Change search
Refine search result
1 - 28 of 28
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    de la Vara, Jose Luis
    et al.
    Universidad Carlos III de Madrid, Spain.
    Ruiz, Alejandra
    TECNALIA Research and Innovation, Spain.
    Gallina, Barbara
    Mälardalen University, Sweden.
    Blondelle, Gaël
    Eclipse Foundation Europe GmbH, Germany.
    Alaña, Elena
    GMV Aerospace and Defence, Spain.
    Herrero, Javier
    GMV Aerospace and Defence, Spain.
    Warg, Fredrik
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Skoglund, Martin
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Bramberger, Robert
    VIRTUAL VEHICLE Research Center, Austria.
    The AMASS Approach for Assurance and Certification of Critical Systems2019Conference paper (Other academic)
    Abstract [en]

    Safety-critical systems are subject to rigorous assurance and certification processes to guarantee that they do not pose unreasonable risks to people, property, or the environment. The associated activities are usually complex and time-consuming, thus they need adequate support for their execution. The activities are further becoming more challenging as the systems are evolving towards open, interconnected systems with new features, e.g. Internet connectivity, and new assurance needs, e.g. compliance with several assurance standards for different dependability attributes. This requires the development of novel approaches for cost-effective assurance and certification. With the overall goal of lowering assurance and certification costs in face of rapidly changing features and market needs, the AMASS project has created and consolidated the de-facto European-wide open solution for assurance and certification of critical systems. This has been achieved by establishing a novel holistic and reuse-oriented approach for architecture-driven assurance, multi-concern assurance, and for seamless interoperability between assurance and engineering activities along with third-party activities. This paper introduces the main elements of the AMASS approach and how to use them and benefit from them.

    Download full text (pdf)
    fulltext
  • 2.
    Gunnarsson, Martin
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science. Lund University, Sweden.
    Brorsson, Joakim
    Lund University, Sweden; Combitech AB, Sweden.
    Palombini, Francesca
    Ericsson AB, Sweden.
    Seitz, Ludwig
    Combitech AB, Sweden.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Evaluating the performance of the OSCORE security protocol in constrained IoT environments2021In: Internet of Things: Engineering Cyber Physical Human Systems, E-ISSN 2542-6605, Vol. 13, article id 100333Article in journal (Refereed)
    Abstract [en]

    The Constrained Application Protocol (CoAP) is a standard communication protocol for resource-constrained devices in the Internet of Things (IoT). Many IoT deployments require proxies to support asynchronous communication between edge devices and the back-end. This allows (non-trusted) proxies to access sensitive parts of CoAP messages. Object Security for Constrained RESTful Environments (OSCORE) is a recent standard protocol that provides end-to-end security for CoAP messages at the application layer. Unlike the commonly used standard Datagram Transport Layer Security (DTLS), OSCORE efficiently provides selective integrity protection and encryption on different parts of CoAP messages. Thus, OSCORE enables end-to-end security through intermediary (non-trusted) proxies, while still allowing them to perform their expected services, with considerable security and privacy improvements.

    To assess whether these security features consume too much of the limited resources available on a constrained device, we have implemented OSCORE (the implementation is available as open-source), and evaluated its efficiency. This paper provides a comprehensive, comparative and experimental performance evaluation of OSCORE on real resource-constrained IoT devices, using the operating system Contiki-NG as IoT software platform. In particular, we experimentally evaluated the efficiency of our OSCORE implementation on resource-constrained devices running Contiki-NG, in comparison with the DTLS implementation TinyDTLS maintained by the Eclipse Foundation. The evaluation results show that our OSCORE implementation displays moderately better performance than TinyDTLS, in terms of per-message network overhead, memory usage, message round-trip time and energy efficiency, thus providing the security improvements of OSCORE with no additional performance penalty.

  • 3.
    Gyllenhammar, Magnus
    et al.
    Zenseact, Sweden; KTH Royal Institute of Technology, Sweden.
    Bergenhem, Carl
    Qamcom Research and Technology AB, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    ADS Safety Assurance – Future Directions2021Conference paper (Refereed)
    Abstract [en]

    More effective, efficient and flexible ways to manage safety assurance are needed for the successful development and release of Automated Driving Systems (ADSs). In this paper we propose a set of desired assurance method criteria and present an initial overview of available safety assurance methods and how they contribute to the proposed criteria. We observe that there is a significant gap between the state-of-the-art research and the state-of-practise for safety assurance of ADSs and propose to investigate reasons for this as future work. A next step will be to investigate how to merge the elements from the different assurance methods to achieve a method addressing all criteria. 

    Download full text (pdf)
    fulltext
  • 4.
    Gyllenhammar, Magnus
    et al.
    Zenseact, Sweden; KTH Royal Institute of Technology, Sweden.
    Brännström, Mattias
    Zenseact, Sweden.
    Johansson, Rolf
    Astus AB, Sweden.
    Sandblom, Fredrik
    Volvo Autonomous Solutions, Sweden.
    Ursing, Stig
    Semcon Sweden AB, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Minimal Risk Condition for Safety Assurance of Automated Driving Systems2021Conference paper (Refereed)
    Abstract [en]

    We have yet to see wide deployment of automated driving systems (ADSs) on public roads. One of the reasons is the challenge of ensuring the systems’ safety. The operational design domain (ODD) can be used to confine the scope of the ADS and subsequently also its safety case. For this to be valid the ADS needs to have strategies to remain in the ODD throughout its operations. In this paper we discuss the role of the minimal risk condition (MRC) as a means to ensure this. Further, we elaborate on the need for hierarchies of MRCs to cope with diverse system degradations during operations.

