ME |
47 | 7.4.10.2 Confidence in use of software tools evaluation—DL 7.4.11 Criteria for coexistence of elements—ME 7.4.12 Impact assessment vs. requirements in case of reuse of element(s)—ME, DL 7.4.13 Threat and risk—DL |
48 | 7.4.14 Software development environment—DL 7.4.15 Model interoperability—ME, DL 7.4.15.1 Model interoperability—ME 7.4.15.2 Model interoperability—DL 7.4.16 Platform tuning for safety critical real time applications—ME |
49 | 7.4.17 Real time considerations for safety analysis—ME 7.4.18 Modeling of the radiation working environment—ME 7.4.19 Ensuring deterministic performance for safety applications—ME 7.4.20 System level considerations for deterministic performance—ME |
50 | 7.4.21 Module design, integration, and testing report—DL 7.4.22 Dependent failure initiators (DFIs)—DB 7.4.23 Interface behavior parameters—DB |
51 | 7.4.24 Failure modes including foreseeable misuse and known specification gaps—DB 7.4.25 Artificial intelligence training data—DB 7.4.26 Failures sources—DB |
52 | 7.4.27 Hardware metrics assumptions—DB 7.4.28 Safety mechanisms—DB 7.4.29 Software tools safety evaluation benchmarks—DB |
53 | 7.4.30 Failure modes for software—DB 7.4.31 System reliability-availability-and-serviceability (RAS) architecture capabilities—DB 7.4.32 Monitoring of parameters for prognostics—DB |
54 | 7.4.33 Systematic faults—DB 7.4.34 Common mode failure—DB 7.4.35 Key parameters to consider for tradeoffs between real-time and safety metrics—DB 7.4.36 Contention/shared resources of functional safety-real time intersections—DB |
55 | 7.4.37 System level considerations for enabling deterministic performance—DB 8. Software, hardware co-design and the interface to non-electrical/electronic system (E/E) technology 8.1 Objectives 8.2 General |
56 | 8.3 Inputs 8.3.1 Prerequisites 8.4 Requirements and recommendations 8.4.1 Hardware software interface—DL |
57 | 8.4.2 Electrical/electronic (E/E) to non-electrical/electronic interface—DL 9. Implementation aspects 9.1 Objectives 9.2 General |
58 | 9.3 Inputs 9.3.1 Prerequisites 9.3.2 Further supporting information 9.4 Requirements and recommendations 9.4.1 Cybersecurity software testing—ME 9.4.2 Artificial intelligence training—ME, DB 9.4.3 Fault model for side channel threats (HW)/fault extraction/injection—ME |
59 | 9.4.4 Software development environment—DL 9.4.5 Coding guidelines/code review—ME 9.4.6 Module design, integration, and testing report—DL |
60 | 10. Verification, integration, and analysis 10.1 Objectives 10.2 General 10.2.1 V-model for verification and analysis 10.3 Inputs 10.3.1 Prerequisites |
61 | 10.4 Requirements and recommendations 10.4.1 Failure modes and effects analysis (FMEA)/failure modes effects and diagnostics analysis (FMEDA)—ME, DL, DB 10.4.1.1 Failure modes effects and diagnostics analysis—DL 10.4.1.2 Failure modes effects and diagnostics analysis—ME |
62 | 10.4.1.3 Failure mode—DB 10.4.1.4 Failure modes and effects analysis—DB 10.4.2 Action priority (AP)—ME 10.4.3 Fault tree analysis (FTA)—ME, DB 10.4.3.1 Fault tree analysis—ME |
63 | 10.4.3.2 Fault tree analysis—DB 10.4.4 Dependent failure analysis (DFA)—ME, DL, DB 10.4.4.1 Dependent failure analysis—ME 10.4.4.2 Dependent failure analysis—DL 10.4.4.3 Dependent failure analysis—DB 10.4.5 Dependability manual—DL |
64 | 10.4.6 Base failure rate (BFR)—DL, DB 10.4.6.1 Base failure rate—DL 10.4.6.2 Base failure rate—DB 10.4.7 Functional interface analysis (FIA)—ME |
65 | 10.4.8 Hardware random failures evaluation—ME 10.4.9 Vulnerability factors modeling—ME 10.4.10 Stochastic behavior analysis—ME |
66 | 10.4.11 Systematic analysis—ME 10.4.12 Operational situations and operating modes—ME, DL 10.4.13 Requirement’s traceability in verification, validation, and testing—DL |
67 | 10.4.14 Safety mechanism verification—DB 10.4.15 Safety mechanism integration database—DB 10.4.16 AI System stimulus and safety performance indicator—DB |
68 | 10.4.17 Systems theoretic process analysis (STPA)—ME 10.4.18 Hazard analysis and risk assessment (HARA)—ME, DB 10.4.19 Coexistence analysis—ME |
69 | 10.4.20 Software components qualification—ME 10.4.21 Cybersecurity software testing—ME 10.4.22 Safety verification for safety goal violation—DL, ME 10.4.22.1 Safety verification for safety goal violation—ME |
