-
Toward a Harmonized Approach -- Requirement-based Structuring of a Safety Assurance Argumentation for Automated Vehicles
Authors:
Marvin Loba,
Nayel Fabian Salem,
Marcus Nolte,
Andreas Dotzler,
Dieter Ludwig,
Markus Maurer
Abstract:
Despite the increasing testing operations of automated vehicles on public roads, media reports on incidents show that safety issues caused by automated driving systems persist to this day. Manufacturers face high development uncertainty when aiming to deploy these systems in an open context. In particular, one challenge is establishing a valid argument at design time that the vehicles will exhibit…
▽ More
Despite the increasing testing operations of automated vehicles on public roads, media reports on incidents show that safety issues caused by automated driving systems persist to this day. Manufacturers face high development uncertainty when aiming to deploy these systems in an open context. In particular, one challenge is establishing a valid argument at design time that the vehicles will exhibit reasonable residual risk when operating in its intended operational design domain. While there is extensive literature on assurance cases for safety-critical systems in general, the domain of automated driving lacks explicit requirements regarding the creation of safety assurance argumentations for automated vehicles. In this paper, we aim to narrow this gap by elaborating a requirement-based approach. We identify structural requirements for an argumentation based on published literature and supplement these with structural requirements derived from stakeholder concerns. We apply these requirements to obtain a proposal for a generic argumentation structure. The resulting "safety arguments" address the developed product (product argument), the underlying process (process argument) including its conformance/compliance to standards/laws (conformance/compliance argument), as well as an argumentation's context (context argument) and soundness (soundness argument). Finally, we outline argumentation principles in accordance with domain-specific needs and concepts.
△ Less
Submitted 4 July, 2025; v1 submitted 6 May, 2025;
originally announced May 2025.
-
An Ontology-based Approach Towards Traceable Behavior Specifications in Automated Driving
Authors:
Nayel Fabian Salem,
Marcus Nolte,
Veronica Haber,
Till Menzel,
Hans Steege,
Robert Graubohm,
Markus Maurer
Abstract:
Vehicles in public traffic that are equipped with Automated Driving Systems are subject to a number of expectations: Among other aspects, their behavior should be safe, conforming to the rules of the road and provide mobility to their users. This poses challenges for the developers of such systems: Developers are responsible for specifying this behavior, for example, in terms of requirements at sy…
▽ More
Vehicles in public traffic that are equipped with Automated Driving Systems are subject to a number of expectations: Among other aspects, their behavior should be safe, conforming to the rules of the road and provide mobility to their users. This poses challenges for the developers of such systems: Developers are responsible for specifying this behavior, for example, in terms of requirements at system design time. As we will discuss in the article, this specification always involves the need for assumptions and trade-offs. As a result, insufficiencies in such a behavior specification can occur that can potentially lead to unsafe system behavior. In order to support the identification of specification insufficiencies, requirements and respective assumptions need to be made explicit. In this article, we propose the Semantic Norm Behavior Analysis as an ontology-based approach to specify the behavior for an Automated Driving System equipped vehicle. We use ontologies to formally represent specified behavior for a targeted operational environment, and to establish traceability between specified behavior and the addressed stakeholder needs. Furthermore, we illustrate the application of the Semantic Norm Behavior Analysis in a German legal context with two example scenarios and evaluate our results. Our evaluation shows that the explicit documentation of assumptions in the behavior specification supports both the identification of specification insufficiencies and their treatment. Therefore, this article provides requirements, terminology and an according methodology to facilitate ontology-based behavior specifications in automated driving.
△ Less
Submitted 15 November, 2024; v1 submitted 10 September, 2024;
originally announced September 2024.
