Browse Topic: Safety regulations and standards

Items (835)
Find
Determining Worst-Case Execution Time Bounds for Multi-core Processors2025-01-0155To be published on 05/02/2025
Demonstrating deadline adherence for real-time tasks is a common requirement in all safety norms, including ISO 26262 and DO-178C. Timing verification has to address two levels: the code level (worst-case execution time) and the scheduling level (worst-case response time). Determining which methodology is suited best depends on the characteristics of the target processor. All contemporary microprocessors try to maximize the instruction-level parallelism by sophisticated performance-enhancing features that make the execution time of a particular instruction dependent on the execution history. On multi-core systems, the execution time additionally is influenced by interference effects on shared resources caused by concurrent activities on the different cores, which are not controlled by the scheduling algorithm. In the avionics domain, the new FAA AC 20-193 / EASA AMC 20-193 guidance documents formalize predictability aspects of multi-core systems and derive adequate measures for timing
Kaestner, DanielGebhard, GernotHuembert, ChristianPister, MarkusWegener, SimonFerdinand, Christian
Technical Paper
The Why of Development Assurance2025-01-0154To be published on 05/02/2025
In the domain of aircraft certification, Development Assurance is what some would call a useful tool to gain confidence in the development of complex systems, and what others would call a necessary evil. But what does it actually do? Why is it necessary for certification of modern aircraft? What, epistemologically, does it bring to the table? This paper aims to show why development assurance activities, at all levels from aircraft to item, close the epistemological holes created when complex systems are chosen for implementation. It will map the different sources and types of uncertainty encountered in system verification and explain how each type is dealt with within a certification context, working from simple mechanical systems up to complex and highly integrated systems using software and airborne electronic hardware and beyond. It will show that Development Assurance, far from being an arbitrary set of activities, systematically brings personal and corporate expertise to bear to
Laflin, Cory R.
Technical Paper
The Influence of Impact Location and Angle on the Dynamic Response of a Large Omnidirectional Child Dummy Head and Neck Complex2025-01-874004/01/2025
Head injuries are a common cause of fatality and long-term impairment in child occupants in motor vehicle crashes. The National Highway Traffic Safety Administration (NHTSA) has developed the Large Omnidirectional Child (LODC) Anthropomorphic Test Device (ATD) where the head was designed to match pediatric biomechanical impact response targets from previous literature. The purpose of this study was to compare experimental and computational results for eight impact directions at 45-degree increments around the LODC head under two levels of impact severity: low and high, corresponding to nominal velocities of 3.08 mm/ms and 5.42 mm/ms, respectively. The experimental setup consists of the LODC head and neck assembly rigidly attached to a circular fixture plate and a hemispherical-shaped impactor 76.2 mm in diameter. The acceleration and angular velocity responses were measured and computed from the LODC finite element (FE) head CG and compared against the experimental data. Experimental
Challa, AbhishiktNoll, Scott
Technical Paper
Controllability and Driving Automation2025-01-867904/01/2025
A key challenge for manufacturers of automotive systems, hardware components and software products with no contribution to driving automation is the stringent requirements imposed on elements while being integrated into vehicles with driving automation. The result is increased development cost and low reusability. For such elements or components with no contribution to driving automation, their functions and failure modes remain unchanged when comparing vehicle integration with and without driving automation. The influence of driving automation is not accounted for in the current approach of classifying risk while conducting a Hazard Analysis and Risk Assessment (HARA). Functional safety standards for on-road vehicles rely on human intervention as a parameter to classify risk. Since current safety standards for on-road vehicles are not inclusive of driving automation concepts, classification of risk, based on existing definitions of parameters such as controllability, leads to
Shah, MihirIbarra, Ireri
Technical Paper
Research on Torque Management Safety Monitoring Control for Hybrid Vehicles2025-01-857904/01/2025
Hybrid vehicles are driven by the vehicle controller, engine controller and motor controller through torque control, and there may be unexpected acceleration or deceleration of the vehicle beyond the driver's expectation due to systematic failure and random hardware failure. Based on the torque control strategy of hybrid vehicles, the safety monitoring model design of torque control is carried out according to the ISO 26262 safety analysis method. Through the establishment of safety goals and the analysis of safety concepts, this paper conducts designs including the driver allowable torque design for safety monitoring, the driver torque prediction design for safety monitoring, the rationality judgment design of driver torque for safety monitoring, the functional safety degradation design, and the engine start-stop status monitoring, enabling the system to transition to a safe state when errors occur. Firstly, the design of the driver's allowable torque includes the allowable requested
Jing, JunchaoWang, RuiguangLiu, YiqiangHuang, WeishanDai, Zhengxing
Technical Paper
Freedom from Interference Challenges for Adaptive Autosar Based Platform2025-01-807404/01/2025
This paper examines the challenges and mechanisms for ensuring Freedom from Interference in Adaptive AUTOSAR-based platforms, with a focus on managing Memory, Timing, and Execution challenges. It explores the robust safety mechanisms in Classic AUTOSAR that ensure Freedom from Interference and the significant challenges in achieving interference-free operation in Adaptive AUTOSAR environments while adhering to ISO26262 standards. The study emphasizes strategies for managing complexities and outlines the multifaceted landscape of achieving interference-free operation. Additionally, it discusses ASIL-compliant Hypervisor, memory partitioning, and Platform Health Management as mechanisms for ensuring safety execution. The paper also raises open questions regarding real-time problems in live projects that are not solved with existing safety mechanisms. Adaptive AUTOSAR plays a crucial role in the development of autonomous and connected vehicles, where functional safety is of utmost
