[SystemSafety] Request for references on measures to manage failures for homogeneous sensor redundancy

Mike Ellims mike at ellims.xyz
Fri Dec 13 09:36:59 CET 2019


You might may be something useful in 

 

Isermann, R. "Fault-Diagnosis Systems: An Introduction from Fault Detection
to Fault tolerance", Springer 

 

However from your email you may have already looked at some of the options.
In general though more advanced methods require you to have a good
understanding (model) of how sensors will fail and how that can be observed.
This implies you want a sensor with good data associated with it, ASIL rated
or not. 

 

Cheers.

 

From: systemsafety
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Watts Malcolm (AE-BE/ENG1-AU)
Sent: 13 December 2019 07:15
To: systemsafety at TechFak.Uni-Bielefeld.DE
Subject: [SystemSafety] Request for references on measures to manage
failures for homogeneous sensor redundancy

 

Colleagues;

 

Can I ask for your assistance please ?  I'm looking for references that show
approaches to using multiple redundant (possibly unreliable) sensors in
safety-related systems.

 

I am supporting a project team working on a safety-related embedded system
(with safety requirements equivalent to automotive ASIL B) that must make
safety-related decisions on the basis of input from an array of  sensors,
all of the same type, in proximity.  (The sensors are in slightly different
locations in the same physical environment, so their expected output will be
highly correlated but not identical).  

There may be from 3 to 8 sensors; this number relates to the application and
is not driven by safety concerns.

 

Currently, the sensors are developed according to a safety standard, and are
allocated safety requirements.  

The team wants to understand the impact of changing to a different sensor,
that may not have been developed in accordance with safety requirements.  I
expect requirement decomposition won't be possible. 

 

What approaches may be viable for achieving and demonstrating a safe system,
if it must use data from unreliable sensors, with significant (homogeneous)
redundancy ?  

 

On one hand, we want to take advantage of the redundancy. on the other,
convincingly demonstrating freedom from dependent failures in an array of
identical sensors seems problematic.

 

What are our options for safety mechanisms that take advantage of the
redundancy we can achieve ?

 

I'm aware of work on sensor fusion, on sensor failure detection and
classification, on redundant sensors in autonomous vehicle development and
on "reliable consensus decisions" for (e.g.) navigation systems and
distributed time signals.

 

What I've not found so far is approaches to formal compliance with a safety
standard, without using "reliable" (in the sense of having some demonstrable
safety property) sensors, but instead using sensors that are not developed
to a safety standard.  I'm struggling to find anything that takes advantage
of the degree of redundancy available, to provide evidence of
reliability/correctness.  I'm increasingly seeing (non-safety) IoT systems
with many sensors, so I expect this question will shortly come up in many
other safety-related applications.

 

I can think of approaches (BBNs, Kalman filtering.) that I feel should be
able to provide evidence of the confidence achieved (at system design time)
in a safety mechanism applied at runtime, but I haven't found good
references around how these might be applied specifically to safety systems.
This feels something like a "checker" safety pattern, but where the check is
on some collective property of the sensor network.  I'd like to turn
"feeling" into convincing evidence J.

 

Can anyone point to any good references or advice that will help ?   

 

Thanks,

 

Mal.

 

Best regards, 

Malcolm Watts
Mal at ieee.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20191213/de837fc2/attachment-0001.html>


More information about the systemsafety mailing list