120 research outputs found

    Runtime Restriction of the Operational Design Domain: A Safety Concept for Automated Vehicles

    Get PDF
    Automated vehicles need to operate safely in a wide range of environments and hazards. The complex systems that make up an automated vehicle must also ensure safety in the event of system failures. This thesis proposes an approach and architectural design for achieving maximum functionality in the case of system failures. The Operational Design Domain (ODD) defines the domain over which the automated vehicle can operate safely. We propose modifying a runtime representation of the ODD based on current system capabilities. This enables the system to react with context-appropriate responses depending on the remaining degraded functionality. In addition to proposing an architectural design, we have implemented the approach to prove its viability. An analysis of the approach also highlights the strengths and weaknesses of the approach and how best to apply it. The proof of concept has shown promising directions for future work and moved our automated vehicle research platform closer to achieving level 4 automation. A ROS-based architecture extraction tool is also presented. This tool helped guide the architectural development and integration of the automated vehicle research platform in use at the University of Waterloo, and improve the visibility of safety and testing procedures for the team

    Dependability for declarative mechanisms: neural networks in autonomous vehicles decision making.

    Get PDF
    Despite being introduced in 1958, neural networks appeared in numerous applications of different fields in the last decade. This change was possible thanks to the reduced costs of computing power required for deep neural networks, and increasing available data that provide examples for training sets. The 2012 ImageNet image classification competition is often used as a example to describe how neural networks became at this time good candidates for applications: during this competition a neural network based solution won for the first time. In the following editions, all winning solutions were based on neural networks. Since then, neural networks have shown great results in several non critical applications (image recognition, sound recognition, text analysis, etc...). There is a growing interest to use them in critical applications as their ability to generalize makes them good candidates for applications such as autonomous vehicles, but standards do not allow that yet. Autonomous driving functions are currently researched by the industry with the final objective of producing in the near future fully autonomous vehicles, as defined by the fifth level of the SAE international (Society of Automotive Engineers) classification. Autonomous driving process is usually decomposed into four different parts: the where sensors get information from the environment, the where the data from the different sensors is merged into one representation of the environment, the that uses the representation of the environment to decide what should be the vehicles behavior and the commands to send to the actuators and finally the part that implements these commands. In this thesis, following the interest of the company Stellantis, we will focus on the decision part of this process, considering neural network based solution. Automotive being a safety critical application, it is required to implement and ensure the dependability of the systems, and this is why neural networks use is not allowed at the moment: their lack of safety forbid their use in such applications. Dependability methods for classical software systems are well known, but neural networks do not have yet similar dependable mechanisms to guarantee their trust. This problem is due to several reasons, among them the difficulty to test applications with a quasi-infinite operational domain and whose functions are hard to define exhaustively in the specifications. Here we can find the motivation of this thesis: how can we ensure the dependability of neural networks in the context of decision for autonomous vehicles? Research is now being conducted on the topic of dependability and safety of neural networks with several approaches being considered and our research is motivated by the great potential in safety critical applications mentioned above. In this thesis, we will focus on one category of method that seems to be a good candidate to ensure the dependability of neural networks by solving some of the problems of testing: the formal verification for neural networks. These methods aim to prove that a neural network respects a safety property on an entire range of its input and output domains. Formal verification is already used in other domains and is seen as a trusted method to give confidence in a system, but it remains for the moment a research topic for neural networks with currently no industrial applications. The main contributions of this thesis are the following: a proposal of a characterization of neural network from a software development perspective, and a corresponding classification of their faults, errors and failures, the identification of a potential threat to the use of formal verification. This threat is the erroneous neural network model problem, that may lead to trust a formally validated safety property that does not hold in real life, the realization of an experiment that implements a formal verification for neural networks in an autonomous driving application that is to the best of our knowledge the closest to industrial use. For this application, we chose to work with an ACC (Adaptive Cruise Control) function, which is an autonomous driving function that performs the longitudinal control of a vehicle. The experiment is conducted with the use of a simulator and a neural network formal verification tool. The other contributions of the thesis are the following: theoretical example of the erroneous neural network model problem and a practical example in our autonomous driving experiment, a proposal of detection and recovery mechanisms as a solution to the erroneous model problem mentioned above, an implementation of these detection and recovery mechanisms in our autonomous driving experiment and a discussion about difficulties and possible processes for the implementation of formal verification for neural networks that we developed during our experiments

    Onboard Mission- and Contingency Management based on Behavior Trees for Unmanned Aerial Vehicles