Jain, Yesha
Technical Paper
Development of a Rule-Based Lidar Lane-Keeping Assistance System for Autonomous Vehicles Applications2025-01-802504/01/2025
Lane-keeping is critical for SAE Level 3+ autonomous vehicles, requiring rigorous validation and end-to-end interpretability. All recently U.S.-approved level 3 vehicles are equipped with lidar, likely for accelerating active safety. Lidar offers direct distance measurements, allowing rule-based algorithms compared to camera-based methods, which rely on statistical methods for perception. Furthermore, lidar can support a more comprehensive and detailed approach to studying lane-keeping. This paper proposes a module perceiving oncoming vehicle behavior, as part of a larger behavior-tree structure for adaptive lane-keeping using data from a lidar sensor. The complete behavior tree would include road curvature, speed limits, road types (rural, urban, interstate), and the proximity of objects or humans to lane markings. It also accounts for the lane-keeping behavior, type of adjacent and opposing vehicles, lane occlusion, and weather conditions. The algorithm was evaluated using
Soloiu, ValentinMehrzed, ShaenKroeger, LukePierce, KodySutton, TimothyLange, Robin
Technical Paper
Leveraging the Automated Mobility Partnership (AMP) to Support the Evaluation of Safety of the Intended Functionality (SOTIF) in Automated Driving Systems2025-01-867404/01/2025
The Automated Mobility Partnership (AMP) is a consortium of industry and academic stakeholders dedicated to advancing Automated Driving Systems (ADS) through a comprehensive suite of tools, datasets, and methodologies. The AMP portal integrates events from over 35 million miles of naturalistic driving data including thousands of annotated crashes and near-crashes and a decade of U.S. police-reported crash data curated by the Virginia Tech Transportation Institute. The portal enables data discovery, visualization, processing, and analysis through secured web access. This paper briefly describes the AMP portal and examines its utility in developing and evaluating the safety of ADS using standardized processes. For the examination, we provide examples based on generic automated driving functions, guided by the Safety of the Intended Functionality (SOTIF) framework. The results show that AMP is instrumental in identifying recorded real-world cases in which the hazardous behavior of a
Antona-Makoshi, JacoboWilliams, VickiAli, GibranSullivan, KayeTerranova, PaoloKefauver, KevinHatchett, Alex
Technical Paper
Aggregation of Cervical Loads in Rear Impact Crash Tests and Comparison to Activities of Daily Living2025-01-870804/01/2025
Peak upper and lower neck load data from rear impact crash testing were reviewed, aggregated, and analyzed from over 1,800 tests of existing peer-reviewed literature and research as well as available testing conducted by the Insurance Institute for Highway Safety (IIHS) and the National Highway Traffic Safety Administration (NHTSA). Both human volunteers and anthropomorphic test devices (ATDs) were subjects of the reviewed studies and testing. Peak upper and lower neck axial forces (compression and tension), sagittal shear forces, and sagittal moments (flexion and extension) from available crash testing were reported and analyzed as functions of measured change in velocity (delta-V) ranging from approximately 3 to 60 km/h (1.9 to 37 mph). This load data was then further analyzed for possible trends amongst various testing conditions, such as seat type, ATD used, and subject seating position within the vehicle chassis and seat to develop a simple linear model. The linear regressions
Kazmierczak, AlexUmale, SagarVisalli, AlyssaWebb, EllaKashdan, AryehRandles, BryanWelcher, Judson
Technical Paper
Responsible AI System Development in Automotive Applications: A Framework2025-01-810204/01/2025
With the surge in adoption of artificial intelligence (AI) in automotive systems, especially Advanced Driver Assistance Systems (ADAS) and autonomous vehicles (AV), comes an increase of AI-related incidents–several of which have ended in injuries and fatalities. These incidents all share a common deficiency: insufficient coverage towards safety, ethical, and/or legal requirements. Responsible AI (RAI) is an approach to developing AI-enabled systems that systematically take such requirements into account. Existing published international standards like ISO 21448:2022 (Safety of the Intended Functionality) and ISO 26262:2018 (Road Vehicles – Functional Safety) do offer some guidance in this regard but are far from being sufficient. Therefore, several technical standards are emerging concurrently to address various RAI-related challenges, including but not limited to ISO 8800 for the integration of AI in automotive systems, ISO/IEC TR 5469:2024 for the integration of AI in functional
Nelson, JodyLin, Christopher
Technical Paper
The Challenges of Next-gen ADAS and ADS and Related Vehicle Safety TopicsEPR202500303/31/2025
Advanced driver assistance systems (ADAS) and automated driving systems (ADS) continue to expand into the market at a rapid pace. As improved (i.e., next generation) versions of these systems become available, they will continue to face many challenges in their implementation and benefits for safety and driving operations. The solution will involve many parties, including road safety professionals and researchers who see the potential in these systems but may have difficulties keeping up with them, and safety advocates who are calling for these systems to achieve higher levels of safety now. The Challenges of Next-gen ADAS and ADS and Related Vehicle Safety Topics explores these challenges that will fall on the National Highway Traffic Safety Administration (NHTSA) and automakers as they balance costs and benefits; establish reasonable regulations and standards; and determine how to improve, test, deliver, and use these systems successfully. Perhaps the most formidable challenge will
Chalmers, Seth
Research Report
Smart Clusters: Functional Safety Concepts and Requirements12-08-02-001803/28/2025
This study presents a detailed review of a contemporary safety concept for a smart cluster, comprising a multipurpose display and a head unit. It focuses on elucidating the fundamental regulatory requirements for smart clusters within the frameworks of the United States and the European Union, and draws connections to their functional safety requirements and concepts. The article explores a range of safety mechanisms and architectures designed to implement these proposed functional safety requirements. For each mechanism, we provide an in-depth analysis of its benefits and drawbacks, as well as a thorough explanation of its operational logic. This comprehensive evaluation offers valuable insights into developing safer and more efficient smart clusters in line with international regulatory standards.
Anisimov, ValentinBabaev, IslamShinde, Chaitanya
Journal Article
System Theoretic Process Analysis (STPA) Standard for All IndustriesJ3307_202503 (Current)03/25/2025
This standard documents what is required to execute a System Theoretic Process Analysis (STPA) of safety-critical products or systems in all industries. This standard defines the terminology, the steps in using STPA, the activities flow, and the expected deliverables. This standard may be used when addressing compliance with contractual or regulatory requirements regarding risk assessments, safety assessments, development assurance, system security engineering, or other similar requirements as appropriate. In addition, this standard can be used to demonstrate that an effective STPA evaluation has been conducted when compliance is not of paramount concern. This standard is applicable to a broad set of uses including, but not limited to, corporate product development processes, organizational processes, regulatory groups, supplier processes, defense programs (e.g., government awards a contract to a company and the contract mandates STPA), defense program office (e.g., government safety
Functional Safety Committee
Technical Standard
Editorial09-13-01-000803/24/2025
Driving Change: NHTSA’s Role in Advancing Road Safety
Hardy, Warren N.
Journal Article
Leveraging Triggering Conditions for Efficient Scenario-Based Testing of Automated Vehicles12-08-04-003502/19/2025
Scenario-based testing has become a central approach of safety verification and validation (V&V) of automated driving. The standard ISO 21448: Safety of the intended functionality (SOTIF) [1] proposes triggering conditions (e.g., an occluded traffic sign) as a new aspect to be considered to organize scenario-based testing. In this contribution, we discuss the requirements and the strategy of testing triggering conditions in an iterative, SOTIF-oriented V&V process. Accordingly, we illustrate a method for generating test scenarios for evaluating potential triggering conditions. We apply the proposed method in a two-fold case study: We demonstrate how to derive test scenarios and test these with a virtual automated driving system in simulation. We provide an analysis of the testing result to show how triggering condition-based testing facilitates spotting the weakness of the system. Besides, we exhibit the applicability of the method based on multiple triggering conditions and nominal
Zhu, ZhijingPhilipp, RobinHowar, Falk
Journal Article
AVSC Best Practice for Automated Driving System-Dedicated Vehicles (ADS-DVs) Safety Inspection FrameworkAVSC-D-03-202412/20/2024
Safety inspections support sustained safety performance when fleet operators deploy automated driving system-dedicated vehicles (ADS-DVs) on public roads. A clearly defined and traceable safety inspection protocol can help build public trust and promote industry standardization. A well-defined process for designing and managing a safety inspection protocol and a list of minimum inspection elements can help ADS-DV manufacturers, developers, and fleet operators create, maintain, and implement safety inspection protocols. This best practice provides a framework for creating, maintaining, and documenting a safety inspection protocol. It includes a classification for ADS-DV subsystems and components, a list of minimum inspection elements, a perspective on the types of triggers that can initiate inspections, and an illustrative example of the lifecycle of a safety inspection protocol and how inspections may change at each stage. This best practice will help to standardize the communication
Automated Vehicle Safety Consortium
Best Practice
Development and Simulation of an AUTOSAR Software Component for Functional Safety according to ISO 26262 Fault Detection and Safety Mechanisms2024-36-013212/20/2024
In the context of advancing automotive electronic systems, ensuring functional safety as per ISO 26262 standards has become of primary importance. This paper presents the development of an AUTOSAR-compliant Software Component (SWC) applied to ISO 26262 applications. Using MATLAB/Simulink, we design and simulate a SWC that operates within the AUTOSAR architecture, focusing on fault detection and activation of safety mechanisms. The SWC is built to monitor specific system parameters and operational anomalies. Upon detecting a fault, it triggers predefined safety mechanisms to mitigate risks and ensure system integrity. The simulation focus on capability to accurately identify faults and execute safety measures effectively, thus demonstrating a practical approach to enhance automotive system safety implementation and its reuse. This paper not only highlights the importance of ISO 26262 in the automotive industry but also illustrates the feasibility of developing and integrating safety
Santiago, Frederico Victor Scoralickdos Santos Machado, ClebersonImbasciati, HenriqueCosta, Silvio Romero Alves
Technical Paper
Biofidelity Assessment of the GHBMC M50-O Seated in a Honda Accord Seat in a Rear-Facing Configuration during a High-Speed Frontal Impact09-12-03-001412/10/2024
Vehicles equipped with automated driving systems (ADS) may have non-traditional seating configurations, such as rear-facing for front-row occupants. The objectives of this study are (1) to generate biomechanical corridors from kinematic data obtained from postmortem human subjects (PMHS) sled tests and (2) to assess the biofidelity of the Global Human Body Models Consortium (GHBMC) 50th male (M50-O) v6.0 seated in an upright (25-deg recline) Honda Accord seat with a fixed D-ring (FDR) in a 56 km/h rear-facing frontal impact. A phase optimization technique was applied to mass-normalized PMHS data for generating corridors. After replicating the experimental boundary conditions in the computational finite element (FE) environment, the performance of the rigidized FE seat model obtained was validated using LSTC Hybrid III FE model simulations and comparison with experiments. The most recent National Highway Traffic Safety Administration (NHTSA) Biofidelity Ranking System (BRS) method was
Pradhan, VikramRamachandra, RakshitStammen, JasonKracht, CoreyMoorhouse, KevinBolte, John H.Kang, Yun-Seok
Journal Article
Writing an Effective Technical Safety Concept in Accordance with ISO262622024-28-020712/05/2024
With the trend of increasing technological complexity, software content and mechatronic implementation, there are increasing risks from systematic failures and random hardware failures, which is to be considered within the scope of functional safety. ISO 26262 series of standards provides guidance to mitigate these risks by providing appropriate requirements and processes. To develop a safe product with respect to above mentioned complexities, it is very critical to develop a safe system and hence a thorough and robust “Technical Safety Concept” is very important to ensure absence of unreasonable risk due to hazards caused by malfunctions of E/E systems. ISO26262-Part 4 provides guidelines for “Product development at the system level”, to design safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles. Defining requirements at system level for each individual technology and systematically
Cheni, Dileep KumarDesai, Priyanka Pradeep
Technical Paper
Comprehensive Characterization of Soft Tissue and Surrogate Materials across Varied Loading Methods09-12-02-001211/12/2024
Exploring the mechanical properties of soft tissues under compressive loading is crucial for understanding their role in automobile incidents. Soft tissues, which serve as cushions or padding between bone and vehicle interiors, significantly influence contact duration and forces, thereby altering incident kinematics and injury. In this investigation, muscle and soft connective tissues from post-mortem human subjects (PMHS) forearms were excised and subjected to compression and indentation testing methods at various rates and strains. Specific samples with higher proportions of muscle were compared against samples without muscle tissues to evaluate the role of compositional changes. Anthropomorphic test device (ATD) upper extremity foam and vinyl–foam composite analog tissues underwent similar testing for comparison. High impact rates simulating those in high-speed automotive collisions were achieved using a custom-built drop tower impactor setup. The results revealed significantly
Dennis, Cole J.Quenneville, Cheryl E.
Journal Article
Safety Concepts for Future Electromechanical Brake Central Control Systems15-18-01-000410/25/2024
Electromechanical brakes (EMB) are currently coming into focus in the automotive industry. This trend was confirmed in 2022, when a first automotive supplier [1] announced the series production of EMB systems. One major driver is safety, especially if EMB systems are implemented with smart actuators that install redundant electronic control units (ECU) and distributed software [1]. Earlier, the authors have addressed safety mechanisms in EMB actuators [2]. In this article the authors extend their investigation to address safety mechanisms in future EMB central control systems (CCS). Impact of different brake system topologies (X-, H-, centralized) vis-à-vis potential safety mechanisms within communication buses and ECUs is analyzed.
Schrade, SimonRöhler, AndreasNowak, XiVerhagen, ArminSchramm, Dieter
Journal Article
Navigating the Evolving Landscape of Safety Standards for Machine Learning-based Road Vehicle FunctionsEPR202401708/26/2024
ML approaches to solving some of the key perception and decision challenges in automated vehicle functions are maturing at an incredible rate. However, the setbacks experienced during initial attempts at widespread deployment have highlighted the need for a careful consideration of safety during the development and deployment of these functions. To better control the risk associated with this storm of complex functionality, open operating environments, and cutting-edge technology, there is a need for industry consensus on best practices for achieving an acceptable level of safety. Navigating the Evolving Landscape of Safety Standards for Machine Learning-based Road Vehicle Functions provides an overview of standards relevant to the safety of ML-based vehicle functions and serves as guidance for technology providers—including those new to the automotive sector—on how to interpret the evolving standardization landscape. The report also contains practical guidance, along with an example
Burton, Simon
Research Report
Braking compatibility between motorvehicle and trailer: identification of impacts on braking behavior under different types of predominance pressure2024-36-030808/09/2024
In recent decades, it can be noted an advance in new technologies applied to commercial vehicles. This advancement led to the development of new functions making products more efficient and safer, benefiting the society in general. Commercial vehicle manufacturers brought their products to levels higher than those required by current legal resolutions. Among the various resolutions applied to the braking system, in CONTRAN #915/22, which specifies minimum requirements of performance of vehicles brakes, the part 7 of NBR 10966 stands out. This standard determines requirements for compatibility between towing and towed units combined as a vehicle. The purpose of this study was to evaluate the thermal balance between the brakes of a motor vehicle combined with a semi-trailer. The tests were carried out by varying the pneumatic pressure that controls the service brake of towed units during braking. Some of the pressure levels were complying with compatibility requirements, others were not
Dias, Eduardo MirandaTravaglia, Carlos Abílio PassosRodrigues, AndréRudek, CludemirBritto, Danilo
Technical Paper
Toward a Methodology for the Verification and Validation of AI-Based Systems12-08-01-000607/27/2024
Verification and validation (V&V) is the cornerstone of safety in the automotive industry. The V&V process ensures that every component in a vehicle functions according to its specifications. Automated driving functionality poses considerable challenges to the V&V process, especially when data-driven AI components are present in the system. The aim of this work is to outline a methodology for V&V of AI-based systems. The backbone of this methodology is bridging the semantic gap between the symbolic level at which the operational design domain and requirements are typically specified, and the sub-symbolic, statistical level at which data-driven AI components function. This is accomplished by combining a probabilistic model of the operational design domain and an FMEA of AI with a fitness-for-purpose model of the system itself. The fitness-for-purpose model allows for reasoning about the behavior of the system in its environment, which we argue is essential to determine whether the
Paardekooper, Jan-PieterBorth, Michael
Journal Article
Formal Technique for Fault Detection and Identification of Control Intensive Application of Stall Warning System Using System Theoretic Process Analysis2024-26-047106/01/2024
Faults if not detected and processed will create catastrophe in closed loop system for safety critical applications in automotive, space, medical, nuclear, and aerospace domains. In aerospace applications such as stall warning and protection/prevention system (SWPS), algorithms detect stall condition and provide protection by deploying the elevator stick pusher. Failure to detect and prevent stall leads to loss of lives and aircraft. Traditional Functional Hazard and Fault Tree analyses are inadequate to capture all failures due to the complex hardware-software interactions for stall warning and protection system. Hence, an improved methodology for failure detection and identification is proposed. This paper discusses a hybrid formal method and model-based technique using System Theoretic Process Analysis (STPA) to identify and diagnose faults and provide monitors to process the identified faults to ensure robust design of the indigenous stall warning and protection system (SWPS). The
Kale, AlexanderMadhuranath, GaneshShanmugham, ViswanathanNanda, ManjuSingh, GireshDurak, Umut
Technical Paper
FMVSS Inertia Dynamometer Test Procedure for Vehicles Below 4540 kg GVWRJ2784_202405 (Current)05/24/2024
This document derives from the Federal Motor Vehicle Safety Standards (FMVSS) 105 and 135 vehicle test protocols as single-ended inertia-dynamometer test procedures. The test sequences enable brake output measurement, friction material effectiveness, and corner performance in a controlled and repeatable environment. This SAE Document also includes optional sections for parking brake output performance for rear brakes with hydraulic or Electric Park Brakes (EPB). It applies to brake corners from vehicles covered by the FMVSS 105 and 135 when using the appropriate brake hardware and test parameters. The FMVSS 135 applies to all passenger cars and light trucks up to 3500 kg of gross vehicle weight (GVWR). The FMVSS 105 applies to all passenger cars, multi-purpose vehicles, buses, and trucks above 3500 kg of GVWR. This document does not include testing for school bus applications or vehicles equipped with hydraulic brakes with a GVWR above 4540 kg. This document does not evaluate or
Brake Dynamometer Standards Committee
Recommended Practice
AVSC Best Practice for Core Automated Vehicle Safety InformationAVSC-D-02-202405/14/2024
Automated driving system (ADS) manufacturers, developers, and operators need to provide clear information on their safety approach to relevant stakeholders. Explainability to diverse audiences helps build trust in statements from these organizations towards the shared value of safety. A defined list of core safety topics can help set expectations when communicating deployment and use-case-specific automated vehicle (AV) safety information. The topics listed in this best practice are implementation-agnostic and broadly applicable. This best practice describes how safety is continuous and connected throughout lifecycle stages and highlights considerations when including safety metrics as part of the communicated information. It lists topics that are considered core, provides a rationale, illustrative examples where applicable, suggestions of content that could be included for the example, and lists references and industry examples for further information. By following this best practice
Automated Vehicle Safety Consortium
Best Practice
Evaluation of DAMAGE Algorithm in Frontal Crashes2023-22-000604/17/2024
With the current trend of including the evaluation of the risk of brain injuries in vehicle crashes due to rotational kinematics of the head, two injury criteria have been introduced since 2013 – BrIC and DAMAGE. BrIC was developed by NHTSA in 2013 and was suggested for inclusion in the US NCAP for frontal and side crashes. DAMAGE has been developed by UVa under the sponsorship of JAMA and JARI and has been accepted tentatively by the EuroNCAP. Although BrIC in US crash testing is known and reported, DAMAGE in tests of the US fleet is relatively unknown. The current paper will report on DAMAGE in NCAP-like tests and potential future frontal crash tests involving substantial rotation about the three axes of occupant heads. Distribution of DAMAGE of three-point belted occupants without airbags will also be discussed. Prediction of brain injury risks from the tests have been compared to the risks in the real world. Although DAMAGE correlates well with MPS in the human brain model across
Prasad, PriyaBarbat, Saeed D.Kalra, AnilDalmotas, Dainius J.
Journal Article
Investigation of THOR-AV 5F Biofidelity in Sled Test Conditions with a Semi-Rigid Seat2023-22-000404/17/2024
THOR-AV 5F, a modified THOR-5F dummy, was designed to represent both upright and reclined occupants in vehicle crashworthiness studies. The dummy was evaluated in four test conditions: a) 25° seatback, 15 km/h, b) 25° seatback, 32 km/h, c) 45° seatback, 15 km/h, d) 45° seatback, 32 km/h. The dummy’s biomechanical responses were compared against those of postmortem human subjects (PMHS) tested in the same test conditions. The latest National Highway Traffic Safety Administration (NHTSA) BioRank method was used to provide a biofidelity ranking score (BRS) for each data channel in the tests to assess the dummy’s biofidelity objectively. The evaluation was categorized into two groups: restraint system and dummy. In the four test conditions, the restraint system showed good biofidelity with BRS scores of 1.49, 1.47, 1.15, and 1.79, respectively. The THOR-AV 5F demonstrated excellent biofidelity in three test conditions: 25° seatback, 15 km/h (BRS = 0.76); 25° seatback, 32 km/h (BRS = 0.89
Wang, Z. JerryHumm, JohnHauschild, Hans W.
Journal Article
Development of a Dynamic Nonlinear Finite Element Model of the Large Omnidirectional Child Crash Test Dummy2024-01-250904/09/2024
The Large Omnidirectional Child (LODC) developed by the National Highway Traffic Safety Administration (NHTSA) has an improved biofidelity over the currently available Hybrid III 10-year-old (HIII-10C) Anthropomorphic Test Device (ATD). The LODC design incorporates enhancements to many body region subassemblies, including a redesigned HIII-10C head with pediatric mass properties, and the neck, which produces head lag with Z-axis rotation at the atlanto-occipital joint, replicating the observations made from human specimens. The LODC also features a flexible thoracic spine, a multi-point thoracic deflection measurement system, skeletal anthropometry that simulates a child's sitting posture, and an abdomen that can measure belt loading directly. This study presents the development and validation of a dynamic nonlinear finite element model of the complete LODC dummy. Based on the three-dimensional CAD model, Hypermesh was used to generate a mesh of the finite element (FE) LODC model. LS
Challa, Balaji Naga Sai AbhishiktYang, PeiyuCarlson, MichaelSuntay, BrianStammen, JasonNoll, Scott
Journal Article
Functional Safety Concept Design of Vehicle Steer-by-Wire System2024-01-279204/09/2024
Steer-By-Wire (SBW) system directly transmits the driver's steering input to the wheels through electrical signals. However, the reliability of electronic equipment is significantly lower than that of mechanical structures, and the risk of failure increases, so it is important to conduct functional safety studies on SBW systems. This paper develops the functional safety of the SBW system according to the requirements of the international standard ISO26262, and first defines the relevant items and application scope of SBW system. Secondly, the Hazard and Operability (HAZOP) method was used to combine scenarios and possible dangerous events to carry out Hazard Analysis and Risk Assessment (HARA), and the Automotive Safety Integrity Level (ASIL) was obtained according to the three evaluation indicators of Exposure, Severity and Controlabillity, and then the corresponding safety objectives were established and Fault Tolerant Time Interval (FTTI) was set. Finally, the safety analysis of the
Li, AohanKaku, ChuyoWang, ZhenhuaZheng, Hongyu
Technical Paper
STEAM & MoSAFE: SOTIF Error-and-Failure Model & Analysis for AI-Enabled Driving Automation2024-01-264304/09/2024
Driving Automation Systems (DAS) are subject to complex road environments and vehicle behaviors and increasingly rely on sophisticated sensors and Artificial Intelligence (AI). These properties give rise to unique safety faults stemming from specification insufficiencies and technological performance limitations, where sensors and AI introduce errors that vary in magnitude and temporal patterns, posing potential safety risks. The Safety of the Intended Functionality (SOTIF) standard emerges as a promising framework for addressing these concerns, focusing on scenario-based analysis to identify hazardous behaviors and their causes. Although the current standard provides a basic cause-and-effect model and high-level process guidance, it lacks concepts required to identify and evaluate hazardous errors, especially within the context of AI. This paper introduces two key contributions to bridge this gap. First, it defines the SOTIF Temporal Error and Failure Model (STEAM) as a refinement of
Czarnecki, KrzysztofKuwajima, Hiroshi
Journal Article
Engine Stall Recovery and Restart Procedure for Hybrid Electric Vehicles2024-01-278304/09/2024
Engine stall, a noteworthy occurrence in traditional vehicles, poses challenges due to the inability to disconnect the engine from the driveline. Consequently, in such scenarios, the vehicle experiences a loss of propulsion, necessitating the driver to pull over. The severity of propulsion loss events is underscored by regulatory bodies like the National Highway Traffic Safety Administration (NHTSA), potentially leading to costly recalls for Automotive Manufacturers. Therefore, proactive measures to avert Loss of Propulsion (LoP) events, including the exploration of remedial actions, are strongly encouraged during powertrain controls design. In contrast, hybrid electric vehicles offer a unique advantage. Given the ability to connect or disconnect the engine from the driveline in hybrid or electric-only modes, an engine stall in hybrid mode need not result in a complete loss of propulsion. In such situations, a hybrid electric vehicle can seamlessly transition to electric-only mode
Basutkar, AmeyaPatel, NadirshRostiti, Cristian
Technical Paper
Protection Implementation of Electric Power Steering Based on Functional Safety2024-01-230504/09/2024
To reduce the harm caused by the failure of electronic and electrical system, the application of ISO 26262 functional safety standard in the automotive industry is more and more widespread. As a critical safety-related electronic and electrical system in automobile, electric power steering is very important and necessary to meet the requirements of functional safety. This paper introduces the main development activities of functional safety at software level. In order to realize the purpose of freedom from interference in memory, the safety mechanism of memory protection is proposed in software safety analysis. The memory protection is realized in AUTOSAR architecture by configuration.
Ye, XiaomingYang, YandingLi, LingyangDu, JiaWang, Yongliang
Technical Paper
Vehicle Seat Occupancy Detection and Classification Using Capacitive Sensing2024-01-250804/09/2024
Improving passenger safety inside vehicle cabins requires continuously monitoring vehicle seat occupancy statuses. Monitoring a vehicle seat’s occupancy status includes detecting if the seat is occupied and classifying the seat’s occupancy type. This paper introduces an innovative non-intrusive technique that employs capacitive sensing and an occupancy classifier to monitor a vehicle seat’s occupancy status. Capacitive sensing is facilitated by a meticulously constructed capacitance-sensing mat that easily integrates with any vehicle seat. When a passenger or an inanimate object occupies a vehicle seat equipped with the mat, they will induce variations in the mat’s internal capacitances. The variations are, in turn, represented pictorially as grayscale capacitance-sensing images (CSI), which yield the feature vectors the classifier requires to classify the seat’s occupancy type. This paper details the working of the proposed technique in monitoring vehicle seat occupancy statuses non
Prasanna Kumar, RahulMelcher, DavidButtolo, PietroJia, Yunyi
Technical Paper
Advanced Driver Assistance System (ADAS) Performance Variability with Partial Overlap Targets2024-01-203804/09/2024
While various Advanced Driver Assistance System (ADAS) features have become more prevalent in passenger vehicles, their ability to potentially avoid or mitigate vehicle crashes has limitations. Due to current technological limitations, forward collision mitigation technologies such as Forward Collision Warning (FCW) and Automated Emergency Braking (AEB) lack the ability to consistently perform in many unique and challenging scenarios. These limitations are often outlined in driver manuals for ADAS equipped vehicles. One such scenario is the case of a stationary lead vehicle at the side of the road. This is generally considered to be a challenging scenario for FCW and AEB to address because it can often be difficult for the system to discern this threat accurately and consistently from non-threatening roadway infrastructure without unnecessary or nuisance system activations. This is made more difficult when the stationary lead vehicle is only partially in the driving lane and not
Scally, SeanParadiso, MarcKoszegi, GiacomoEaster, CaseyKuykendal, MichelleAlexander, Ross
Technical Paper
Estimating How Long In-Vehicle Tasks Take: Static Data for Distraction and Ease-of-Use Evaluations2024-01-250504/09/2024
