An architecture pattern for safety critical automated driving applications: Design and analysis

Luo, Yaping; Saberi, Arash Khabbaz; Bijlsma, Tjerk; Lukkien, Johan J.; Brand, Mark van den

doi:10.1109/syscon.2017.7934739

Cited by 16 publications

(7 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Architecture patterns for functional safety are analysed in [10] and [11], where specific solutions are proposed for automated driving functions. Each of them involves a certain level of redundancy and can be implemented with different topologies.…”

Section: Related Workmentioning

confidence: 99%

Automotive Architecture Topologies: Analysis for Safety-Critical Autonomous Vehicle Applications

2021

View full text Add to dashboard Cite

Safety-critical systems such as Advanced Driving Assistance Systems and Autonomous Vehicles require redundancy to satisfy their safety requirements and to be classified as fail-operational. Introducing redundancy in a system with high data rates and processing requirements also has a great impact on architectural design decisions. The current self-driving vehicle prototypes do not use a standardized system architecture but base their design on existing vehicles and the available components. In this work, we provide a novel analysis framework that allows us to qualitatively and quantitatively evaluate an in-vehicle architecture topology and compare it with others. With this framework, we evaluate different variants of two common topologies: domain and zone-based architectures. Each topology is evaluated in terms of total cost, failure probability, total communication cable length, communication load distribution, and functional load distribution. We introduce redundancy in selected parts of the systems using our automated process provided in the framework, in a safety-oriented design process that enables the ISO26262 Automotive Safety Integrity Level decomposition technique. After every design step, the architecture is re-evaluated. The advantages and disadvantages of the different architecture variants are evaluated to guide the designer towards the choice of correct architecture, with a focus on the introduction of redundancy.

show abstract

Section: Related Workmentioning

confidence: 99%

Automotive Architecture Topologies: Analysis for Safety-Critical Autonomous Vehicle Applications

2021

View full text Add to dashboard Cite

show abstract

“…General monitoring architectures and their trade-offs in terms of cost, safety, execution time etc. are for example discussed in [6], [8]. The authors of [9], [10] present the benefits of an inherently asymmetric commander-monitor concept compared to a triple modular redundancy system, and propose a run-time monitor that can assess the safety of a planned vehicle trajectory.…”

Section: Related Workmentioning

confidence: 99%

“…duplex [5]) or diverse function replication, e.g. leveraging different sensing modalities or algorithms [6]. If the diversity is sufficiently large, it can be argued that this provides a certain level of protection against the aforementioned faults.…”

Section: Introductionmentioning

confidence: 99%

Fault-Tolerant Perception for Automated Driving A Lightweight Monitoring Approach

Buerkle¹,

Geißler²,

Paulitsch³

et al. 2021

Preprint

View full text Add to dashboard Cite

While the most visible part of the safety verification process of automated vehicles concerns the planning and control system, it is often overlooked that safety of the latter crucially depends on the fault-tolerance of the preceding environment perception. Modern perception systems feature complex and often machine-learning-based components with various failure modes that can jeopardize the overall safety. At the same time, a verification by for example redundant execution is not always feasible due to resource constraints. In this paper, we address the need for feasible and efficient perception monitors and propose a lightweight approach that helps to protect the integrity of the perception system while keeping the additional compute overhead minimal. In contrast to existing solutions, the monitor is realized by a well-balanced combination of sensor checks -here using LiDAR information -and plausibility checks on the object motion history. It is designed to detect relevant errors in the distance and velocity of objects in the environment of the automated vehicle. In conjunction with an appropriate planning system, such a monitor can help to make safe automated driving feasible.

