Search Results

Fatal crashes involving automated driving systems, has been raising the concern of minimum standard requirement for safety, reliability and performance required for Autonomous Driving System (ADS)/Advanced Driver Assistance System (ADAS) before this cutting-edge technology takes on public roads. Hence, in order to ensure necessary safety requirements of ADS/ADAS systems we propose a runtime active safety assurance module known as SConSert. SConSert performs dynamic risk assessment of “Sensing, Planning and Action module of ADS/ADAS”; to provide minimal risk maneuver in any given driving scenario. The dynamic risk assessment of ADS/ADAS system is based on the operational design domain (ODD) knowledge of the driving scenario plus the sensor capability, ADS/ADAS algorithm requirement and capability, and finally smooth and collision free maneuver requirement.

In-vehicle networks are generally used for computerized control and connecting information technology devices in cars. However, increasing connectivity also increases security risks. “Spoofing attacks”, in which an adversary infiltrates the controller area network (CAN) with malicious data and makes the car behave abnormally, have been reported. Therefore, countermeasures against this type of attack are needed. Modifying legacy electronic control units (ECUs) will affect development costs and reliability because in-vehicle networks have already been developed for most vehicles. Current countermeasures, such as authentication, require modification of legacy ECUs. On the other hand, anomaly detection methods may result in misdetection due to the difficulty in setting an appropriate threshold. Evaluating a reception cycle of data can be used to simply detect spoofing attacks. However, this may result in false detection due to fluctuation in the data reception cycle in the CAN.

Hard real-time systems such as automotive control systems have to guarantee that strict deadlines are met for applications. Recent automotive control systems have been network systems that have combined event-triggered with time-triggered networks, i.e., Controller Area Network (CAN) and FlexRay. A CAN-FlexRay gateway has to execute real-time message transfers from CAN to FlexRay and from FlexRay to CAN to guarantee that communication deadlines are met. Most gateways in the automotive control systems select messages according to the priority of the messages and pack them into frames. However, when many events of same kinds occur within the short period, the gateway cannot guarantee that communication deadlines for time-triggered and first event-triggered messages will be met because many event-triggered messages prevent time-triggered messages from being packed into frame.