Change search
Refine search result
1 - 32 of 32
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Chen, De Jiu
    et al.
    KTH Royal Institute of Technology, Sweden.
    Östberg, Kenneth
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Becker, Mathias
    KTH Royal Institute of Technology, Sweden.
    Sivencrona, Håkan
    Zenuity AB, Sweden.
    Warg, Fredrik
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Design of a knowledge-base strategy for capability-aware treatment of uncertainties of automated driving systems2018In: Lect. Notes Comput. Sci., 2018, p. 446-457Conference paper (Refereed)
    Abstract [en]

    Automated Driving Systems (ADS) represent a key technological advancement in the area of Cyber-physical systems (CPS) and Embedded Control Systems (ECS) with the aim of promoting traffic safety and environmental sustainability. The operation of ADS however exhibits several uncertainties that if improperly treated in development and operation would lead to safety and performance related problems. This paper presents the design of a knowledge-base (KB) strategy for a systematic treatment of such uncertainties and their system-wide implications on design-space and state-space. In the context of this approach, we use the term Knowledge-Base (KB) to refer to the model that stipulates the fundamental facts of a CPS in regard to the overall system operational states, action sequences, as well as the related costs or constraint factors. The model constitutes a formal basis for describing, communicating and inferring particular operational truths as well as the belief and knowledge representing the awareness or comprehension of such truths. For the reasoning of ADS behaviors and safety risks, each system operational state is explicitly formulated as a conjunction of environmental state and some collective states showing the ADS capabilities for perception, control and actuations. Uncertainty Models (UM) are associated as attributes to such state definitions for describing and quantifying the corresponding belief or knowledge status due to the presences of evidences about system performance and deficiencies, etc. On a broader perspective, the approach is part of our research on bridging the gaps among intelligent functions, system capability and dependability for mission-&safety-critical CPS, through a combination of development- and run-time measures. © Springer Nature Switzerland AG 2018.

  • 2.
    de la Vara, Jose Luis
    et al.
    Universidad Carlos III de Madrid, Spain.
    Ruiz, Alejandra
    TECNALIA Research and Innovation, Spain.
    Gallina, Barbara
    Mälardalen University, Sweden.
    Blondelle, Gaël
    Eclipse Foundation Europe GmbH, Germany.
    Alaña, Elena
    GMV Aerospace and Defence, Spain.
    Herrero, Javier
    GMV Aerospace and Defence, Spain.
    Warg, Fredrik
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Skoglund, Martin
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Bramberger, Robert
    VIRTUAL VEHICLE Research Center, Austria.
    The AMASS Approach for Assurance and Certification of Critical Systems2019Conference paper (Other academic)
    Abstract [en]

    Safety-critical systems are subject to rigorous assurance and certification processes to guarantee that they do not pose unreasonable risks to people, property, or the environment. The associated activities are usually complex and time-consuming, thus they need adequate support for their execution. The activities are further becoming more challenging as the systems are evolving towards open, interconnected systems with new features, e.g. Internet connectivity, and new assurance needs, e.g. compliance with several assurance standards for different dependability attributes. This requires the development of novel approaches for cost-effective assurance and certification. With the overall goal of lowering assurance and certification costs in face of rapidly changing features and market needs, the AMASS project has created and consolidated the de-facto European-wide open solution for assurance and certification of critical systems. This has been achieved by establishing a novel holistic and reuse-oriented approach for architecture-driven assurance, multi-concern assurance, and for seamless interoperability between assurance and engineering activities along with third-party activities. This paper introduces the main elements of the AMASS approach and how to use them and benefit from them.

    Download full text (pdf)
    fulltext
  • 3.
    Gyllenhammar, Magnus
    et al.
    Zenseact, Sweden; KTH Royal Institute of Technology, Sweden.
    Bergenhem, Carl
    Qamcom Research and Technology AB, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    ADS Safety Assurance – Future Directions2021Conference paper (Refereed)
    Abstract [en]

    More effective, efficient and flexible ways to manage safety assurance are needed for the successful development and release of Automated Driving Systems (ADSs). In this paper we propose a set of desired assurance method criteria and present an initial overview of available safety assurance methods and how they contribute to the proposed criteria. We observe that there is a significant gap between the state-of-the-art research and the state-of-practise for safety assurance of ADSs and propose to investigate reasons for this as future work. A next step will be to investigate how to merge the elements from the different assurance methods to achieve a method addressing all criteria. 

    Download full text (pdf)
    fulltext
  • 4.
    Gyllenhammar, Magnus
    et al.
    Zenseact, Sweden; KTH Royal Institute of Technology, Sweden.
    Brännström, Mattias
    Zenseact, Sweden.
    Johansson, Rolf
    Astus AB, Sweden.
    Sandblom, Fredrik
    Volvo Autonomous Solutions, Sweden.
    Ursing, Stig
    Semcon Sweden AB, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Minimal Risk Condition for Safety Assurance of Automated Driving Systems2021Conference paper (Refereed)
    Abstract [en]

    We have yet to see wide deployment of automated driving systems (ADSs) on public roads. One of the reasons is the challenge of ensuring the systems’ safety. The operational design domain (ODD) can be used to confine the scope of the ADS and subsequently also its safety case. For this to be valid the ADS needs to have strategies to remain in the ODD throughout its operations. In this paper we discuss the role of the minimal risk condition (MRC) as a means to ensure this. Further, we elaborate on the need for hierarchies of MRCs to cope with diverse system degradations during operations.

