Multi-level risk classification of distributed embedded software failures for autonomous systems

With increasing autonomy in systems, the role of software becomes more prominent as it overtakes human operator functions. The software in autonomy differs from automation with respect to functionality, implementation, and complexity, and software failures contribute to system and operational risk. Such failures, however, are often not sufficiently catered for in current risk assessments and mitigation processes, as they are challenging to identify and quantify, in particular, in the early conceptual design phase. Software reliability is not the same as software safety, as the latter encompasses the context and use of the software, as well as interactions and potential cascading failures to hardware, humans, and the environment. It is also difficult to investigate cascading effects on the system that may follow from software failures. The objective of this paper is to propose a novel classification taxonomy to support a more thorough identification of software failures for systems with different degrees of autonomy, as well as for software implementation techniques. The risk from software is interwoven into the design, development, validation, and verification processes, impacting safe operation. The proposed taxonomy can be used iteratively from the early design phase as the detailed design concepts evolve. The level of abstraction for system and software functions decreases with the design and development process. The validation and verification processes must ensure the software's safety and reliability on different system abstraction levels. The software taxonomy in this paper includes relevant causes, consequences, and process relationships, and has been created based on existing industry classifications, research, and system models. A case study applying the taxonomy to navigation and collision avoidance functions on the subsystem level of a Maritime Autonomous Surface Ship (MASS) is performed. Software properties extracted from existing systems and knowledge are transformed into a functional model. Each software failure is then described in the context of the system level valid for the design, development, validation, and verification processes for MASS. The overall outcome of the paper may contribute to the safer design of systems through enhanced identification of potential hazards and software failures, leading to improved risk assessments and, as such, a better basis for defining more efficient safety requirements for autonomous systems from the early system development. Even though the paper exemplifies the taxonomy and classification by focusing on MASS, the work has relevance to other types of software-intensive systems.