Toward a Model-Based Approach for Behavioral Safety Concepts in Automated Driving

ISO 21448:2022 specifies normative guidelines to ensure the safety of the intended functionality (SOTIF) of Automated Driving Systems. For systems that allow SAE Level 3 or higher driving automation there is a (partial) absence of human oversight. This requires developers to shift from ensuring controllability by the driver to ensuring that the Automated Driving System exhibits safe behavior in its environment. In the automotive functional safety domain, functional and technical safety concepts are established for the specification of safety measures to mitigate the malfunctioning behavior of E/E systems. However, ISO 21448 does not describe how a comparable safety concept regarding SOTIF can be generated that specifies safety measures for behavior at the vehicle level. Based on the terminology and objectives that are specified in ISO 21448, we elicit requirements for the specification (safe) behavior. Subsequently, we present the conceptualization of a behavioral safety concept that specifies safety measures at the vehicle level. We follow a model-based approach to specify target behavior and document the conducted safety analyses. The semi-formal models provide traceability between functional insufficiencies in the target behavior and the according safety measures. To show the applicability of the proposed meta-model, we create an example model instance of a behavioral safety concept. The example model is based on a domain-specific SysML profile in a selected scenario. Finally, we verify the presented approach against ISO 21448 objectives.