dc.description.abstract
Our overall systems become more complex every day. Not only, because they consist of a growing number of sub-systems. Also the increasing application of software solutions in technical sub-systems, the coupling with other system parts, and the interaction with a mostly undefined overall system environment, raise the complexity, which can be very dangerous in the event of a fault. So much the important it gets to not only turn one's attention to the singular sub-systems, but to keep the holistic perspective in view. In the automotive sector, for instance, we currently talk about more than 100 million lines of code, distributed onto a minimum of 70 control units. Thus, system inherent software faults can hardly be avoided. Due to the coupling of the control units, as well as due to the impact of other technical systems und the influence of the environment, these circumstances are impeded even further. Thereby, the number of inherent system states in a vehicle gets increased considerably. If malfunctions of single control units happen concurrently, together with external influences, unforeseeable system states occur, which can lead to severe accidents. Nancy Leveson, professor in aeronautics and astronautics at the Massachusetts Institute of Technology (MIT), international figurehead of the safety world, confirms this circumstance and talks in this context about so-called 'system accidents', a dangerous kind of accidents. Presently known safety standards do not address this problem further. In this respect, also no suitable procedure models or analysis methods exist to solve this problem. With regard to the stated problem, this work will critically examine the most important procedure models, the diverse approaches of different safety standards, as well as the analysis methods to be applied, and also will analyse their applicability onto the said problem. Particularly for the safety standards, both will be examined closely, the functional safety perspective (IEC 61508, ISO 26262), and the system safety perspective (MIL-STD 882E, DO 178C). Furthermore, new models will be developed and existing ones extended, in order to analyse the problem more intensively. On the basis of these analyses, a procedure model for conception und development of safety-critical systems will be recommended, the so-called 'safety approach model'. This safety approach model is founded on the principle of an extended failure model, in order to better understand the holistic inspection of fault mechanisms and their causal relationships. The approach model pursues thereby the idea of inherent system safety. This means, that through a systematic approach, together with correspondingly developed analysis methods, the fundaments for an 'inherent safe System Design' should be installed. Especially this systematic-methodical approach by itself, with its imprint for inherent system safety, as well as the therewith specifically developed analysis methods, but also the extension of traditional methods, form the den news value of this work.
en