-
On Assumptions with Respect to Occlusions in Urban Environments for Automated Vehicle Speed Decisions
Authors:
Robert Graubohm,
Nayel Fabian Salem,
Marcus Nolte,
Markus Maurer
Abstract:
Automated driving systems are subject to various kinds of uncertainty during design, development, and operation. These kinds of uncertainty lead to an inherent risk of the technology that can be mitigated, but never fully eliminated. Situations involving obscured traffic participants have become popular examples in the field to illustrate a subset of these uncertainties that developers must deal w…
▽ More
Automated driving systems are subject to various kinds of uncertainty during design, development, and operation. These kinds of uncertainty lead to an inherent risk of the technology that can be mitigated, but never fully eliminated. Situations involving obscured traffic participants have become popular examples in the field to illustrate a subset of these uncertainties that developers must deal with during system design and implementation. In this paper, we describe necessary assumptions for a speed choice in a situation in which an ego-vehicle passes parked vehicles that generate occluded areas where a human intending to cross the road could be obscured. We develop a calculation formula for a dynamic speed limit that mitigates the collision risk in this situation, and investigate the resulting speed profiles in simulation based on example assumptions. This paper has two main results: First, we show that even without worst-case assumptions, dramatically reduced speeds would be driven to avoid collisions. Second, we highlight that design decisions regarding occlusion treatment are directly related to the risk that automated vehicles pose to pedestrians in urban environments. In this respect, we conclude that there needs to be a broader discussion about acceptable assumptions.
△ Less
Submitted 14 February, 2024; v1 submitted 15 May, 2023;
originally announced May 2023.
-
Risk Management Core -- Towards an Explicit Representation of Risk in Automated Driving
Authors:
Nayel Fabian Salem,
Thomas Kirschbaum,
Marcus Nolte,
Christian Lalitsch-Schneider,
Robert Graubohm,
Jan Reich,
Markus Maurer
Abstract:
While current automotive safety standards provide implicit guidance on how unreasonable risk can be avoided, manufacturers are required to specify risk acceptance criteria for Automated Driving Systems (SAE Level 3 and higher). However, the 'unreasonable' level of risk of Automated Driving Systems is not yet concisely defined. Solely applying current safety standards to such novel systems could po…
▽ More
While current automotive safety standards provide implicit guidance on how unreasonable risk can be avoided, manufacturers are required to specify risk acceptance criteria for Automated Driving Systems (SAE Level 3 and higher). However, the 'unreasonable' level of risk of Automated Driving Systems is not yet concisely defined. Solely applying current safety standards to such novel systems could potentially not be sufficient for their acceptance. As risk is managed with implicit knowledge about safety measures in existing automotive standards, an explicit alignment with risk acceptance criteria is challenging. Hence, we propose an approach for an explicit representation and management of risk, which we call the Risk Management Core. The proposal of this process framework is based on requirements elicited from current safety standards and is applied to the task of specifying safe behavior for an Automated Driving System in an example scenario.
△ Less
Submitted 8 March, 2024; v1 submitted 15 February, 2023;
originally announced February 2023.
-
Ein Beitrag zur durchgängigen, formalen Verhaltensspezifikation automatisierter Straßenfahrzeuge
Authors:
Nayel Fabian Salem,
Veronica Haber,
Matthias Rauschenbach,
Marcus Nolte,
Jan Reich,
Torben Stolte,
Robert Graubohm,
Markus Maurer
Abstract:
Assuring safety of automated vehicles (SAE Level 3+) requires specifying and validating the behavior of such a vehicle in its operational environment. In order to argue and support assumptions that are made during the behavior specification within scenarios, a traceable documentation of design decisions is required. With the introduction of the \textit{semantic norm behavior analysis} a method is…
▽ More
Assuring safety of automated vehicles (SAE Level 3+) requires specifying and validating the behavior of such a vehicle in its operational environment. In order to argue and support assumptions that are made during the behavior specification within scenarios, a traceable documentation of design decisions is required. With the introduction of the \textit{semantic norm behavior analysis} a method is proposed, which contributes to a traceable mapping of concerns towards the behavior of an automated vehicle in its operational environment to a formal rule system of semantic concepts for considered scenarios. In this work, a semantic norm behavior analysis is conducted in two selected example scenarios. Thereby, an example of the formalization of behavioral rules from an excerpt of the German traffic code is given.
