Yixing Luo,Yijun Yu,Zhi Jin,Haiyan Zhao

DOI: https://doi.org/10.1109/re.2019.00054

2019-01-01

Abstract:Autonomous unmanned systems (AUS) emerge to take place of human operators in harsh or dangerous environments. However, such environments are typically dynamic and uncertain, causing unanticipated accidents when autonomous behaviours are no longer safe. Even though safe autonomy has been considered in the literature, little has been done to address the environmental safety requirements of AUS systematically. In this paper, we conduct a systematical literature review and set up a taxonomy of environment-centric safety requirements for AUS. We then analyse the neglected issues to suggest several new research directions towards the vision of environmental-centric safe autonomy.

Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Jane Fenn,Mark Nicholson,Ganesh Pai,Michael Wilkinson

DOI: https://doi.org/10.48550/arXiv.2301.08138

2023-01-09

Software Engineering

Abstract:The aviation literature gives relatively little guidance to practitioners about the specifics of architecting systems for safety, particularly the impact of architecture on allocating safety requirements, or the relative ease of system assurance resulting from system or subsystem level architectural choices. As an exemplar, this paper considers common architectural patterns used within traditional aviation systems and explores their safety and safety assurance implications when applied in the context of integrating artificial intelligence (AI) and machine learning (ML) based functionality. Considering safety as an architectural property, we discuss both the allocation of safety requirements and the architectural trade-offs involved early in the design lifecycle. This approach could be extended to other assured properties, similar to safety, such as security. We conclude with a discussion of the safety considerations that emerge in the context of candidate architectural patterns that have been proposed in the recent literature for enabling autonomy capabilities by integrating AI and ML. A recommendation is made for the generation of a property-driven architectural pattern catalogue.

Jianyu Zhang,Long Zhang,Yixuan Wu,Linru Ma,Feng Yang

2024-06-13

Abstract:Unmanned Aerial Systems (UAS) are currently widely used in safety-critical fields such as industrial production, military operations, and disaster relief. Due to the diversity and complexity of application scenarios, UAS have become increasingly intricate. The challenge of designing and implementing highly reliable UAS while effectively controlling development costs and enhancing efficiency is a pressing issue faced by both academia and industry. Addressing this challenge, this paper aims to investigate an integrated approach to modeling, verification, and code generation for UAS. The paper begins by utilizing Architecture Analysis and Design Language (AADL) to model the UAS, proposing a set of generic UAS models. Based on these models, formal specifications are written to describe the system's safety properties and functions. Finally, the paper introduces a method for generating flight controller code for UAS based on the verified models. Experiments conducted with the proposed method demonstrate its effectiveness in identifying potential vulnerabilities in the UAS during the early design phase and in generating viable flight controller code from the verified models. This approach can enhance the efficiency of designing and verifying high-reliability UAS.

Software Engineering

Xi Chen,Quan Zou,Jie Bai,Lei Dong

DOI: https://doi.org/10.3390/aerospace11060459

IF: 2.66

2024-06-06

Aerospace

Abstract:With the significant expansion of civil aviation, particularly in the low-altitude economy, there is a significant gap between the escalating demand for airworthiness certification of novel aircraft designs, such as electric vertical take-off and landing (eVTOL) vehicles, and the inefficiency of the current safety assessment process. This gap is partially attributed to safety assessors' limited exposure to these innovative aircraft models in the safety assessment process, necessitating extensive efforts in identifying precedents and their handling strategies. Complicating matters further, pertinent case studies are scattered across diverse, unstandardized digital formats, obliging assessors to navigate voluminous electronic records while concurrently establishing links among fragmented information scattered across multiple files. This study introduces an advanced information integration methodology, comprising a multi-level path-based architecture and a self-updating algorithm. The proposed method not only furnishes safety assessors with pertinent knowledge featuring explicative interconnectedness automatically, but also dynamically enriches this knowledge corpus through operational usage. Additionally, we devise a suite of evaluative criteria to validate the capacity of our method in processing and consolidating relevant safety datasets. Experimental analyses affirm the efficacy of our proposed approach in streamlining and refreshing safety assessment data. The automation of the retrieval of analogous cases, which relieves the reliance on expert knowledge, enhances the efficiency of the overall safety appraisal procedure. Consequently, this research contributes a solution to enhancing the velocity and accuracy of aircraft certification processes.

