PhD Defense: “Efficient Strategies for Safety Assurance of Automated Driving Systems”

TECoSA industrial PhD student (with Zenseact) Magnus Gyllenhammar will defend his thesis at F3 (Flodis), Lindstedtsvägen 26 & 28 at Sing-Sing, KTH Campus. Contact Martin Törngren (martint@kth.se) if you are interested in attending.

Abstract: By relieving the human driver of the responsibility of safely operating the vehicle, Automated Driving Systems (ADSs) (colloquially known as self-driving cars) can free up time and possibly also reduce the number of road accidents. Paradoxically, even though safety is one of the main expectations of ADSs, it is also one of the major challenges and arguably one of the key reasons why we have yet to see widespread market deployment of such systems. Contrary to previous generations of automotive systems, common development and safety assurance practises no longer suffice to accommodate the increased system complexity and operational uncertainty inherent to an ADS. Indeed, concrete models and means to show safety fulfilment before deployment remain elusive. For that purpose, this thesis focuses on efficient strategies for safety assurance of ADSs and explores this from three angles.

Firstly, a comprehensive review of the state of the art has been conducted to identify and structure available methods for providing (predictive) evidence of the safety of the ADS, and to identify gaps and directions where further research is needed.

Secondly, the task of ensuring completeness of both the Verification and Validation (V\&V) as well as the safety requirements of the ADS has been explored. The appropriate definition, formalisation and management of an Operational Design Domain (ODD) provide a means to ensure alignment between specification, testing and operations of the ADS — suggesting one way of closing the completeness gap for the V\&V. Furthermore, to address the exhaustiveness of the safety requirements, this thesis proposes the use of a Quantitative Risk Norm (QRN) to elicit quantitative vehicle-level requirements. A QRN facilitates this exhaustiveness by considering frequencies of loss events (e.g. accidents) rather than requiring an enumeration of all possible hazards pertaining to the ADS.

Thirdly, this thesis extends the concept of Precautionary Safety (PcS) proposing a methodology for connecting the quantitative safety requirements of the QRN and the runtime decisions of the ADS. This is enabled by augmenting the ADS’s situation awareness (SAW) with an understanding of its own ability to avoid different loss events. Using this enhances SAW model and by subsequently accounting for the uncertainties of the loss event probabilities, enables an assessment of the QRN even when there is limited data available. Consequently, the proposed methodology can ensure that the ADS indeed only takes decisions that are known to fulfil the QRN.

Jointly, the work presented in this thesis paves a way for how to bridge quantitative safety requirements and runtime decision-making of the ADS, and a possible strategy for efficient safety assurance of ADSs is outlined — drawing upon the contributions of the appended papers. There are still several open questions to understand the implications of this approach but the work showcased herein provides a solid foundation for such future work.