--
Die Absicherung automatisierter Straßenfahrzeuge (SAE Level 3+) setzt die Spezifikation und Überprüfung des Verhaltens eines Fahrzeugs in seiner Betriebsumgebung voraus. Um Annahmen, welche bei der Verhaltensspezifikation innerhalb von Szenarien getroffen werden, begründen und belegen zu können, ist eine durchgängige Dokumentation dieser Entwurfsentscheidungen erforderlich. Mit der Einführung der \textit{semantischen Normverhaltensanalyse} wird eine Methode vorgeschlagen, mithilfe derer Ansprüche an das Verhalten eines automatisierten Fahrzeugs in seiner Betriebsumgebung durchgängig auf ein formales Regelsystem aus semantischen Konzepten für ausgewählte Szenarien abgebildet werden können. Eine semantische Normverhaltensanalyse wird in dieser Arbeit in zwei ausgewählten Szenarien durchgeführt. Hierfür werden Verhaltensregeln aus einem Auszug der Straßenverkehrsordnung exemplarisch formalisiert.
△ Less
Submitted 15 September, 2022;
originally announced September 2022.
-
Phenomenon-Signal Model: Formalisation, Graph and Application
Authors:
Hans Nikolaus Beck,
Nayel Fabian Salem,
Veronica Haber,
Matthias Rauschenbach,
Jan Reich
Abstract:
Considering information as the basis of action, it may be of interest to examine the flow and acquisition of information between the actors in traffic. The central question is: Which signals does an automated driving system (which will be referred to as an automaton in the remainder of this paper) in traffic have to receive, decode or send in road traffic in order to act safely and in a manner tha…
▽ More
Considering information as the basis of action, it may be of interest to examine the flow and acquisition of information between the actors in traffic. The central question is: Which signals does an automated driving system (which will be referred to as an automaton in the remainder of this paper) in traffic have to receive, decode or send in road traffic in order to act safely and in a manner that is compliant with valid standards. The phenomenon-signal model (PSM) is a method for structuring the problem area and for analysing and describing this very signal flow. The aim of this paper is to explain the basics, the structure and the application of this method.
△ Less
Submitted 20 July, 2022;
originally announced July 2022.
-
Phänomen-Signal-Modell: Formalismus, Graph und Anwendung
Authors:
Hans Nikolaus Beck,
Nayel Fabian Salem,
Veronica Haber,
Matthias Rauschenbach,
Jan Reich
Abstract:
If we consider information as the basis of action, it may be of interest to examine the flow and acquisition of information between the actors in traffic. The central question is, which signals an automaton has to receive, decode or send in road traffic in order to act safely and in a conform manner to valid standards. The phenomenon-signal-model is a method to structure the problem, to analyze an…
▽ More
If we consider information as the basis of action, it may be of interest to examine the flow and acquisition of information between the actors in traffic. The central question is, which signals an automaton has to receive, decode or send in road traffic in order to act safely and in a conform manner to valid standards. The phenomenon-signal-model is a method to structure the problem, to analyze and to describe this very signal flow. Explaining the basics, structure and application of this method is the aim of this paper.
--
Betrachtet man Information als Grundlage des Handelns, so wird es interessant sein, Fluss und Erfassung von Information zwischen den Akteuren des Verkehrsgeschehens zu untersuchen. Die zentrale Frage ist, welche Signale ein Automat im Straßenverkehr empfangen, decodieren oder senden muss, um konform zu geltenden Maßstäben und sicher zu agieren. Das Phänomen-Signal-Modell ist eine Methode, das Problemfeld zu strukturieren, eben diesen Signalfluss zu analysieren und zu beschreiben. Der vorliegende Aufsatz erklärt Grundlagen, Aufbau und Anwendung dieser Methode.
△ Less
Submitted 31 July, 2021;
originally announced August 2021.