engineering, aerospace

Thomas Drage,Kai Li Lim,Joey En Hai Koh,David Gregory,Craig Brogle,Thomas Bräunl,Thomas Braunl

DOI: https://doi.org/10.1109/iv48863.2021.9575662

2021-07-11

Abstract:This paper presents an approach to specifying a modularised safety system which comprehensively addresses the safety requirements for highly autonomous (SAE Level 3+) road vehicles featuring advanced sensing and automated navigation. As these requirements are often overlooked in similar autonomous driving system proposals, we present a method of hazard and risk analysis which investigates hardware failures, environmental perception limitations, human interaction and functional requirements for artificial intelligence. We then define a system design which implements the required safeguards and examines the application on two electric autonomous vehicle testbeds: a race car and a shuttle bus. The close-coupling of a safety-oriented architecture and multi-regime Hazard and Risk Assessment process was tested to measure the system's ability to detect and react to pedestrian stimuli, resulting in accurate detections and reactions, thereby confirming its ability to design safety systems for autonomous research vehicles in a scalable and easily assured fashion.

Wei Xiao,Christos G. Cassandras

DOI: https://doi.org/10.1016/j.arcontrol.2024.100953

IF: 9.4

2024-03-27

Annual Reviews in Control

Abstract:The efficient control design of large-scale systems consisting of interacting autonomous entities has been a long-standing topic of interest in the field of systems and control. In today's technologically insatiable society, such multi-agent autonomous systems are fast becoming ubiquitous, from autonomous driving to sophisticated manufacturing systems and automated delivery of goods or exploration of hazardous environments. Because of the impact these systems have on human users, safety has

automation & control systems

Gerrit Bagschik,Marcus Nolte,Susanne Ernst,Markus Maurer

DOI: https://doi.org/10.1109/itsc.2018.8569398

2018-11-01

Abstract:With an increasing degree of automation, automated vehicle systems become more complex in terms of functional components as well as interconnected hardware and software components. Thus, holistic systems engineering becomes a severe challenge. Emergent properties like system safety are not solely arguable in singular viewpoints such as structural representations of software or electrical wiring (e.g. fault tolerant). This states the need to get several viewpoints on a system and describe correspondences between these views in order to enable traceability of emergent system properties. Today, the most abstract view found in architecture frameworks is a logical description of system functions which structures the system in terms of information flow and functional components. In this article we extend established system viewpoints towards a capability-based assessment of an automated vehicle and conduct an exemplary safety analysis to derive behavioral safety requirements. These requirements can afterwards be attributed to different viewpoints in an architecture frameworks and thus be integrated into a development process for automated vehicles.

Xiang-Yu Zhou,Zheng-Jiang Liu,Feng-Wu Wang,Zhao-Lin Wu

DOI: https://doi.org/10.1016/j.oceaneng.2021.108569

IF: 5

2021-02-01

Ocean Engineering

Abstract:<p>The autonomous ship carrying valuable cargoes and passengers in a more effective and cost-saving manner will soon be state of the art technology, which most likely shall be introduced into the public horizon as the remote control mode within the foreseeable future. The highly connected intelligent systems though come at the cost of the increased system vulnerability to cyber-attacks. To smooth this innovative system can be released into actual context of operation, a novel STPA-based methodology is proposed that synthesizes safety and security, namely STPA-SynSS. In the novel method, a comprehensive process to identifying hazards and revealing causal factors is provided, hazard elimination/mitigation strategies are implemented into system design via system safety and security requirements, so that hazards can be continually tracked and closed-loop managed. The insight regards the operations of the method was demonstrated in a remotely-controlled ship with seafarers onboard, the analysis process focused on encountering ship-ship collision accidents and related security incidents. Results indicate that generated inadvertent/intentional causal factors and developed elimination/mitigation strategies can assist the processes of design and operational planning of the autonomous ships and its shore control centre. Further, the proposed method of this paper also has general relevance for other intelligent systems.</p>

