Safety assessment of automated vehicle functions by simulation-based fault injection

As automated driving vehicles become more sophisticated and pervasive, it is increasingly important to assure its safety even in the presence of faults. This paper presents a simulation-based fault injection approach (Sabotage) aimed at assessing the safety of automated vehicle functions. In particular, we focus on a case study to forecast fault effects during the model-based design of a lateral control function. The goal is to determine the acceptable fault detection interval for permanent faults based on the maximum lateral error and steering saturation. In this work, we performed fault injection simulations to derive the most appropriate safety goals, safety requirements, and fault handling strategies at an early concept phase of an ISO 26262-compliant safety assessment process.The authors have partially received funding from the ECSEL JU AMASS project under H2020 grant agreement No 692474 and from MINETUR (Spain)

Fault injection method for safety and controllability evaluation of automated driving

Advanced Driver Assistance Systems (ADAS) and automated vehicle applications based on embedded sensors have become a reality today. As road vehicles increase its autonomy and the driver shares his role in the control loop, novel challenges on their dependability assessment arise. One key issue is that the notion of controllability becomes more complex when validating the robustness of the automated vehicle in the presence of faults. This paper presents a simulation-based fault injection approach aimed at finding acceptable controllability properties for the model-based design of control systems. We focus on determining the best fault models inserting exceptional conditions to accelerate the identification of specific areas for testing. In our work we performed fault injection method to find the most appropriate safety concepts, controllability properties and fault handling strategies at early design phases of lateral control functions based on the error in the Differential GPS signal.Authors wants to thank to the H2020 UnCoVerCPS Project (with grant number 643921) and the ECSEL JU AMASS project under H2020 grant agreement No 692474 and from MINETUR (Spain)

Reuse of safety certification artefacts across standards and domains: A systematic approach

Reuse of systems and subsystem is a common practice in safety-critical systems engineering. Reuse can improve system development and assurance, and there are recommendations on reuse for some domains. Cross-domain reuse, in which a previously certified product typically needs to be assessed against different safety standards, has however received little attention. No guidance exists for this reuse scenario despite its relevance in industry, thus practitioners need new means to tackle it. This paper aims to fill this gap by presenting a systematic approach for reuse of safety certification artefacts across standards and domains. The approach is based on the analysis of the similarities and on the specification of maps between standards. These maps are used to determine the safety certification artefacts that can be reused from one domain to another and reuse consequences. The approach has been validated with practitioners in a case study on the reuse of an execution platform from railway to avionics. The results show that the approach can be effectively applied and that it can reduce the cost of safety certification across standards and domains. Therefore, the approach is a promising way of making cross-domain reuse more cost-effective in industry.European Commission's FP7 programm

Design-Time Safety Assessment of Robotic Systems Using Fault Injection Simulation in a Model-Driven Approach

International audienceThe rapid advancement of autonomy in robotic systems together with the increasing interaction with humans in shared workspaces (e.g. collaborative robots), raises pressing concerns about system safety. In recent years, the need of modeldriven approaches for safety analysis during the design stage has gained a lot of attention. In this context, simulation-based fault injection combined with a virtual robot is a promising practice to complement traditional safety analysis. Fault injection is used to identify the potential safety hazard scenarios and to evaluate the controller's robustness to certain faults. Besides, it enables a quantitative assessment w.r.t. other techniques that only give qualitative hints, such as FMEA. Thus, it facilitates the refinement of safety requirements and the conception of concrete mitigation actions. This paper presents a tool-supported approach that leverages models and simulation-assisted fault injection to assess safety and reliability of robotic systems in the early phases of design. The feasibility of this method is demonstrated by applying it to the design of a real-time cartesian impedance control system in torque mode as a use case scenario