    Get PDF
    Unmanned Aerial Vehicles (UAVs) have gained significant attention for their potential in various sectors, including surveillance, logistics, and disaster management. This thesis focuses on developing a novel onboard mission and contingency management system based on Behavior Trees for UAVs. The study aims to assert if behavior trees can be effectively applied to this domain and how they perform with respect to other modelling architectures. Furthermore, this document explores which tree structures are more efficient, good-design practices and behavior tree limitations. Overall, this thesis addresses the challenge of autonomous onboard decision-making of UAVs in complex and dynamic environments, particularly in the context of delivery missions in off-shore wind farms. The developed architecture is tested in a simulated environment. The research integrates a Skill Manager, a Mission Planner, and a Mission and Contingency Manager. The architecture leverages Behavior Trees to facilitate both mission execution and contingency management. The thesis also presents a quantitative analysis of key performance indicators, providing a comparative evaluation against traditional architectures like Finite State Machines. The results indicate that the proposed system is efficient in mission execution and effective in handling contingencies. This study offers a comprehensive structure targeting onboard planning, contingency management and concurrent actions execution. It also presents a quantitative analysis of Behavior Trees' performance in UAV mission execution and reactivity to contingent situations. It contributes to the ongoing discourse on UAV autonomy, offering insights beneficial for the broader deployment of UAVs in various industrial applications

    Semi-Autonomous Behaviour Tree-Based Framework for Sorting Electric Vehicle Batteries Components

    Get PDF
    The process of recycling electric vehicle (EV) batteries currently represents a significant challenge to the waste management automation industry. One example of it is the necessity of removing and sorting dismantled components from EV battery pack. This paper proposes a novel framework to semi-automate the process of removing and sorting different objects from an EV battery pack using a mobile manipulator. The work exploits the Behaviour Trees model for cognitive task execution and monitoring, which links different robot capabilities such as navigation, object tracking and motion planning in a modular fashion. The framework was tested in simulation, in both static and dynamic environments, and it was evaluated based on task time and the number of objects that the robot successfully placed in the respective containers. Results suggested that the robot’s success rate in accomplishing the task of sorting the battery components was 95% and 82% in static and dynamic environments, respectively

    Use and citation of paper "Fox et al (2018), “When should the chicken cross the road? Game theory for autonomous vehicle - human interactions conference paper”" by the Law Commission to review and potentially change the law of the UK on autonomous vehicles. Cited in their consultation report, "Automated Vehicles: A joint preliminary consultation paper" on p174, ref 651.

    Get PDF
    Topic of this consultation: The Centre for Connected and Automated Vehicles (CCAV) has asked the Law Commission of England and Wales and the Scottish Law Commission to examine options for regulating automated road vehicles. It is a three-year project, running from March 2018 to March 2021. This preliminary consultation paper focuses on the safety of passenger vehicles. Driving automation refers to a broad range of vehicle technologies. Examples range from widely-used technologies that assist human drivers (such as cruise control) to vehicles that drive themselves with no human intervention. We concentrate on automated driving systems which do not need human drivers for at least part of the journey. This paper looks at are three key themes. First, we consider how safety can be assured before and after automated driving systems are deployed. Secondly, we explore criminal and civil liability. Finally, we examine the need to adapt road rules for artificial intelligence

    Systems engineering approaches to safety in transport systems

    Get PDF
    openDuring driving, driver behavior monitoring may provide useful information to prevent road traffic accidents caused by driver distraction. It has been shown that 90% of road traffic accidents are due to human error and in 75% of these cases human error is the only cause. Car manufacturers have been interested in driver monitoring research for several years, aiming to enhance the general knowledge of driver behavior and to evaluate the functional state as it may drastically influence driving safety by distraction, fatigue, mental workload and attention. Fatigue and sleepiness at the wheel are well known risk factors for traffic accidents. The Human Factor (HF) plays a fundamental role in modern transport systems. Drivers and transport operators control a vehicle towards its destination in according to their own sense, physical condition, experience and ability, and safety strongly relies on the HF which has to take the right decisions. On the other hand, we are experiencing a gradual shift towards increasingly autonomous vehicles where HF still constitutes an important component, but may in fact become the "weakest link of the chain", requiring strong and effective training feedback. The studies that investigate the possibility to use biometrical or biophysical signals as data sources to evaluate the interaction between human brain activity and an electronic machine relate to the Human Machine Interface (HMI) framework. The HMI can acquire human signals to analyse the specific embedded structures and recognize the behavior of the subject during his/her interaction with the machine or with virtual interfaces as PCs or other communication systems. Based on my previous experience related to planning and monitoring of hazardous material transport, this work aims to create control models focused on driver behavior and changes of his/her physiological parameters. Three case studies have been considered using the interaction between an EEG system and external device, such as driving simulators or electronical components. A case study relates to the detection of the driver's behavior during a test driver. Another case study relates to the detection of driver's arm movements according to the data from the EEG during a driver test. The third case is the setting up of a Brain Computer Interface (BCI) model able to detect head movements in human participants by EEG signal and to control an electronic component according to the electrical brain activity due to head turning movements. Some videos showing the experimental results are available at https://www.youtube.com/channel/UCj55jjBwMTptBd2wcQMT2tg.openXXXIV CICLO - INFORMATICA E INGEGNERIA DEI SISTEMI/ COMPUTER SCIENCE AND SYSTEMS ENGINEERING - Ingegneria dei sistemiZero, Enric