engineering, civil, ocean, marine,oceanography

Xinyu Zhang,Mo Zhou,Wenbo Shao,Tao Luo,Jun Li

DOI: https://doi.org/10.1109/iscas.2019.8702580

2019-01-01

Abstract:As the development direction of intelligent driving in the future, the research of key technologies has made significant progress. However, due to the recent unmanned accidents, there are concerns about safety performance. To solve the safety problem, an intended safety systems for intelligent driving was proposed. This system provides security analysis and monitoring services in real time for intended problems with smart car perception, decision and control modules. Based on the concept of safety of the intended functionality, the driving scene and system safety are analyzed and evaluated to improve the safety of intelligent driving, which may help the development of intelligent driving.

Yixing Luo,Xiao-Yi Zhang,Paolo Arcaini,Zhi Jin,Haiyan Zhao,Linjuan Zhang,Fuyuki Ishikawa

DOI: https://doi.org/10.1109/re54965.2022.00015

2022-01-01

Abstract:Autonomous Driving Systems (ADSs) are complex systems that must satisfy multiple safety requirements. In particular cases, all the requirements cannot be satisfied at the same time, and the control software of the ADS must make trade-offs among their satisfaction. Usually, the trading-offs in the decision-making process are configurable; different configuration options can affect driving behaviors, satisfying or violating requirements at different degrees. Therefore, it is highly important to know whether a configuration can guarantee a safe drive or not, i.e., whether it leads to requirement violations that exceed the allowable range or not. However, there is currently no approach to systematically assess the safety of ADS configurations from the perspective of requirements violations. To bridge this gap, this paper proposes a “Hierarchical Safety Assessment” approach (HSA) that is able to quantitatively analyze the violation severity of safety requirements and distinguish safer ADS configurations based on the requirements violations comparison done in a hierarchical way by following requirements importance. We apply HSA to an industrial ADS under six traffic situations. Evaluation results show that HSA is effective in distinguishing safer configurations and provides useful feedback to ADS engineers to reconfigure the ADS in a better way.

Hong Wang,Wenbo Shao,Chen Sun,Kai Yang,Dongpu Cao,Jun Li

DOI: https://doi.org/10.1016/j.eng.2023.10.011

IF: 12.834

2024-01-11

Engineering

Abstract:As the complexity of autonomous vehicles (AVs) continues to increase and artificial intelligence algorithms are becoming increasingly ubiquitous, a novel safety concern known as the safety of the intended functionality (SOTIF) has emerged, presenting significant challenges to the widespread deployment of AVs. SOTIF focuses on issues arising from the functional insufficiencies of the AVs' intended functionality or its implementation, apart from conventional safety considerations. From the systems engineering standpoint, this study offers a comprehensive exploration of the SOTIF landscape by reviewing academic research, practical activities, challenges, and perspectives across the development, verification, validation, and operation phases. Academic research encompasses system-level SOTIF studies and algorithm-related SOTIF issues and solutions. Moreover, it encapsulates practical SOTIF activities undertaken by corporations, government entities, and academic institutions spanning international and Chinese contexts, focusing on the overarching methodologies and practices in different phases. Finally, the paper presents future challenges and outlook pertaining to the development, verification, validation, and operation phases, motivating stakeholders to address the remaining obstacles and challenges.

engineering, multidisciplinary

Dimia Iberraken,Lounis Adouane

2023-05-29

Abstract:The growing advancements in Autonomous Vehicles (AVs) have emphasized the critical need to prioritize the absolute safety of AV maneuvers, especially in dynamic and unpredictable environments or situations. This objective becomes even more challenging due to the uniqueness of every traffic situation/condition. To cope with all these very constrained and complex configurations, AVs must have appropriate control architectures with reliable and real-time Risk Assessment and Management Strategies (RAMS). These targeted RAMS must lead to reduce drastically the navigation risks. However, the lack of safety guarantees proves, which is one of the key challenges to be addressed, limit drastically the ambition to introduce more broadly AVs on our roads and restrict the use of AVs to very limited use cases. Therefore, the focus and the ambition of this paper is to survey research on autonomous vehicles while focusing on the important topic of safety guarantee of AVs. For this purpose, it is proposed to review research on relevant methods and concepts defining an overall control architecture for AVs, with an emphasis on the safety assessment and decision-making systems composing these architectures. Moreover, it is intended through this reviewing process to highlight researches that use either model-based methods or AI-based approaches. This is performed while emphasizing the strengths and weaknesses of each methodology and investigating the research that proposes a comprehensive multi-modal design that combines model-based and AI approaches. This paper ends with discussions on the methods used to guarantee the safety of AVs namely: safety verification techniques and the standardization/generalization of safety frameworks.

