ALFRED: a methodology to enable component fault trees for layered architectures

Identifying drawbacks or insufficiencies in terms of safety is important also in early development stages of safety critical systems. In industry, development artefacts such as components or units, are often reused from existing artefacts to save time and costs. When development artefacts are reused, their existing safety analysis models are an important input for an early safety assessment for the new system, since they already provide a valid model. Component fault trees support such reuse strategies by a compositional horizontal approach. But current development strategies do not only divide systems horizontally, e.g., By encapsulating different functionality into separate components and hierarchies of components, but also vertically, e.g. Into software and hardware architecture layers. Current safety analysis methodologies, such as component fault trees, do not support such vertical layers. Therefore, we present here a methodology that is able to divide safety analysis models into different layers of a systems architecture. We use so called Architecture Layer Failure Dependencies to enable component fault trees on different layers of an architecture. These dependencies are then used to generate safety evidence for the entire system and over all different architecture layers. A case study applies the approach to hardware and software layers.