    Download full text (pdf)
    fulltext
  • 5.
    Gyllenhammar, Magnus
    et al.
    Zenuity AB, Sweden.
    Johansson, Rolf
    Autonomous Intelligent Driving, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Chen, DeJiu
    KTH Royal Institute of Technology, Sweden.
    Heyn, Hans-Martin
    Volvo Technology AB, Sweden.
    Sanfridson, Martin
    Volvo Technology AB, Sweden.
    Söderberg, Jan
    Systemite AB, Sweden.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Ursing, Stig
    Semcon Sweden AB, Sweden.
    Towards an Operational Design Domain That Supports the Safety Argumentation of an Automated Driving System2020In: 10th European Congress on Embedded Real Time Systems (ERTS 2020), Toulouse, France, 2020Conference paper (Refereed)
    Abstract [en]

    One of the biggest challenges for self-driving road vehicles is how to argue that their safety cases are complete.The operational design domain (ODD) of the automated driving system (ADS) can be used to restrict where the ADS is valid and thus confine the scope of the safety case as well as the verification. To complete the safety case there is a need to ensure that the ADS will not exit its ODD. We present four generic strategies to ensure this. Use cases (UCs) provide a convenient way providing such a strategy for a collection of operating conditions (OCs) and furth erensures that the ODD allows for operation within the real world. A framework to categorise the OCs of a UC is presented and it is suggested that the ODD is written with this structure in mind to facilitate mapping towards potential UCs. The ODD defines the functional boundary of the system and modelling it with this structure makes it modular and generalisable across different potential UCs. Further, using the ODD to connect the ADS to the UC enables the continuous delivery of the ADS feature. Two examples of dimensions of the ODD are given and a strategy to avoid an ODD exit is proposed in the respective case.

    Download full text (pdf)
    fulltext
  • 6.
    Jagstedt, Siri
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Mobility and Systems. Karlstad University, Sweden.
    Mellegård, Niklas
    Ictech, Sweden.
    Lind, Kenneth
    RISE Research Institutes of Sweden, Digital Systems, Mobility and Systems.
    Dependencies as a barrier for continuous innovation in cyber-physical systems2023In: International Journal of Technology Management, ISSN 0267-5730, E-ISSN 1741-5276, Vol. 93, no 3-4, p. 194-219Article in journal (Refereed)
    Abstract [en]

    In the automotive domain, as an example of cyber-physical systems, continuous software deployment is actively explored to deliver increasingly capable features to existing fleets of vehicles. The distributed nature of software coupled with tight hardware integration and potentially tremendous variability between vehicles make ensuring compatibility of updated software a significant challenge – both technically and managerially. While the automotive industry commonly forms larger multi-brand organisations to utilise economies of scale, processes for continuous deployment contradictory assumes a single organisation with full control. This paper sets out to shed light on challenges of adopting continuous deployment in the context of such a multi-brand cyber-physical systems organisation. Following a case study, the paper describes a tension between the managerial perspective concerned with platform strategies, and the engineering perspective responsible for developing products from those platforms. The paper highlights software dependencies as a barrier to continuous innovation of cyber-physical systems in multi-brand organisations.

  • 7.
    Johansson, Rolf
    et al.
    Zenuity, Sweden.
    Alissa, Samieh
    Semcon, Sweden.
    Bengtsson, Staffan
    Volvo Car Corporation, Sweden.
    Bergenhem, Carl
    Qamcom, Sweden.
    Bridal, Olof
    Volvo Group Trucks Technology, Sweden.
    Cassel, Anders
    Autoliv, Sweden.
    Chen, De-Jiu
    KTH Royal Institute of Technology, Sweden.
    Gassilewski, Martin
    Volvo Car Corporation, Sweden.
    Nilsson, Jonas
    Zenuity, Sweden.
    Sandberg, Anders
    Delphi E&S, Sweden.
    Ursing, Stig
    Semcon, Sweden.
    Warg, Fredrik
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Werneman, Anders
    Qamcom, Sweden.
    A Strategy for Assessing Safe Use of Sensors in Autonomous Road Vehicles2017In: Computer Safety, Reliability, and Security, 36th International Conference, SAFECOMP 2017, Trento, Italy, September 13-15, 2017, Proceedings / [ed] Stefano Tonetta, Erwin Schoitsch, Friedemann Bitsch, 2017, Vol. 10488, p. 149-161Conference paper (Refereed)
    Abstract [en]

    When arguing safety foran autonomous road vehicle it is considered very hard to show that the sensing capability is sufficient for all possible scenarios that might occur. Already for today’s manually driven road vehicles equipped with advanced driver assistance systems (ADAS), it is far from trivial how to argue that the sensor systems are sufficiently capable of enabling a safe behavior. In this paper, we argue that the transition from ADAS to automated driving systems (ADS) enables new solution patterns for the safety argumentation dependent on the sensor systems. A key factor is that the ADS itself can compensate for a lower sensor capability, by for example lowering the speed or increasing the distances. The proposed design strategy allocates safety requirements on the sensors to determine their own capability. This capability is then to be balanced by the tactical decisions of the ADS equipped road vehicle.

  • 8.
    Jolak, Rodi
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Mobility and Systems. Gothenburg University, Sweden; Chalmers University of Technology, Sweden; Volvo Car Corporation, Sweden.
    Rosenstatter, Thomas
    RISE Research Institutes of Sweden, Digital Systems, Mobility and Systems. RISE Research Institutes of Sweden, Safety and Transport, Maritime department. Chalmers University of Technology, Sweden.
    Aldaghistani, Saif
    Chalmers University of Technology, Sweden.
    Scandariato, Riccardo
    Hamburg University of Technology, Germany.
    RIPOSTE: A Collaborative Cyber Attack Response Framework for Automotive Systems2022Conference paper (Refereed)
    Abstract [en]

    The automotive domain has got its own share of advancements in information and communication technology, providing more services and leading to more connectivity. However, more connectivity and openness raise cyber security and safety concerns. Indeed, services that depend on online connectivity can serve as entry points for attacks on different assets of the vehicle. This study explores collaborative ways of selecting response techniques to counter real-time cyber attacks on automotive systems. The aim is to mitigate the attacks more quickly than a single vehicle would be able to do, and increase the survivability chances of the collaborating vehicles. To achieve that, the design science research methodology is employed. As a result, we present RIPOSTE, a framework for collaborative real-time evaluation and selection of suitable response techniques when an attack is in progress. We evaluate the framework from a safety perspective by conducting a qualitative study involving domain experts. The proposed framework is deemed slightly unsafe, and insights into how to improve the overall safety of the framework are provided.

    Download full text (pdf)
    fulltext
  • 9.
    Lu, Zhonghai
    et al.
    KTH Royal Institute of Technology, Sweden.
    Zhu, W
    KTH Royal Institute of Technology, Sweden.
    Chen, Y
    KTH Royal Institute of Technology, Sweden.
    Charnley, J
    Lusstech, UK.
    Dejke, Valter
    RISE Research Institutes of Sweden, Materials and Production, Polymeric Materials and Composites. RISE Research Institutes of Sweden, Materials and Production, Product Realisation Methodology.
    Pomazanskyi, A
    Nuromedia GmbH, Germany.
    Ko, ST
    Össur, Iceland.
    Zeybek, B
    Teesside University, UK.
    Mehryar, P
    Teesside University, UK.
    Ali, Z
    Teesside University, UK.
    Karamousadakis, M
    Twi Hellas, Greece.
    Chen, D
    KTH Royal Institute of Technology, Sweden.
    Wearable pressure sensing for lower limb amputees2022In: BioCAS 2022 - IEEE Biomedical Circuits and Systems Conference: Intelligent Biomedical Systems for a Better Future, Proceedings, Institute of Electrical and Electronics Engineers Inc. , 2022, p. 105-109Conference paper (Refereed)
    Abstract [en]

    Pressure sensing in prosthetic sockets is valuable as it provides quantified data to assist prosthetists in designing comfortable sockets for amputees. We present a wearable pressure sensing system for lower limb amputees. The full system consists of three essential elements from sensing scheme (wearable sensors, sensor calibration and deployment), electronic measurement system (embedded hardware and software), to time-series database and visualization. The full system has been successfully applied in clinical trials to effectively collect pressure data in real-time.

  • 10.
    Magazinius, Ana
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Mobility and Systems.
    Mellegård, Niklas
    RISE Research Institutes of Sweden, Digital Systems, Mobility and Systems.
    Olsson, Linda
    RISE Research Institutes of Sweden.
    What We Know About Bug Bounty Programs - An Exploratory Systematic Mapping Study2019In: International Workshop on Socio-Technical Aspects in Security and Trust STAST 2019: Socio-Technical Aspects in Security and Trust. Part of the Lecture Notes in Computer Science book series (LNCS, volume 11739), Springer Science and Business Media Deutschland GmbH , 2019, p. 89-106Conference paper (Refereed)
    Abstract [en]

    This paper presents a systematic mapping study of the research on crowdsourced security vulnerability discovery. The aim is to identify aspects of bug bounty program (BBP) research that relate to product owners, the bug-hunting crowd or vulnerability markets. Based on 72 examined papers, we conclude that research has mainly been focused on the organisation of BBPs from the product owner perspective, but that aspects such as mechanisms of the white vulnerability market and incentives for bug hunting have also been addressed. With the increasing importance of cyber security, BBPs need more attention in order to be understood better. In particular, datasets from more diverse types of companies (e.g. safety-critical systems) should be added, as empirical studies are generally based on convenience sampled public data sets. Also, there is a need for more in-depth, qualitative studies in order to understand what drives bug hunters and product owners towards finding constructive ways of working together. 

  • 11.
    Righetti, Francesca
    et al.
    University of Pisa, Italy.
    Vallati, Carlo
    University of Pisa, Italy.
    Tiloca, Marco
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Anastasi, Giuseppe
    University of Pisa, Italy.
    Vulnerabilities of the 6P protocol for the Industrial Internet of Things: Impact analysis and mitigation2022In: Computer Communications, ISSN 0140-3664, E-ISSN 1873-703X, Computer Communications, Vol. 194, p. 411-432Article in journal (Refereed)
    Abstract [en]

    The 6TiSCH architecture defined by the IETF provides a standard solution for extending the Internet of Things (IoT) paradigm to industrial applications with stringent reliability and timeliness requirements. In this context, communication security is another crucial requirement, which is currently less investigated in the literature. In this article, we present a deep assessment of the security vulnerabilities of 6P, the protocol used for resource negotiation at the core of the 6TiSCH architecture. Specifically, we highlight two possible attacks against 6P, namely the Traffic Dispersion and the Overloading attacks. These two attacks effectively and stealthy alter the communication schedule of victim nodes and severely thwart network basic functionalities and efficiency, by specifically impacting network availability and energy consumption of victim nodes. To assess the impact of the attacks two analytical models have been defined, while, to demonstrate their feasibility, they have been implemented in Contiki-NG. The implementation has been used to quantitatively evaluate the impact of the two attacks by both simulations and measurements in a real testbed. Our results show that the impact of both attacks may be very significant. The impact, however, strongly depends on the position of the victim node(s) in the network and it is highly influenced by the dynamics of the routing protocol. We have investigated mitigation strategies to alleviate this impact and proposed an extended version of the Minimal Scheduling Function (MSF), i.e., the reference scheduling algorithm for 6TiSCH. This allows network nodes to early detect anomalies in their schedules possibly due to an Overloading attack, and thus curb the attack impact by appropriately revising their schedule.

  • 12.
    Sainio Berntsson, Petter
    et al.
    Chalmers University of Technology, Sweden.
    Strandén, Lars
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Warg, Fredrik
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Evaluation of Open Source Operating Systems for Safety-Critical Applications2017In: Proceedings of  9th International Workshop on Software Engineering for Resilient Systems, SERENE 2017 Geneva, Switzerland, September 4–5, 2017 / [ed] Alexander Romanovsky, Elena A. Troubitsyna, 2017, Vol. 10479, p. 117-132Conference paper (Refereed)
    Abstract [en]

    There are many different open source real-time operating systems (RTOS) available, and the use of open source software (OSS) for safety-critical applications is considered highly interesting by industrial domains such as medical, aerospace and automotive, as it potentially enables lower costs and more flexibility. In order to use OSS in a safety-critical context, however, evidence that the software fulfills the requirements put forth in a functional safety standard for the relevant domain is necessary. However, the standards for functional safety typically do not provide a clear method for how one would go about certifying systems containing OSS. Therefore, in this paper we identify some important RTOS characteristics and outline a methodology which can be used to assess the suitability of an open source RTOS for use in a safety-critical application. A case study is also carried out, comparing two open source operating systems using the identified characteristics. The most suitable candidate is then assessed in order to see to what degree it can adhere with the requirements put forth in the widely used functional safety standard IEC 61508.

  • 13.
    Sandblom, Fredrik
    et al.
    Zenseact, Sweden.
    Rodrigues de Campos, Gabriel
    Zenseact, Sweden.
    Hardå, Peter
    Zenseact, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Beckman, Fredrik
    Magna Electronics, Sweden.
    Choosing Risk Acceptance Criteria for Safe Automated Driving2024In: Critical Automotive applications: Robustness & Safety (CARS) Workshop 2024, 2024Conference paper (Refereed)
    Abstract [en]

    It is easy to agree that an automated driving system shall be safe, but it is an on-going discussion what safe means. Several Risk Acceptance Criteria (RAC) candidates have been suggested, but a closer analysis indicates that not all of them are related to risk in a traffic safety sense and that perhaps they are better described as properties that an ADS should be designed to exhibit for other reasons.This paper discusses safety aspects of Automated Driving System (ADS) features and the different incentives and arguments that drive the design of an ADS. More precisely, this paper explores different design goals for safe automated driving and puts forward a combination of Risk Acceptance Criteria (RAC) for limiting the risk of harm. These criteria are motivated and contextualized using a simple real-world traffic example. Furthermore, it is also shown why run-time risk transfer is unavoidable in any system that makes tactical decisions under uncertainty and why this motivates avoiding thought-examples such as the trolley problem as basis for ADS design. 

    Download full text (pdf)
    fulltext
  • 14.
    Skoglund, Martin
    et al.
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik.
    Petig, Thomas
    Chalmers University of Technology, Sweden.
    Vedder, Benjamin
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik.
    Eriksson, Henrik
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik.
    Schiller, E.M.
    Chalmers University of Technology, Sweden.
    Static and dynamic performance evaluation of low-cost RTK GPS receivers2016In: 2016 IEEE Intelligent Vehicles Symposium, 2016Conference paper (Refereed)
    Abstract [en]

    The performance of low-cost RTK(real-time kinematic)GPS receivers hasbeen compared to a state-of-the-art system as well to each other. Both static and dynamic performanceshavebeen compared. The dynamic performance has been evaluated using a vehicle with driving robot on the AstaZero proving ground.The assembly of the low-cost RTK GPS receivers is presented, and the test set-ups described. Besides having a lower data output frequency, two of the low-cost receivers have static and dynamic performance not far fromthat of the state-of-the-art system.

    Download full text (pdf)
    fulltext
  • 15.
    Skoglund, Martin
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Arrue, Alvaro
    Applus IDIADA, Span.
    Coget, Jean Baptiste
    Institut VEDECOM, France.
    Rahal, Mohamed Cherif
    Institut VEDECOM, France.
    Plestan, Camille
    Institut VEDECOM, France.
    Technical and functional requirements for V2X communication, positioning and cyber-security in the HEADSTART project2021Conference paper (Refereed)
    Abstract [en]

    Connected and AutomatedD riving (CAD) features rely on s e v er al key technologies to function safelyat the vehicle and compone nt level. HEADSTART (Harm onised European Solutions fo r TestingAutomated Road Transport) is a research project fund ed by the European Union tha t aims to definetesting and validation pro c e d ur e s for CAD features with a focus on three K ey Enabling Technologi es(KETs): Vehicle to eve rything (V2X) communication, Positioning and Cyber security. This paperpresent s the technical and functional requ i rements for these three KETs including w h a t is n e eded forthese technol ogies to work corre ctly (at vehicle and c omponent level) and what is needed to verify andvali d ate them in proving ground and simulation environment. The final aim is to satisfy t h e safetyrequirements to protect the veh i c l e i ts e lf and the other road users.

    Download full text (pdf)
    fulltext
  • 16.
    Skoglund, Martin
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Hansson, Hans
    Mälardalen University, Sweden.
    Punnekkat, Sasikumar
    Mälardalen University, Sweden.
    Black-Box Testing for Security-Informed Safety of Automated Driving Systems2021In: 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring), 2021Conference paper (Refereed)
    Abstract [en]

    An evaluation of safety and security properties performed by an independent organisation can be an important step towards establishing trust in Automated Driving Systems (ADS), bridging the gap between the marketing portrayal and the actual performance of such systems in real operating conditions. However, due to the complexity of an ADS’s behaviour and dangers involved in performing real environment security attacks, we believe assessments that can be performed with a combination of simulation and validation at test facilities is the way forward.In this paper, we outline an approach to derive test suites applicable to generic ADS feature classes, where classes would have similar capabilities and comparable assessment results. The goal is to support black box testing of such feature classes as part of an independent evaluation. By the means of co-simulation of post-attack behaviour and critical scenarios, we derive a representative set of physical certification tests, to gain an understanding of the interplay between safety and security. During the initial tests an ADS is subjected to various attacks and its reactions recorded. These reactions such as reduced functionality, fall back etc., together with relevant scenarios for the class is further analysed to check for safety implications.

    Download full text (pdf)
    fulltext
  • 17.
    Skoglund, Martin
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Hansson, Hans
    Mälardalen University, Sweden.
    Punnekkat, Sasikumar
    Mälardalen University, Sweden.
    Synchronisation of an Automotive Multi-concern Development Process2021In: Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops. SAFECOMP 2021. Lecture Notes in Computer Science, vol 12853 / [ed] Habli I., Sujan M., Gerasimou S., Schoitsch E., Bitsch F., 2021Conference paper (Refereed)
    Abstract [en]

    Standardisation has a primary role in establishing commonground and providing technical guidance on best practices. However, asthe methods for Autonomous Driving Systems design, validation andassurance are still in their initial stages, and several of the standardsare under development or have been recently published, an establishedpractice for how to work with several complementary standards simultaneouslyis still lacking. To bridge this gap, we present a uni ed chartdescribing the processes, artefacts, and activities for three road vehiclestandards addressing di erent concerns: ISO 26262 - functional safety,ISO 21448 - safety of the intended functionality, and ISO 21434 - cybersecurityengineering. In particular, the need to ensure alignment betweenthe concerns is addressed with a synchronisation structure regarding contentand timing.

    Download full text (pdf)
    fulltext
  • 18.
    Su, Peng
    et al.
    KTH Royal Institute of Technology, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Chen, DeJiu
    KTH Royal Institute of Technology, Sweden.
    A Simulation-Aided Approach to Safety Analysis of Learning-Enabled Components in Automated Driving Systems2023In: Proceedings of 2023 IEEE 26th International Conference on Intelligent Transportation Systems (ITSC), 2023Conference paper (Refereed)
    Abstract [en]

    Artificial Intelligence (AI) techniques through Learning-Enabled Components (LEC) are widely employed in Automated Driving Systems (ADS) to support operation perception and other driving tasks relating to planning and control. Therefore, the risk management plays a critical role in assuring the operational safety of ADS. However, the probabilistic and nondeterministic nature of LEC challenges the safety analysis. Especially, the impacts of their functional faults and incompatible external conditions are often difficult to identify. To address this issue, this article presents a simulation-aided approach as follows: 1) A simulation-aided operational data generation service with the operational parameters extracted from the corresponding system models and specifications; 2) A Fault Injection (FI) serviceaimed at high-dimensional sensor data to evaluate the robustness and residual risks of LEC. 3) A Variational Bayesian (VB) method for encoding the collected operational data and supporting an effective estimation of the likelihood of operational conditions. As a case study, the paper presents the results of one experiment, where the behaviour of an Autonomous Emergency Braking(AEB) system is simulated under various weather conditions based on the CARLA driving simulator. A set of fault types of cameras, including solid occlusion, water drop, salt and pepper, are modelled and injected into the perception module of the AEB system in different weather conditions. The results indicate that our framework enables to identify the critical faults under various operational conditions. To approximate the critical faults in undefined weather, we also propose Variational Autoencoder(VAE) to encode the pixel-level data and estimate the likelihood.