Robotics,Artificial Intelligence,Systems and Control

Xiao Wang,Jianfu Zhang,Pingfa Feng,Dingwen Yu,Zhijun Wu

DOI: https://doi.org/10.1145/3207677.3278103

2018-01-01

Abstract:With(1) the rapid development of unmanned aerial vehicles, the probability of illegal flights and aerial collision increases. This paper proposes a UAV safety monitoring and management methodology considering flight plan management, real-time monitoring and alerting of potential accidents. Based on the method we design the architecture and develop a prototype system using internet of things technology. The system functions are validated and the performances are evaluated through real flight tests. Test results validate the applicability of the system.

Ji Wu,Tao Yue,Shaukat Ali,Huihui Zhang

DOI: https://doi.org/10.1002/spe.2281

2014-01-01

Software Practice and Experience

Abstract:SummaryEnsuring that avionics software meets safety requirements at each development stage is very important to warrant the safe operation of an avionics system. Many safety requirements are imposed by various standards and industrial regulations that must be met by avionics software. One of such standards is DO‐178B/C, which provides guidelines (e.g., development process and objectives to satisfy in development activities) for meeting safety requirements. This paper presents a modeling methodology including a UML profile for specifying safety requirements on a component‐based architecture model and a set of design guidelines on avionics software. These safety requirements were identified from both standards (mainly DO‐178B/C) and current engineering practices in the domain of avionics systems. The methodology automatically enforces these safety requirements. We have applied the methodology on an industrial autopilot system, and several previously uncaught faults were revealed. Copyright © 2014 John Wiley & Sons, Ltd.

Richard Hawkins,Matt Osborne,Mike Parsons,Mark Nicholson,John McDermid,Ibrahim Habli

DOI: https://doi.org/10.48550/arXiv.2208.00853

2022-08-01

Software Engineering

Abstract:Autonomous systems (AS) are systems that have the capability to take decisions free from direct human control. AS are increasingly being considered for adoption for applications where their behaviour may cause harm, such as when used for autonomous driving, medical applications or in domestic environments. For such applications, being able to ensure and demonstrate (assure) the safety of the operation of the AS is crucial for their adoption. This can be particularly challenging where AS operate in complex and changing real-world environments. Establishing justified confidence in the safety of AS requires the creation of a compelling safety case. This document introduces a methodology for the Safety Assurance of Autonomous Systems in Complex Environments (SACE). SACE comprises a set of safety case patterns and a process for (1) systematically integrating safety assurance into the development of the AS and (2) for generating the evidence base for explicitly justifying the acceptable safety of the AS.

Zhenyu Gao,John-Paul Clarke,Javid Mardanov,Karen Marais

2023-10-19

Abstract:Unmanned Aerial Systems (UAS), an integral part of the Advanced Air Mobility (AAM) vision, are capable of performing a wide spectrum of tasks in urban environments. The societal integration of UAS is a pivotal challenge, as these systems must operate harmoniously within the constraints imposed by regulations and societal concerns. In complex urban environments, UAS safety has been a perennial obstacle to their large-scale deployment. To mitigate UAS safety risk and facilitate risk-aware UAS operations planning, we propose a novel concept called \textit{3D virtual risk terrain}. This concept converts public risk constraints in an urban environment into 3D exclusion zones that UAS operations should avoid to adequately reduce risk to Entities of Value (EoV). To implement the 3D virtual risk terrain, we develop a conditional probability framework that comprehensively integrates most existing basic models for UAS ground risk. To demonstrate the concept, we build risk terrains on a Chicago downtown model and observe their characteristics under different conditions. We believe that the 3D virtual risk terrain has the potential to become a new routine tool for risk-aware UAS operations planning, urban airspace management, and policy development. The same idea can also be extended to other forms of societal impacts, such as noise, privacy, and perceived risk.

