Browse Topic: Safety critical systems

Items (514)
Find
Culture Clashes: LLM Support in the Engineering of Safety-Critical Systems2026-01-0110To be published on 04/07/2026
The proven usefulness of large language models (LLMs) as tools for software development and the recent rapid increase in their capabilities have made it possible and attractive to extend their scope of application to almost all tasks in the engineering of complex and even safety-critical systems. Although their application may be economically attractive, LLMs are prone to errors and the generated engineering artifacts may not meet the stringent quality requirements for safety-critical systems. In our paper, we systematically analyze the various potential uses of LLM in the engineering lifecycle of safety-critical systems and identify associated risks and approaches to risk mitigation. We classify these uses and compare them with approaches to mitigating the risks associated with traditional design automation. In addition, we address cultural and psychological aspects of the trust placed in LLMs as engineering tools and reliance on their results. Our analysis shows that, despite their
Thomas, CarstenWagner, Michael
Ultra-Low Latency Video Pipeline Optimization for Perception-Centric Autonomous Systems2026-01-0022To be published on 04/07/2026
Autonomous platforms such as self-driving vehicles, advanced driver-assistance systems (ADAS), and intelligent aerial drones demand real-time video perception systems capable of delivering actionable visual information at ultra-low latency. High-resolution vision pipelines are often hindered by delays introduced at multiple stages-sensor acquisition, video encoding, data transmission, decoding, and display-undermining the responsiveness required for safety-critical decision making. This study introduces a holistic system-level optimization framework that systematically reduces end-to-end video latency while maintaining image fidelity and perception accuracy. The proposed approach integrates hardware-accelerated encoding, zero-copy direct memory access (DMA), lightweight UDP-based RTP transport, and GPU-accelerated decoding into a unified pipeline. By minimizing redundant memory copies and software bottlenecks, the system achieves seamless data flow across hardware and software
Indrakanti, Rama Kiran Kumar
Roundabout Dilemma Zone Data Mining and Forecasting with Trajectory Prediction and Graph Neural Networks2026-01-0029To be published on 04/07/2026
Traffic roundabouts, as complex and safety-critical road scenarios, present significant challenges for autonomous vehicles. In particular, predicting and managing dilemma zone (DZ) encounters at roundabout intersections remains a pivotal concern. This paper introduces an AI-driven system that leverages advanced trajectory forecasting to anticipate DZ events, specifically within traffic roundabouts. At the core of our framework is a modular, graph-structured recurrent architecture powered by graph neural networks (GNNs). By modeling agent interactions as a dynamic graph, our approach integrates heterogeneous data sources, including semantic maps, while capturing agent dynamics with high fidelity. This GNN-based forecasting model enables accurate prediction of DZ events and supports safer, data-driven traffic management decisions for both autonomous and human-driven vehicles. We validate our system on a real-world dataset of roundabout intersections, where it achieves high precision with
Lu, DuoFarhadi, MohammadSatish, ManthanYang, YezhouChakravarthi, Bharatesh
Minimal Binary Patching for Safety-Critical Systems2026-01-0088To be published on 04/07/2026
Patching vulnerabilities in safety-critical domains such as automotive and aerospace is costly and complex. A small code modification can trigger a complete rebuild, producing a binary with widespread changes. This inflates patch size, complicates regression testing, and makes over-the-air (OTA) updates inefficient, as traditional binary diffs often replace large portions of the executable. We present a binary rewriting–based experiment that shows the feasibility of a patch that updates only the affected bytes by computing the impact of a code change at the binary level. This produces minimal, localized patches rather than regenerated executables. The preliminary experiment shows that a single source change, which leads to thousands of modified bytes after recompilation, can be captured with only a few bytes using our method. For automotive and aerospace systems, this technique reduces patch size, conserves bandwidth, and minimizes disruption to certified software, offering a promising
Awadhutkar, PayasTamrawi, AhmedSauceda, Jeremias
Physical Adversarial Infrastructure Attacks on Vision-Language Models for Autonomous Driving2026-01-0170To be published on 04/07/2026
Vision-language models (VLMs) offer a promising end-to-end approach for autonomous driving, but their robustness to physical adversarial attacks remains an unaddressed gap for safety-critical deployment. This paper introduces a systematic framework for evaluating these attacks using the Dolphins VLM and CARLA simulator. We employ Natural Evolution Strategies (NES), a black-box optimization method, to generate adversarial patches without internal model access. Our approach uses semantic similarity loss and Expectation over Transformation (EoT) to ensure physical realizability under varying viewing conditions. Patches are strategically placed on realistic advertising infrastructure (bus shelter panels and highway billboards), reflecting a plausible threat model. We establish two complementary scenarios: crosswalk pedestrian detection suppression and highway steering manipulation. Our evaluation reveals critical vulnerabilities. Adversarial patches achieved a 76.0% overall attack success
Fernandez, DavidMohajerAnsari, PedramSalarpour, AmirPese, Mert D.
Achieving Reliability, Safety & Security in SDV OS Architecture2026-28-0122To be published on 02/12/2026
Software-Defined Vehicles (SDVs) are vehicles in which functionality and features are primarily governed by software, allowing for continuous updates, upgrades, and the introduction of new capabilities throughout the vehicle’s lifecycle. This transition from hardware-centric to software-driven architectures marks a significant shift in the automotive industry, transforming development processes, operational strategies, and business models. The SDV Operating System (SDV OS) is purpose-built for software-defined vehicles, serving as the foundational platform for managing vehicle software and enabling advanced functionalities. Unlike traditional embedded or general-purpose operating systems, SDV OS is tailored to meet the unique requirements of modern automotive architectures. Ensuring reliability, safety, and security is paramount in software-defined vehicles (SDVs), where even minor software faults can lead to serious consequences. The operating system (OS) plays a central role in
Khan, Misbah UllahGupta, Vishal
SEooC- Based Design Framework Integrated EV Power Conversion Systems under ISO-26262 Compliance2026-26-01921/16/2026
The work completed on “System level concepts to test and design integrated EV system involving power conversion to satisfy ISO26262 functional safety requirement” is included in the paper. Integrating power conversion and traction inverter subsystems in EVs is currently popular since it increases dependability and improves efficiency and cost-effectiveness. Maintaining safety standards is at danger due to the growing safety requirements, which also raise manufacturing costs and time. The three primary components of integrated EV systems are the PDU, DC-DC converter, and onboard charger. Every part and piece of software is always changing and needs to be tested and validated in an economical way. Since the failure of any one of these components could lead to a disaster, the article outlines the economical approaches and testing techniques to verify and guarantee that the system meets the functional safety criterion.
Uthaman, SreekumarMulay, Abhijit BGadekar, Pundlik
A Dynamic Cybersecurity Benchmarking Framework for Automotive Cyber-Physical Systems2026-26-06121/16/2026
The modern vehicle is no longer a mechanical appliance—it has transformed into a software-defined cyber-physical system, integrating OTA updates, cloud-connected diagnostics, V2X services, and telematics-driven personalization. While this evolution promises unprecedented value in consumer experience and fleet operations, it also surfaces a dramatically expanded and evolving attack perimeter, especially across safety-critical ECUs and communication buses. Cyber vulnerabilities have shifted from isolated IT threats to real-time, embedded exploits. Controller area network (CAN), the backbone of vehicle bus systems, remains intrinsically insecure due to its lack of authentication and encryption, making it highly susceptible to message injection and denial-of-service by low-cost tools. Similarly, OEM implementations of BLE-based passive entry systems have proven vulnerable to replay and spoofing attacks with minimal hardware. In the Indian context, the transition to connected mobility is
Shah, RavindraAwasthi, Vibhu VaibhavKarle, Ujjwala
Powering the Future: Addressing Power Architecture Bottlenecks in Next Gen Automotive Platforms2026-26-06881/16/2026
As the automotive industry moves from conventional function oriented embedded ECU-based systems to Code-driven system, the core electrical and electronic (E&E) architecture is also being redesigned to support more software-driven functionality. Modern and centralized architectures promise scalability and software-driven flexibility, but they also introduce significant challenges in power distribution—an area that remains underexplored despite its critical role in overall vehicle safety and performance. Our paper aims at the adoption of the traditional power distribution approach for Next Gen vehicle architecture. It requires a fresh look at how power is distributed. In a novel E&E architecture, a single power harness supplies battery voltage to each zone. If there's a failure or voltage drop, it can affect multiple functions within that zone at once, and management of voltage regulation, thermal dissipation, and EMI/EMC compliance becomes crucial. Adding to the complexity, safety
Borole, AkashWarke, UmakantChakra, PipunJaisankar, Gokulnath
A Centralized Framework for Sustaining Safety-Critical Vehicle Systems Through Periodic Servicing2026-26-00031/16/2026
As vehicles are becoming more complex, maintaining the effectiveness of safety critical systems like adaptive cruise control, lane keep assist, electronic breaking and airbag deployment extends far beyond the initial design and manufacturing. In the automotive industry these safety systems must perform reliably over the years under varying environmental conditions. This paper examines the critical role of periodic maintenance in sustaining the long-term safety and functional integrity of these systems throughout the lifecycle. As per the latest data from the Ministry of Road Transport and Highways (MoRTH), in 2022, India reported a total of 4.61 lakh road accidents, resulting in 1.68 lakh fatalities and 4.43 lakh injuries. The number of fatalities could have been reduced by the intervention of periodic services and monitoring the health of safety critical systems. While periodic maintenance has contributed to long term safety of the vehicles, there are a lot of vehicles on the road
HN, Sufiyan AhmedKhan, FurqanSrinivas, Dheeraj
Map-Less Yet Accurate: Trajectory Prediction for Traffic Agents Using Online HD Map Reconstruction for Autonomous Driving2026-26-00391/16/2026
Accurate trajectory prediction of traffic agents is critical for enabling safer and more reliable autonomous driving, particularly in urban driving scenarios where close-range interactions are most safety critical. High-definition (HD) and standard-definition (SD) maps play a vital role in this process by providing lane topology and directional cues for forecasting agent movements. However, HD maps are expensive and resource-intensive to create, often requiring specialized sensors, while SD maps lack the precision needed for reliable autonomous navigation. To address this, we propose a novel framework for trajectory prediction that leverages online reconstruction of HD maps using vehicle-mounted cameras, offering a scalable and cost-effective alternative. Our method achieves improvements in predicting accuracy, particularly in close-range scenarios, the most crucial for urban driving, while also performing robustly in settings without pre-built maps. Furthermore, we introduce a new
Upreti, MinaliGirijal, RahulB A, NaveenKumarThontepu, PhaniGhosh, ShankhanilChakraborty, Bodhisattwa
Advancing Automotive Radar Characterization: OTA HIL Testing for Enhanced ADAS Safety2026-26-00431/16/2026
The precise validation of radar sensor is necessary due to surging demand for reliable Advanced Driver-Assistance Systems (ADAS) and autonomous driving technologies. Over-the-Air (OTA) Hardware-in-the-Loop approach is the optimal solution for the current challenges facing with traditional on road testing. This approach supports productive, controllable and repetitive environment because of its lab-based setup which will eliminates the drawbacks such as high costs, limited repeatability, safety related issues. Key parameters of radar such as accurate detection of objects, analysis of doppler velocity, range estimation, angle of arrival measurement, can be tested dynamically. And this test setup offers wide range of testing scenarios, including varying distance of target, relative speeds, simulation of objects and environmental effects also supported.OTA provides the flexibility to eliminate the physical test tracks or targets so that developers can simulate the errors, by introducing