70 | 10.4.22.2 Safety verification for safety goal violation—DL 10.4.23 Fault model for side channel threats (HW)/fault extraction/injection—ME 10.4.24 Best practice for system integration and testing of intended functionality—ME 10.4.25 Freedom from interference (FFI)—ME, DL 10.4.25.1 Freedom from interference—ME |
71 | 10.4.25.2 Freedom from interference—DL 10.4.26 Artificial intelligence safety validation—ME 10.4.27 Use of formal methods to verify real time performance—ME 10.4.28 Functional insufficiency of the intended functionality—ME, DL 10.4.28.1 Functional Insufficiency of the intended functionality—ME |
72 | 10.4.28.2 Functional insufficiency of the intended functionality—DL 10.4.29 Collection, inferring, and standardization of failures sources—ME 10.4.30 Common mode analysis (CMA)—ME 10.4.31 Commercial off-the-shelf (COTS) safety analysis—ME 10.4.32 Artificial intelligence system safety performance indicator—ME |
73 | 10.4.33 Production verification of safety mechanisms—ME 10.4.34 Methodology for the validation of vulnerability factors—ME 10.4.35 Single event effects—DL, DB |
74 | 10.4.35.1 Single event effects—DL 10.4.35.2 Spectra of energetic particles—DB 10.4.35.3 Single event effects—DB 10.4.36 Software tools safety evaluation—DB 10.4.37 Effects and software real time constraints—DB |
75 | 11. Dependability validation of the system integrated into the overall product with regard to the feature behavior in the operational domain 11.1 Objectives 11.2 General 11.3 Inputs 11.3.1 Prerequisites 11.3.2 Further supporting information |
76 | 11.4 Requirements and recommendations 11.4.1 Dependability validation environment 11.4.2 Specification of dependability validation 11.4.3 Execution of dependability validation |
77 | 11.4.4 Evaluation 11.4.5 Safety requirements—ME, DL 11.4.6 Safety requirements evaluation—ME |
78 | 11.4.7 Artificial intelligence system safety performance indicator—ME, DB 11.4.8 Artificial intelligence safety validation—ME 11.4.9 Operational situations and operating modes—ME, DL 11.4.10 Methodology for the validation of vulnerability factors—ME |
79 | 11.4.11 System level considerations for deterministic performance—ME 11.4.12 Assumptions of use—DL 11.4.13 Safety diagnostic information—DL |
80 | 11.4.14 Safety goal—DL 11.4.15 System/Component/IP-Level hardware and software requirements traceability—DL 11.4.16 Requirements traceability in verification, validation, and testing—DL 11.4.17 Operational situations and modes, use environment, performance metrics, and dynamic conditions—DB |
81 | 12. Post-release activities 12.1 Objectives 12.2 General 12.3 Inputs 12.3.1 Prerequisites |
82 | 12.4 Requirements and recommendations 12.4.1 Safety diagnostic information—DL 12.4.2 Monitoring of parameters for prognostics—DB 12.4.3 Identification, impact, and resolution of safety anomalies—ME |
83 | 12.4.4 Artificial intelligence models update—ME 12.4.5 Proven in use evaluation—ME 13. Dependability evaluation 13.1 Objectives 13.2 General |
84 | 13.3 Requirements and recommendations 13.3.1 Safety requirements evaluation—ME |
85 | 13.3.2 Safety assessment for software updates—ME 13.3.3 Hardware elements evaluation—ME, DL 13.3.3.1 Hardware elements evaluation—ME 13.3.3.2 Hardware elements evaluation—DL 13.3.4 Safety case—DL |
86 | 13.3.5 Assessment for conflicts between safe and secure system reactions—ME 13.3.6 Identification, impact, and resolution of safety anomalies—ME 13.3.7 Tradeoff assessment for real time and safety metrics—ME 13.3.8 Confirmation measures—DL |
87 | Annex A (informative) Proposed safety security alignment flow A.1 Overview A.2 Alignment flow at item, system, and IP/SoC levels |
89 | A.3 Safety security alignment matrix |
90 | A.3.1 Deliverables from each discipline for requirements alignment A.3.1.1 Safety team A.3.1.2 Security team A.3.2 Example use case—Power steering system |
92 | Annex B (informative) SIPOC analysis-based needs traceability B.1 Objectives B.2 General |
93 | B.3 Inputs B.3.1 Prerequisites B.3.2 Further supporting information B.4 Recommendations B.5 Work products |
94 | Annex C (informative) Dependability clauses and requirements C.1 Introduction C.2 Generic E/E system description |
97 | C.3 Generic dependability lifecycle definition C.3.1 Product lifecycle phases |