Computational Engineering, Finance, and Science,Applications

Marius Bozga,Joseph Sifakis

2024-05-20

Abstract:Developing safe autonomous driving systems is a major scientific and technical challenge. Existing AI-based end-to-end solutions do not offer the necessary safety guarantees, while traditional systems engineering approaches are defeated by the complexity of the problem. Currently, there is an increasing interest in hybrid design solutions, integrating machine learning components, when necessary, while using model-based components for goal management and planning. We study a method for building safe by design autonomous driving systems, based on the assumption that the capability to drive boils down to the coordinated execution of a given set of driving operations. The assumption is substantiated by a compositionality result considering that autopilots are dynamic systems receiving a small number of types of vistas as input, each vista defining a free space in its neighborhood. It is shown that safe driving for each type of vista in the corresponding free space, implies safe driving for any possible scenario under some easy-to-check conditions concerning the transition between vistas. The designed autopilot comprises distinct control policies one per type of vista, articulated in two consecutive phases. The first phase consists of carefully managing a potentially risky situation by virtually reducing speed, while the second phase consists of exiting the situation by accelerating. The autopilots designed use for their predictions simple functions characterizing the acceleration and deceleration capabilities of the vehicles. They cover the main driving operations, including entering a main road, overtaking, crossing intersections protected by traffic lights or signals, and driving on freeways. The results presented reinforce the case for hybrid solutions that incorporate mathematically elegant and robust decision methods that are safe by design.

Multiagent Systems

Kai-Chieh Hsu,Haimin Hu,Jaime Fernández Fisac

2023-09-12

Abstract:Recent years have seen significant progress in the realm of robot autonomy, accompanied by the expanding reach of robotic technologies. However, the emergence of new deployment domains brings unprecedented challenges in ensuring safe operation of these systems, which remains as crucial as ever. While traditional model-based safe control methods struggle with generalizability and scalability, emerging data-driven approaches tend to lack well-understood guarantees, which can result in unpredictable catastrophic failures. Successful deployment of the next generation of autonomous robots will require integrating the strengths of both paradigms. This article provides a review of safety filter approaches, highlighting important connections between existing techniques and proposing a unified technical framework to understand, compare, and combine them. The new unified view exposes a shared modular structure across a range of seemingly disparate safety filter classes and naturally suggests directions for future progress towards more scalable synthesis, robust monitoring, and efficient intervention.

Systems and Control,Machine Learning,Robotics

Hengyu Zhao,Yubo Zhang,Pingfan Meng,Hui Shi,Li Erran Li,Tiancheng Lou,Jishen Zhao

DOI: https://doi.org/10.48550/arXiv.1905.08453

2019-05-23

Abstract:Recently, autonomous driving development ignited competition among car makers and technical corporations. Low-level automation cars are already commercially available. But high automated vehicles where the vehicle drives by itself without human monitoring is still at infancy. Such autonomous vehicles (AVs) rely on the computing system in the car to to interpret the environment and make driving decisions. Therefore, computing system design is essential particularly in enhancing the attainment of driving safety. However, to our knowledge, no clear guideline exists so far regarding safety-aware AV computing system and architecture design. To understand the safety requirement of AV computing system, we performed a field study by running industrial Level-4 autonomous driving fleets in various locations, road conditions, and traffic patterns. The field study indicates that traditional computing system performance metrics, such as tail latency, average latency, maximum latency, and timeout, cannot fully satisfy the safety requirement for AV computing system design. To address this issue, we propose a `safety score' as a primary metric for measuring the level of safety in AV computing system design. Furthermore, we propose a perception latency model, which helps architects estimate the safety score of given architecture and system design without physically testing them in an AV. We demonstrate the use of our safety score and latency model, by developing and evaluating a safety-aware AV computing system computation hardware resource management scheme.

Robotics,Neural and Evolutionary Computing