    Download full text (pdf)
    fulltext
  • 5.
    Gyllenhammar, Magnus
    et al.
    Zenuity AB, Sweden.
    Johansson, Rolf
    Autonomous Intelligent Driving, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Chen, DeJiu
    KTH Royal Institute of Technology, Sweden.
    Heyn, Hans-Martin
    Volvo Technology AB, Sweden.
    Sanfridson, Martin
    Volvo Technology AB, Sweden.
    Söderberg, Jan
    Systemite AB, Sweden.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Ursing, Stig
    Semcon Sweden AB, Sweden.
    Towards an Operational Design Domain That Supports the Safety Argumentation of an Automated Driving System2020In: 10th European Congress on Embedded Real Time Systems (ERTS 2020), Toulouse, France, 2020Conference paper (Refereed)
    Abstract [en]

    One of the biggest challenges for self-driving road vehicles is how to argue that their safety cases are complete.The operational design domain (ODD) of the automated driving system (ADS) can be used to restrict where the ADS is valid and thus confine the scope of the safety case as well as the verification. To complete the safety case there is a need to ensure that the ADS will not exit its ODD. We present four generic strategies to ensure this. Use cases (UCs) provide a convenient way providing such a strategy for a collection of operating conditions (OCs) and furth erensures that the ODD allows for operation within the real world. A framework to categorise the OCs of a UC is presented and it is suggested that the ODD is written with this structure in mind to facilitate mapping towards potential UCs. The ODD defines the functional boundary of the system and modelling it with this structure makes it modular and generalisable across different potential UCs. Further, using the ODD to connect the ADS to the UC enables the continuous delivery of the ADS feature. Two examples of dimensions of the ODD are given and a strategy to avoid an ODD exit is proposed in the respective case.

    Download full text (pdf)
    fulltext
  • 6.
    Henriksson, Jens
    et al.
    Semcon, Sweden.
    Ursing, Stig
    Semcon, Sweden.
    Erdogan, Murat
    Veoneer, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Jaxing, Johan
    Agreat, Sweden.
    Örsmark, Ola
    Comentor, Sweden.
    Örtenberg Toftås, Mathias
    Semcon, Sweden.
    Out-of-Distribution Detection as Support for Autonomous Driving Safety Lifecycle2023In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatic. )Volume 13975 LNCS, Pages 233 - 242, Springer Science and Business Media Deutschland GmbH , 2023, p. 233-242Conference paper (Refereed)
    Abstract [en]

    The automotive industry is moving towards increased automation, where features such as automated driving systems typically include machine learning (ML), e.g. in the perception system. [Question/Problem] Ensuring safety for systems partly relying on ML is challenging. Different approaches and frameworks have been proposed, typically where the developer must define quantitative and/or qualitative acceptance criteria, and ensure the criteria are fulfilled using different methods to improve e.g., design, robustness and error detection. However, there is still a knowledge gap between quality methods and metrics employed in the ML domain and how such methods can contribute to satisfying the vehicle level safety requirements. In this paper, we argue the need for connecting available ML quality methods and metrics to the safety lifecycle and explicitly show their contribution to safety. In particular, we analyse Out-of-Distribution (OoD) detection, e.g., the frequency of novelty detection, and show its potential for multiple safety-related purposes. I.e., as (a) an acceptance criterion contributing to the decision if the software fulfills the safety requirements and hence is ready-for-release, (b) in operational design domain selection and expansion by including novelty samples into the training/development loop, and (c) as a run-time measure, e.g., if there is a sequence of novel samples, the vehicle should consider reaching a minimal risk condition. [Contribution] This paper describes the possibility to use OoD detection as a safety measure, and the potential contributions in different stages of the safety lifecycle. © 2023, The Author(s)

    Download full text (pdf)
    fulltext
  • 7.
    Johansson, Rolf
    et al.
    RISE, SP – Sveriges Tekniska Forskningsinstitut.
    Nilsson, Jonas
    Bergenhem, Carl
    Behere, Sagar
    Tryggvesson, Jörgen
    Ursing, Stig
    Söderberg, Andreas
    RISE, SP – Sveriges Tekniska Forskningsinstitut.
    Törngren, Martin
    Warg, Fredrik
    RISE, SP – Sveriges Tekniska Forskningsinstitut.
    Functional Safety and Evolvable Architectures for Autonomy2016In: Automated Driving: Safer and More Efficient Future Driving / [ed] Daniel Watzenig & Martin Horn, Springer, 2016, p. 547-560Chapter in book (Other academic)
    Abstract [en]

    The presented paper presents the ongoing Swedish national research project FUSE (FUnctional Safety and Evolvable architectures for autonomy). Some of the research questions addressed in this project are summarized. The research questions are related both to functional safety and the E/E architecture of vehicles aimed for higher degrees of automation, including fully autonomous ones.

  • 8.
    Kaalen, Stefan
    et al.
    KTH Royal Institute of Technology.
    Nyberg, Mattias
    KTH Royal Institute of Technology.
    Strandberg, Ted
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Westerberg, Adrian
    Scania CV AB.
    Probabilistic Approach Using SMP Tool For Systems Safety Of Road Vehicles2024In: Advances in Reliability, Safety and Security, ESREL 2024: Part 3 - Mathematical and Statistical Methods in Reliability, Safety and Security / [ed] Kolowrocki, Dabrowska, Gdynia: Polish Safety and Reliability Association, 2024, p. 87-96Conference paper (Refereed)
    Abstract [en]

    Safety analysis on the level of a complete road vehicle can be an intricate task. Several methods and tools for safety analysishave been developed by the research community. One such tool developed to bridge the gap between research and industry isSemi-Markov Process (SMP) Tool. In this paper, two approaches for safety analysis utilizing SMP Tool are presented. Theholistic approach starts out with a quantitative safety target on a vehicle level to then finally argue whether a proposed systemdesign is safe enough. In the segmented approach, the idea is to follow the development steps of industrial standards, whileutilizing SMP Tool for specific tasks within the standard. Specifically the standard ISO 26262 will be under mostconsideration. Both approaches are applied to a case study of a battery management system for an electrified truck. Thesegmented approach can avoid some difficulties arising when following ISO 26262 conventionally while keeping theadvantage that the standard is utilized to find what qualitative tasks should be performed. The holistic approach has anadvantage in that it considers the safety from a vehicle perspective. Moreover, all ambiguity issues in ISO 26262 are avoided.

  • 9.
    Larsson, Marcus
    et al.
    Qamcom Research and Technology AB, Sweden; Halmstad University, Sweden.
    Jonsson, Magnus
    Halmstad University, Sweden.
    Warg, Fredrik
    RISE, SP – Sveriges Tekniska Forskningsinstitut.
    Karlsson, Kristian
    RISE, SP – Sveriges Tekniska Forskningsinstitut.
    A Data Age Dependent Broadcast Forwarding Algorithm for Reliable Platooning Applications2016In: International Journal of Mobile Information Systems, ISSN 1574-017X, E-ISSN 1875-905X, Vol. 2016, article id 7489873Article in journal (Refereed)
    Abstract [en]

    We propose a broadcast message forwarding algorithm for V2V communication in a platooning scenario for heavy duty trucks. The algorithm utilizes link information, which is piggybacked on the original data packet, to estimate which nodes are best suited to forward the packet. The aim is to reach all nodes in the platoon with as few forward messages as possible in order to avoid channel congestion. The algorithm is evaluated by simulation using real world V2V measurement data as input. We show that the algorithm performs almost as good as two ETSI standardized forwarding algorithms with respect to keeping the data age for the entire platoon at a low level. But when it comes to keeping the message intensity low, our algorithm outperforms the better of the ETSI algorithms by 35%.

    Download full text (pdf)
    fulltext
  • 10. Larsson, Marcus
    et al.
    Warg, Fredrik
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik, Pålitliga system.
    Karlsson, Kristian
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik, EMC.
    Jonsson, Magnus
    Evaluation of a Low-Overhead Forwarding Algorithm for Platooning2015In: Proceedings of the 2015 IEEE International Conference on Vehicular Electronics and Safety (ICVES 2015)., 2015Conference paper (Other academic)
  • 11.
    Sainio Berntsson, Petter
    et al.
    Chalmers University of Technology, Sweden.
    Strandén, Lars
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Warg, Fredrik
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Evaluation of Open Source Operating Systems for Safety-Critical Applications2017In: Proceedings of  9th International Workshop on Software Engineering for Resilient Systems, SERENE 2017 Geneva, Switzerland, September 4–5, 2017 / [ed] Alexander Romanovsky, Elena A. Troubitsyna, 2017, Vol. 10479, p. 117-132Conference paper (Refereed)
    Abstract [en]

    There are many different open source real-time operating systems (RTOS) available, and the use of open source software (OSS) for safety-critical applications is considered highly interesting by industrial domains such as medical, aerospace and automotive, as it potentially enables lower costs and more flexibility. In order to use OSS in a safety-critical context, however, evidence that the software fulfills the requirements put forth in a functional safety standard for the relevant domain is necessary. However, the standards for functional safety typically do not provide a clear method for how one would go about certifying systems containing OSS. Therefore, in this paper we identify some important RTOS characteristics and outline a methodology which can be used to assess the suitability of an open source RTOS for use in a safety-critical application. A case study is also carried out, comparing two open source operating systems using the identified characteristics. The most suitable candidate is then assessed in order to see to what degree it can adhere with the requirements put forth in the widely used functional safety standard IEC 61508.

  • 12.
    Sandblom, Fredrik
    et al.
    Zenseact, Sweden.
    Rodrigues de Campos, Gabriel
    Zenseact, Sweden.
    Hardå, Peter
    Zenseact, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Beckman, Fredrik
    Magna Electronics, Sweden.
    Choosing Risk Acceptance Criteria for Safe Automated Driving2024In: Critical Automotive applications: Robustness & Safety (CARS) Workshop 2024, 2024Conference paper (Refereed)
    Abstract [en]

    It is easy to agree that an automated driving system shall be safe, but it is an on-going discussion what safe means. Several Risk Acceptance Criteria (RAC) candidates have been suggested, but a closer analysis indicates that not all of them are related to risk in a traffic safety sense and that perhaps they are better described as properties that an ADS should be designed to exhibit for other reasons.This paper discusses safety aspects of Automated Driving System (ADS) features and the different incentives and arguments that drive the design of an ADS. More precisely, this paper explores different design goals for safe automated driving and puts forward a combination of Risk Acceptance Criteria (RAC) for limiting the risk of harm. These criteria are motivated and contextualized using a simple real-world traffic example. Furthermore, it is also shown why run-time risk transfer is unavoidable in any system that makes tactical decisions under uncertainty and why this motivates avoiding thought-examples such as the trolley problem as basis for ADS design. 

    Download full text (pdf)
    fulltext
  • 13.
    Skoglund, Martin
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Hansson, Hans
    Mälardalen University, Sweden.
    Punnekkat, Sasikumar
    Mälardalen University, Sweden.
    Black-Box Testing for Security-Informed Safety of Automated Driving Systems2021In: 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring), 2021Conference paper (Refereed)
    Abstract [en]

    An evaluation of safety and security properties performed by an independent organisation can be an important step towards establishing trust in Automated Driving Systems (ADS), bridging the gap between the marketing portrayal and the actual performance of such systems in real operating conditions. However, due to the complexity of an ADS’s behaviour and dangers involved in performing real environment security attacks, we believe assessments that can be performed with a combination of simulation and validation at test facilities is the way forward.In this paper, we outline an approach to derive test suites applicable to generic ADS feature classes, where classes would have similar capabilities and comparable assessment results. The goal is to support black box testing of such feature classes as part of an independent evaluation. By the means of co-simulation of post-attack behaviour and critical scenarios, we derive a representative set of physical certification tests, to gain an understanding of the interplay between safety and security. During the initial tests an ADS is subjected to various attacks and its reactions recorded. These reactions such as reduced functionality, fall back etc., together with relevant scenarios for the class is further analysed to check for safety implications.

    Download full text (pdf)
    fulltext
  • 14.
    Skoglund, Martin
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Hansson, Hans
    Mälardalen University, Sweden.
    Punnekkat, Sasikumar
    Mälardalen University, Sweden.
    Synchronisation of an Automotive Multi-concern Development Process2021In: Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops. SAFECOMP 2021. Lecture Notes in Computer Science, vol 12853 / [ed] Habli I., Sujan M., Gerasimou S., Schoitsch E., Bitsch F., 2021Conference paper (Refereed)
    Abstract [en]

    Standardisation has a primary role in establishing commonground and providing technical guidance on best practices. However, asthe methods for Autonomous Driving Systems design, validation andassurance are still in their initial stages, and several of the standardsare under development or have been recently published, an establishedpractice for how to work with several complementary standards simultaneouslyis still lacking. To bridge this gap, we present a uni ed chartdescribing the processes, artefacts, and activities for three road vehiclestandards addressing di erent concerns: ISO 26262 - functional safety,ISO 21448 - safety of the intended functionality, and ISO 21434 - cybersecurityengineering. In particular, the need to ensure alignment betweenthe concerns is addressed with a synchronisation structure regarding contentand timing.

    Download full text (pdf)
    fulltext
  • 15.
    Skoglund, Martin
    et al.
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Warg, Fredrik
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Sangchoolie, Behrooz
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Agreements of an Automated Driving System2018Conference paper (Other academic)
    Abstract [en]

    When introducing automated driving systems (ADS), it is imperative that there exist mutual agreements between the ADS and stakeholders – such as the ADS equipped vehicle user, other road users, and society at large – on how the ADS should behave. Lacking such agreements, the ADS may antagonize stakeholders and, even worse, pose severe safety risks. The ADS needs a complete and unambiguous set of machine-interpretable properties describing these interactions, while the human stakeholders need to understand and accept how the ADS is designed to behave. We propose to make these considerations explicit in the form of agreements. The completeness problem is tackled by cataloguing and categorizing all agreements that need to be considered during the lifetime of an ADS in a systematic way.

  • 16.
    Skoglund, Martin
    et al.
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Warg, Fredrik
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Sangchoolie, Behrooz
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    In search of synergies in a multi-concern development lifecycle: Safety and cybersecurity2018In: Lecture notes in Computer Science, 2018, p. 302-313Conference paper (Refereed)
    Abstract [en]

    The complexity of developing embedded electronic systems has been increasing especially in the automotive domain due to recently added functional requirements concerning e.g., connectivity. The development of these systems becomes even more complex for products - such as connected automated driving systems – where several different quality attributes (such as functional safety and cybersecurity) need to also be taken into account. In these cases, there is often a need to adhere to several standards simultaneously, each addressing a unique quality attribute. In this paper, we analyze potential synergies when working with both a functional safety standard (ISO 26262) and a cybersecurity standard (first working draft of ISO/SAE 21434). The analysis is based on a use case developing a positioning component for the automotive domain. The results regarding the use of multi-concern development lifecycle is on a high level, since most of the insights into co-engineering presented in this paper is based on process modeling. The main findings of our analysis show that on the design-side of the development lifecycle, the big gain is completeness of the analysis when considering both attributes together, but the overlap in terms of shared activities is small. For the verification-side of the lifecycle, much of the work and infrastructure can be shared when showing fulfillment of the two standards ISO 26262 and ISO/SAE 21434.

    Download full text (pdf)
    fulltext
  • 17.
    Skoglund, Martin
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Bergman, Mats
    Telia Company, Sweden.
    Enhancing Safety Assessment of Automated Driving Systems with Key Enabling Technology Assessment Templates2023In: Vehicles, ISSN 2624-8921, Vol. 5, no 4, p. 1818-1843Article in journal (Refereed)
    Abstract [en]

    The emergence of Automated Driving Systems (ADSs) has transformed the landscape of safety assessment. ADSs, capable of controlling a vehicle without human intervention, represent a significant shift from traditional driver-centric approaches to vehicle safety. While traditional safety assessments rely on the assumption of a human driver in control, ADSs require a different approach that acknowledges the machine as the primary driver. Before market introduction, it is necessary to confirm the vehicle safety claimed by the manufacturer. The complexity of the systems necessitates a new comprehensive safety assessment that examines and validates the hazard identification and safety-by-design concepts and ensures that the ADS meets the relevant safety requirements throughout the vehicle lifecycle. The presented work aims to enhance the effectiveness of the assessment performed by a homologation service provider by using assessment templates based on refined requirement attributes that link to the operational design domain (ODD) and the use of Key Enabling Technologies (KETs), such as communication, positioning, and cybersecurity, in the implementation of ADSs. The refined requirement attributes can serve as safety-performance indicators to assist the evaluation of the design soundness of the ODD. The contributions of this paper are: (1) outlining a method for deriving assessment templates for use in future ADS assessments; (2) demonstrating the method by analysing three KETs with respect to such assessment templates; and (3) demonstrating the use of assessment templates on a use case, an unmanned (remotely assisted) truck in a limited ODD. By employing assessment templates tailored to the technology reliance of the identified use case, the evaluation process gained clarity through assessable attributes, assessment criteria, and functional scenarios linked to the ODD and KETs.

  • 18.
    Su, Peng
    et al.
    KTH Royal Institute of Technology, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Chen, DeJiu
    KTH Royal Institute of Technology, Sweden.
    A Simulation-Aided Approach to Safety Analysis of Learning-Enabled Components in Automated Driving Systems2023In: Proceedings of 2023 IEEE 26th International Conference on Intelligent Transportation Systems (ITSC), 2023Conference paper (Refereed)
    Abstract [en]

    Artificial Intelligence (AI) techniques through Learning-Enabled Components (LEC) are widely employed in Automated Driving Systems (ADS) to support operation perception and other driving tasks relating to planning and control. Therefore, the risk management plays a critical role in assuring the operational safety of ADS. However, the probabilistic and nondeterministic nature of LEC challenges the safety analysis. Especially, the impacts of their functional faults and incompatible external conditions are often difficult to identify. To address this issue, this article presents a simulation-aided approach as follows: 1) A simulation-aided operational data generation service with the operational parameters extracted from the corresponding system models and specifications; 2) A Fault Injection (FI) serviceaimed at high-dimensional sensor data to evaluate the robustness and residual risks of LEC. 3) A Variational Bayesian (VB) method for encoding the collected operational data and supporting an effective estimation of the likelihood of operational conditions. As a case study, the paper presents the results of one experiment, where the behaviour of an Autonomous Emergency Braking(AEB) system is simulated under various weather conditions based on the CARLA driving simulator. A set of fault types of cameras, including solid occlusion, water drop, salt and pepper, are modelled and injected into the perception module of the AEB system in different weather conditions. The results indicate that our framework enables to identify the critical faults under various operational conditions. To approximate the critical faults in undefined weather, we also propose Variational Autoencoder(VAE) to encode the pixel-level data and estimate the likelihood.

  • 19.
    Trivedi, Shrishti
    et al.
    KTH Royal Institute of Technology, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Evaluating the Safety Impact of Network Disturbances for Remote Driving with Simulation-Based Human-in-the-Loop Testing2023In: 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), 2023, p. 215-222Conference paper (Refereed)
    Abstract [en]

    One vital safety aspect of advanced vehicle features is ensuring that the interaction with human users will not cause accidents. For remote driving, the human operator is physically removed from the vehicle, instead controlling it from a remote control station over a wireless network. This work presents a methodology to inject network disturbances into this communication and analyse the effects on vehicle manoeuvrability. A driving simulator, CARLA, was connected to a driving station to allow human-in-the-loop testing. NETEM was used to inject faults to emulate network disturbances. Time-To-Collison (TTC) and Steering Reversal Rate (SRR) were used as the main metrics to assess manoeuvrability. Clear negative effects on the ability to safely control the vehicle were observed on both TTC and SRR for 5% packet loss, and collision analysis shows that 50ms communication delay and 5% packet loss resulted in crashes for our test setup. The presented methodology can be used as part of a safety evaluation or in the design loop of remote driving or remote assistance vehicle features.

    Download full text (pdf)
    fulltext
  • 20.
    Vedder, Benjamin
    et al.
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik, Pålitliga system.
    Warg, Fredrik
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik, Pålitliga system.
    Skoglund, Martin
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik, Pålitliga system.
    Söderberg, Andreas
    RISE, SP – Sveriges Tekniska Forskningsinstitut, SP Elektronik, Pålitliga system.
    Safety ADD: A tool for safety-contract based design2014In: Proceedings - IEEE 25th International Symposium on Software Reliability Engineering Workshops, ISSREW, 2014, , p. 527-529p. 527-529, article id 6983898Conference paper (Refereed)
    Abstract [en]

    Safety ADD is a tool for working with safety contracts for software components. Safety contracts tie safety related properties, in the form of guarantees and assumptions, to a component. A guarantee is a property the component promises to hold, on the premise that the environment provides its associated assumptions. When multiple software components are integrated in asystem, Safety ADD is used to verify that the guarantees and assumptions match when there are safety-related dependencies between the components. The initial goal of Safety ADD is to investigate how safety contracts can be managed and used efficiently within the software design process. It is implemented as an Eclipse plug in. The tool has two main functions. It gives designers of software components a way to specify safety contracts, which are stored in an XML format and shall be distributed together with the component. It also gives developers who integrate multiple software components in their systems a tool to verify that the safety contracts are fulfilled. A graphical editor is used to connect guarantees and assumptions for dependent components, and an algorithm traverses all such connections to make sure they match.

  • 21.
    Vu, Victoria
    et al.
    Semcon Sweden AB, Sweden.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Ursing, Stig
    Semcon Sweden AB, Sweden.
    Sunnerstam, Fredrik
    Agreat AB, Sweden.
    Holler, Jimmy
    Epiroc Rock Drills AB, Sweden.
    Bergenhem, Carl
    Qamcom Research and Technology AB, Sweden.
    Cosmin, Irina
    Agreat AB, Sweden.
    Minimal Risk Manoeuvre Strategies for Cooperative and Collaborative Automated Vehicles2023In: 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 116-123Conference paper (Refereed)
    Abstract [en]

    During the last decade, there has been significant increase in research focused on automated vehicles (AVs) and ensuring safe operation of these vehicles. However, challenges still remain, some involving the cooperation and collaboration of multiple AVs, including when and how to perform a minimal risk manoeuvre (MRM), leading to a minimal risk condition (MRC) when an AV within one of these systems is unable to complete its original goal. As most literature is focused on individual AVs, there is a need to adapt and extend the knowledge and techniques to these new contexts. Based on existing knowledge of individual AVs, this paper explores MRM strategies involving cooperative and collaborative AV systems with different capabilities. Specifically, collaborative systems have the potential to enact local MRCs, allowing continued productivity despite having one (or several) of its constituents encounter a fault. Definitions are provided for local and global MRCs, alongside discussions of their implications for MRMs. Illustrative examples are also presented for each type of system.

    Download full text (pdf)
    fulltext
  • 22.
    Warg, Fredrik
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    ESPLANADE Public Report: Efficient and Safe Product Lines of Architectures eNabling Autonomous DrivE2020Report (Other academic)
    Abstract [en]

    The ESPLANADE project targeted the complex question of showing that an automated road vehicle is safe. This problem is significantly different from safety argumentation for manually driven vehicles. Since the automated driving system (ADS) has complete control of the vehicle when activated, part of its function must be to drive safely. There are several methodological problems that need to be mastered in order to find out how to perform safety argumentation for an ADS. The scope of this project was to provide methods to help solve these problems.The following topics related to safety assurance of an ADS were investigated:

    • How to do safety analysis for Human-ADS interaction?• How to perform risk assessment and define safety goals (top-level safety requirements)?

    • How to determine operational capability and distribute decision in the ADS architecture?

    • How to handle incomplete redundancy for sensor systems in the safety argumentation?

    • How to ensure completeness and consistency in requirements refinement?

    The results include several novel methods as well as new application areas for existing methods.

    The ESPLANADE project ran from January 2017 to March 2020 with the partners Aptiv, Comentor, KTH, Qamcom, RISE, Semcon, Systemite, Veoneer, Volvo Cars, Volvo Technology, and Zenuity. 18 scientific papers were produced, of which 16 are at the time of writing published in academic peer-reviewed conferences or journals. Additionally, 13 deliverables in the form of project reports were written.

    This final report is a summary of the project results and contains excerpts from the deliverables.

    Download full text (pdf)
    fulltext
  • 23.
    Warg, Fredrik
    et al.
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Blom, Hans
    Zenuity AB, Sweden.
    Borg, Jonas
    Volvo Penta AB, Sweden.
    Johansson, Rolf
    Autonomous Intelligent Driving, Sweden.
    Continuous Deployment for Dependable Systems with Continuous Assurance Cases2019In: 2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), Los Alamitos, USA: IEEE Computer Society, 2019Conference paper (Refereed)
    Abstract [en]

    An assurance case contains a structured argument supported by evidence, demonstrating that a system fulfils a certain quality attribute such as safety, cybersecurity or reliability. The traditional way of building assurance cases is, however, not well suited to continuous deployment, and difficult to maintain with a product structure where many variants and frequent new versions must be managed. By integrating the assurance work with product development in continuous assurance cases, which are updated and assessed iteratively, we claim continuous deployment of dependability-critical products is possible to achieve. In this paper we propose a work process combining the use of component-based design, contracts, modular assurance cases, and continuous assessment to enable continuous deployment in the context of product lines.

    Download full text (pdf)
    ContinuousAssuranceCases
  • 24.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Donzella, Donzella
    University of Warwick, UK.
    Chan, Pak Hung
    University of Warwick, UK.
    Robinson, Jonathan
    University of Warwick, UK.
    Poledna, Yuri
    Technische Hochschule Ingolstadt, Germany.
    Liandrat, Sebastien
    CEREMA , France.
    Cihan, Umut
    Ford Otosan, Turkey.
    Aramrattana, Maytheewat
    VTI Swedish National Road and Transport Research Institute, Sweden.
    Lee, Graham
    University of Warwick, UK.
    Erdal Aksoy, Eren
    Halmstad University, Sweden.
    From operational design domain to test cases: A methodology to include harsh weather: [version 1; peer review: 1 approved with reservations]2024In: Open Research Europe, Vol. 4, article id 238Article in journal (Refereed)
    Abstract [en]

    [Background] To gain widespread use, assisted and automated driving (AAD) systems will have to cope with harsh weather conditions, such as rain, fog, and snow. This affects the development and testing of perception and decision-making systems. Since the weather cannot be controlled in field tests, the availability and use of virtual simulation and test facilities that can accurately reproduce harsh weather becomes vital. Test cases subjecting the system under test to harsh conditions, covering all expected weather phenomena in both typical and challenging scenarios, must be defined to evaluate all aspects of the system. [Methods] State-of-the-art in scenario-based and hash weather testing for AAD systems was analysed; based on the analysis, a team with diverse expertise in AAD development and testing defined a methodology for defining a set of harsh weather test cases. [Results] This paper proposes, and exemplifies the use of, a methodology to develop a representative set of test cases based on the defined operational design domain and use cases for an AAD system under development, considering the possibility of reproducing tests in different test environments with a focus on harsh weather. [Conclusions] We believe that our proposed methodology can accelerate the overall testing process and contribute to the difficult safety assurance challenges for automated vehicles.

    Download full text (pdf)
    fulltext
  • 25.
    Warg, Fredrik
    et al.
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Gassilewski, Martin
    Volvo Cars, Sweden.
    Tryggvesson, Jörgen
    Comentor AB, Sweden.
    Izosimov, Viacheslav
    KTH Royal Institute of Technology, Sweden.
    Werneman, Anders
    Qamcom AB, Sweden.
    Johansson, Rolf
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Defining Autonomous Functions Using Iterative Hazard Analysis and Requirements Refinement2016In: Computer Safety, Reliability, and Security: SAFECOMP 2016 Workshops / [ed] Amund Skavhaug Jérémie Guiochet, Erwin Schoitsch, Friedemann Bitsch, 2016, Vol. 9923, p. 286-297Conference paper (Refereed)
    Abstract [en]

    Autonomous vehicles are predicted to have a large impact on the field of transportation and bring substantial benefits, but they present new challenges when it comes to ensuring safety. Today the standard ISO 26262:2011 treats each defined function, or item, as a complete scope for functional safety; the driver is responsible for anything that falls outside the items. With autonomous driving, it becomes necessary to ensure safety at all times when the vehicle is operating by itself. Therefore, we argue that the hazard analysis should have the wider scope of making sure the vehicle’s functions together fulfill its specifications for autonomous operation. The paper proposes a new iterative work process where the item definition is a product of hazard analysis and risk assessment rather than an input. Generic operational situation and hazard trees are used as a tool to widen the scope of the hazard analysis, and a method to classify hazardous events is used to find dimensioning cases among a potentially long list of candidates. The goal is to avoid dangerous failures for autonomous driving due to the specification of the nominal function being too narrow.

  • 26.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Johansson, Rolf
    Autonomous Intelligent Driving, Sweden.
    Skoglund, Martin
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Brännström, Mattias
    Zenuity AB, Sweden.
    Gyllenhammar, Magnus
    Zenuity AB, Sweden.
    Sanfridson, Martin
    Volvo Technology AB, Sweden.
    The Quantitative Risk Norm - A Proposed Tailoring of HARA for ADS2020In: Proceedings of 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Los Alamitos, 2020Conference paper (Refereed)
    Abstract [en]

    One of the major challenges of automated drivingsystems (ADS) is showing that they drive safely. Key to ensuringsafety is eliciting a complete set of top-level safety requirements(safety goals). This is typically done with an activity called hazardanalysis and risk assessment (HARA). In this paper we argue thatthe HARA of ISO 26262:2018 is not directly suitable for an ADS,both because the number of relevant operational situations maybe vast, and because the ability of the ADS to make decisionsin order to reduce risks will affect the analysis of exposure andhazards. Instead we propose a tailoring using a quantitative risknorm (QRN) with consequence classes, where each class has alimit for the frequency within which the consequences may occur.Incident types are then defined and assigned to the consequenceclasses; the requirements prescribing the limits of these incidenttypes are used as safety goals to fulfil in the implementation.The main benefits of the QRN approach are the ability to showcompleteness of safety goals, and make sure that the safetystrategy is not limited by safety goals which are not formulatedin a way suitable for an ADS.

    Download full text (pdf)
    fulltext
  • 27.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Liandrat, Sebastien
    CEREMA, France.
    Donzella, Valentina
    University of Warwick, UK.
    Lee, Graham
    University of Warwick, UK.
    Hung Chan, Pak
    University of Warwick, UK.
    Viinanen, Reija
    Sensible 4 OY, Finland.
    Kangasrääsiö, Antti
    Sensible 4 OY, Finland.
    Cihan, Umut
    Ford Otomotiv Sanayi AS, Turkey.
    Hyyti, Heikki
    Finnish Geospatial Research Institute, Finland.
    Waldheuer, Tobias
    ZF Friedrichshafen AG, Germany.
    Poledna, Yuri
    Technische Hochschule Ingolstadt, Germany.
    Matilainen, Jalmari
    Sensible 4 OY, Finland.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    ROADVIEW Robust Automated Driving in Extreme Weather: Deliverable D2.1 : Definition of the complex environment conditions . WP2 – Physical system setup, use cases, requirements and standards. Project No. 1010695762023Report (Other academic)
    Abstract [en]

    The overarching goal of the ROADVIEW project is performance improvements in perception and decision-making subsystems for connected automated vehicles (CAVs) under harsh weather conditions such as rain, fog, or snow, which is necessary to enable the widespread use of automated vehicles. In support of this overarching goal, this deliverable (D2.1) describes complex environments—including levels of harsh weather conditions and density of heterogeneous traffic—to be used for the R&D activities and evaluations in WPs 3 – 8. The environment descriptions are in the form of operational design domain (ODD) definitions meant to be combined with the use cases defined in D2.2. The ODD definitions are specified by using and extending the ODD taxonomy defined in ISO 34503 [3], considering the needs of the ROADVIEW use cases, and the environmental conditions especially relevant for the sensor types investigated in the project. This deliverable first defines terminology related to driving automation systems, ODDs, and testing—where a key purpose is to verify that the CAV operates safely within its ODD. Then harsh weather conditions and the main sensor types intended to be used in the project are discussed. Sensors are investigated with respect to which weather conditions and which metrics for these conditions are relevant to perform verification against the defined ODD (e.g., rain metrics can be intensity specified in mm/h and droplet size distribution). Next follows a discussion on particularly relevant ODD attributes and why we have chosen certain metrics and classifications, and in some instances added new attributes not mentioned in ISO 34503. Finally, ODD definitions are developed for the different types of road environments, or drivable areas, defined in D2.2, i.e., highway, urban traffic, and rural road. D2.2 also defines several use cases for automated vehicles that are relevant for these drivable areas and will be used by the other WPs, together with the ODD definitions from this deliverable, to create test scenarios. Objectives The main objective of this deliverable is to create ODD definitions for the use cases investigated in the project, especially detailing harsh weather conditions with a focus on rain, fog, and snow. By combining these harsh conditions with use cases defined in D2.2, the project will have the basis for working on perception and decision-making improvements for such conditions, and for defining relevant test cases to apply in different test environments used in the project (simulation, x-in-the-Loop, weather test facilities, test tracks, and open-road tests). Together, D2.1 and D2.2 aim to fulfil ROADVIEW Objective 1: Define complex environmental conditions and use case specifications. Methodology and implementation Since the overarching goal of ROADVIEW is to improve performance for CAVs in harsh weather conditions, this deliverable aims to specify an ODD taxonomy specifically including (1) operational conditions relevant for harsh weather conditions with respect to the design and verification of advanced environmental sensors and decision-making systems, and (2) operational conditions relevant for the specific use-cases to be evaluated in the project. The methodology was to, as far as possible, make sure the project uses ODD taxonomy and other terminology from existing sources, in particular existing or soon-to-be-released standards [1][2][3][4][6], to make sure we use terms in a way already established in the automotive domain and avoid inventing new terms where there are already existing alternatives. Given this starting point, a group of experts in sensor technology, test environments, and the providers of use cases have collected and analysed what kind of harsh conditions should be included, and if there is a need to refine the existing ODD taxonomy with new or more detailed attributes or new metrics. Finally, an ODD definition is developed corresponding to each of the three types of drivable areas defined in D2.2. Outcomes This deliverable provides initial ODD definitions covering the drivable areas developed in deliverable D2.2—urban (city) traffic, (multi-lane) highway, and (single-lane) rural road, with and without infrastructure extensions—given our knowledge in the early phases of the ROADVIEW project. Refinements that may be necessary during the project will be described in later project deliverables. Next steps The use cases are further defined in deliverable D2.2. The further work towards the overarching goal performed in ROADVIEW WP 3-8 will use the ODD taxonomy and use case specifications as input for the evaluation and demonstration of the improvements developed in the project. Evaluation of the system prototypes used in the project is part of the integration and demonstration work package (WP8).

  • 28.
    Warg, Fredrik
    et al.
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Skoglund, Martin
    RISE - Research Institutes of Sweden (2017-2019), Safety and Transport, Electronics.
    Argument Patterns for Multi-Concern Assurance of Connected Automated Driving Systems2019In: 4th International Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS 2019) / [ed] Mikael Asplund and Michael Paulitsch, Dagstuhl, 2019, Vol. 73, p. 3:1-3:13, article id 3Conference paper (Refereed)
    Abstract [en]

    Showing that dependable embedded systems fulfil vital quality attributes, e.g. by conforming to relevant standards, can be challenging. For emerging and increasingly complex functions, such as connected automated driving (CAD), there is also a need to ensure that attributes such as safety, cybersecurity, and availability are fulfilled simultaneously. Furthermore, such systems are often designed using existing parts, including 3rd party components, which must be included in the quality assurance. This paper discusses how to structure the argument at the core of an assurance case taking these considerations into account, and proposes patterns to aid in this task. The patterns are applied in a case study with an example automotive function. While the aim has primarily been safety and security assurance of CAD, their generic nature make the patterns relevant for multi-concern assurance in general.