  • 19.
    Söderberg, Andreas
    et al.
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Hedberg, Johan
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Folkesson, Peter
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Jacobson, Jan
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Safety-related Machine Control Systems using standard EN ISO 13849-12018Report (Other academic)
    Abstract [en]

    Machine control systems shall be designed according to the European Machinery Directive and appropriate European standards. This report gives guidance when applying EN ISO 13849-1:2015 in projects, both for companies developing subsystems and for companies that are developing complete machines.

    Download full text (pdf)
    fulltext
  • 20.
    Tahvili, Sahar
    Mälardalen University, Sweden.
    Multi-Criteria Optimization of System Integration Testing2018Doctoral thesis, monograph (Other academic)
    Abstract [en]

    Optimizing software testing process has received much attention over the last few decades. Test optimization is typically seen as a multi-criteria decision making problem. One aspect of test optimization involves test selection, prioritization and execution scheduling. Having an efficient test process can result in the satisfaction of many objectives such as cost and time minimization. It can also lead to on-time delivery and a better quality of the final software product. To achieve the goal of test efficiency, a set of criteria, having an impact on the test cases, need to be identified. The analysis of several industrial case studies and also state of the art in this thesis, indicate that the dependency between integration test cases is one such criterion, with a direct impact on the test execution results. Other criteria of interest include requirement coverage and test execution time. In this doctoral thesis, we introduce, apply and evaluate a set of approaches and tools for test execution optimization at industrial integration testing level in embedded software development. Furthermore, ESPRET (Estimation and Prediction of Execution Time) and sOrTES (Stochastic Optimizing of Test Case Scheduling) are our proposed supportive tools for predicting the execution time and the scheduling of manual integration test cases, respectively. All proposed methods and tools in this thesis, have been evaluated at industrial testing projects at Bombardier Transportation (BT) in Sweden. As a result of the scientific contributions made in this doctoral thesis, employing the proposed approaches has led to an improvement in terms of reducing redundant test execution failures of up to 40% with respect to the current test execution approach at BT. Moreover, an increase in the requirements coverage of up to 9.6% is observed at BT. In summary, the application of the proposed approaches in this doctoral thesis has shown to give considerable gains by optimizing test schedules in system integration testing of embedded software development.

    Download full text (pdf)
    fulltext
  • 21.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    De Guglielmo, Domenico
    University of Pisa, Italy.
    Dini, Gianluca
    University of Pisa, Italy.
    Anastasi, Giuseppe
    University of Pisa, Italy.
    Das, Sajal K.
    Missouri University of Science and Technology, USA.
    DISH: DIstributed SHuffling against selective jamming attack in IEEE 802.15.4e TSCH networks2018In: ACM transactions on sensor networks, ISSN 1550-4867, E-ISSN 1550-4859, Vol. 15, no 1, article id a3Article in journal (Refereed)
    Abstract [en]

    The MAC standard amendment IEEE 802.15.4e is designed to meet the requirements of industrial and critical applications. In particular, the Time Slotted Channel Hopping (TSCH) mode divides time into periodic, equally-sized, slotframes composed of transmission timeslots. Then, it combines timeslotted access with multi-channel and channel hopping capabilities, providing large network capacity, high reliability and predictable latency, while ensuring energy efficiency. Since every network node considers the same timeslots at each sloframe and selects physical channels according to a periodic function, TSCH produces a steady channel utilization pattern. This can be exploited by a selective jammer to entirely thwart communications of a victim node, in a way that is stealthy, effective and extremely energy efficient. This paper shows how a selective jamming attack can be successfully performed even though TSCH uses the IEEE 802.15.4e security services. Furthermore, we propose DISH, a countermeasure which randomly permutes the timeslot and channel utilization patterns at every slotframe in a consistent and completely distributed way, without requiring any additional message exchange. We have implemented DISH for the Contiki OS and tested its effectiveness onTelosB sensor nodes. Quantitative analysis for different network configurations shows that DISH effectively contrasts selective jamming with negligible performance penalty.

    Download full text (pdf)
    DISH
  • 22.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    ESPLANADE Public Report: Efficient and Safe Product Lines of Architectures eNabling Autonomous DrivE2020Report (Other academic)
    Abstract [en]

    The ESPLANADE project targeted the complex question of showing that an automated road vehicle is safe. This problem is significantly different from safety argumentation for manually driven vehicles. Since the automated driving system (ADS) has complete control of the vehicle when activated, part of its function must be to drive safely. There are several methodological problems that need to be mastered in order to find out how to perform safety argumentation for an ADS. The scope of this project was to provide methods to help solve these problems.The following topics related to safety assurance of an ADS were investigated:

    • How to do safety analysis for Human-ADS interaction?• How to perform risk assessment and define safety goals (top-level safety requirements)?

    • How to determine operational capability and distribute decision in the ADS architecture?

    • How to handle incomplete redundancy for sensor systems in the safety argumentation?

    • How to ensure completeness and consistency in requirements refinement?

    The results include several novel methods as well as new application areas for existing methods.

    The ESPLANADE project ran from January 2017 to March 2020 with the partners Aptiv, Comentor, KTH, Qamcom, RISE, Semcon, Systemite, Veoneer, Volvo Cars, Volvo Technology, and Zenuity. 18 scientific papers were produced, of which 16 are at the time of writing published in academic peer-reviewed conferences or journals. Additionally, 13 deliverables in the form of project reports were written.

    This final report is a summary of the project results and contains excerpts from the deliverables.

    Download full text (pdf)
    fulltext
  • 23.
    Warg, Fredrik
    et al.
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Blom, Hans
    Zenuity AB, Sweden.
    Borg, Jonas
    Volvo Penta AB, Sweden.
    Johansson, Rolf
    Autonomous Intelligent Driving, Sweden.
    Continuous Deployment for Dependable Systems with Continuous Assurance Cases2019In: 2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), Los Alamitos, USA: IEEE Computer Society, 2019Conference paper (Refereed)
    Abstract [en]

    An assurance case contains a structured argument supported by evidence, demonstrating that a system fulfils a certain quality attribute such as safety, cybersecurity or reliability. The traditional way of building assurance cases is, however, not well suited to continuous deployment, and difficult to maintain with a product structure where many variants and frequent new versions must be managed. By integrating the assurance work with product development in continuous assurance cases, which are updated and assessed iteratively, we claim continuous deployment of dependability-critical products is possible to achieve. In this paper we propose a work process combining the use of component-based design, contracts, modular assurance cases, and continuous assessment to enable continuous deployment in the context of product lines.

    Download full text (pdf)
    ContinuousAssuranceCases
  • 24.
    Warg, Fredrik
    et al.
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Gassilewski, Martin
    Volvo Cars, Sweden.
    Tryggvesson, Jörgen
    Comentor AB, Sweden.
    Izosimov, Viacheslav
    KTH Royal Institute of Technology, Sweden.
    Werneman, Anders
    Qamcom AB, Sweden.
    Johansson, Rolf
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Defining Autonomous Functions Using Iterative Hazard Analysis and Requirements Refinement2016In: Computer Safety, Reliability, and Security: SAFECOMP 2016 Workshops / [ed] Amund Skavhaug Jérémie Guiochet, Erwin Schoitsch, Friedemann Bitsch, 2016, Vol. 9923, p. 286-297Conference paper (Refereed)
    Abstract [en]

    Autonomous vehicles are predicted to have a large impact on the field of transportation and bring substantial benefits, but they present new challenges when it comes to ensuring safety. Today the standard ISO 26262:2011 treats each defined function, or item, as a complete scope for functional safety; the driver is responsible for anything that falls outside the items. With autonomous driving, it becomes necessary to ensure safety at all times when the vehicle is operating by itself. Therefore, we argue that the hazard analysis should have the wider scope of making sure the vehicle’s functions together fulfill its specifications for autonomous operation. The paper proposes a new iterative work process where the item definition is a product of hazard analysis and risk assessment rather than an input. Generic operational situation and hazard trees are used as a tool to widen the scope of the hazard analysis, and a method to classify hazardous events is used to find dimensioning cases among a potentially long list of candidates. The goal is to avoid dangerous failures for autonomous driving due to the specification of the nominal function being too narrow.

  • 25.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Johansson, Rolf
    Autonomous Intelligent Driving, Sweden.
    Skoglund, Martin
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Brännström, Mattias
    Zenuity AB, Sweden.
    Gyllenhammar, Magnus
    Zenuity AB, Sweden.
    Sanfridson, Martin
    Volvo Technology AB, Sweden.
    The Quantitative Risk Norm - A Proposed Tailoring of HARA for ADS2020In: Proceedings of 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Los Alamitos, 2020Conference paper (Refereed)
    Abstract [en]

    One of the major challenges of automated drivingsystems (ADS) is showing that they drive safely. Key to ensuringsafety is eliciting a complete set of top-level safety requirements(safety goals). This is typically done with an activity called hazardanalysis and risk assessment (HARA). In this paper we argue thatthe HARA of ISO 26262:2018 is not directly suitable for an ADS,both because the number of relevant operational situations maybe vast, and because the ability of the ADS to make decisionsin order to reduce risks will affect the analysis of exposure andhazards. Instead we propose a tailoring using a quantitative risknorm (QRN) with consequence classes, where each class has alimit for the frequency within which the consequences may occur.Incident types are then defined and assigned to the consequenceclasses; the requirements prescribing the limits of these incidenttypes are used as safety goals to fulfil in the implementation.The main benefits of the QRN approach are the ability to showcompleteness of safety goals, and make sure that the safetystrategy is not limited by safety goals which are not formulatedin a way suitable for an ADS.