Often, when assessing the distraction or ease of use of an in-vehicle task (such as entering a destination using the street address method), the first question is “How long does the task take on average?” Engineers routinely resolve this question using computational models. For in-vehicle tasks, “how long” is estimated by summing times for the included task elements (e.g., decide what to do, press a button) from SAE Recommended Practice J2365 or now using new static (while parked) data presented here. Times for the occlusion conditions in J2365 and the NHTSA Distraction Guidelines can be determined using static data and Pettitt’s Method or Purucker’s Method. These first approximations are reasonable and can be determined quickly. The next question usually is “How likely is it that the task will exceed some limit?” This question, addressed using discrete event simulations such as IMPRINT, requires the distribution types and parameters (mean, standard deviation, etc.) for each task
Green, Paul
Technical Paper
Research on Bottom Collision of Battery Pack Based on the First Force Point2024-01-206504/09/2024
The rapid advancement of new energy vehicle technology has led to the widespread placement of battery packs at the bottom of vehicles. However, there is a lack of corresponding regulations and standards to guide aspects related to vehicle bottom safety. This lack of guidance obscures the relative importance of various parameters impacting the structural safety of battery packs under dynamic impact conditions. Consequently, research on battery pack bottom collisions holds practical significance and offers valuable reference material. This study proposed a method based on the first collision point to examine the impact of bottom collisions on the mechanical safety performance of battery pack bottoms. A finite element model of the battery pack was established to investigate the effects of different impact types. During the collision event, the first collision point on the battery pack absorbed the most energy, resulting in the most severe damage and the formation of a distinct dent at the
Yan, PengfeiWang, FangMa, TianyiGao, YanHan, Ce
Technical Paper
A Systematic Approach for Creation of SOTIF’s Unknown Unsafe Scenarios: An Optimization based Method2024-01-196604/09/2024
Verification and validation (V&V) of autonomous vehicles (AVs) is a challenging task. AVs must be thoroughly tested, to ensure their safe functionality in complex traffic situations including rare but safety-relevant events. Furthermore, AVs must mitigate risks and hazards that result from functional insufficiencies, as described in the Safety of the Intended Functionality (SOTIF) standard. SOTIF analysis includes iterative identification of driving scenarios that are not only unsafe, but also unknown. However, identifying SOTIF’s unknown-unsafe scenarios is an open challenge. In this paper we proposed a systematic optimization-based approach for identification of unknown-unsafe scenarios. The proposed approach consists of three main steps including data collection, feature extraction and optimization towards unknown unsafe scenarios. In the data collection step, we proposed an efficient way of data collection by focusing on key areas of the Operational Design Domain (ODD) (e.g
Singh, Tajindervan Hassel, EdwinSheorey, AkshayAlirezaei, Mohsen
Technical Paper
Research on Occupant Injury Prediction Method of Vehicle Emergency Call System Based on Machine Learning2024-01-201004/09/2024
The on-board emergency call system with accurate occupant injury prediction can help rescuers deliver more targeted traffic accident rescue and save more lives. We use machine learning methods to establish, train, and validate a number of classification models that can predict occupant injuries (by determining whether the MAIS (Maximum Abbreviated Injury Scale) level is greater than 2) based on crash data, and ranked the correlation of some factors affecting vehicle occupant injury levels in accidents. The optimal model was selected by the model prediction accuracy, and the Grid Search method was used to optimize the hyper-parameters for the model. The model is based on 2799 two-vehicle collision accident data from NHTSA CISS (The Crash Investigation Sampling System of NHTSA) traffic accident database.The results show that the model achieves high-precision prediction of occupant injury MAIS level (recall rate 0.8718, AUC(Area under Curve) 0.8579) without excluding vehicle model, and
Huida, ZhangLiu, YuRui, YangWu, XiaofanFan, TiqiangWan, Xinming
Technical Paper
A Method for Determining Mileage Accumulation for Robustness Validation of Advanced Driver Assistance Systems (ADAS) Features2024-01-197704/09/2024
Robustness testing of Advanced Driver Assistance Systems (ADAS) features is a crucial step in ensuring the safety and reliability of these systems. ADAS features include technologies like adaptive cruise control, lateral and longitudinal controls, automatic emergency braking, and more. These systems rely on various sensors, cameras, radar, lidar, and software algorithms to function effectively. Robustness testing aims to identify potential vulnerabilities and weaknesses in these systems under different conditions, ensuring they can handle unexpected scenarios and maintain their performance. Mileage accumulation is one of the validation methods for achieving robustness. It involves subjecting the systems to a wide variety of real-world driving conditions and driving scenarios to ensure the reliability, safety, and effectiveness of the ADAS features. Following ISO 21448 (Safety of the intended functionality-SOTIF), known hazardous scenarios can be tested and validated through robustness
Almasri, HossamFan, Hsing-HuaMudunuri, Venkateswara Raju
Technical Paper
Minimum Requirements for Road Geometry and Attributes DefinitionJ2945/A_202404 (Historical)04/01/2024
This report specifies the minimum requirements for the Road Geometry and Attributes (RGA) data set (DS) to support road geometry related motor vehicle safety applications. Contained in this report are a concept of operations, requirements, and design, developed using a detailed systems engineering process. Utilizing the requirements, the RGA DS is defined, which includes the DS Abstract Syntax Notation One (ASN.1) format, data frames, and data element definitions. The requirements are intended to enable the exchange of the messages and their DS information to provide the desired interoperability and data integrity to support the applications considered within this report, as well as other applications which may be able to utilize the DS information. System requirements beyond this are outside the scope of this report.
V2X Core Technical Committee
Recommended Practice
Verification and Validation of Model-Based Systems Requirements and Design Leveraging Formal Methods to Increase Development Assurance2024-01-191703/05/2024
As model-based systems engineering is proliferating throughout the aerospace industry as a method to manage the development of complex cyber-physical systems, opportunities to leverage formal methods for verification and validation purposes are significant. As a system model described in SysML can contain the level of semantics required to define strict system requirements, it is possible to create a translation tool to generate SRL (SADL (Semantic Application Design Language) Requirements Language) to leverage ASSERT™ (Analysis of Semantic Specifications and Efficient generation of requirements-based Tests) for verification and validation of the system requirements. SADL [13] is a controlled English grammar that translates directly into OWL (Web Ontology Language) [14]. As part of the validation of the SRL requirements, ASSERT™ leverages a theorem prover to look for conflict and completeness errors. For verification, ASSERT™ uses a Satisfiability Modulo Theories (SMT) solver for the
McMillan, CraigLee, LawrenceRussell, DanielPrince, DanielHasanovic, NihadDurling, MichaelSiu, KitVaranasi, Sarat ChandraMeng, BaoluoKleven, Everett
Journal Article
Unsafe System Operating Conditions – Preventing a Bad Day from Becoming a Really Bad Day2024-01-192603/05/2024
The safety of commercial aviation industry has come under extensive scrutiny and how the system safety process is applied. One specific system safety regulation concerns how unsafe system operating conditions are meeting regulatory requirements. Minimal regulatory guidance was available on this topic and an industry committee (American Society for Testing of Materials) decided to provide a consensus standard with input from a cross-section of airplane manufacturers, suppliers, and regulatory authorities on what is meant by an unsafe system operating condition and how compliance can be shown to the regulation(s). The committee determined that an unsafe system operating condition is when a failure condition severity increases (to hazardous or catastrophic) due to crewmember(s) inaction. For example, if a hazard has occurred it is possible the severity can increase to an unacceptable level as the crewmember(s) are not aware of the hazard. Enabling the crewmember(s) to mitigate the failure
Estagin, Edward
Technical Paper
Methodology to Model, Evaluate and Decompose Safety ArchitecturesSAE-PP-0037902/26/2024
The field of safety-critical automotive systems has seen considerable advancements in recent years, with more and more complex systems requiring robust and dependable architectures. This paper presents a structured methodology for modelling, evaluating and decomposing safety architectures, with the goal of increasing development efficiency and reducing the amount of design iterations. Fundamental choices about safety architectures are typically made early in the development cycle, however the ISO 26262 standard provides little guidance on how to actually make these choices. There is a fundamental risk involved in selecting an architecture (from a structural perspective), which in the end is not capable of meeting the expectations from the ISO 26262 standard. To begin, the proposed methodology incorporates a systematic approach for modeling and evaluating suitable safety architectures in an early stage of development. The proposed methodology leverages other standards to addresses
Boon, FabriceAelvoet, Bjornde Jong, Alexander
Pre-Print Article
Event Data Recorder Trigger Probability in the Crash Investigation Sampling System Database2024-01-502702/23/2024
The objective of this study was to quantify the field performance of passenger vehicle event data recorders (EDRs) in recording data into non-volatile memory at the 8 km/h delta-v (Δv) trigger threshold specified by Title 49, Part 563 of the Code of Federal Regulations (Part 563). Part 563 applies to passenger vehicles manufactured on or after September 1, 2012. The trigger threshold is distinct from the threshold required to deploy an airbag. Events meeting the trigger threshold will cause data to be preserved on the EDR even if airbags are not deployed. This is the first study to quantify EDR trigger threshold performance. This data is valuable in the evaluation of sub-airbag deployment crashes. The study was accomplished via analysis of EDR and reconstructed Δv data from 3,960 cases in the Crash Investigation Sampling System (CISS) database maintained by the National Highway Traffic Safety Administration (NHTSA). The binary presence or non-presence of an event on the EDRs of
Watson, Richard A.Bonugli, EnriqueGreenston, MathewSantos, ErickMartinez, Jonathan
Technical Paper
Effectiveness of the Load Legs in Enhancing the Passive Safety of Rear-Facing Child Seats in Frontal Crash2024-26-034301/16/2024
The passive safety performance of a child seat is modulated by the design features of the child seat and the vehicle interior. For example, in the rear-facing configuration, the child seat impacting front structures increases the head injury risk during a frontal crash. Therefore, this study evaluates the effectiveness of the load leg countermeasure in improving the child seat's overall kinematics and its capability to prevent the secondary impact on the vehicle interior structure in a severe frontal crash scenario. An in-depth, real-world crash investigation involving a properly installed rear-facing child seat impacting the center console was selected for the study where the infant sustained a severe brain injury. In addition, this crash is employed to choose the crash parameters for evaluating the effectiveness of the load leg countermeasure in a similar scenario. Finally, crash sled tests are conducted using the crash signature of the vehicle as obtained from the NHTSA NCAP rigid
Thorbole, Chandrashekhar
Journal Article
Devising Guidelines and Architecture for Efficient Auto-Generation of HIS Compliant Code2024-26-026901/16/2024
Ensuring compliance with the ISO 26262 automotive functional safety standard involves meeting specific quality and complexity standards for automotive source code. However, achieving compliance becomes challenging when dealing with auto-generated code, as the code generator may not consider the required product metrics. This often leads to high metric values that exceed the permissible range. Assessing the impact of design on Hersteller Initiative Software (HIS) metrics within the visual modeling environment becomes difficult, with metrics reports only available after code generation. This makes it hard to achieve compliance through model reworking and regeneration. To address this problem, a methodology is proposed. It defines modeling guidelines and an architecture for generating HIS-compliant code. The HIS metrics are translated into corresponding model implementations, such as mapping the “Number of Function Parameters” metric to the number of subsystem ports and the guideline
Abraham, Atul Varghese
Journal Article
A Simulation Methodology to Design the AVAS System to Meet Safety Regulations and Create the Expected Perception for the Vulnerable Road User2024-26-023001/16/2024
Designing an effective AVAS system, not only to meet safety regulations, but also to create the expected perception for the vulnerable road user, relies on knowledge of the acoustic transfer function between the sound actuator and the receiver. It is preferable that the acoustic transfer function be as constant as possible to allow transferring the sound designed by the car OEM to ensure the safety of vulnerable road users while conveying the proper brand image. In this paper three different methodologies for the acoustic transfer function calculations are presented and compared in terms of accuracy and calculation time: classic Boundary Element method, H-Matrix BEM accelerated method and Ray tracing method. An example of binaural listening experience at different certification positions in the modeled simulated space is also presented.
Calloni, MassimilianoHadjit, RabahSalvekar, PinakMusser, Chadwyck
Technical Paper
ISO 26262 Functional Safety – An Approach for Compliance Readiness2024-26-010401/16/2024
Electrical and Electronic systems in a vehicle are increasing manifolds with Electric and ADAS Vehicles taking the lead. There is a rapid transition happening from hardware driven vehicles to software driven vehicles. ISO 26262 is a global standard defined for functional safety (FuSa) in the automotive industry which addresses the structured design and development approach for eliminating electrical malfunctions leading to critical hazards such as fire in EVs. The standard defines specific requirements that need to be met by the safety relevant electrical system and also by development processes. Though the implementation of FuSa is crucial from vehicle safety point of view, its compliance is still a challenge majorly due to lack of awareness, in-built complexities, increase in project development time and subsequent cost. In this work, we focus on a FuSa implementation model taking into account the conventional new program development cycle. FuSa deliverables are integrated and mapped
PATHAK, ISHAKothari, Bhushan
Technical Paper
Items per page:
1 – 50 of 835