show abstract

“…Aircraft & avionics Delange et al 2009;Delmas et al 2015Denney and Pai 2013b;Dias and Iyoda 2011;Gobbo and Mili 2001;Littlewood and Rushby 2012;Lopez-Jaquero et al 2012;Miller et al 2009;Steiner and Rushby 2011;Zeng et al 2016] Automotive [Antonino and Trapp 2014;da Penha et al 2015;Dardar et al 2012;de Oliveira et al 2015;Ebnenasir and Cheng 2007;Gallina 2014;Hocking et al 2014;Konrad et al 2004;Lin et al 2016;Luo et al 2017a;Martorell et al 2016;Nasser et al 2017;Oertel et al 2014 [Fayad et al 2003;Lakhani and Pont 2012;Murugesan et al 2015;Pont and Banner 2004;Preschern et al 2014a;Sun 2014;Tan et al 2015] Networks & telecommunication [Giuntini et al 2017;Petroulakis et al 2016;Saridakis , 2003 Process & power plants [Larrucea et al , 2016Mahemoff et al 2001;Rauhamäki and Kuikka 2015;Wilson 1992] Generic [Alho and Rauhamäki 2011;Armoush 2010;Armoush et al 2008aArmoush et al ,b, 2009Ba...…”

Section: Application Domain Selection Of Studiesmentioning

confidence: 99%

“…AltaRica, Event-B) [Ball and Butler 2009;Iliasov and Romanovsky 2008;Kabir and Goswami 2015;Lopez-Jaquero et al 2012;Miller et al 2009;Nasser et al 2017;Pereverzeva et al 2012;Tan et al 2015] Petri net [Belli and Großpietsch 1991;Flammini et al 2014] Probabilistic (e.g. Bayesian network) [Armoush 2010;Armoush et al 2008a;Bateman and Hatton 2006; [Alho and Rauhamäki 2011;Armoush 2010;Armoush et al 2008a;Baleani et al 2003;Bozzano et al 2013;Delmas et al 2015;Liu et al 2008;Luo et al 2017a;Mahemoff et al 2001;Nasser et al 2017;Natarajan et al 2000;Pont and Banner 2004;Preschern et al 2014bPreschern et al , 2013cRauhamäki and Kuikka 2015;] Pattern meta-model, tactic taxonomy [Khalil et al 2014;Luo et al 2016;Preschern et al 2013c;Radermacher et al 2013;Vepsäläinen and Kuikka 2014;Wu and Kelly 2004] Modeling Language UML [Fayad et al 2003;Giuntini et al 2017;Islam and Devarakonda 1996;Lopez-Jaquero et al 2012;Miller et al 2009;] AADL, EAST-ADL [Cadoret et al 2012; Preschern et al 2013a,b;…”

Section: Qcontribution: To What Extent Are Known Challenges Covered B...mentioning

confidence: 99%

Assurance of System Safety: A Survey of Design and Argument Patterns

Gleirscher,

Kugele

2019

Preprint

View full text Add to dashboard Cite

The specification, design, and assurance of safety encompasses various concepts and best practices, subject of reuse in form of patterns. This work summarizes applied research on such concepts and practices with a focus on the last two decades and on the state-of-the-art of patterns in safety-critical system design and assurance argumentation. We investigate several aspects of such patterns, for example, where and when they are applied, their characteristics and purposes, and how they are related. For each aspect, we provide an overview of relevant studies and synthesize a taxonomy of first principles underlying these patterns. Furthermore, we comment on how these studies address known challenges and we discuss suggestions for further research. Our findings disclose a lack of research on how patterns improve system safety claims and, vice versa, on the decomposition of system safety into separated local concerns, and on the impact of security on safety. CCS Concepts: • General and reference → Design; Reliability; • Computer systems organization → Architectures; Dependable and fault-tolerant systems and networks; • Hardware → Safety critical systems; • Software and its engineering → Software safety; Error handling and recovery; Software verification and validation; Risk management; • Security and privacy → Security in hardware.

show abstract

An architecture pattern for safety critical automated driving applications: Design and analysis

Cited by 16 publications

References 4 publications

Automotive Architecture Topologies: Analysis for Safety-Critical Autonomous Vehicle Applications

Automotive Architecture Topologies: Analysis for Safety-Critical Autonomous Vehicle Applications

Fault-Tolerant Perception for Automated Driving A Lightweight Monitoring Approach

Assurance of System Safety: A Survey of Design and Argument Patterns

Contact Info

Product

Resources

About