https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Runtime Monitoring for Safe Automated Driving Systems
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Mass-produced passenger vehicles are one of the greatest inventions of the 20th century that significantly changed human lives. Several safety measures such as traffic signs, traffic lights, mandatory driver education, seat belts, airbags, and anti-lock braking systems were introduced throughout the years. Today, a further increase in safety, comfort, and efficiency is being targeted by developing systems with automated driving capabilities. These systems range from those supporting the driver with a particular function (e.g., ensuring vehicle drives with constant speed while keeping a safe distance to other road participants) to taking all driving responsibilities from the driver (i.e., full driving automation). The development and series production of the former has already been accomplished, whereas reaching full driving automation still presents many challenges.

The main reason is the shift of all driving responsibilities, including the responsibility for the overall vehicle safety, from the human driver to a computer-based system responsible for the automated driving functionality (i.e., the Automated Driving System (ADS)). Such a shift makes the ADS highly safety-critical, and the consensus of cross-domain experts is that there is no “silver bullet” for ensuring the required levels of safety. Instead, a set of complementary safety methods are necessary.

In this context, runtime monitoring that continuously verifies the safe operation of the ADS, once deployed on public roads, is a promising complementary approach for ensuring safety. However, the development of a runtime monitoring solution is a challenge on its own. On a conceptual level, the complex and opaque technology used in ADS often makes researchers doubt “what” a runtime monitor should verify and “how” such verification should be performed.

This thesis proposes novel runtime monitoring solutions for verifying the safe operation of ADS. On a conceptual level, a novel Runtime Verification (RV) approach, namely the Safe Driving Envelope- Verification (SDE-V), answers the “what” and “how” of monitoring an ADS. In particular, the SDE-V approach verifies whether the ADS path planner output (i.e., a trajectory) is safe to be executed by the vehicle’s actuators. To perform this verification, the trajectory is checked against the following safety rules: (i) trajectory not leading into collision with obstacles on the road, and (ii) trajectory not leaving the road edge.

Towards realizing the proposed SDE-V concept into an actual solution, additional concepts, methods, and architectural solutions have been developed. Our contributions in this context include : (i) a concept for reducing the false positive rate of SDE-V, (ii) a method for evaluating the quality of runtime monitors by investigating to what extent they can handle faults related to different classes of real accident scenarios, (iii) a modular and scalable fail-operational architecture which enables integration of multiple RV approaches alongside the SDE-V, (iv) estimation of a “forecast horizon” to ensure the timely execution of emergency actions upon an ADS failure detection by SDE-V, and (v) an approach to tackle the out-of-sequence measurement problem in sensor fusion-based ADS. A prototype implementation of SDV-E has been realized on an automotive-grade embedded platform. Based on its promising results, a future industrial implementation Project has been initiated.

Place, publisher, year, edition, pages
Västerås: Mälardalen University , 2020.
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 324
National Category
Computer Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-51850ISBN: 978-91-7485-489-3 (print)OAI: oai:DiVA.org:mdh-51850DiVA, id: diva2:1479230
Public defence
2020-11-23, Pi +(Online Zoom), Mälardalens högskola, Västerås, 14:15 (English)
Opponent
Supervisors
Available from: 2020-10-27 Created: 2020-10-26 Last updated: 2020-11-02Bibliographically approved
List of papers
1. Systematic False Positive Mitigation in Safe Automated Driving Systems
Open this publication in new window or tab >>Systematic False Positive Mitigation in Safe Automated Driving Systems
2020 (English)In: 2020 International Symposium on Industrial Electronics and Applications, INDEL 2020 - Proceedings4 November 2020, Banja Luka, Bosnia and Herzegovina, 2020, article id 9266146Conference paper, Published paper (Refereed)
Place, publisher, year, edition, pages
Banja Luka, Bosnia and Herzegovina: , 2020
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-50012 (URN)10.1109/INDEL50386.2020.9266146 (DOI)2-s2.0-85098487693 (Scopus ID)
Conference
2020 International Symposium on Industrial Electronics and Applications INDEL 2020, 04 Nov 2020, Banja Luka, Bosnia and Herzegovina
Projects
RetNet - The European Industrial Doctorate Programme on Future Real-Time Networks
Note

Konferens avhålls i november 2020, 2020-09-10 Tord

Available from: 2020-09-10 Created: 2020-09-10 Last updated: 2021-01-07Bibliographically approved
2. Formal Verification of an Approach for Systematic False Positive Mitigation in Safe Automated Driving System
Open this publication in new window or tab >>Formal Verification of an Approach for Systematic False Positive Mitigation in Safe Automated Driving System
2020 (English)Report (Other academic)
Abstract [en]

Manufacturers of self-driving cars need to significantly improve the safety of their products before the series of such cars are deployed in everyday use. A large number of architecture proposals for Automated Driving Systems (ADS) are aiming at addressing the challenge of safety. These solutions typically define redundancy schemes and quite commonly include self-checking pair structures, e.g., commander/monitor approaches. In such structures, the problem of detecting false positive failures arises, i.e., the monitor may falsely classify the output of the commander as being faulty. In this report we provide details regarding a formal verification of an approach aiming at false positive mitigation in the domain of automated driving. We formalize our proposal in an abstract model an

Place, publisher, year, edition, pages
Västerås, Sweden: Mälardalen Real-Time Research Centre, Mälardalen University, 2020
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-49323 (URN)MDH-MRTC-331/2020-1-SE (ISRN)
Projects
RetNet - The European Industrial Doctorate Programme on Future Real-Time Networks
Available from: 2020-07-03 Created: 2020-07-03 Last updated: 2020-10-26Bibliographically approved
3. System Architecture and Application-Specific Verification Method for Fault-Tolerant Automated Driving System
Open this publication in new window or tab >>System Architecture and Application-Specific Verification Method for Fault-Tolerant Automated Driving System
2019 (English)In: IEEE Intelligent Vehicles Symposium workshops IEEE IVS 2019 WS, 2019, p. 39-44Conference paper, Published paper (Refereed)
Abstract [en]

Automated vehicles come with promises for higher comfort and safety compared to the standard human-driven vehicles. Various demonstrator vehicles with fully automated driving capabilities have been already presented with success. Yet, there is a large number of technical challenges to be solved until the safety levels comply with those required from safety standards, and most importantly with those for public acceptance. In this paper, we introduce the technical challenges resulting from the need for fault-tolerant capabilities of automated vehicles with no fallback-ready drivers. We then propose a concrete solution to these challenges. This includes a fault-tolerant architecture for automated driving systems. Also, the safety co-pilot, that is a safety mechanism that ensures the coordinated operation of two or more redundant ADS, by means of novel application-specific verification methods. We conclude our work with experimental proof of concept results of the proposed solution.

National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-43943 (URN)10.1109/IVS.2019.8813824 (DOI)000508184100008 ()2-s2.0-85072287264 (Scopus ID)
Conference
IEEE Intelligent Vehicles Symposium workshops IEEE IVS 2019 WS, 09 - 12 Jun 2019, Paris, France
Projects
RetNet - The European Industrial Doctorate Programme on Future Real-Time Networks
Available from: 2019-06-20 Created: 2019-06-20 Last updated: 2021-01-04Bibliographically approved
4. Deterministic Ethernet: Addressing the Challenges of Asynchronous Sensing in Sensor Fusion Systems
Open this publication in new window or tab >>Deterministic Ethernet: Addressing the Challenges of Asynchronous Sensing in Sensor Fusion Systems
2017 (English)In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017; Denver; United States; 26 June 2017 through 29 June 2017, 2017, p. 22-28, article id 8023693Conference paper, Published paper (Refereed)
Abstract [en]

In this paper, we study the cause of out-of-sequence measurements (OOSM) and their effect on Kalman filter based multi-sensor fusion systems. We explore the current available solutions for handling of OOSM and pinpoint how the absence of precise measurement timestamps does not allow the correct chronological order of sensor measurements. The processing of such, out-of-order measurements, leads to negative-time measurement updates in the sensor fusion process, which in turn leads to a wrong representation of the environment.Furthermore, we present methods for achieving precise measurement timestamps. We explore the suitability of set of communication standards for improving the timestamp precision. In particular we focus on IEEE 802.1AS, IEEE 802.1Qav, Qbv and SAE AS6802 standards that enable deterministic communication over IEEE802.3 standard Ethernet. We present theoretical performance studies and comparison of the said communication standards.