    Behavior based autonomous mobile Robot for industrial logistics

    Get PDF
    The design of robot behaviors to meet the requirements of the new industrial era - Industry 4.0 - has grown significantly in recent years. Especially the demand for flexible and adaptable systems has increased exponentially since intelligent robots started to be integrated into assembly lines and replace human activities. Tools such as Finite State Machines have proven to be an understandable and quick way to solve high-level problems in robotics; however, unmanageable when complexity rises. They become confusing and unreadable, making their modification and mainte- nance a problem. New tools, such as Behavior Trees, have emerged, creating modular, flexible, and adaptable systems without sacrificing readability with the increased com- plexity. The proposed architecture follows a hierarchical layered approach taking advantage of Behavior Trees, developing modular robot skills and system interfaces to create an autonomous behavior-based system. The software was implemented and tested in an Autonomous Mobile Robot capable of navigating complex environments and executing basic tasks. The results showed real advantages in using the layer-based approach, particularly giving the system modularity and increased flexibility capable of being easily improved and used in other systems. It was also concluded that Behavior Trees are an adequate tool for reactive systems in highly dynamic environments.Nos últimos anos, tem-se verificado um crescimentos na modelação de comportamen- tos robóticos com o objetivo de satisfazer necessidades dos novos paradigmas da indústria. Em particular, na indústria 4.0, com a integração de robôs nas linhas de produção e a subs- tituição dos humanos em diversas atividades, tem-se verificado um aumento na exigência de sistemas mais adaptáveis e flexíveis. Ferramentas tais como as máquinas de estado provaram ser percetíveis e de fácil uti- lização na resolução de problemas na área da robótica. No entanto, com o aumento da complexidade, tornam-se problemáticas pela sua desorganização e ilegibilidade. Por con- seguinte, emergiram novas estruturas, tais como as árvores de comportamento, capazes de tornar os sistemas mais modulares e flexíveis. A arquitetura por hierarquisação de camadas proposta, tira partido das vantagens das árvores de comportamento, com o desenvolvimento de comportamentos e interfaces de modo a criar um sistema reativo e autónomo. O software foi implementado e testado num robô móvel autónomo, capaz de navegar em ambientes complexos e de executar tarefas basicas. Os resultados mostraram vantagens na utilização da arquitetura proposta, em parti- cular, trazendo modularidade e flexibilidade ao sistema robótico, permitindo uma futura melhoria de cada um dos módulos, tal como, a sua utilização noutros sistemas

