The SATiSFy project, funded by the German Federal Ministry of Education and Research (BMBF) under grant number 16KIS0821K, ran from 1 May 2018 to 30 July 2021. The DFKI GmbH served as the funding recipient, while the Volkswagen AG carried out the research activities described in the report. The collaboration focused on early validation of safety and security requirements for autonomous vehicles, aiming to develop metrics and verification methods that can be applied during the design phase of vehicle architectures.

In the first work package, a comprehensive literature review was performed to map the state of the art in decision‑making and voting mechanisms for redundant electronic, electrical, and power‑electronic (E/E/PE) systems. The study also examined optimization algorithms for network structures. It was found that many autonomous vehicle applications lack established standards, and that related industries such as aerospace and rail transport do not provide satisfactory solutions. This gap motivated the subsequent development of a layered model in work packages 2 and 3. The model represents the interaction between vehicle and environment on both the implementation and system levels. The environment supplies dynamic input parameters that change with varying conditions, while the vehicle offers a static architectural framework that must adapt to safety requirements derived from the environmental layer.

Work package 4 implemented the FDIRO process, an extension of the Fault Detection, Isolation, and Recovery (FDIR) concept from aerospace. FDIRO can trigger changes in system configuration in response to evolving safety requirements or faults. It incorporates a fault‑management strategy that can react to hardware or software failures and attempts to restore the required system configuration. In work package 5, the context‑based Application‑Placement‑Optimisation (C‑PO) approach was developed. C‑PO assigns software applications to available computing nodes in the vehicle, ensuring that a drop in safety level caused by a fault is restored, and once the highest safety level is achieved, it optimises placement according to the current driving situation.

The evaluation of these models was carried out in work package 6 using the AT‑CARS tool, implemented in MATLAB. AT‑CARS performs Monte‑Carlo simulations to compare system configurations with and without the integrated FDIRO process. It assesses both reliability and safety, taking into account the monitor‑control principle and fault‑tolerance characteristics. The tool provides quantitative insights into how the proposed mechanisms influence system robustness.

Finally, work package 7 demonstrated the FDIRO process in a practical setting. A demonstrator featuring safety‑relevant and comfort functions that can fail was built on four Raspberry Pi units, with a tablet displaying the vehicle state and the current step in fault management. This visualisation helped validate the behaviour of the FDIRO process under realistic conditions.

Overall, SATiSFy produced a structured framework for early safety and security validation in autonomous vehicles, combining a layered environmental‑vehicle model, an adaptive configuration process (FDIRO), a context‑aware application placement strategy (C‑PO), and a simulation‑based evaluation tool (AT‑CARS). The collaboration between DFKI and Volkswagen AG, supported by BMBF funding, enabled the integration of aerospace‑derived fault‑management concepts into automotive architectures, paving the way for systematic verification of safety and security requirements during vehicle design.