Browse Topic: Safety critical systems
ABSTRACT This paper discusses how programs can leverage VICTORY architecture and specifications in order to achieve interoperability between electronics systems integrated with ground vehicles. It explains the contents of the VICTORY architecture, and the concept of compliance with the VICTORY system and component type specifications. It suggests a model for Army ground vehicle programs to utilize the VICTORY architecture and specifications, and a process called guided self-verification to test components for compliance with VICTORY specifications
ABSTRACT System and software requirements provide a definition of what the system implementation is required to do, and are a necessary component to independent requirement based testing for safety critical systems. However as vital as these requirements are, the requirements often are not analyzed until a safety assessment is performed, or the system fails during testing. Automating the system analysis and testing can be used to help to shift left the software life cycle, particularly when the automation augments, rather than replaces, human test developers. This paper presents a method to convert textual requirements into a logical model of the system. This logical model can be used for various automated system analysis procedures, as well as automated test generation. We show this automation can provide significant insight into possible issues in the system, as well as significantly accelerating the time required for test development. Citation: M. Lingg, H. Paul, S. Kushwaha, J
ABSTRACT In this paper, I will describe what AUTOSAR is, and the benefits it can provide in the development of ECUs. AUTOSAR provides an industry standard framework for the development of modular software architectures, including multi-core, cyber-secure, safety critical applications in the automotive/ground vehicle systems
ABSTRACT This paper describes an approach to secure previously deployed vehicles by using bus monitoring and segmentation to remove malicious messages from the CAN bus. Modern automotive buses were designed for reliability rather than security. This lack of security means that any node on the bus can transmit a message to any other node and the receiver cannot verify the sender or that the message is unaltered. The intrusion detection and prevention system seeks to solve that issue by actively monitoring traffic on all connected busses, alerting an operator when an error is detected and removing flagged messages from the bus. The system will eventually be installed on an Interim Armored Vehicle (IAV) Stryker. Citation: R. Elder, C. Westrick, P. Moldenhauer, “Cyberattack Detection and Bus Segmentation in Ground Vehicles”, In Proceedings of the Ground Vehicle Systems Engineering and Technology Symposium (GVSETS), NDIA, Novi, MI, Aug. 11-13, 2020
In recent years, battery electric vehicles (BEVs) have experienced significant sales growth, marked by advancements in features and market delivery. This evolution intersects with innovative software-defined vehicles, which have transformed automotive supply chains, introducing new BEV brands from both emerging and mature markets. The critical role of software in software-defined battery electric vehicles (SD-BEVs) is pivotal for enhancing user experience and ensuring adherence to rigorous safety, performance, and quality standards. Effective governance and management are crucial, as failures can mar corporate reputations and jeopardize safety-critical systems like advanced driver assistance systems. Product Governance and Management for Software-defined Battery Electric Vehicles addresses the complexities of SD-BEV product governance and management to facilitate safer vehicle deployments. By exploring these challenges, it aims to enhance internal processes and foster cross
Aerospace manufacturers are leveraging multicore processors and modularity to design smarter cockpit displays and avionic computers that are smaller and capable of supporting more applications from a single line replaceable unit (LRU). Some are also starting to embed more of the processing required to enable cockpit display applications within the display itself, rather than having it enabled by an associated LRU. The development of new electric vertical takeoff and landing (eVTOL) aircraft and avionics companies changing their approach to the development of safety critical computers and aircraft networking technologies are some of the aerospace industry factors driving this design trend. In the U.S., the Department of Defense (DoD) embracing the Modular Open Systems Approach (MOSA) across the purchase of all new aircraft technologies is influencing design changes in cockpit displays and aircraft computers as well
The automotive PowerNet is in the middle of a major transformation. The main drivers are steadily increasing power demand, availability requirements, and complexity and cost. These factors result in a wide variety of possible future PowerNet topologies. The increasing power demand is, among other factors, caused by the progressive electrification of formerly mechanical components and a constantly increasing number of comfort and safety loads. This leads to a steady increase in installed electrical power. X-by-wire systems1 and autonomous driving functions result in higher availability requirements. As a result, the power supply of all safety-critical loads must always be kept sufficiently stable. To reduce costs and increase reliability, the car manufacturers aim to reduce the complexity of the PowerNet system, including the wiring harness and the controller network. The wiring harness e.g., is currently one of the most expensive parts of modern cars. These challenges are met with a
In a study, published in the Journal Waves in Random and Complex Media, researchers from the University of Bristol have derived a formula that can inform the design boundaries for a given component’s geometry and material microstructure
A new industry-first open platform for developing the software-defined vehicle (SDV) combines processing, vehicle networking and system power management with integrated software. NXP Semiconductors' new S32 CoreRide Platform was designed to run “multiple time-critical, safety-critical, security-critical applications in parallel,” Henri Ardevol, executive vice president and general manager of Automotive Embedded Systems for NXP Semiconductors, told SAE Media. NXP's new foundation platform for SDVs differs from the traditional approach of using multiple electronic control units (ECUs), each designed to handle specific vehicle system control tasks. Since each unit requires its own integration work, the integration workload exponentially increases with each additional ECU on a vehicle
The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks. But the connectivity is accompanied by potential cyber security risks, eventually
Kognic's advanced interpretation of sensor data helps artificial intelligence and machine learning recognize the human thing to do. In December 2023, Kognic, the Gothenburg, Sweden-based developer of a software platform to analyze and optimize the massively complex datasets behind ADAS and automated-driving systems, was in Dearborn, Michigan to accept the Tech.AD USA award for Sensor Perception solution of the year. The company doesn't make sensors, but one might say it makes sense of the data that comes from sensors. Kognic, established in 2018, is well-known in the ADAS/AV software sector for its work to help developers extract better performance from and enhance the robustness of safety-critical “ground-truth” information gleaned from petabytes-upon-petabytes of sensor-fusion datasets. Kognic CEO and co-founder Daniel Langkilde espoused a path for improving artificial intelligence-reliant systems based on “programming with data instead of programming with code
Wheel rims and wheel hub bearings are critical components of Heavy Commercial Vehicle (HCV) suspension systems and are subjected to extensive fatigue loading throughout their operational life. Actual loading conditions on wheels are a combination of radial loads (vertical loads) and cornering loads (lateral loads) acting simultaneously and are directly influenced by payload and road conditions. Currently for Indian usage, there are test guidelines [1] only for separate uniaxial Radial Fatigue Test (RFT) and Cornering Fatigue Test (CFT) for wheel rims which might not represent realistic combined loading conditions, and no generic guidelines are available for testing of wheel hub bearings. There is a biaxial test guideline defined for European usage scenario, but no guidelines defined for Indian usage scenario [5] Thus, there was a need to define test guidelines for biaxial fatigue testing of wheel rims and wheel hub bearings, based on data acquired for Indian roads and usage conditions
Recent rapid advancement in machine learning (ML) technologies have unlocked the potential for realizing advanced vehicle functions that were previously not feasible using traditional approaches to software development. One prominent example is the area of automated driving. However, there is much discussion regarding whether ML-based vehicle functions can be engineered to be acceptably safe, with concerns related to the inherent difficulty and ambiguity of the tasks to which the technology is applied. This leads to challenges in defining adequately safe responses for all possible situations and an acceptable level of residual risk, which is then compounded by the reliance on training data. The Path to Safe Machine Learning for Automotive Applications discusses the challenges involved in the application of ML to safety-critical vehicle functions and provides a set of recommendations within the context of current and upcoming safety standards. In summary, the potential of ML will only
Developing embedded application software is an expensive business, especially when the software is to be used in a critical application. Composable modularity can streamline development through the reuse of software modules, making it a highly desirable attribute in the architecture of embedded software. The U.S. Department of Defense (DoD) has embraced this concept with the Modular Open Systems Approach (MOSA). This strategic standardization initiative highlights how interoperable modular components built by different companies across different programs or procurements can perform together. The Future Airborne Capability Environment (FACE™) Consortium, a collaboration between government and industry entities, has developed the FACE technical standard to fulfil the requirements of a MOSA for military aviation software development. However, there is nothing about the principles of the FACE technical standard and MOSA that makes them applicable only to military systems. They therefore
The power of advanced driver assistance systems (ADAS) continues to increase alongside vehicle code and software complexity. To ensure ADAS functionality and maximize safety, cost efficiency, and customer satisfaction, original equipment manufacturers (OEMs) must adopt a solution that allows them to mine data, extract meaningful information, send remote software updates and bug fixes, and manage software complexity. All of this is possible with an embedded telematics-based software and data management solution. Event-based logging enables OEMs to actively measure ADAS effectiveness and performance. It allows them to analyze driver behaviors, such as whether response times increase after a certain time of day, and adjust the ADAS settings to increase functionality, such as providing an earlier warning or automated response. A vertically integrated solution also enables the identification and correction of software and calibration defects for the entire vehicle life cycle through over
ARINC 858 Part 3 defines a Common IPS Radio Interface (CIRI) protocol for conveying radio status information and transferring digital data between the Airborne IPS System and Airborne Radios. This standard includes the functional description of the protocol, including applicable use cases, protocol message formats, and protocol operation for both control plane and data plane exchanges. The protocol is intended to operate over a variety of on-aircraft communication means, including, but not limited to, ethernet-based and ARINC 664-based aircraft networks. The reader should also reference ARINC 858 Part 1 and Part 2. This product was developed in coordination with ICAO WG-I, RTCA SC-223, and EUROCAE WG-108
This document provides recommended practices regarding how System Theoretic Process Analysis (STPA) may be applied to safety-critical systems in any industry
Autonomous vehicle (AV) algorithms need to be tested extensively in order to make sure the vehicle and the passengers will be safe while using it after the implementation. Testing these algorithms in real world create another important safety critical point. Real world testing is also subjected to limitations such as logistic limitations to carry or drive the vehicle to a certain location. For this purpose, hardware in the loop (HIL) simulations as well as virtual environments such as CARLA and LG SVL are used widely. This paper discusses a method that combines the real vehicle with the virtual world, called vehicle in virtual environment (VVE). This method projects the vehicle location and heading into a virtual world for desired testing, and transfers back the information from sensors in the virtual world to the vehicle. As a result, while vehicle is moving in the real world, it simultaneously moves in the virtual world and obtains the situational awareness via multiple virtual
Formal verification plays an important role in proving the safety of autonomous vehicles (AV). It is crucial to find errors in the AV system model to ensure safety critical features are not compromised. Model checking is a formal verification method which checks if the finite state machine (FSM) model meets system requirements. These requirements can be expressed as linear Temporal logic (LTL) formulae to describe a sequence of states with linear Temporal properties to be satisfied. NuSMV is a dedicated software for performing model checking based on Temporal logic formulae on FSM models. However, NuSMV does not provide model-based design. On the other hand, Stateflow in MATLAB/SIMULINK is a powerful tool for designing the model and offers an interactive Graphical User Interface (GUI) for the user/verifier but is not as efficient as NuSMV in model checking. Hence, model transformation becomes vital to convert the AV model in Stateflow to an input language of model checking software
The software architecture behind modern autonomous vehicles (AV) is becoming more complex steadily. Safety verification is now an imminent task prior to the large-scale deployment of such convoluted models. For safety-critical tasks in navigation, it becomes imperative to perform a verification procedure on the trajectories proposed by the planning algorithm prior to deployment. Signal Temporal Logic (STL) constraints can dictate the safety requirements for an AV. A combination of STL constraints is called a specification. A key difference between STL and other logic constraints is that STL allows us to work on continuous signals. We verify the satisfaction of the STL specifications by calculating the robustness value for each signal within the specification. Higher robustness values indicate a safer system. Model Predictive Control (MPC) is one of the most widely used methods to control the navigation of an AV, with an underlying set of state and input constraints. Our research aims
Preventing systematic software failures is of paramount importance for any highly automatic vehicle control system, in particular for safety-critical AUTOSAR software. Among the most critical software defects are runtime errors like buffer overflows or data races. They may cause erroneous or erratic behavior, induce system failures, and constitute security vulnerabilities. Sound static analysis can be used to report all such defects in the code, or to prove their absence. It can also determine dependencies between software components and show freedom of interference without missing any data and control flow through data or function pointers. In the past, AUTOSAR projects often had to be decomposed or simplified to achieve satisfactory analysis time or memory consumption. Creating the analysis model, i.e., determining the tasks and ISRs to analyze, their priorities, synchronization, etc., required significant manual effort. In this article we present novel analysis concepts, developed
Future vehicle systems will feature a reduced sensor array, but still will need a technology combination for safe performance. Despite the industrywide realization that SAE driving automation Levels 4 and 5 are not imminent and instead long-term goals, development continues on the sensors that power current and future ADAS systems and up to Level 3. Nothing made it more clear that lidar was the industry favorite than the 30-plus companies showing versions of the tech at the 2023 Consumer Electronics Show. That's an unstainable number, say industry experts. They see the next few years consisting of consolidation and many companies leaving the market
Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With their immediate safety impact, cyberattacks on such systems will endanger passengers. Today, there are various methods of security verification and validation in the automotive industry. However, we realize that vulnerability detection is incomplete and inefficient with classic security testing. In this article, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives
Items per page:
50
1 – 50 of 469