    Mitigating Emergent Safety and Security Incidents of CPS by a Protective Shell

    Get PDF
    In today's modern world, Cyber-Physical Systems (CPS) have gained widespread prevalence, offering tremendous benefits while also increasing society's dependence on them. Given the direct interaction of CPS with the physical environment, their malfunction or compromise can pose significant risks to human life, property, and the environment. However, as the complexity of CPS rises due to heightened expectations and expanded functional requirements, ensuring their trustworthy operation solely during the development process becomes increasingly challenging. This thesis introduces and delves into the novel concept of the 'Protective Shell' – a real-time safeguard actively monitoring CPS during their operational phases. The protective shell serves as a last line of defence, designed to detect abnormal behaviour, conduct thorough analyses, and initiate countermeasures promptly, thereby mitigating unforeseen risks in real-time. The primary objective of this research is to enhance the overall safety and security of CPS by refining, partly implementing, and evaluating the innovative protective shell concept. To provide context for collaborative systems working towards higher objectives — common within CPS as system-of-systems (SoS) — the thesis introduces the 'Emergence Matrix'. This matrix categorises outcomes of such collaboration into four quadrants based on their anticipated nature and desirability. Particularly concerning are outcomes that are both unexpected and undesirable, which frequently serve as the root cause of safety accidents and security incidents in CPS scenarios. The protective shell plays a critical role in mitigating these unfavourable outcomes, as conventional vulnerability elimination procedures during the CPS design phase prove insufficient due to their inability to proactively anticipate and address these unforeseen situations. Employing the design science research methodology, the thesis is structured around its iterative cycles and the research questions imposed, offering a systematic exploration of the topic. A detailed analysis of various safety accidents and security incidents involving CPS was conducted to retrieve vulnerabilities that led to dangerous outcomes. By developing specific protective shells for each affected CPS and assessing their effectiveness during these hazardous scenarios, a generic core for the protective shell concept could be retrieved, indicating general characteristics and its overall applicability. Furthermore, the research presents a generic protective shell architecture, integrating advanced anomaly detection techniques rooted in explainable artificial intelligence (XAI) and human machine teaming. While the implementation of protective shells demonstrate substantial positive impacts in ensuring CPS safety and security, the thesis also articulates potential risks associated with their deployment that require careful consideration. In conclusion, this thesis makes a significant contribution towards the safer and more secure integration of complex CPS into daily routines, critical infrastructures and other sectors by leveraging the capabilities of the generic protective shell framework.:1 Introduction 1.1 Background and Context 1.2 Research Problem 1.3 Purpose and Objectives 1.3.1 Thesis Vision 1.3.2 Thesis Mission 1.4 Thesis Outline and Structure 2 Design Science Research Methodology 2.1 Relevance-, Rigor- and Design Cycle 2.2 Research Questions 3 Cyber-Physical Systems 3.1 Explanation 3.2 Safety- and Security-Critical Aspects 3.3 Risk 3.3.1 Quantitative Risk Assessment 3.3.2 Qualitative Risk Assessment 3.3.3 Risk Reduction Mechanisms 3.3.4 Acceptable Residual Risk 3.4 Engineering Principles 3.4.1 Safety Principles 3.4.2 Security Principles 3.5 Cyber-Physical System of Systems (CPSoS) 3.5.1 Emergence 4 Protective Shell 4.1 Explanation 4.2 System Architecture 4.3 Run-Time Monitoring 4.4 Definition 4.5 Expectations / Goals 5 Specific Protective Shells 5.1 Boeing 737 Max MCAS 5.1.1 Introduction 5.1.2 Vulnerabilities within CPS 5.1.3 Specific Protective Shell Mitigation Mechanisms 5.1.4 Protective Shell Evaluation 5.2 Therac-25 5.2.1 Introduction 5.2.2 Vulnerabilities within CPS 5.2.3 Specific Protective Shell Mitigation Mechanisms 5.2.4 Protective Shell Evaluation 5.3 Stuxnet 5.3.1 Introduction 5.3.2 Exploited Vulnerabilities 5.3.3 Specific Protective Shell Mitigation Mechanisms 5.3.4 Protective Shell Evaluation 5.4 Toyota 'Unintended Acceleration' ETCS 5.4.1 Introduction 5.4.2 Vulnerabilities within CPS 5.4.3 Specific Protective Shell Mitigation Mechanisms 5.4.4 Protective Shell Evaluation 5.5 Jeep Cherokee Hack 5.5.1 Introduction 5.5.2 Vulnerabilities within CPS 5.5.3 Specific Protective Shell Mitigation Mechanisms 5.5.4 Protective Shell Evaluation 5.6 Ukrainian Power Grid Cyber-Attack 5.6.1 Introduction 5.6.2 Vulnerabilities in the critical Infrastructure 5.6.3 Specific Protective Shell Mitigation Mechanisms 5.6.4 Protective Shell Evaluation 5.7 Airbus A400M FADEC 5.7.1 Introduction 5.7.2 Vulnerabilities within CPS 5.7.3 Specific Protective Shell Mitigation Mechanisms 5.7.4 Protective Shell Evaluation 5.8 Similarities between Specific Protective Shells 5.8.1 Mitigation Mechanisms Categories 5.8.2 Explanation 5.8.3 Conclusion 6 AI 6.1 Explainable AI (XAI) for Anomaly Detection 6.1.1 Anomaly Detection 6.1.2 Explainable Artificial Intelligence 6.2 Intrinsic Explainable ML Models 6.2.1 Linear Regression 6.2.2 Decision Trees 6.2.3 K-Nearest Neighbours 6.3 Example Use Case - Predictive Maintenance 7 Generic Protective Shell 7.1 Architecture 7.1.1 MAPE-K 7.1.2 Human Machine Teaming 7.1.3 Protective Shell Plugin Catalogue 7.1.4 Architecture and Design Principles 7.1.5 Conclusion Architecture 7.2 Implementation Details 7.3 Evaluation 7.3.1 Additional Vulnerabilities introduced by the Protective Shell 7.3.2 Summary 8 Conclusion 8.1 Summary 8.2 Research Questions Evaluation 8.3 Contribution 8.4 Future Work 8.5 Recommendatio
    corecore