    Download full text (pdf)
    fulltext
  • 29.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Skoglund, Martin
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Sassman, Matthew
    Semcon Sweden AB, Sweden.
    Human Interaction Safety Analysis Method for Agreements with Connected Automated Vehicles2021In: 2021 IEEE 94th Vehicular Technology Conference (VTC2021-Fall), 2021, p. 01-07Conference paper (Refereed)
    Abstract [en]

    Connected and automated vehicles with a large variety in operating modes and operational contexts are now emerging. A vital safety assurance issue, also stressed by recent standards and guidelines, is the safety of human-machine interaction (HMI). This paper proposes, and shows a small example of using, a framework for human interaction safety analysis. It is intended for integration in an iterative development lifecycle and to be used in conjunction with relevant standards. In the framework, an analysis is first conducted to elicit all agreements between humans and the automated function, then an interaction analysis method is used to find potential problems with proposed interfaces affecting each agreement. Risk assessment is conducted to determine if risk reduction is necessary, and verification and validation activities are used to provide support for the analysis results and evidence of HMI safety for an assurance case.

    Download full text (pdf)
    fulltext
  • 30.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Cassel, Anders
    Qamcom Research and Technology AB, Sweden.
    Jaradat, Omar
    Qamcom Research and Technology AB, Sweden.
    Nejad, Negin
    Qamcom Research and Technology AB, Sweden.
    Chen, DeJiu
    KTH Royal Institute of Technology, Sweden.
    Ursing, Stig
    Semcon Sweden AB, Sweden.
    Managing Continuous Assurance of Complex Dependable Systems: Report from a workshop held at the Scandinavian Conference on System and Software Safety (SCSSS) 2022.2022Other (Other academic)
    Abstract [en]

    The SALIENCE4CAV project has done work on enabling continuous assurance, which aims to ensure safety is maintained throughout the entire lifecycle of a product, system, or service. One key technique is the use of safety contracts and modular assurance cases for systematically managing safety responsibilities and requirements across different stakeholders. This report summarizes outcomes from a workshop where discussions were held around this work. The participants were predominantly working in domains with high dependability requirements, such as automotive. Knowledge, tools, and organizational issues are seen as some key obstacles, but interest is high, and the community realizes the need for enabling continuous assurance.

    Download full text (pdf)
    fulltext
  • 31.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Thorsén, Anders
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Chen, DeJiu
    KTH Royal Institute of Technology, Sweden.
    Henriksson, Jens
    Semcon, Sweden.
    Rodrigues de Campos, Gabriel
    Zenseact, Sweden.
    SALIENCE4CAV Public Report: Safety Lifecycle Enabling Continuous Deployment for Connected Automated Vehicles2024Report (Other academic)
    Abstract [en]

    Connected automated vehicles (CAVs) are—compared conventional vehicles—expected to provide more efficient, accessible, and safer transport solutions in on-road use cases as well as confined areas such as mines, construction sites or harbours. As development of such vehicles has proved more difficult than anticipated, especially when it comes to ensuring safety, more cautious strategies for introduction are now being pursued. An approach where new automated features are initially released with more basic performance to enable successful safety assurance, followed by gradual expansion of performance and number of use-cases using an iterative development process as the confidence in the solution increases, e.g., due to more available field data, improved machine learning algorithms, or improved verification, is highly interesting. Hence a key research question targeted by the SALIENCE4CAV project was: How to ensure the safety of CAVs while enabling frequent updates for automated driving systems with their comprising elements? Today, many of the used methods and practices for safety analysis and safety assurance are not adequate for continuous deployment. In addition, the project has investigated several open questions raised by the predecessor project ESPLANADE and from needs identified by the industry partners; this includes how to handle safety assurance for machine learning components, use of quantitative risk acceptance criteria as a key part of the safety argument, safety for collaborative CAVs including use in mixed traffic environments, the role of minimal risk manoeuvres, and interaction with human operators.

    Some key results are: investigation of safety assurance methods and gaps with regards to frequent updates and other challenges for CAV safety assurance; use of safety contracts as an enabler for continuous integration, continuous deployment and DevOps; a method for human interaction safety analysis; application of the principle of precautionary safety for meeting a quantitative risk norm and using field data for continuous improvements; definition of classes of cooperative and collaborative vehicles and their respective characteristics and definition of minimal risk manoeuvre and minimal risk condition strategies for individual, cooperative and collaborative vehicles; use of out-of-distribution detection for safety of machine learning; a simulation-aided approach for evaluating machine learning components; and methods for variational safety using high-dimensional safety contracts.

    The SALIENCE4CAV project ran from January 2021 to December 2023 with the partners Agreat, Comentor, Epiroc Rock Drills, KTH Royal Institute of Technology, Qamcom Research and Technology, RISE Research Institutes of Sweden, Semcon Sweden, Veoneer (during the project acquired by Magna) and Zenseact. Coordination was done by RISE.

    This final report is a summary of the project results and contains summaries of content from the project deliverables and publications.

    Download full text (pdf)
    fulltext
  • 32.
    Warg, Fredrik
    et al.
    RISE Research Institutes of Sweden, Safety and Transport, Electrification and Reliability.
    Ursing, Stig
    Semcon Sweden AB, Sweden.
    Kaalhus, Martin
    Semcon Sweden AB, Sweden.
    Wiik, Richard
    Semcon Sweden AB, Sweden.
    Towards Safety Analysis of Interactions BetweenHuman Users and Automated Driving Systems2020In: 10th European Congress of Embedded Real Time Systems (ERTS 2020), Toulouse, France, 2020Conference paper (Refereed)
    Abstract [en]

    One of the major challenges of designing automateddriving systems (ADS) is showing that they are safe. This includes safety analysis of interactions between humans and the ADS, amulti-disciplinary task involving functional safety and human factors expertise. In this paper, we lay the foundation for a safety analysis method for these interactions, which builds upon combining human factors knowledge with known techniques from the functional safety domain.

    The aim of the proposed method is finding safety issues in proposed HMI protocols. It combines constructing interaction sequences between human and ADS as a variant of sequence diagrams,and use these sequences as input to a cause-consequence analysis with the purpose of finding potential interaction faults that may lead to dangerous failures. Based on a this analysis,the HMI design can be improved to reduce safety risks, and the analysis results can also be used as part of the ADS safety case.

    Download full text (pdf)
    fulltext
1 - 32 of 32
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf