Search Results

Fatal crashes involving automated driving systems, has been raising the concern of minimum standard requirement for safety, reliability and performance required for Autonomous Driving System (ADS)/Advanced Driver Assistance System (ADAS) before this cutting-edge technology takes on public roads. Hence, in order to ensure necessary safety requirements of ADS/ADAS systems we propose a runtime active safety assurance module known as SConSert. SConSert performs dynamic risk assessment of “Sensing, Planning and Action module of ADS/ADAS”; to provide minimal risk maneuver in any given driving scenario. The dynamic risk assessment of ADS/ADAS system is based on the operational design domain (ODD) knowledge of the driving scenario plus the sensor capability, ADS/ADAS algorithm requirement and capability, and finally smooth and collision free maneuver requirement.

Highly automated driving systems have a responsibility to keep a vehicle safe even in abnormal conditions such as random or systematic failures. However, creating redundancy in a system to respond to failures increases the cost of the system, and simple redundancy cannot detect systematic failures because some systematic failures occur in each system at the same time. Systematic failures in automated driving systems cannot be verified sufficiently during the development phase due to numerous patterns of parameters input from outside the system. A safety concept based on a “safety sustainer” for highly automated driving systems is proposed. The safety sustainer is designed for keeping a vehicle in a safe state for several seconds if a failure occurs in the system and notifying the driver that the system is in failure mode and requesting the driver to take over control of the vehicle.

In-vehicle networks are generally used for computerized control and connecting information technology devices in cars. However, increasing connectivity also increases security risks. “Spoofing attacks”, in which an adversary infiltrates the controller area network (CAN) with malicious data and makes the car behave abnormally, have been reported. Therefore, countermeasures against this type of attack are needed. Modifying legacy electronic control units (ECUs) will affect development costs and reliability because in-vehicle networks have already been developed for most vehicles. Current countermeasures, such as authentication, require modification of legacy ECUs. On the other hand, anomaly detection methods may result in misdetection due to the difficulty in setting an appropriate threshold. Evaluating a reception cycle of data can be used to simply detect spoofing attacks. However, this may result in false detection due to fluctuation in the data reception cycle in the CAN.