Jadhav, TejasKarle, UjjwalaPaul, HarshitSNV, Karthik
Ensuring Functional Safety in Electric Vehicle Inverters: A Case Study on ISO 26262 Implementation2026-26-01581/16/2026
The transition to electric vehicles (EVs) has brought about significant advancements in automotive technology, with inverters playing a crucial role in converting DC power from the battery to AC power for the electric motor. Ensuring the functional safety of these inverters is paramount, as any failure can have severe implications for vehicle performance and passenger safety. This case study explores the successful implementation of ISO 26262 standards in the development and validation of EV traction inverters. This paper begins by outlining the functional requirements and safety goals specific to EV inverters, followed by a detailed analysis of the potential hazards and risks associated with their operation. Using ISO 26262 as a framework, we describe the systematic approach taken to identify, assess, and mitigate these risks. Key methodologies such as Hazard Analysis and Risk Assessment (HARA), Failure Mode and Effects Analysis (FMEA), and Fault Tree Analysis (FTA) are employed to
Ramachandra, ShwethaV, Sushmitha
Shaping the Future of Mobility with Innovative Tailgate Testing Solutions2026-26-04731/16/2026
As vehicles evolve toward increased automation and comfort, Power Operated Tailgate (POT) have become a common feature, especially in premium and mid-segment vehicles. These systems, although user-friendly on the surface, involve complex interactions between electronic control units (ECUs), sensors, actuators, and mechanical systems. Ensuring the reliability, safety, and robustness of these features under diverse operating conditions presents a significant validation challenge. Traditional testing methods, which rely heavily on physical prototypes and manual interaction, are often time-consuming, expensive, and prone to human error. Moreover, testing certain safety [3] features, such as anti-pinch or stall protection, under real physical conditions poses inherent risks and limitations. This paper presents a Hardware-in-Loop (HiL)[1] based testing approach for POT [2] systems, offering a safer, faster, and more comprehensive alternative to conventional validation methods. The HiL
More, ShwetaGhanwat, HemantShetti, SurajJape, AkshayKulkarni, ShraddhaJagdale, Nitin
Alloy Wheel Rim Linear Crash Validation with Bench Level Test Procedure2026-26-05741/16/2026
Crash test plays a very crucial role in determining the passenger safety along with driver safety in most modern vehicles. This has become a prominent factor for many buyers to choose a safe car. During crash test, many components tend to fail. Amongst them, the major safety critical component which hampers the drivability of a vehicle is Wheel and Tyre Assembly. With the introduction of low aspect tyres, the failure rate of these assemblies has increased. A very high importance is given to ensure these parts withstand the subject load as it is directly related to function of vehicle. Many methods are available to test the Wheel and Tyre assembly to ensure they pass the crash criteria. We have developed a novel test method which can simulate the crash pattern in the rig/bench level. The method employs a mechanical actuator which can be operated at designated load application to ensure the assembly undergoes the anticipated failure. The process is repeated with different types of
Medaboyina, HarshaVardhanSingh, Ram KrishnanSundaram, RaghupathiJithendhar, Ashokan
From Physical Prototypes to Virtual Simulations: Advancing Automotive Latch Validation with nanoFluidX2026-26-04751/16/2026
Automotive door latches play a crucial role in occupant safety and user experience. The mechanisms utilized as latching systems in automotive doors are designed to hold the doors in a closed position relative to the body of a vehicle and can be grouped into three major categories: hood/frunk latches, lift gate latches, and side door latches. These mechanical systems vary in design across vehicle models, but all must withstand harsh environmental conditions, including water intrusion. Therefore, their requirements and validations include rigorous testing that ensures the continued functionality of the device after being subjected to extreme environmental conditions, such as cold, heat, and humidity. Rainfall in winter months leads to ice storms where water freezes instantly upon contact with cold surfaces leading to ice formation on structures. In some cases, water can penetrate latch systems, freezing the latch systems with the risk of potentially making them inoperable. Currently
Chaudhari, AbhijitSrikanth, PraveenTakabi, BehrouzCalamaco, EliEstrada, IgnacioHuerta Rodriguez, Sergio
Reducing Risk in Safety Critical Systems through Early Safety Case Development and Dialectic Arguments2026-26-00441/16/2026
The rapid evolution of modern automotive systems—powered by advancements in autonomous driving and connected vehicle technologies— pose fundamental challenges to design and integration. A specific challenge of these highly interconnected, software-driven systems is in ensuring their safety while avoiding spiralling costs and development times. This challenge calls for a more structured and rigorous approach to safety assurance than traditional methods. Traditional safety cases tend to take a linear, justification-focused approach that mainly focuses on positive assertions —compliance to safety —while giving limited attention to potential weaknesses, or gaps in supporting evidence. This practice may lead to criticism that such arguments are “too positive,” portraying an overly biased or optimistic view of system safety without sufficiently acknowledging areas of unresolved risk. As a result, conventional approaches for developing a safety case may overlook complex interactions
Kumar, AmrendraBagalwadi, SaurabhMcMurran, Ross
Constraint Enforcement of a Lithium-Ion Battery Pack Safety-Critical System for Electric Hybrid Vehicles2025-36-016012/18/2025
System robustness and performance are essential considerations in controller design to ensure reference tracking, disturbance rejection, and resilience to modeling uncertainties. However, guaranteeing that the system operates within safe bounds becomes a priority in safety-critical applications, even if performance must be compromised temporarily. One prominent example is the thermal management of lithium-ion battery packs, where temperature must be strictly controlled to prevent degradation and avoid hazardous thermal runaway events. In these systems, temperature constraints must consistently be enforced, regardless of external disturbances or control errors. Traditional strategies, such as Model Predictive Control (MPC), can explicitly handle such constraints but often require solving high-dimensional optimization problems, making real-time implementation computationally demanding. To overcome these limitations, this study investigates the use of a Constraint Enforcement strategy to
Ebner, Eric RossiniFernandes, Lucas PasqualLeal, Gustavo NobreNeto, Cyro AlbuquerqueLeonardi, Fabrizio
DriVE-Net: A Multi-Objective Framework for Generating Diverse, Realistic, and Hazard-Aware Driving Scenarios2025-99-013311/11/2025
.
Xie, DongxuanLi, DongyangZhang, YoukangZhao, YingjieHong, BaofengWang, Nan
PSF-Net: Uncertainty-Aware Fusion of TabPFN and SAINT for 5G Base-Station Electromagnetic Radiation Prediction2025-99-012711/11/2025
With more 5G base stations coming into play, making an accurate assessment of RF-EMF exposure currently faces increasing demand to check if they meet regulatory requirements and ensure people’s safety. We present here PSF-Net, a novel deep learning network by uniting TabPFN’s meta-learned prior knowledge and SAINT’s dual attention structure; its use makes it particularly suitable to deal with applications like prediction of downlink power density and radiation level classification under different conditions within various kinds of 5G cell. A major component in the design of this approach is an uncertainty-aware gating block that determines the optimal weighting for each model output—TabPFN or SAINT—based on the estimated prediction variance as quantified via Monte Carlo sampling during training or the prediction variance calculated using inference-time dropout. In addition, a residual multi-layer perceptron (MLP) is also included to extract refined fused features and maintain a steady
Zhang, YanjinYu, Zefeng
Cybersecurity: Applying Threat Modeling to Sensor-Control Architectures in Autonomous Off-Highway Vehicles2025-28-031611/6/2025
The rapid evolution of autonomy in Off-Highway Vehicles (OHVs)—spanning agriculture, mining, and construction—demands robust cybersecurity strategies. Sensor-control systems, the cognitive core of autonomous OHVs, operate in harsh, connectivity-limited environments. This paper presents a structured approach to applying threat modeling to these architectures, ensuring secure-by-design systems that uphold safety, resilience, and operational integrity.
Kotal, Amit
Safety Critical Series Arc Detection and Measurement in Medium and High Voltage DC Circuits2025-32-001211/3/2025
Direct current (DC) systems are increasingly used in small power system applications ranging from combined heat and power plants aided with photovoltaic (PV) installations to powertrains of small electric vehicles. A critical safety issue in these systems is the occurrence of series arc faults, which can lead to fires due to high temperatures. This paper presents a model-based method for detecting such faults in medium- and high-voltage DC circuits. Unlike traditional approaches that rely on high-frequency signal analysis, the proposed method uses a physical circuit model and a high-gain observer to estimate deviations from nominal operation. The detection criterion is based on the variance of a disturbance estimate, allowing fast and reliable fault identification. Experimental validation is conducted using a PV system with an arc generator to simulate faults. The results demonstrate the effectiveness of the method in distinguishing fault events from normal operating variations. The
Winkler, AlexanderMayr, StefanGrabmair, Gernot
Fiber Optic Sensing TechnologiesTBMG-5392110/1/2025
Known as FOSS (for fiber optic sensing system), NASA’s patented, award-winning technology portfolio combines advanced sensors and innovative algorithms into a robust package that accurately and cost-effectively monitors a host of critical parameters in real time. These include position/deformation (displacement, twist, rotation), stiffness (bending, torsion, vibration), operational loads (bending moments, shear loads, torques), strength/stress (pressure/fatigue, breakage prediction), and magnetic fields (cracks or other flaws in safety-critical metal structures) for structural health monitoring applications. In addition to monitoring the structure of a tank, FOSS is capable of sensing the tank’s inventory, including amounts, temperatures, and stratification.
Model-Based Software Engineering: Physics Coupled with Software for Test Case Reuse Across the V Cycle2025-01-04479/16/2025
The development of cyber-physical systems necessarily involves the expertise of an interdisciplinary team – not all of whom have deep embedded software knowledge. Graphical software development environments alleviate many of these challenges but in turn create concerns for their appropriateness in a rigorous software initiative. Their tool suites further enable the creation of physics models which can be coupled in the loop with the corresponding software component’s control law in an integrated test environment. Such a methodology addresses many of the challenges that arise in trying to create suitable test cases for physics-based problems. If the test developer ensures that test development in such a methodology observes software engineering’s design-for-change paradigm, the test harness can be reused from a virtualized environment to one using a hardware-in-the-loop simulator and/or production machinery. Concerns over the lack of model-based software engineering’s rigor can be
McBain, Jordan
Applying Specialized System Analysis for Brake by Wire in Software Defined Vehicles: The Development of a System Analysis Tool (SAT)2025-01-03559/15/2025
The emergence of Software Defined Vehicles (SDVs) has introduced significant complexity in automotive system design, particularly for safety-critical domains such as braking. A key principle of SDV architecture is the centralization of control software, decoupled from sensing and actuation. When applied to Brake-by-Wire (BbW) systems, this leads to decentralized brake actuation that demands precise coordination across numerous distributed electronic components. The absence of mechanical backup in BbW systems further necessitates fail-operational redundancy, increasing system complexity and placing greater emphasis on rigorous system-level design validation. A comprehensive understanding of component interdependencies, failure propagation, and redundancy effectiveness is essential for optimizing such systems. This paper presents a custom-built System Analysis Tool (SAT), along with a specialized methodology tailored for modeling and analyzing BbW architectures in the context of SDVs
Heil, EdwardZuzga, SeanBabul, Caitlin
Advanced Motion Control Components for Critical Aerospace ApplicationsTBMG-535418/1/2025
Advanced motion control technologies are essential to modern aerospace design, supporting a wide range of safety-critical and comfort-driven applications. In aerospace, motion control components such as gas springs, actuators, and dampers are integral to nearly every commercial aircraft, rocket, satellite, and space vehicle. These critical elements support flight safety and transport functions, from the dependable deployment of landing gear and cargo doors to the smooth, ergonomic operation of seating for pilots and passengers.
Experimental Investigation of Factors Influencing Thermal Runaway in Lithium-Ion Battery Cells2025-01-03067/2/2025
Experimental testing in automotive development sometimes relies on ad hoc approaches like ‘One Factor at a Time’, particularly in time- and resource-limited situations. While widely used, these approaches are limited in their ability to systematically capture parameter interactions and system complexities, which poses significant challenges in safety-critical applications like high-voltage battery systems. This study systematically investigates the factors influencing thermal runaway in lithium-ion battery cells using a statistical full-factorial experimental design. Key parameters, including state of charge, cell capacity and heating trigger power, have been analyzed under controlled conditions with an autoclave setup, enabling precise measurement of thermal and mechanical responses. The use of automotive-grade lithium-ion cells ensures relevance for next-generation applications. By employing factorial regression and statistical analysis, the study identifies critical temperatures
Ceylan, DenizKulzer, André CasalWinterholler, NinaWeinmann, JohannesSchiek, Werner
Braking Force Distribution Strategy for Brake-by-Wire Systems: Enhancing Safety and Redundancy10-09-03-00286/9/2025
Brake-by-wire (BBW) systems, characterized by fast response, high precision, ease installation, and simplified maintenance, are highly likely to become the future braking systems. However, the reliability of BBW is currently inferior to that of traditional hydraulic braking systems. Considering ECE R13 regulations, actuator reliability, and braking efficiency, this article first proposes a new braking force distribution strategy to prevent braking failure and enhance vehicle safety without modifying the actuator itself. The strategy reduces the operating frequency of rear actuators during low- and medium-intensity braking, thereby extending their service life and operational reliability. Then, the co-simulation model combining Simulink and AMESim was established for simulation validation based on direct drive braking actuator. Additionally, the real-vehicle test platform was built for typical braking scenarios. The simulation and experimental results show that this strategy
Li, TianleGong, XiaoxiangHe, ChunrongDeng, ZhenghuaZhang, HongXu, RongHe, HaitaoWang, XunZhang, Huaiyue
Product Assurance in the Age of Artificial IntelligenceEPR20250115/21/2025
Driven by the vast consumer marketplace, the electronics megatrend has reshaped nearly every sector of society. The advancements in semiconductors and software, originally built to serve consumer demand, are now delivering significant value to non-consumer industries. Today, electronics are making inroads into traditionally conservative, safety-critical sectors such as automotive and aerospace. In doing so, electronics—now further propelled by artificial intelligence—are disrupting the functional safety architectures of these cyber-physical systems. Electronics have created the world of cyber-physical systems, raising broader concerns about the broader category of product assurance. Product Assurance in the Age of Artificial Intelligence continues the work of previous SAE Edge Research Reports in examining open research challenges arising from this shift, particularly in automotive systems, as core electronic technologies (e.g., the combination of software and communications) have even
Razdan, Rahul
IEEE-1394b for Military and Aerospace Vehicles - Applications HandbookAIR5654A (Current)4/28/2025
This Handbook is intended to accompany or incorporate AS5643, AS5643/1, AS5657, AS5706, and ARD5708. In addition, full understanding of this Handbook also requires knowledge of IEEE-1394-1995, IEEE-1394a, and IEEE-1394b standards. This Handbook contains detailed explanations and architecture analysis on AS5643, bus timing and scheduling considerations, system redundancy design considerations, suggestions on AS5643-based system configurations, cable selection guidance, and lessons learned on failure modes.
AS-1A Avionic Networks Committee
Prognostic Techniques in Automated Driving System (ADS) Vehicle Safety2025-01-80944/1/2025
The recent advancements in fields such as sensors, AI, and IoT are majorly impacting the automotive industry. Automated Driving Systems (ADS) are developing rapidly, meaning that SAE J3016 Level 3 and above vehicles are quickly becoming a reality. As a result, maintenance of such systems becomes essential to ensure their safe and efficient operation. Prognostic techniques in particular are crucial to monitor the state of health and predicting the end of life for components. Prognostics engineering is being applied in many industries and for conventional automotive applications, but ADS is new technology, and the prognostics for these systems are still being developed and adapted. In this paper, we first present a review of the most used prognostic techniques across different safety-critical domains such as aerospace, power, and manufacturing. Then, we summarize the main challenges that must be faced to successfully develop novel approaches for prognostics of ADS components and provide
Merola, FrancescoHanif, AtharLami, GiuseppeAhmed, QadeerMonohon, Mark
A Time-Aware Shaper-Based Method for Addressing Traffic Bursts and Out-of-Order Induced by IEEE 802.1CB in In-Vehicle Networks2025-01-80794/1/2025
The trends of intelligence and connectivity are continuously driving innovation in automotive technology. With the deployment of more safety-critical applications, the demand for communication reliability in in-vehicle networks (IVNs) has increased significantly. As a result, Time-Sensitive Networking (TSN) standards have been adopted in the automotive domain to ensure highly reliable and real-time data transmission. IEEE 802.1CB is one of the TSN standards that proposes a Frame Replication and Elimination for Reliability (FRER) mechanism. With FRER, streams requiring reliable transmission are duplicated and sent over disjoint paths in the network. FRER enhances reliability without sacrificing real-time data transmission through redundancy in both temporal and spatial dimensions, in contrast to the acknowledgment and retransmission mechanisms used in traditional Ethernet. However, previous studies have demonstrated that, under specific conditions, FRER can lead to traffic bursts and
Luo, FengRen, YiZhu, YianWang, ZitongGuo, YiYang, Zhenyu
Developing a Safety Management System for the Automated Vehicle Industry2025-01-86734/1/2025
Safety Management Systems (SMSs) have been used in many safety-critical industries and are now being developed and deployed in the automated driving system (ADS)-equipped vehicle (AV) sector. Industries with decades of SMS deployment have established frameworks tailored to their specific context. Several frameworks for an AV industry SMS have been proposed or are currently under development. These frameworks borrow heavily from the aviation industry although the AV and aviation industries differ in many significant ways. In this context, there is a need to review the approach to develop an SMS that is tailored to the AV industry, building on generalized lessons learned from other safety-sensitive industries. A harmonized AV-industry SMS framework would establish a single set of SMS practices to address management of broad safety risks in an integrated manner and advance the establishment of a more mature regulatory framework. This paper outlines a proposed SMS framework for the AV
Wichner, DavidWishart, JeffreySergent, JasonSwaminathan, Sunder
Detecting Cyber-Security Vulnerabilities in Legacy Safety-Critical Software with Tight Performance Constraints2025-01-80884/1/2025
Security flaws in automotive software have significant consequences. Modern automotive engineers must assess software not only for performance and reliability but also for safety and security. This paper presents a tool to verify software for safety and security. The tool was originally developed for the Department of Defense (DoD) to detect cybersecurity vulnerabilities in legacy safety-critical software with tight performance constraints and a small memory footprint. We show how the tool and techniques developed for verifying legacy safety-critical software can be applied to automotive and embedded software using real-world case studies. We also discuss how this tool can be extended for software comprehension.
Awadhutkar, PayasTamrawi, AhmedSauceda, Jeremias
Introducing the ML FMEA2025-01-80784/1/2025
Several challenges remain in deploying Machine Learning (ML) into safety critical applications. We introduce a safe machine learning approach tailored for safety-critical industries including automotive, autonomous vehicles, defense and security, healthcare, pharmaceuticals, manufacturing and industrial robotics, warehouse distribution, and aerospace. Aiming to fill a perceived gap within Artificial Intelligence and ML standards, the described approach integrates ML best practices with the proven Process Failure Mode & Effects Analysis (PFMEA) approach to create a robust ML pipeline. The solution views ML development holistically as a value-add, feedback process rather than the resulting model itself. By applying PFMEA, the approach systematically identifies, prioritizes, and mitigates risks throughout the ML development pipeline. The paper outlines each step of a typical pipeline, highlighting potential failure points and tailoring known best practices to minimize identified risks. As
Schmitt, PaulSeifert, Heinz BodoBijelic, MarioPennar, KrzysztofLopez, JerryHeide, Felix
LLM-Powered Fuzz Testing of Automotive Diagnostic Protocols2025-01-80914/1/2025
Modern vehicles contain tens of different Electronic Control Units (ECUs) from several vendors. These small computers are connected through several networking busses and protocols, potentially through gateways and converters. In addition, vehicle-to-vehicle and internet connectivity are now considered requirements, adding additional complexity to an already complex electronic system. Due to this complexity and the safety-critical nature of vehicles, automotive cyber-security is a difficult undertaking. One critical aspect of cyber-security is the robust software testing for potential bugs and vulnerabilities. Fuzz testing is an automated software testing method injecting large input sets into a system. It is an invaluable technique across many industries and has become increasingly popular since its conception. Its success relies highly on the “quality” of inputs injected. One shortcoming associated with fuzz testing is the expertise required in developing “smart” fuzz testing tools
McShane, JohnCelik, LeventAideyan, IwinosaBrooks, RichardPesé, Mert D.
The ‘Changing Anything Changes Everything (CACE)’ Principle: Underestimated Challenges in Applying AI/ML to Automotive Safety-Critical Systems2025-01-81104/1/2025
The integration of artificial intelligence (AI) and machine learning (ML) into automotive safety-critical systems presents unique challenges, particularly the “changing anything changes everything” (CACE) property inherent in many AI/ML models. CACE highlights the high degree of interdependence within AI/ML systems, where even minor adjustments can have significant, unforeseen impacts on system behavior, posing risks in safety-critical applications. This paper examines the intricate nature of the CACE principle and its implications for the development cycle of AI/ML-based applications. Through case studies and theoretical analysis, we highlight CACE-related challenges and discuss strategies to mitigate these risks in safety-critical environments. Our analysis aims to raise awareness of this often-overlooked challenge, offering insights for safer, more robust AI/ML deployment in the automotive industry.
Tong, WeiLi, GangS, RameshYang, TianbaoShuttlewood, BingMudalige, Pri
Freedom from Interference Challenges for Adaptive Autosar Based Platform2025-01-80744/1/2025
This paper examines the challenges and mechanisms for ensuring Freedom from Interference in Adaptive AUTOSAR-based platforms, with a focus on managing Memory, Timing, and Execution challenges. It explores the robust safety mechanisms in Classic AUTOSAR that ensure Freedom from Interference and the significant challenges in achieving interference-free operation in Adaptive AUTOSAR environments while adhering to ISO26262 standards. The study emphasizes strategies for managing complexities and outlines the multifaceted landscape of achieving interference-free operation. Additionally, it discusses ASIL-compliant Hypervisor, memory partitioning, and Platform Health Management as mechanisms for ensuring safety execution. The paper also raises open questions regarding real-time problems in live projects that are not solved with existing safety mechanisms. Adaptive AUTOSAR plays a crucial role in the development of autonomous and connected vehicles, where functional safety is of utmost
Jain, Yesha
Robust V2X Cruise Control for Class 8 Trucks in the Presence of Traffic Lights2025-01-80334/1/2025
An implementation of a robust predictive cruise control method for class 8 trucks utilizing V2X communication with connected traffic lights is presented in this work. This method accounts for traffic signal phases with the goal of reducing energy consumption when possible while respecting safety concerns. Tightened constraints are created using a robust model predictive control (RMPC) framework in which constraints are modified so that the safety critical requirements are satisfied even in the presence of disturbances, while requiring only the expected bounds of the disturbances to be provided. In particular, variation in the actuator performance under different conditions presents a unique challenge for this application, which the approach applied in this work is well-suited to handle. The errors resulting from lower-level control and actuator performance are accounted for by treating them as bounded and additive disturbances on the states of the model used in the higher level MPC
Ellison, EvanWard, JacobBrown, LowellBevly, David M.
MBD-FEM Co-Simulation Approach to Assess Strength of Automotive Chassis Components2025-01-83154/1/2025
Automotive chassis components are considered as safety critical components and must meet the durability and strength requirements of customer usage. The cases such as the vehicle driving through a pothole or sliding into a curb make the design (mass efficient chassis components) challenging in terms of the physical testing and virtual simulation. Due to the cost and short vehicle development time requirement, it is impractical to conduct physical tests during the early stages of development. Therefore, virtual simulation plays the critical role in the vehicle development process. This paper focuses on virtual co-simulation of vehicle chassis components. Traditional virtual simulation of the chassis components is performed by applying the loads that are recovered from multi-body simulation (MBD) to the Finite Element (FE) models at some of the attachment locations and then apply constraints at other selected attachment locations. In this approach, the chassis components are assessed
Behera, DhirenLi, FanTasci, MineSeo, Young-JinSchulze, MartinKochucheruvil, Binu JoseYanni, TamerBhosale, KiranAluru, Phani
System Theoretic Process Analysis (STPA) Standard for All IndustriesJ3307_202503 (Current)3/25/2025
This standard documents what is required to execute a System Theoretic Process Analysis (STPA) of safety-critical products or systems in all industries. This standard defines the terminology, the steps in using STPA, the activities flow, and the expected deliverables. This standard may be used when addressing compliance with contractual or regulatory requirements regarding risk assessments, safety assessments, development assurance, system security engineering, or other similar requirements as appropriate. In addition, this standard can be used to demonstrate that an effective STPA evaluation has been conducted when compliance is not of paramount concern. This standard is applicable to a broad set of uses including, but not limited to, corporate product development processes, organizational processes, regulatory groups, supplier processes, defense programs (e.g., government awards a contract to a company and the contract mandates STPA), defense program office (e.g., government safety
Functional Safety Committee
AI in Wonderland: Engineering in the Age of Overpromised TechnologyEPR20250021/14/2025
This report explores the move from traditional industry practices to emerging technologies, specifically the integration of artificial intelligence (AI) solutions in engineering service sectors. It highlights the increasing problem of “technology washing,” when organizations overstate (sometimes deceivingly) their technology abilities and ethics, posing challenges to accountability, transparency, and trust in various fields. The rise of AI-based solutions in sectors like autonomous mobility, manufacturing, and aerospace has exposed a contrast between ambitious future aspirations and current technological barriers. With this, the role of human knowledge in guaranteeing ethical, efficient, and clear technology incorporation becomes essential. Starting with an examination of today’s technological scene, this report tackles topics such as the buzz around autonomous systems and the difficulties of standardizing fresh innovations. It also points out the problem of organizations exaggerating
Khan, Samir
SAE TOMORROW TODAY: How AI Alignment Makes AVs Safer134951/10/2025
In order for AVs to perform safely and reliably, we need to teach them the language of human preference and expectations--and accelerating AI alignment can do just that. Enter Kognic, the industry-leading annotation platform for sensor-fusion datasets (e.g., camera, radar, and LIDAR data). By helping companies gather, organize, and refine massive datasets used for training AI models, Kognic is helping to ensure that AD/ADAS perform reliably and meet safety standards--all while minimizing costs and optimizing teams. To learn more, we sat down with Daniel Langkilde, Co-Founder and CEO, to discuss why the future of autonomous driving depends on effectively managing AI-driven datasets and how Kognic is leading dataset management for safety-critical AI. We'd love to hear from you. Share your comments, questions and ideas for future topics and guests to podcast@sae.org. Don't forget to take a moment to follow SAE Tomorrow Today--a podcast where we discuss emerging technology and trends in
Hineman, Marcie
Development and Simulation of an AUTOSAR Software Component for Functional Safety according to ISO 26262 Fault Detection and Safety Mechanisms2024-36-013212/20/2024
In the context of advancing automotive electronic systems, ensuring functional safety as per ISO 26262 standards has become of primary importance. This paper presents the development of an AUTOSAR-compliant Software Component (SWC) applied to ISO 26262 applications. Using MATLAB/Simulink, we design and simulate a SWC that operates within the AUTOSAR architecture, focusing on fault detection and activation of safety mechanisms. The SWC is built to monitor specific system parameters and operational anomalies. Upon detecting a fault, it triggers predefined safety mechanisms to mitigate risks and ensure system integrity. The simulation focus on capability to accurately identify faults and execute safety measures effectively, thus demonstrating a practical approach to enhance automotive system safety implementation and its reuse. This paper not only highlights the importance of ISO 26262 in the automotive industry but also illustrates the feasibility of developing and integrating safety
Santiago, Frederico Victor Scoralickdos Santos Machado, ClebersonImbasciati, HenriqueCosta, Silvio Romero Alves
The Software-defined Vehicle: Its Current Trajectory and Execution ChallengesEPR202402711/25/2024
Original equipment manufacturers, Tier 1 suppliers, and the rest of the value chain, including the semiconductor industry, are reshaping their product portfolios, development processes, and business models to support this transformation to software-defined vehicles (SDVs). The focus on software is rippling out through the automotive sector, forcing the industry to rethink organization, leadership, processes, and future roadmaps. The Software-defined Vehicle: Its Current Trajectory and Execution Challenges assesses the state of SDVs and explores the potential hurdles to execution and examines the work being done in the industry. The goal is to evaluate whether the implementation of SDVs will encounter the same fate as electrification or autonomous technologies, which after some level of disillusionment, are expected to pick up momentum in a more mature way. Click here to access the full SAE EDGETM Research Report portfolio.
Goswami, Partha
Product Governance and Management for Software-defined Battery Electric VehiclesEPR202402510/21/2024
In recent years, battery electric vehicles (BEVs) have experienced significant sales growth, marked by advancements in features and market delivery. This evolution intersects with innovative software-defined vehicles, which have transformed automotive supply chains, introducing new BEV brands from both emerging and mature markets. The critical role of software in software-defined battery electric vehicles (SD-BEVs) is pivotal for enhancing user experience and ensuring adherence to rigorous safety, performance, and quality standards. Effective governance and management are crucial, as failures can mar corporate reputations and jeopardize safety-critical systems like advanced driver assistance systems. Product Governance and Management for Software-defined Battery Electric Vehicles addresses the complexities of SD-BEV product governance and management to facilitate safer vehicle deployments. By exploring these challenges, it aims to enhance internal processes and foster cross
Abdul Hamid, Umar Zakir
Embedded Processing Advancements Enable Smarter, SWAP-Optimized Avionics Displays and Computers24AERP08_058/1/2024
Aerospace manufacturers are leveraging multicore processors and modularity to design smarter cockpit displays and avionic computers that are smaller and capable of supporting more applications from a single line replaceable unit (LRU). Some are also starting to embed more of the processing required to enable cockpit display applications within the display itself, rather than having it enabled by an associated LRU. The development of new electric vertical takeoff and landing (eVTOL) aircraft and avionics companies changing their approach to the development of safety critical computers and aircraft networking technologies are some of the aerospace industry factors driving this design trend. In the U.S., the Department of Defense (DoD) embracing the Modular Open Systems Approach (MOSA) across the purchase of all new aircraft technologies is influencing design changes in cockpit displays and aircraft computers as well.
Toward Safety-Critical Artificial Intelligence (AI)-Based Embedded Automotive Systems12-08-01-00077/31/2024
The rise of AI models across diverse domains includes promising advancements, but also poses critical challenges. In particular, establishing trust in AI-based systems for mission-critical applications is challenging for most domains. For the automotive domain, embedded systems are operating in real-time and undertaking mission-critical tasks. Ensuring dependability attributes, especially safety, of these systems remains a predominant challenge. This article focuses on the application of AI-based systems in safety-critical contexts within automotive domains. Drawing from current standardization methodologies and established patterns for safe application, this work offers a reflective analysis, emphasizing overlaps and potential avenues to put AI-based systems into practice within the automotive landscape. The core focus lies in incorporating pattern concepts, fostering the safe integration of AI in automotive systems, with requirements described in standardization and topics discussed
Blazevic, RomanaVeledar, OmarStolz, MichaelMacher, Georg
858P3-1 Internet Protocol Suite (IPS) for Aeronautical Safety Services, Part 3, Common IPS Radio Interface ProtocolARINC858P3-1 (Current)7/12/2024
ARINC 858 Part 3 defines a Common IPS Radio Interface (CIRI) protocol for conveying radio status information and transferring digital data between the Airborne IPS System and Airborne Radios. This standard includes the functional description of the protocol, including applicable use cases, protocol message formats, and protocol operation for both control plane and data plane exchanges. The protocol is intended to operate over a variety of on-aircraft communication means, including, but not limited to, ethernet-based and ARINC 664-based aircraft networks. The reader should also reference ARINC 858 Part 1 and Part 2. This product was developed in coordination with ICAO WG-I, RTCA SC-223, and EUROCAE WG-108.
Airlines Electronic Engineering Committee
What is Going on within the Automotive PowerNet?2024-01-29857/2/2024
The automotive PowerNet is in the middle of a major transformation. The main drivers are steadily increasing power demand, availability requirements, and complexity and cost. These factors result in a wide variety of possible future PowerNet topologies. The increasing power demand is, among other factors, caused by the progressive electrification of formerly mechanical components and a constantly increasing number of comfort and safety loads. This leads to a steady increase in installed electrical power. X-by-wire systems1 and autonomous driving functions result in higher availability requirements. As a result, the power supply of all safety-critical loads must always be kept sufficiently stable. To reduce costs and increase reliability, the car manufacturers aim to reduce the complexity of the PowerNet system, including the wiring harness and the controller network. The wiring harness e.g., is currently one of the most expensive parts of modern cars. These challenges are met with a
Jagfeld, Sebastian Michael PeterWeldle, RichardKnorr, RainerFill, AlexanderBirke, Kai Peter
Items per page:
1 – 50 of 514