Browse Topic: Safety critical systems

Items (503)
Find
Advancing Automotive Radar Characterization: OTA HIL Testing for Enhanced ADAS Safety2026-26-0043To be published on 01/16/2026
The increasing demand for reliable Advanced Driver-Assistance Systems (ADAS) and autonomous driving technologies necessitates the precise validation of automotive radar sensors. Traditional on-road testing, while effective, presents challenges such as limited repeatability, high costs, and safety concerns. To address these limitations, this paper introduces an Over-the-Air (OTA) Hardware-in-the-Loop (HIL) methodology for radar characterization, providing a controlled and repeatable lab-based validation approach. This methodology enables dynamic testing of key radar parameters, including range estimation, angle of arrival measurement, Doppler velocity analysis, and object detection accuracy. The proposed setup supports diverse testing scenarios, such as variable target distances, relative speeds, multiple object simulation, and environmental effects, ensuring a comprehensive evaluation of radar behaviour under complex and safety-critical conditions. Through OTA testing, developers can
Jadhav, TejasKarle, UjjwalaPaul, HarshitSNV, Karthik
Powering the Future: Addressing Power Architecture Bottlenecks in Next Gen Automotive Platforms2026-26-0688To be published on 01/16/2026
As the automotive industry moves from conventional function oriented embedded ECU-based systems to Code-driven system, the core electrical and electronic (E&E) architecture is also being redesigned to support more software-driven functionality. Modern and centralized architectures promise scalability and software-driven flexibility, but they also introduce significant challenges in power distribution-an area that remains underexplored despite its critical role in overall vehicle safety and performance. Our paper aims at the adoption of the traditional power distribution approach for Next Gen vehicle architecture. It requires a fresh look at how power is distributed. In a novel E&E architecture, a single power harness supplies battery voltage to each zone. If there's a failure or voltage drop, it can affect multiple functions within that zone at once, and management of voltage regulation, thermal dissipation, and EMI/EMC compliance becomes crucial. Adding to the complexity, safety
Borole, AkashWarke, UmakantCHAKRA, PIPUNJaisankar, Gokulnath
ALLOY WHEEL RIM LINEAR CRASH VALIDATION WITH BENCH LEVEL TEST PROCEDURE2026-26-0574To be published on 01/16/2026
Crash test plays a very crucial role in determining the passenger safety along with driver safety in most modern vehicles. This has become a prominent factor for many buyers to choose a safe car. During crash test, many components tend to fail. Amongst them, the major safety critical component which hampers the drivability of a vehicle is Wheel and Tyre Assembly. With the introduction of low aspect tyres, the failure rate of these assemblies has increased. A very high importance is given to ensure these parts withstand the subjection load as it is directly related to function of vehicle. Many methods are available to test the Wheel and Tyre assembly to ensure they pass the crash criteria. We have developed a novel test method which can simulate the crash pattern in the rig/bench level. The method employs a mechanical actuator which can be operated at designated load application to ensure the assembly undergoes the anticipated failure. The process is repeated with different types of
Medaboyina, HarshaVardhanSingh, Ram KrishnanSUNDARAM, RAGHUPATHIJithendhar, Ashokan
Shaping the Future of Mobility with Innovative Power Tailgate Testing Solutions2026-26-0473To be published on 01/16/2026
Abstract With increasing demand for automation and user convenience in modern vehicles, Power Operated Tailgates (POT) have become standard in premium and mid-segment cars. However, validating such systems—comprising electronic control units (ECUs), sensors, actuators, and mechanical components poses significant challenges in safety, reliability, and cost. This paper introduces a Hardware-in-the-Loop (HiL) based validation framework that allows comprehensive, automated, and safe testing of POT systems without depending on full vehicle prototypes. The HiL platform integrates Real Time Hardware and Real Time software with dynamic models to simulate real-world behaviors. It enables automated validation of normal and fault scenarios—such as open/close commands, anti-pinch protection, voltage sensitivity, and communication errors—ensuring robust system performance. The proposed framework accelerates development, improves test coverage, and supports early fault detection, making it a
More, ShwetaGHANWAT, HemantShetti, SurajJape, AkshayKulkarni, ShraddhaJagdale, Nitin
A Centralized Framework for Sustaining Safety-Critical Vehicle Systems Through Periodic Servicing2026-26-0003To be published on 01/16/2026
As vehicles are becoming more complex, maintaining the effectiveness of safety critical systems like adaptive cruise control, lane keep assist, electronic breaking and airbag deployment extends far beyond the initial design and manufacturing. In the automotive industry these safety systems must perform reliably over the years under varying environmental conditions. This paper examines the critical role of periodic maintenance in sustaining the long-term safety and functional integrity of these systems throughout the lifecycle. As per the latest data from the Ministry of Road Transport and Highways (MoRTH), in 2022, India reported a total of 4.61 lakh road accidents, resulting in 1.68 lakh fatalities and 4.43 lakh injuries. The number of fatalities could have been reduced by the intervention of periodic services and monitoring the health of safety critical systems. While periodic maintenance has contributed to long term safety of the vehicles, there are a lot of vehicles on the road
HN, Sufiyan AhmedKhan, FurqanSrinivas, Dheeraj
SEooC-Based Design Framework for Integrated EV Power Conversion Systems under ISO 26262 Compliance2026-26-0192To be published on 01/16/2026
The rapid integration of electric vehicle (EV) power conversion elements—such as traction inverters, onboard chargers, and DC-DC converters—into unified architectures poses new challenges for ensuring functional safety compliance as per ISO 26262. This paper presents a system-level framework that leverages the Safety Element out of Context (SEooC) approach to design and validate reusable safety-critical components independent of vehicle-specific applications. By defining clear assumptions of use and ASIL decomposition strategies, the proposed method facilitates early-stage fault analysis and verification. The framework integrates model-based development with Hardware-in-the-Loop (HIL) testing and formal verification techniques to validate both control logic and hardware behavior under diverse fault injection scenarios. The result is a scalable, standards-compliant methodology that reduces time-to-market and enhances reliability in integrated EV power electronics platforms. The work
Uthaman, SreekumarMulay, Abhijit BGadekar, Pundlik
Reducing Risk in Safety Critical Systems through Early Safety Case Development and Dialectic Arguments2026-26-0044To be published on 01/16/2026
The rapid evolution of modern automotive systems—powered by advancements in autonomous driving, and connected vehicle technologies— pose fundamental challenges to design and integration. Ensuring the safety of these highly interconnected, software-driven systems, with the widespread reuse of components across platforms. This growing complexity calls for a more structured and rigorous approach to safety assurance than traditional methods. Traditional safety cases tend to take a linear, justification-focused approach that mainly focuses on positive assertions —statements of compliance or success—while giving limited attention to potential weaknesses, or gaps in supporting evidence. This practice may lead to criticism that such arguments are “too positive,” portraying an overly optimistic view of system safety without sufficiently acknowledging areas of unresolved risk. As a result, conventional approaches for developing safety case may overlook complex interactions, assumptions, and
Kumar, AmrendraBagalwadi, SaurabhMcMurran, Ross
Constraint Enforcement of a Lithium-Ion Battery Pack Safety-Critical System for Electric Hybrid Vehicles2025-36-0160To be published on 12/18/2025
System robustness and performance are essential considerations in controller design to ensure reference tracking, disturbance rejection, and resilience to modeling uncertainties. However, guaranteeing that the system operates within safe bounds becomes a priority in safety-critical applications, even if performance must be compromised temporarily. One prominent example is the thermal management of lithium-ion battery packs, where temperature must be strictly controlled to prevent degradation and avoid hazardous thermal runaway events. In these systems, temperature constraints must consistently be enforced, regardless of external disturbances or control errors. Traditional strategies, such as Model Predictive Control (MPC), can explicitly handle such constraints but often require solving high-dimensional optimization problems, making real-time implementation computationally demanding. To overcome these limitations, this study investigates the use of a Constraint Enforcement strategy to
Ebner, Eric RossiniFernandes, Lucas PasqualLeal, Gustavo NobreNeto, Cyro AlbuquerqueLeonardi, Fabrizio
PSF-Net: Uncertainty-Aware Fusion of TabPFN and SAINT for 5G Base-Station Electromagnetic Radiation Prediction2025-99-012711/11/2025
With more 5G base stations coming into play, making an accurate assessment of RF-EMF exposure currently faces increasing demand to check if they meet regulatory requirements and ensure people’s safety. We present here PSF-Net, a novel deep learning network by uniting TabPFN’s meta-learned prior knowledge and SAINT’s dual attention structure; its use makes it particularly suitable to deal with applications like prediction of downlink power density and radiation level classification under different conditions within various kinds of 5G cell. A major component in the design of this approach is an uncertainty-aware gating block that determines the optimal weighting for each model output—TabPFN or SAINT—based on the estimated prediction variance as quantified via Monte Carlo sampling during training or the prediction variance calculated using inference-time dropout. In addition, a residual multi-layer perceptron (MLP) is also included to extract refined fused features and maintain a steady
Zhang, YanjinYu, Zefeng
DriVE-Net: A Multi-Objective Framework for Generating Diverse, Realistic, and Hazard-Aware Driving Scenarios2025-99-013311/11/2025
.
Xie, DongxuanLi, DongyangZhang, YoukangZhao, YingjieHong, BaofengWang, Nan
Cybersecurity: Applying Threat Modeling to Sensor-Control Architectures in Autonomous Off-Highway Vehicles2025-28-031611/06/2025
The rapid evolution of autonomy in Off-Highway Vehicles (OHVs)—spanning agriculture, mining, and construction—demands robust cybersecurity strategies. Sensor-control systems, the cognitive core of autonomous OHVs, operate in harsh, connectivity-limited environments. This paper presents a structured approach to applying threat modeling to these architectures, ensuring secure-by-design systems that uphold safety, resilience, and operational integrity.
Kotal, Amit
Safety Critical Series Arc Detection and Measurement in Medium and High Voltage DC Circuits2025-32-001211/03/2025
Direct current (DC) systems are increasingly used in small power system applications ranging from combined heat and power plants aided with photovoltaic (PV) installations to powertrains of small electric vehicles. A critical safety issue in these systems is the occurrence of series arc faults, which can lead to fires due to high temperatures. This paper presents a model-based method for detecting such faults in medium- and high-voltage DC circuits. Unlike traditional approaches that rely on high-frequency signal analysis, the proposed method uses a physical circuit model and a high-gain observer to estimate deviations from nominal operation. The detection criterion is based on the variance of a disturbance estimate, allowing fast and reliable fault identification. Experimental validation is conducted using a PV system with an arc generator to simulate faults. The results demonstrate the effectiveness of the method in distinguishing fault events from normal operating variations. The
Winkler, AlexanderMayr, StefanGrabmair, Gernot
Model-Based Software Engineering: Physics Coupled with Software for Test Case Reuse Across the V Cycle2025-01-044709/16/2025
The development of cyber-physical systems necessarily involves the expertise of an interdisciplinary team – not all of whom have deep embedded software knowledge. Graphical software development environments alleviate many of these challenges but in turn create concerns for their appropriateness in a rigorous software initiative. Their tool suites further enable the creation of physics models which can be coupled in the loop with the corresponding software component’s control law in an integrated test environment. Such a methodology addresses many of the challenges that arise in trying to create suitable test cases for physics-based problems. If the test developer ensures that test development in such a methodology observes software engineering’s design-for-change paradigm, the test harness can be reused from a virtualized environment to one using a hardware-in-the-loop simulator and/or production machinery. Concerns over the lack of model-based software engineering’s rigor can be
McBain, Jordan
Applying Specialized System Analysis for Brake by Wire in Software Defined Vehicles: The Development of a System Analysis Tool (SAT)2025-01-035509/15/2025
The emergence of Software Defined Vehicles (SDVs) has introduced significant complexity in automotive system design, particularly for safety-critical domains such as braking. A key principle of SDV architecture is the centralization of control software, decoupled from sensing and actuation. When applied to Brake-by-Wire (BbW) systems, this leads to decentralized brake actuation that demands precise coordination across numerous distributed electronic components. The absence of mechanical backup in BbW systems further necessitates fail-operational redundancy, increasing system complexity and placing greater emphasis on rigorous system-level design validation. A comprehensive understanding of component interdependencies, failure propagation, and redundancy effectiveness is essential for optimizing such systems. This paper presents a custom-built System Analysis Tool (SAT), along with a specialized methodology tailored for modeling and analyzing BbW architectures in the context of SDVs
Heil, EdwardZuzga, SeanBabul, Caitlin
Advanced Motion Control Components for Critical Aerospace ApplicationsTBMG-5354108/01/2025
Advanced motion control technologies are essential to modern aerospace design, supporting a wide range of safety-critical and comfort-driven applications. In aerospace, motion control components such as gas springs, actuators, and dampers are integral to nearly every commercial aircraft, rocket, satellite, and space vehicle. These critical elements support flight safety and transport functions, from the dependable deployment of landing gear and cargo doors to the smooth, ergonomic operation of seating for pilots and passengers.
Experimental Investigation of Factors Influencing Thermal Runaway in Lithium-Ion Battery Cells2025-01-030607/02/2025
Experimental testing in automotive development sometimes relies on ad hoc approaches like ‘One Factor at a Time’, particularly in time- and resource-limited situations. While widely used, these approaches are limited in their ability to systematically capture parameter interactions and system complexities, which poses significant challenges in safety-critical applications like high-voltage battery systems. This study systematically investigates the factors influencing thermal runaway in lithium-ion battery cells using a statistical full-factorial experimental design. Key parameters, including state of charge, cell capacity and heating trigger power, have been analyzed under controlled conditions with an autoclave setup, enabling precise measurement of thermal and mechanical responses. The use of automotive-grade lithium-ion cells ensures relevance for next-generation applications. By employing factorial regression and statistical analysis, the study identifies critical temperatures
Ceylan, DenizKulzer, André CasalWinterholler, NinaWeinmann, JohannesSchiek, Werner
Braking Force Distribution Strategy for Brake-by-Wire Systems: Enhancing Safety and Redundancy10-09-03-002806/09/2025
Brake-by-wire (BBW) systems, characterized by fast response, high precision, ease installation, and simplified maintenance, are highly likely to become the future braking systems. However, the reliability of BBW is currently inferior to that of traditional hydraulic braking systems. Considering ECE R13 regulations, actuator reliability, and braking efficiency, this article first proposes a new braking force distribution strategy to prevent braking failure and enhance vehicle safety without modifying the actuator itself. The strategy reduces the operating frequency of rear actuators during low- and medium-intensity braking, thereby extending their service life and operational reliability. Then, the co-simulation model combining Simulink and AMESim was established for simulation validation based on direct drive braking actuator. Additionally, the real-vehicle test platform was built for typical braking scenarios. The simulation and experimental results show that this strategy
Li, TianleGong, XiaoxiangHe, ChunrongDeng, ZhenghuaZhang, HongXu, RongHe, HaitaoWang, XunZhang, Huaiyue
Product Assurance in the Age of Artificial IntelligenceEPR202501105/21/2025
Driven by the vast consumer marketplace, the electronics megatrend has reshaped nearly every sector of society. The advancements in semiconductors and software, originally built to serve consumer demand, are now delivering significant value to non-consumer industries. Today, electronics are making inroads into traditionally conservative, safety-critical sectors such as automotive and aerospace. In doing so, electronics—now further propelled by artificial intelligence—are disrupting the functional safety architectures of these cyber-physical systems. Electronics have created the world of cyber-physical systems, raising broader concerns about the broader category of product assurance. Product Assurance in the Age of Artificial Intelligence continues the work of previous SAE Edge Research Reports in examining open research challenges arising from this shift, particularly in automotive systems, as core electronic technologies (e.g., the combination of software and communications) have even
Razdan, Rahul
IEEE-1394b for Military and Aerospace Vehicles - Applications HandbookAIR5654A (Current)04/28/2025
This Handbook is intended to accompany or incorporate AS5643, AS5643/1, AS5657, AS5706, and ARD5708. In addition, full understanding of this Handbook also requires knowledge of IEEE-1394-1995, IEEE-1394a, and IEEE-1394b standards. This Handbook contains detailed explanations and architecture analysis on AS5643, bus timing and scheduling considerations, system redundancy design considerations, suggestions on AS5643-based system configurations, cable selection guidance, and lessons learned on failure modes.
AS-1A Avionic Networks Committee
Developing a Safety Management System for the Automated Vehicle Industry2025-01-867304/01/2025
Safety Management Systems (SMSs) have been used in many safety-critical industries and are now being developed and deployed in the automated driving system (ADS)-equipped vehicle (AV) sector. Industries with decades of SMS deployment have established frameworks tailored to their specific context. Several frameworks for an AV industry SMS have been proposed or are currently under development. These frameworks borrow heavily from the aviation industry although the AV and aviation industries differ in many significant ways. In this context, there is a need to review the approach to develop an SMS that is tailored to the AV industry, building on generalized lessons learned from other safety-sensitive industries. A harmonized AV-industry SMS framework would establish a single set of SMS practices to address management of broad safety risks in an integrated manner and advance the establishment of a more mature regulatory framework. This paper outlines a proposed SMS framework for the AV
Wichner, DavidWishart, JeffreySergent, JasonSwaminathan, Sunder
A Time-Aware Shaper-Based Method for Addressing Traffic Bursts and Out-of-Order Induced by IEEE 802.1CB in In-Vehicle Networks2025-01-807904/01/2025
The trends of intelligence and connectivity are continuously driving innovation in automotive technology. With the deployment of more safety-critical applications, the demand for communication reliability in in-vehicle networks (IVNs) has increased significantly. As a result, Time-Sensitive Networking (TSN) standards have been adopted in the automotive domain to ensure highly reliable and real-time data transmission. IEEE 802.1CB is one of the TSN standards that proposes a Frame Replication and Elimination for Reliability (FRER) mechanism. With FRER, streams requiring reliable transmission are duplicated and sent over disjoint paths in the network. FRER enhances reliability without sacrificing real-time data transmission through redundancy in both temporal and spatial dimensions, in contrast to the acknowledgment and retransmission mechanisms used in traditional Ethernet. However, previous studies have demonstrated that, under specific conditions, FRER can lead to traffic bursts and
Luo, FengRen, YiZhu, YianWang, ZitongGuo, YiYang, Zhenyu
Prognostic Techniques in Automated Driving System (ADS) Vehicle Safety2025-01-809404/01/2025
The recent advancements in fields such as sensors, AI, and IoT are majorly impacting the automotive industry. Automated Driving Systems (ADS) are developing rapidly, meaning that SAE J3016 Level 3 and above vehicles are quickly becoming a reality. As a result, maintenance of such systems becomes essential to ensure their safe and efficient operation. Prognostic techniques in particular are crucial to monitor the state of health and predicting the end of life for components. Prognostics engineering is being applied in many industries and for conventional automotive applications, but ADS is new technology, and the prognostics for these systems are still being developed and adapted. In this paper, we first present a review of the most used prognostic techniques across different safety-critical domains such as aerospace, power, and manufacturing. Then, we summarize the main challenges that must be faced to successfully develop novel approaches for prognostics of ADS components and provide
Merola, FrancescoHanif, AtharLami, GiuseppeAhmed, QadeerMonohon, Mark
Detecting Cyber-Security Vulnerabilities in Legacy Safety-Critical Software with Tight Performance Constraints2025-01-808804/01/2025
Security flaws in automotive software have significant consequences. Modern automotive engineers must assess software not only for performance and reliability but also for safety and security. This paper presents a tool to verify software for safety and security. The tool was originally developed for the Department of Defense (DoD) to detect cybersecurity vulnerabilities in legacy safety-critical software with tight performance constraints and a small memory footprint. We show how the tool and techniques developed for verifying legacy safety-critical software can be applied to automotive and embedded software using real-world case studies. We also discuss how this tool can be extended for software comprehension.
Awadhutkar, PayasTamrawi, AhmedSauceda, Jeremias
Introducing the ML FMEA2025-01-807804/01/2025
Several challenges remain in deploying Machine Learning (ML) into safety critical applications. We introduce a safe machine learning approach tailored for safety-critical industries including automotive, autonomous vehicles, defense and security, healthcare, pharmaceuticals, manufacturing and industrial robotics, warehouse distribution, and aerospace. Aiming to fill a perceived gap within Artificial Intelligence and ML standards, the described approach integrates ML best practices with the proven Process Failure Mode & Effects Analysis (PFMEA) approach to create a robust ML pipeline. The solution views ML development holistically as a value-add, feedback process rather than the resulting model itself. By applying PFMEA, the approach systematically identifies, prioritizes, and mitigates risks throughout the ML development pipeline. The paper outlines each step of a typical pipeline, highlighting potential failure points and tailoring known best practices to minimize identified risks. As
Schmitt, PaulSeifert, Heinz BodoBijelic, MarioPennar, KrzysztofLopez, JerryHeide, Felix
LLM-Powered Fuzz Testing of Automotive Diagnostic Protocols2025-01-809104/01/2025
Modern vehicles contain tens of different Electronic Control Units (ECUs) from several vendors. These small computers are connected through several networking busses and protocols, potentially through gateways and converters. In addition, vehicle-to-vehicle and internet connectivity are now considered requirements, adding additional complexity to an already complex electronic system. Due to this complexity and the safety-critical nature of vehicles, automotive cyber-security is a difficult undertaking. One critical aspect of cyber-security is the robust software testing for potential bugs and vulnerabilities. Fuzz testing is an automated software testing method injecting large input sets into a system. It is an invaluable technique across many industries and has become increasingly popular since its conception. Its success relies highly on the “quality” of inputs injected. One shortcoming associated with fuzz testing is the expertise required in developing “smart” fuzz testing tools
McShane, JohnCelik, LeventAideyan, IwinosaBrooks, RichardPesé, Mert D.
The ‘Changing Anything Changes Everything (CACE)’ Principle: Underestimated Challenges in Applying AI/ML to Automotive Safety-Critical Systems2025-01-811004/01/2025
The integration of artificial intelligence (AI) and machine learning (ML) into automotive safety-critical systems presents unique challenges, particularly the “changing anything changes everything” (CACE) property inherent in many AI/ML models. CACE highlights the high degree of interdependence within AI/ML systems, where even minor adjustments can have significant, unforeseen impacts on system behavior, posing risks in safety-critical applications. This paper examines the intricate nature of the CACE principle and its implications for the development cycle of AI/ML-based applications. Through case studies and theoretical analysis, we highlight CACE-related challenges and discuss strategies to mitigate these risks in safety-critical environments. Our analysis aims to raise awareness of this often-overlooked challenge, offering insights for safer, more robust AI/ML deployment in the automotive industry.
Tong, WeiLi, GangS, RameshYang, TianbaoShuttlewood, BingMudalige, Pri
Freedom from Interference Challenges for Adaptive Autosar Based Platform2025-01-807404/01/2025
This paper examines the challenges and mechanisms for ensuring Freedom from Interference in Adaptive AUTOSAR-based platforms, with a focus on managing Memory, Timing, and Execution challenges. It explores the robust safety mechanisms in Classic AUTOSAR that ensure Freedom from Interference and the significant challenges in achieving interference-free operation in Adaptive AUTOSAR environments while adhering to ISO26262 standards. The study emphasizes strategies for managing complexities and outlines the multifaceted landscape of achieving interference-free operation. Additionally, it discusses ASIL-compliant Hypervisor, memory partitioning, and Platform Health Management as mechanisms for ensuring safety execution. The paper also raises open questions regarding real-time problems in live projects that are not solved with existing safety mechanisms. Adaptive AUTOSAR plays a crucial role in the development of autonomous and connected vehicles, where functional safety is of utmost
Jain, Yesha
Robust V2X Cruise Control for Class 8 Trucks in the Presence of Traffic Lights2025-01-803304/01/2025
An implementation of a robust predictive cruise control method for class 8 trucks utilizing V2X communication with connected traffic lights is presented in this work. This method accounts for traffic signal phases with the goal of reducing energy consumption when possible while respecting safety concerns. Tightened constraints are created using a robust model predictive control (RMPC) framework in which constraints are modified so that the safety critical requirements are satisfied even in the presence of disturbances, while requiring only the expected bounds of the disturbances to be provided. In particular, variation in the actuator performance under different conditions presents a unique challenge for this application, which the approach applied in this work is well-suited to handle. The errors resulting from lower-level control and actuator performance are accounted for by treating them as bounded and additive disturbances on the states of the model used in the higher level MPC
Ellison, EvanWard, JacobBrown, LowellBevly, David M.
MBD-FEM Co-Simulation Approach to Assess Strength of Automotive Chassis Components2025-01-831504/01/2025
Automotive chassis components are considered as safety critical components and must meet the durability and strength requirements of customer usage. The cases such as the vehicle driving through a pothole or sliding into a curb make the design (mass efficient chassis components) challenging in terms of the physical testing and virtual simulation. Due to the cost and short vehicle development time requirement, it is impractical to conduct physical tests during the early stages of development. Therefore, virtual simulation plays the critical role in the vehicle development process. This paper focuses on virtual co-simulation of vehicle chassis components. Traditional virtual simulation of the chassis components is performed by applying the loads that are recovered from multi-body simulation (MBD) to the Finite Element (FE) models at some of the attachment locations and then apply constraints at other selected attachment locations. In this approach, the chassis components are assessed
Behera, DhirenLi, FanTasci, MineSeo, Young-JinSchulze, MartinKochucheruvil, Binu JoseYanni, TamerBhosale, KiranAluru, Phani
System Theoretic Process Analysis (STPA) Standard for All IndustriesJ3307_202503 (Current)03/25/2025
This standard documents what is required to execute a System Theoretic Process Analysis (STPA) of safety-critical products or systems in all industries. This standard defines the terminology, the steps in using STPA, the activities flow, and the expected deliverables. This standard may be used when addressing compliance with contractual or regulatory requirements regarding risk assessments, safety assessments, development assurance, system security engineering, or other similar requirements as appropriate. In addition, this standard can be used to demonstrate that an effective STPA evaluation has been conducted when compliance is not of paramount concern. This standard is applicable to a broad set of uses including, but not limited to, corporate product development processes, organizational processes, regulatory groups, supplier processes, defense programs (e.g., government awards a contract to a company and the contract mandates STPA), defense program office (e.g., government safety
Functional Safety Committee
AI in Wonderland: Engineering in the Age of Overpromised TechnologyEPR202500201/14/2025
This report explores the move from traditional industry practices to emerging technologies, specifically the integration of artificial intelligence (AI) solutions in engineering service sectors. It highlights the increasing problem of “technology washing,” when organizations overstate (sometimes deceivingly) their technology abilities and ethics, posing challenges to accountability, transparency, and trust in various fields. The rise of AI-based solutions in sectors like autonomous mobility, manufacturing, and aerospace has exposed a contrast between ambitious future aspirations and current technological barriers. With this, the role of human knowledge in guaranteeing ethical, efficient, and clear technology incorporation becomes essential. Starting with an examination of today’s technological scene, this report tackles topics such as the buzz around autonomous systems and the difficulties of standardizing fresh innovations. It also points out the problem of organizations exaggerating
Khan, Samir
SAE TOMORROW TODAY: How AI Alignment Makes AVs Safer1349501/10/2025
In order for AVs to perform safely and reliably, we need to teach them the language of human preference and expectations--and accelerating AI alignment can do just that. Enter Kognic, the industry-leading annotation platform for sensor-fusion datasets (e.g., camera, radar, and LIDAR data). By helping companies gather, organize, and refine massive datasets used for training AI models, Kognic is helping to ensure that AD/ADAS perform reliably and meet safety standards--all while minimizing costs and optimizing teams. To learn more, we sat down with Daniel Langkilde, Co-Founder and CEO, to discuss why the future of autonomous driving depends on effectively managing AI-driven datasets and how Kognic is leading dataset management for safety-critical AI. We'd love to hear from you. Share your comments, questions and ideas for future topics and guests to podcast@sae.org. Don't forget to take a moment to follow SAE Tomorrow Today--a podcast where we discuss emerging technology and trends in
Hineman, Marcie
Development and Simulation of an AUTOSAR Software Component for Functional Safety according to ISO 26262 Fault Detection and Safety Mechanisms2024-36-013212/20/2024
In the context of advancing automotive electronic systems, ensuring functional safety as per ISO 26262 standards has become of primary importance. This paper presents the development of an AUTOSAR-compliant Software Component (SWC) applied to ISO 26262 applications. Using MATLAB/Simulink, we design and simulate a SWC that operates within the AUTOSAR architecture, focusing on fault detection and activation of safety mechanisms. The SWC is built to monitor specific system parameters and operational anomalies. Upon detecting a fault, it triggers predefined safety mechanisms to mitigate risks and ensure system integrity. The simulation focus on capability to accurately identify faults and execute safety measures effectively, thus demonstrating a practical approach to enhance automotive system safety implementation and its reuse. This paper not only highlights the importance of ISO 26262 in the automotive industry but also illustrates the feasibility of developing and integrating safety
Santiago, Frederico Victor Scoralickdos Santos Machado, ClebersonImbasciati, HenriqueCosta, Silvio Romero Alves
The Software-defined Vehicle: Its Current Trajectory and Execution ChallengesEPR202402711/25/2024
Original equipment manufacturers, Tier 1 suppliers, and the rest of the value chain, including the semiconductor industry, are reshaping their product portfolios, development processes, and business models to support this transformation to software-defined vehicles (SDVs). The focus on software is rippling out through the automotive sector, forcing the industry to rethink organization, leadership, processes, and future roadmaps. The Software-defined Vehicle: Its Current Trajectory and Execution Challenges assesses the state of SDVs and explores the potential hurdles to execution and examines the work being done in the industry. The goal is to evaluate whether the implementation of SDVs will encounter the same fate as electrification or autonomous technologies, which after some level of disillusionment, are expected to pick up momentum in a more mature way. Click here to access the full SAE EDGETM Research Report portfolio.
Goswami, Partha
Product Governance and Management for Software-defined Battery Electric VehiclesEPR202402510/21/2024
In recent years, battery electric vehicles (BEVs) have experienced significant sales growth, marked by advancements in features and market delivery. This evolution intersects with innovative software-defined vehicles, which have transformed automotive supply chains, introducing new BEV brands from both emerging and mature markets. The critical role of software in software-defined battery electric vehicles (SD-BEVs) is pivotal for enhancing user experience and ensuring adherence to rigorous safety, performance, and quality standards. Effective governance and management are crucial, as failures can mar corporate reputations and jeopardize safety-critical systems like advanced driver assistance systems. Product Governance and Management for Software-defined Battery Electric Vehicles addresses the complexities of SD-BEV product governance and management to facilitate safer vehicle deployments. By exploring these challenges, it aims to enhance internal processes and foster cross
Abdul Hamid, Umar Zakir
Embedded Processing Advancements Enable Smarter, SWAP-Optimized Avionics Displays and Computers24AERP08_0508/01/2024
Aerospace manufacturers are leveraging multicore processors and modularity to design smarter cockpit displays and avionic computers that are smaller and capable of supporting more applications from a single line replaceable unit (LRU). Some are also starting to embed more of the processing required to enable cockpit display applications within the display itself, rather than having it enabled by an associated LRU. The development of new electric vertical takeoff and landing (eVTOL) aircraft and avionics companies changing their approach to the development of safety critical computers and aircraft networking technologies are some of the aerospace industry factors driving this design trend. In the U.S., the Department of Defense (DoD) embracing the Modular Open Systems Approach (MOSA) across the purchase of all new aircraft technologies is influencing design changes in cockpit displays and aircraft computers as well.
Toward Safety-Critical Artificial Intelligence (AI)-Based Embedded Automotive Systems12-08-01-000707/31/2024
The rise of AI models across diverse domains includes promising advancements, but also poses critical challenges. In particular, establishing trust in AI-based systems for mission-critical applications is challenging for most domains. For the automotive domain, embedded systems are operating in real-time and undertaking mission-critical tasks. Ensuring dependability attributes, especially safety, of these systems remains a predominant challenge. This article focuses on the application of AI-based systems in safety-critical contexts within automotive domains. Drawing from current standardization methodologies and established patterns for safe application, this work offers a reflective analysis, emphasizing overlaps and potential avenues to put AI-based systems into practice within the automotive landscape. The core focus lies in incorporating pattern concepts, fostering the safe integration of AI in automotive systems, with requirements described in standardization and topics discussed
Blazevic, RomanaVeledar, OmarStolz, MichaelMacher, Georg
858P3-1 Internet Protocol Suite (IPS) for Aeronautical Safety Services, Part 3, Common IPS Radio Interface ProtocolARINC858P3-1 (Current)07/12/2024
ARINC 858 Part 3 defines a Common IPS Radio Interface (CIRI) protocol for conveying radio status information and transferring digital data between the Airborne IPS System and Airborne Radios. This standard includes the functional description of the protocol, including applicable use cases, protocol message formats, and protocol operation for both control plane and data plane exchanges. The protocol is intended to operate over a variety of on-aircraft communication means, including, but not limited to, ethernet-based and ARINC 664-based aircraft networks. The reader should also reference ARINC 858 Part 1 and Part 2. This product was developed in coordination with ICAO WG-I, RTCA SC-223, and EUROCAE WG-108.
Airlines Electronic Engineering Committee
What is Going on within the Automotive PowerNet?2024-01-298507/02/2024
The automotive PowerNet is in the middle of a major transformation. The main drivers are steadily increasing power demand, availability requirements, and complexity and cost. These factors result in a wide variety of possible future PowerNet topologies. The increasing power demand is, among other factors, caused by the progressive electrification of formerly mechanical components and a constantly increasing number of comfort and safety loads. This leads to a steady increase in installed electrical power. X-by-wire systems1 and autonomous driving functions result in higher availability requirements. As a result, the power supply of all safety-critical loads must always be kept sufficiently stable. To reduce costs and increase reliability, the car manufacturers aim to reduce the complexity of the PowerNet system, including the wiring harness and the controller network. The wiring harness e.g., is currently one of the most expensive parts of modern cars. These challenges are met with a
Jagfeld, Sebastian Michael PeterWeldle, RichardKnorr, RainerFill, AlexanderBirke, Kai Peter
Enabling the Security of Global Time in Software-Defined-Vehicles (SGTS, MACsec)2024-01-297807/02/2024
The global time that is propagated and synchronized in the vehicle E/E architecture is used in safety-critical, security-critical, and time-critical applications (e.g., driver assistance functions, intrusion detection system, vehicle diagnostics, external device authentication during vehicle diagnostics, vehicle-to-grid and so on). The cybersecurity attacks targeting the global time result in false time, accuracy degradation, and denial of service as stated in IETF RFC 7384 [2]. These failures reduce the vehicle availability, robustness, and safety of the road user. IEEE 1588 [3] lists four mechanisms (integrated security mechanism, external security mechanism, architectural solution, and monitoring & management) to secure the global time. AUTOSAR defines the architecture and detailed specifications for the integrated security mechanism “Secured Global Time Synchronization (SGTS)” to secure the global time on automotive networks (CAN, FlexRay, Ethernet). However, there are also
Kumaraswamy, PavithraRus, Andrei
PREPER: A Public Dataset with Key Performance Indicators for the Safety Evaluation of Deep Learning Visual Perception Systems for Self-Driving Cars12-08-01-000207/01/2024
Deep learning algorithms are being widely used in autonomous driving (AD) and advanced driver assistance systems (ADAS) due to their impressive capabilities in visual perception of the environment of a car. However, the reliability of these algorithms is known to be challenging due to their data-driven and black-box nature. This holds especially true when it comes to accurate and reliable perception of objects in edge case scenarios. So far, the focus has been on normal driving situations and there is little research on evaluating these systems in a safety-critical context like pre-crash scenarios. This article describes a project that addresses this problem and provides a publicly available dataset along with key performance indicators (KPIs) for evaluating visual perception systems under pre-crash conditions.
Bakker, Jörg
A Non-Intrusive Approach for Measuring Data and Control Coupling b/w Software Components: Addressing the Challenges of DO-178C Compliance, Verification and Certification2024-26-046406/01/2024
RTCA DO-178C, guideline in the aviation industry for the development of airworthiness of aviation software mandates the analysis of data and control coupling using requirement-based testing for safety-critical avionics software (Refer the Table 1). DO-178C defines Control Coupling as the manner or degree by which one software component influences the execution of another software component. Data Coupling as the dependence of a software component on data not exclusively under the control of that software component. The intent of the analysis of data coupling and control coupling is to ensure that each module/component are interacting with each other as expected. That is, the intent is to show that the software modules/components affect one another in the ways in which the software designer intended and do not affect one another in ways in which they were not intended, thus resulting in unplanned, anomalous, or erroneous behavior. The measurements and assurance should be conducted using
Ramegowda, Yogesha Aralakuppe
Formal Technique for Fault Detection and Identification of Control Intensive Application of Stall Warning System Using System Theoretic Process Analysis2024-26-047106/01/2024
Faults if not detected and processed will create catastrophe in closed loop system for safety critical applications in automotive, space, medical, nuclear, and aerospace domains. In aerospace applications such as stall warning and protection/prevention system (SWPS), algorithms detect stall condition and provide protection by deploying the elevator stick pusher. Failure to detect and prevent stall leads to loss of lives and aircraft. Traditional Functional Hazard and Fault Tree analyses are inadequate to capture all failures due to the complex hardware-software interactions for stall warning and protection system. Hence, an improved methodology for failure detection and identification is proposed. This paper discusses a hybrid formal method and model-based technique using System Theoretic Process Analysis (STPA) to identify and diagnose faults and provide monitors to process the identified faults to ensure robust design of the indigenous stall warning and protection system (SWPS). The
Kale, AlexanderMadhuranath, GaneshShanmugham, ViswanathanNanda, ManjuSingh, GireshDurak, Umut
A New Approach to Assessing the Quality of Aerospace ComponentsTBMG-5086606/01/2024
In a study, published in the Journal Waves in Random and Complex Media, researchers from the University of Bristol have derived a formula that can inform the design boundaries for a given component’s geometry and material microstructure.
NXP S32 CoreRide Platform simplifies development of software-defined vehicles24AUTD05_1005/01/2024
A new industry-first open platform for developing the software-defined vehicle (SDV) combines processing, vehicle networking and system power management with integrated software. NXP Semiconductors' new S32 CoreRide Platform was designed to run “multiple time-critical, safety-critical, security-critical applications in parallel,” Henri Ardevol, executive vice president and general manager of Automotive Embedded Systems for NXP Semiconductors, told SAE Media. NXP's new foundation platform for SDVs differs from the traditional approach of using multiple electronic control units (ECUs), each designed to handle specific vehicle system control tasks. Since each unit requires its own integration work, the integration workload exponentially increases with each additional ECU on a vehicle.
Buchholz, Kami
Inherent Diverse Redundant Safety Mechanisms for AI-Based Software Elements in Automotive Applications2024-01-286404/09/2024
This paper explores the role and challenges of Artificial Intelligence (AI) algorithms, specifically AI-based software elements, in autonomous driving systems. These AI systems are fundamental in executing real-time critical functions in complex and high-dimensional environments. They handle vital tasks like multi-modal perception, cognition, and decision-making tasks such as motion planning, lane keeping, and emergency braking. A primary concern relates to the ability (and necessity) of AI models to generalize beyond their initial training data. This generalization issue becomes evident in real-time scenarios, where models frequently encounter inputs not represented in their training or validation data. In such cases, AI systems must still function effectively despite facing distributional or domain shifts. This paper investigates the risk associated with overconfident AI models in safety-critical applications like autonomous driving. To mitigate these risks, methods for training AI
Pitale, Mandar ManoharAbbaspour, AlirezaUpadhyay, Devesh
Cybersecurity in the Context of Fail-Operational Systems2024-01-280804/09/2024
The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks. But the connectivity is accompanied by potential cyber security risks, eventually
Schmidt, KarstenDannebaum, UdoSchneider, RolfAmbekar, Abhijit
Methodology to Model, Evaluate and Decompose Safety ArchitecturesSAE-PP-0037902/26/2024
The field of safety-critical automotive systems has seen considerable advancements in recent years, with more and more complex systems requiring robust and dependable architectures. This paper presents a structured methodology for modelling, evaluating and decomposing safety architectures, with the goal of increasing development efficiency and reducing the amount of design iterations. Fundamental choices about safety architectures are typically made early in the development cycle, however the ISO 26262 standard provides little guidance on how to actually make these choices. There is a fundamental risk involved in selecting an architecture (from a structural perspective), which in the end is not capable of meeting the expectations from the ISO 26262 standard. To begin, the proposed methodology incorporates a systematic approach for modeling and evaluating suitable safety architectures in an early stage of development. The proposed methodology leverages other standards to addresses
Boon, FabriceAelvoet, Bjornde Jong, Alexander
Tuning-up AI's ‘understanding’ to make safer ADAS, AVs24AUTP02_0202/01/2024
Kognic's advanced interpretation of sensor data helps artificial intelligence and machine learning recognize the human thing to do. In December 2023, Kognic, the Gothenburg, Sweden-based developer of a software platform to analyze and optimize the massively complex datasets behind ADAS and automated-driving systems, was in Dearborn, Michigan to accept the Tech.AD USA award for Sensor Perception solution of the year. The company doesn't make sensors, but one might say it makes sense of the data that comes from sensors. Kognic, established in 2018, is well-known in the ADAS/AV software sector for its work to help developers extract better performance from and enhance the robustness of safety-critical “ground-truth” information gleaned from petabytes-upon-petabytes of sensor-fusion datasets. Kognic CEO and co-founder Daniel Langkilde espoused a path for improving artificial intelligence-reliant systems based on “programming with data instead of programming with code.”
Visnic, Bill
Simulation Based Validation of Battery Structural Integrity for Mechanical Abuse as per AIS 1562024-26-024201/16/2024
Battery is one of the safety critical systems in EV. As the number of EVs increases, battery safety becomes an important task to avoid any mishap during its use, as even small accidents may slow down the adaptation of EVs. Automotive environment being one of the harshest operating environments, it is important to ensure both mechanical and electrical safety of the battery pack. Li-Ion batteries are most popular among traction batteries, due to their high energy density, long life, and fast charging capabilities. But mechanical damage, over temperature, short-circuit, etc. may lead to battery thermal runaway, causing a major accident. Mechanical abuse of battery can be one of the reasons that may lead to the damages mentioned above, eventually causing thermal runaway in batteries. That’s why all major battery safety standards have requirements for vibration and mechanical shock tests. In this paper, we have developed a methodology to evaluate the structural integrity of a battery pack
Dandge, SunilMahamuni, AmeyaSevda, GauravH, RajeshKumar, RavindraMahajan, Rahul
Items per page:
1 – 50 of 503