    Download full text (pdf)
    fulltext
  • 26.
    Warg, Fredrik
    et al.
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Skoglund, Martin
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Argument Patterns for Multi-Concern Assurance of Connected Automated Driving Systems2019In: 4th International Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS 2019) / [ed] Mikael Asplund and Michael Paulitsch, Dagstuhl, 2019, Vol. 73, p. 3:1-3:13, article id 3Conference paper (Refereed)
    Abstract [en]

    Showing that dependable embedded systems fulfil vital quality attributes, e.g. by conforming to relevant standards, can be challenging. For emerging and increasingly complex functions, such as connected automated driving (CAD), there is also a need to ensure that attributes such as safety, cybersecurity, and availability are fulfilled simultaneously. Furthermore, such systems are often designed using existing parts, including 3rd party components, which must be included in the quality assurance. This paper discusses how to structure the argument at the core of an assurance case taking these considerations into account, and proposes patterns to aid in this task. The patterns are applied in a case study with an example automotive function. While the aim has primarily been safety and security assurance of CAD, their generic nature make the patterns relevant for multi-concern assurance in general.

    Download full text (pdf)
    fulltext
  • 27.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Chen, DeJiu
    KTH Royal Institute of Technology, Sweden.
    Henriksson, Jens
    Semcon, Sweden.
    Rodrigues de Campos, Gabriel
    Zenseact, Sweden.
    SALIENCE4CAV Public Report: Safety Lifecycle Enabling Continuous Deployment for Connected Automated Vehicles2024Report (Other academic)
    Abstract [en]

    Connected automated vehicles (CAVs) are—compared conventional vehicles—expected to provide more efficient, accessible, and safer transport solutions in on-road use cases as well as confined areas such as mines, construction sites or harbours. As development of such vehicles has proved more difficult than anticipated, especially when it comes to ensuring safety, more cautious strategies for introduction are now being pursued. An approach where new automated features are initially released with more basic performance to enable successful safety assurance, followed by gradual expansion of performance and number of use-cases using an iterative development process as the confidence in the solution increases, e.g., due to more available field data, improved machine learning algorithms, or improved verification, is highly interesting. Hence a key research question targeted by the SALIENCE4CAV project was: How to ensure the safety of CAVs while enabling frequent updates for automated driving systems with their comprising elements? Today, many of the used methods and practices for safety analysis and safety assurance are not adequate for continuous deployment. In addition, the project has investigated several open questions raised by the predecessor project ESPLANADE and from needs identified by the industry partners; this includes how to handle safety assurance for machine learning components, use of quantitative risk acceptance criteria as a key part of the safety argument, safety for collaborative CAVs including use in mixed traffic environments, the role of minimal risk manoeuvres, and interaction with human operators.

    Some key results are: investigation of safety assurance methods and gaps with regards to frequent updates and other challenges for CAV safety assurance; use of safety contracts as an enabler for continuous integration, continuous deployment and DevOps; a method for human interaction safety analysis; application of the principle of precautionary safety for meeting a quantitative risk norm and using field data for continuous improvements; definition of classes of cooperative and collaborative vehicles and their respective characteristics and definition of minimal risk manoeuvre and minimal risk condition strategies for individual, cooperative and collaborative vehicles; use of out-of-distribution detection for safety of machine learning; a simulation-aided approach for evaluating machine learning components; and methods for variational safety using high-dimensional safety contracts.

    The SALIENCE4CAV project ran from January 2021 to December 2023 with the partners Agreat, Comentor, Epiroc Rock Drills, KTH Royal Institute of Technology, Qamcom Research and Technology, RISE Research Institutes of Sweden, Semcon Sweden, Veoneer (during the project acquired by Magna) and Zenseact. Coordination was done by RISE.

    This final report is a summary of the project results and contains summaries of content from the project deliverables and publications.

    Download full text (pdf)
    fulltext
  • 28.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Ursing, Stig
    Semcon Sweden AB, Sweden.
    Kaalhus, Martin
    Semcon Sweden AB, Sweden.
    Wiik, Richard
    Semcon Sweden AB, Sweden.
    Towards Safety Analysis of Interactions BetweenHuman Users and Automated Driving Systems2020In: 10th European Congress of Embedded Real Time Systems (ERTS 2020), Toulouse, France, 2020Conference paper (Refereed)
    Abstract [en]

    One of the major challenges of designing automateddriving systems (ADS) is showing that they are safe. This includes safety analysis of interactions between humans and the ADS, amulti-disciplinary task involving functional safety and human factors expertise. In this paper, we lay the foundation for a safety analysis method for these interactions, which builds upon combining human factors knowledge with known techniques from the functional safety domain.

    The aim of the proposed method is finding safety issues in proposed HMI protocols. It combines constructing interaction sequences between human and ADS as a variant of sequence diagrams,and use these sequences as input to a cause-consequence analysis with the purpose of finding potential interaction faults that may lead to dangerous failures. Based on a this analysis,the HMI design can be improved to reduce safety risks, and the analysis results can also be used as part of the ADS safety case.

    Download full text (pdf)
    fulltext
1 - 28 of 28
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf