Abstract
Connected cars, freely configurable operating rooms, or autonomous harvesting fleets: dynamically emerging open systems of systems will shape a new generation of systems opening up a vast potential for new kinds of applications. In light of the hard-to-predict structure and behavior of such systems, assuring their safety will require some disruptive changes of established safety paradigms. Combining current research results from different disciplines with industrial experience, this paper dares to think out of the box and look beyond the limits of traditional safety assurance. It structures upcoming challenges posed by the emergence of open systems of systems, tries to shift existing paradigms to meet those new challenges, and proposes an abstract conceptual framework building on comprehensive interlinked multi-concern runtime models for dynamically assuring the safety as well as other properties of open systems of systems. As there currently is no comprehensive realization of the framework, we discuss what kind of approaches could fit into which parts of the framework and exemplify this for the case of conditional safety certificates.
Highlights
Open systems of systems harbor enormous potential for new kinds of applications and will have a tremendous impact on our economy and society
We subsequently introduced the concept of conditional safety certificates (ConSerts) [2, 3] and in the DEIS project, the concept of digital dependability identities (DDI) [4]
5 Conclusion and future work A gradual shift of safety intelligence to runtime will be indispensable to ensure the safety of future systems of systems
Summary
Open systems of systems harbor enormous potential for new kinds of applications and will have a tremendous impact on our economy and society. The manufacturers have assured their product’s safety independent from each other, but there has been no hazard analysis and integrated safety assurance of the resulting system of systems Today this issue is tackled by means of 1-to-1 consideration of concrete pairs of tractors and implements. ConSerts, as well as DDI, are approaches for the definition of modular runtime safety or dependability models, which enable the dynamic evaluation of corresponding properties across system compositions. In essence, this means that we shift parts of the safety engineering considerations and activities from development time into runtime. ISO 26262 defines so-called automotive safety integrity levels (ASIL)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
