Figure 4
The flow diagram is divided into two main sections, indicated by thick horizontal arrows at the top. At the top left, a thick horizontal arrow points to the right and is labeled “Definition and Design”. At the top right, a thick horizontal arrow also points to the right and is labeled “Testing and Integration”. Left section: Definition and Design: At the upper left, a rectangular box is labeled “Safety plan”. To its right, another rectangular box is labeled “Project Definition or Operational Scenario”. Below “Safety plan”, a rectangular box labeled “Safety objective or system H A R A” is connected by a diagonal downward arrow. Below this, another box labeled “Subsystem H A R A” is connected by a further diagonal arrow. Below “Subsystem H A R A”, a box labeled “Software and hardware security requirements” appears, connected by a diagonal arrow. Below “Project Definition or Operational Scenario”, a rectangular box labeled “System Requirements” is connected by a diagonal downward arrow. Below “System Requirements”, a box labeled “Function and Physical Architecture Definition” is connected by a diagonal arrow. Below this, a box labeled “Detailed Design” is connected by another diagonal arrow. Right section: Testing and Integration: At the top of the right section, two rectangular boxes appear side by side. The left box is labeled “System confirmation”, and the right box is labeled “Safety confirmation”. Below “System confirmation”, a box labeled “System verification” is connected by an upward-pointing arrow. Below “Safety confirmation”, a box labeled “System security verification” is connected by an upward-pointing arrow. Below “System verification”, a box labeled “Subsystem verification” is connected by an upward-pointing arrow. Below “System security verification”, a box labeled “Subsystem security verification” is connected by an upward-pointing arrow. Below “Subsystem verification”, a box labeled “Unit testing” is connected by an upward-pointing arrow. Below “Subsystem security verification”, a box labeled “Hardware and software security verification and validation” is connected by an upward-pointing arrow. In the center of the diagram, horizontal arrows connect stages from the left section to corresponding stages on the right section: A leftward-pointing arrow connects “System Requirements” on the left to “System verification” on the right. The text above this arrow reads “Verify the fault operation scenario”, and the text below reads “Check the system requirements and security objectives”. Another leftward-pointing arrow connects “Function and Physical Architecture Definition” to “Subsystem verification”. The text above this arrow reads “Revise the advanced design”, and the text below reads “Update system security analysis”. A third leftward-pointing arrow connects “Detailed Design” to “Unit testing”. The text above this arrow reads “Revise the detailed design”, and the text below reads “Update subsystem security analysis”. Along the bottom of the diagram, two curved arrows arc from left to right. These arrows originate near “Detailed Design” and “Software and hardware security requirements” on the left side and curve upward toward “Unit testing” and “Hardware and software security verification and validation” on the right side, indicating iterative feedback between design and verification stages.Automotive industry standard V model development process. Source: Cuenot et al. (2014)