98 | C.3.2 Development phase |
100 | C.3.3 Dependable product development lifecycle |
102 | C.3.3.1 Design and verification of design |
103 | C.3.3.2 Integration and verification, and validation |
104 | C.3.4 Focusing on functional safety engineering C.3.4.1 Guaranteeing dependability by common rules on systematics C.3.4.2 Dependability by balancing and arbitrating contradicting measures |
105 | C.3.4.3 Affordable dependability C.3.4.4 Conclusion |
106 | C.3.5 Lifecycle phases beyond development C.3.5.1 Production C.3.5.2 Commissioning, service, and maintenance |
107 | C.3.5.3 Operation C.3.5.4 Decommissioning C.4 Dependability management C.4.1 Methodology and description language for dependability management |
110 | C.4.2 Database (DB) for dependability management |
112 | C.5 Product definition |
113 | C.5.1 User story, user feature, and addressable market |
114 | C.5.2 Methodology, description language, and database for user story, user feature, and the addressable market |
116 | C.5.3 Overall system feature behavior in operational domain, system/item definition addressing all dependability attributes C.5.4 Methodology, description language, and database for operational domain, system/item definition addressing all dependability attributes |
118 | C.6 Generic requirements elicitation process of dependability lifecycle C.6.1 General |
119 | C.6.2 Methodological approach to requirement elicitation C.6.2.1 Prerequisites for elicitation |
121 | C.6.2.2 Flow compliant requirements |
122 | C.6.2.3 Formal and informal aspects of requirements elicitation |
123 | C.6.3 Identification of requirement types C.6.3.1 Requirements for product development C.6.3.2 Requirements for post release activities C.6.3.3 Requirements for verification and validation |
124 | C.6.4 Proposed data description language for requirements C.6.4.1 Elaboration of the data description language C.6.5 Methodology and description language for requirement elicitation |
129 | C.6.6 Database for requirement elicitation |
130 | C.7 Generic design of dependable architecture C.7.1 Modeling languages |
131 | C.7.2 Modeling technique C.7.2.1 Modeling language premises and architectural views |
132 | C.7.2.2 Description language |
134 | C.7.3 Methodology, description language, and database for dependable architecture |
146 | C.8 Software and hardware co-design and the interface to non-E/E technology C.8.1 Description language or SW, HW co-design |
147 | C.9 Implementation aspects C.9.1 Elements to be developed C.9.2 Reusing existing elements C.9.3 Methodology and description language of implementation aspects |
148 | C.10 Verification, integration, and analysis C.10.1 Introduction |
149 | C.10.2 V-model for functional verification and analysis C.10.2.1 Layering model |
150 | C.10.3 Analysis activities C.10.3.1 Hazard analysis and risk assessment (HARA) C.10.3.2 Types of functional safety analysis supporting verification C.10.3.2.1 Failure modes and effects analysis |
151 | C.10.3.2.2 Failure modes effects and diagnostics analysis C.10.3.2.3 Fault tree analysis (FTA) C.10.3.2.4 Dependent failure analysis (DFA) C.10.3.2.5 Coexistence analysis C.10.3.2.6 Freedom from interference C.10.3.2.7 Detailed FMEDA and safety mechanism verification |
152 | C.10.3.3 Safety mechanism integration database |
153 | C.10.3.4 Verification activities C.10.3.4.1 Informal reviews C.10.3.4.2 Formal reviews C.10.3.4.3 Functional verification activities |
154 | C.10.4 Methodology and description language for verification, integration, and analysis |
164 | C.10.4.1. Database for verification, integration, and analysis |
168 | C.11 Dependability validation of the system integrated into the overall product with regard to the feature behavior in OD C.11.1 Methodology and description language for dependability validation |
170 | C.12 Post-release activities C.12.1 Methodology for post-release activities |
172 | C.13 Dependability evaluation C.13.1 General |
173 | C.13.2 Method and description language C.13.2.1 Systematic approach |
174 | C.13.2.2 Procedure |
177 | C.13.2.3 Description language C.13.2.4 Database C.13.3 Methodology and description language for dependability evaluation |
180 | C.13.3.1 Database |
181 | Annex D (informative) Bibliography |
183 | Back cover |