Safety and Security Analysis of AEB for L4 Autonomous Vehicle Using STPA

Autonomous vehicles (AVs) are coming to our streets. Due to the presence of highly complex software systems in AVs, there is a need for a new hazard analysis technique to meet stringent safety standards. System Theoretic Process Analysis (STPA), based on Systems Theoretic Accident Modeling and Processes (STAMP), is a powerful tool that can identify, define, analyze and mitigate hazards from the earliest conceptual stage deployment to the operation of a system. Applying STPA to autonomous vehicles demonstrates STPA\u27s applicability to preliminary hazard analysis, alternative available, developmental tests, organizational design, and functional design of each unique safety operation. This paper describes the STPA process used to generate system design requirements for an Autonomous Emergency Braking (AEB) system using a top-down analysis approach to system safety. The paper makes the following contributions to practicing STPA for safety and security: 1) It describes the incorporation of safety and security analysis in one process and discusses the benefits of this; 2) It provides an improved, structural approach for scenario analysis, concentrating on safety and security; 3) It demonstrates the utility of STPA for gap analysis of existing designs in the automotive domain; 4) It provides lessons learned throughout the process of applying STPA and STPA-Sec

Goal-driven agent-oriented software processes

The quality of software processes is acknowledged as a critical factor for delivering quality software systems. Any initiative for improving the quality of software processes requires their explicit representation and management. A current representational metaphor for systems is agent orientation, which has become one of the recently recognized engineering paradigms. In this article, we argue for the convenience of representing the software process using an agent-oriented language to model it and a goal-driven procedure to design it. Particularly we propose using the i* framework which is both an agent- and a goal-oriented modeling language. We review the possibilities of i* as a software process modeling language, and we also show how success factors can be made explicit in i* representations of the software processes. Finally, we illustrate the approach with an example based on the development of a set of ergonomic and safety software tools.Peer ReviewedPostprint (published version

A subjective safety and cost based decision model for assessing safety requirements specifications

This paper presents a subjective safety and cost based modeling approach for evaluating safety requirements specifications in the study of safety-critical software. In the approach fuzzy set modeling and evidential reasoning are combined to assess both the safety associated with and the cost incurred in each option of safety requirements specifications. Both safety and cost estimates are combined to obtain the preference degree associated with each option of safety requirements specifications for selecting the best one. An example is presented to demonstrate the proposed approach for safety based on decisionmaking in safety requirements analysis of safety critical software development. © World Scientific Publishing Company

Performance Modeling and Analysis of Software Architectures Specified Through Graph Transformations

Software architecture plays an important role in the success of modern, large and distributed software systems. For many of the software systems -- especially safety-critical ones -- it is important to specify their architectures using formal modeling notations. In this case, it is possible to assess different functional and non-functional properties on the designed models. Graph Transformation System (GTS) is a formal yet understandable language which is suitable for architectural modeling. Most of the existing works done on architectural modeling and analysis by GTS are concentrated on functional aspects, while for many systems it is crucial to consider non-functional aspects for modeling and analysis at the architectural level. In this paper, we present an approach to performance analysis of software architectures specified through GTS. To do so, we first enrich the existing architectural style -- specified through GTS - with performance information. Then, the performance models are generated in PEPA (Performance Evaluation Process Algebra) -- a formal language based on the stochastic process algebra -- using the enriched GTS models. Finally, we analyze different features like throughput, utilization of different software components, etc. on the generated performance models. All the main concepts are illustrated through a case study

Object-Oriented Bayesian Networks (OOBN) for Aviation Accident Modeling and Technology Portfolio Impact Assessment

The concern for reducing aviation safety risk is rising as the National Airspace System in the United States transforms to the Next Generation Air Transportation System (NextGen). The NASA Aviation Safety Program is committed to developing an effective aviation safety technology portfolio to meet the challenges of this transformation and to mitigate relevant safety risks. The paper focuses on the reasoning of selecting Object-Oriented Bayesian Networks (OOBN) as the technique and commercial software for the accident modeling and portfolio assessment. To illustrate the benefits of OOBN in a large and complex aviation accident model, the in-flight Loss-of-Control Accident Framework (LOCAF) constructed as an influence diagram is presented. An OOBN approach not only simplifies construction and maintenance of complex causal networks for the modelers, but also offers a well-organized hierarchical network that is easier for decision makers to exploit the model examining the effectiveness of risk mitigation strategies through technology insertions

Integrated Design Tools for Embedded Control Systems

Currently, computer-based control systems are still being implemented using the same techniques as 10 years ago. The purpose of this project is the development of a design framework, consisting of tools and libraries, which allows the designer to build high reliable heterogeneous real-time embedded systems in a very short time at a fraction of the present day costs. The ultimate focus of current research is on transformation control laws to efficient concurrent algorithms, with concerns about important non-functional real-time control systems demands, such as fault-tolerance, safety,\ud reliability, etc.\ud The approach is based on software implementation of CSP process algebra, in a modern way (pure objectoriented design in Java). Furthermore, it is intended that the tool will support the desirable system-engineering stepwise refinement design approach, relying on past research achievements ¿ the mechatronics design trajectory based on the building-blocks approach, covering all complex (mechatronics) engineering phases: physical system modeling, control law design, embedded control system implementation and real-life realization. Therefore, we expect that this project will result in an\ud adequate tool, with results applicable in a wide range of target hardware platforms, based on common (off-theshelf) distributed heterogeneous (cheap) processing units

A Framework for Group Modeling in Agent-Based Pedestrian Crowd Simulations

Pedestrian crowd simulation explores crowd behaviors in virtual environments. It is extensively studied in many areas, such as safety and civil engineering, transportation, social science, entertainment industry and so on. As a common phenomenon in pedestrian crowds, grouping can play important roles in crowd behaviors. To achieve more realistic simulations, it is important to support group modeling in crowd behaviors. Nevertheless, group modeling is still an open and challenging problem. The influence of groups on the dynamics of crowd movement has not been incorporated into most existing crowd models because of the complexity nature of social groups. This research develops a framework for group modeling in agent-based pedestrian crowd simulations. The framework includes multiple layers that support a systematic approach for modeling social groups in pedestrian crowd simulations. These layers include a simulation engine layer that provides efficient simulation engines to simulate the crowd model; a behavior-based agent modeling layers that supports developing agent models using the developed BehaviorSim simulation software; a group modeling layer that provides a well-defined way to model inter-group relationships and intra-group connections among pedestrian agents in a crowd; and finally a context modeling layer that allows users to incorporate various social and psychological models into the study of social groups in pedestrian crowd. Each layer utilizes the layer below it to fulfill its functionality, and together these layers provide an integrated framework for supporting group modeling in pedestrian crowd simulations. To our knowledge this work is the first one to focus on a systematic group modeling approach for pedestrian crowd simulations. This systematic modeling approach allows users to create social group simulation models in a well-defined way for studying the effect of social and psychological factors on crowd’s grouping behavior. To demonstrate the capability of the group modeling framework, we developed an application of dynamic grouping for pedestrian crowd simulations