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-36084 (URN)10.1109/DSN-W.2017.44 (DOI)000425860600005 ()2-s2.0-85031711590 (Scopus ID)978-1-5386-2272-8 (ISBN)
Conference
The 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2017), 26-29 June 2017, Denver, Colorado, USA
Available from: 2017-07-10 Created: 2017-07-10 Last updated: 2020-10-26Bibliographically approved
5. Forecast Horizon for Automated Safety Actions in Automated Driving Systems
Open this publication in new window or tab >>Forecast Horizon for Automated Safety Actions in Automated Driving Systems
2019 (English)In: Lecture Notes in Computer Science, Volume 11698, 2019, p. 113-127Conference paper, Published paper (Refereed)
Abstract [en]

Future Automated Driving Systems (ADS) will ultimately take over all driving responsibilities from the driver. This will as well include the overall safety goal of avoiding hazards on the road by exe- cuting automated safety actions (ASA). It is the purpose of this paper to address the general properties of the ASA. One property in particu- lar interest is the forecast horizon that defines how early in advance a hazard has to be identified in order to ensure the execution of an ASA. For the estimation of the forecast horizon, we study the fault-tolerant time interval concept defined by the ISO 26262 and extend it for the use case of fail-operational ADS. We then perform a thorough study on all parameters contributing to the forecast horizon, assign exemplary values for each parameter for a running example, and formalize our work by a set of equations. The set of equations are then applied to two specific driving scenarios, and based on the running example values, the fore- cast horizon is estimated. We conclude our work with a summary of the estimated forecast horizon for each of the specific driving scenarios at different road conditions and the recommended road speed limits.

Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 11698
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-43944 (URN)10.1007/978-3-030-26601-1_8 (DOI)000656151900006 ()2-s2.0-85072871485 (Scopus ID)9783030266004 (ISBN)
Conference
38th International Conference on Computer Safety, Reliability and Security SAFECOMP 2019, 10 Sep 2019, Turku, Finland
Projects
RetNet - The European Industrial Doctorate Programme on Future Real-Time Networks
Available from: 2019-06-20 Created: 2019-06-20 Last updated: 2021-11-03Bibliographically approved
6. Early Concept Evaluation of a Runtime Monitoring Approach for Safe Automated Driving
Open this publication in new window or tab >>Early Concept Evaluation of a Runtime Monitoring Approach for Safe Automated Driving
2022 (English)In: 2022 IEEE Zooming Innovation in Consumer Technologies Conference (ZINC), IEEE, 2022, p. 53-58Conference paper, Published paper (Refereed)
Abstract [en]

Being used in key features, such as sensing and intelligent path planning, Artificial Intelligence (AI) has become an inevitable part of automated vehicles (AVs). However, their usage in the automotive industry always comes with a 'label' that questions their impact on the overall AV safety. This paper focuses on the safe deployment of AI-based AVs. Among the various ways for ensuring the safety of AI-based AVs is to monitor the safe execution of the system responsible for automated driving (i.e., Automated Driving System (ADS)) at runtime (i.e., runtime monitoring). Most of the research done in the past years focused on verifying whether the path or trajectory generated by the ADS does not immediately collide with objects on the road. However, as we will show in this paper, there are other unsafe situations that do not immediately result in a collision but the monitor should check for them. To build our case, we have looked into the National Highway Traffic Safety Administration (NHTSA) database of 5.9 million police-reported light-vehicle accidents and categorized these accidents into five main categories of unsafe vehicle operations. Furthermore, we have performed a high-level evaluation of the runtime monitoring approach proposed in [1], by estimating what percentage of the total population of 5.9 million of unsafe operations the approach would be able to detect. Lastly, we have performed the same evaluation on other existing runtime monitoring approaches to make a basic comparison of their diagnostic capabilities.

Place, publisher, year, edition, pages
IEEE, 2022
Keywords
accident prevention, highway accidents, motion planning, vehicles
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-51849 (URN)10.1109/ZINC55034.2022.9840649 (DOI)2-s2.0-85136371722 (Scopus ID)978-1-6654-8374-2 (ISBN)
Conference
Zooming Innovation in Consumer Technologies Conference (ZINC), 25-26 May 2022, Novi Sad, Serbia
Available from: 2020-10-26 Created: 2020-10-26 Last updated: 2022-09-07Bibliographically approved

Open Access in DiVA

fulltext(5324 kB)1664 downloads
File information
File name FULLTEXT02.pdfFile size 5324 kBChecksum SHA-512
316b5afcc90aed16ac62f6e068300d46aab467d257b206e12688ad45bed6c0c2ab3afacc9a136a0a78145196b4e7130dc1e99fe3cdce5104f524d3dcda05b6c5
Type fulltextMimetype application/pdf

Authority records

Mehmed, Ayhan

Search in DiVA

By author/editor
Mehmed, Ayhan
By organisation
Embedded Systems
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 1680 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 5484 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf