Safety integrity framework for automated driving
Moritz Werling, Rainer Faller, Wolfgang Betz, Daniel Straub
TL;DR
The Safety Integrity Framework for Automated Driving (SIFAD) addresses the challenge of proving safety for SAE Level 3 ADS by integrating quantitative risk assessment with established safety standards. It combines Systems Engineering, Engineering Risk Analysis, Bayesian data analysis, and stochastic validation within a V-model, using SPVs to capture system and environment uncertainties and a stochastic simulation to quantify residual risk per hazard scenario. Key contributions include a unified terminology bridging ISO 26262 and ISO 21448, a hazard-to-TLSR process, probabilistic modeling with Bayesian networks and copulas, dependency-aware risk estimation, and an iterative validation loop that yields a Positive Risk Balance for deployment. The framework reduces field testing needs, enhances transparency through a formal safety case, and provides practical pathways for regulatory approval and safer automated driving practice in real-world traffic.
Abstract
This paper describes the comprehensive safety framework that underpinned the development, release process, and regulatory approval of BMW's first SAE Level 3 Automated Driving System. The framework combines established qualitative and quantitative methods from the fields of Systems Engineering, Engineering Risk Analysis, Bayesian Data Analysis, Design of Experiments, and Statistical Learning in a novel manner. The approach systematically minimizes the risks associated with hardware and software faults, performance limitations, and insufficient specifications to an acceptable level that achieves a Positive Risk Balance. At the core of the framework is the systematic identification and quantification of uncertainties associated with hazard scenarios and the redundantly designed system based on designed experiments, field data, and expert knowledge. The residual risk of the system is then estimated through Stochastic Simulation and evaluated by Sensitivity Analysis. By integrating these advanced analytical techniques into the V-Model, the framework fulfills, unifies, and complements existing automotive safety standards. It therefore provides a comprehensive, rigorous, and transparent safety assurance process for the development and deployment of Automated Driving Systems.