Browse Topic: Risk assessments

Items (402)
Find
Enhancing Airworthiness Security: SysML-Based Approach to Modelling Security Scope Definitions2025-01-0172To be published on 05/02/2025
Airworthiness certification of aircraft requires an Airworthiness Security Process (AWSP) to ensure safe operation under potential unauthorized interactions, particularly in the context of growing cyber threats. Regulatory authorities mandate the consideration of Intentional Unauthorized Electronic Interactions (IUEI) in the development of aircraft, airborne software, and equipment. As the industry increasingly adopts Model-Based Systems Engineering (MBSE) to accelerate development, we aim to enhance this effort by focusing on security scope definitions – a critical step within the AWSP for security risk assessment that establishes the boundaries and extent of security measures. However, our findings indicate that, despite the increasing use of model-based tools in development, these security scope definitions often remain either document-based or, when modeled, are presented at overly abstract levels, both of which limit their utility. Furthermore, we found that these definitions
Hechelmann, AdrianMannchen, Thomas
Technical Paper
An Adaptive Risk-Based Access Control with Trusted Execution Environment for Vehicles2025-01-808904/01/2025
The rapid development of intelligent and connected vehicles is transforming them into data-rich information carriers, which generate and store vast amounts of sensitive information. However, the frequent sharing of resources within these vehicles poses substantial risks to user privacy and data security. Should sensitive resources be accessed maliciously, the consequences could be severe, leading to significant threats to the safety, property, and reputation of both drivers and passengers. To address these risks, this paper proposes an adaptive risk-based access control with Trusted Execution Environment (TEE) specifically designed for vehicles, aimed at managing and restricting access permissions based on risk assessments. Firstly, this paper designs an adaptive risk model in accordance with ISO/SAE 21434, taking into account factors such as the security levels of subjects and objects, context, and the risk history of subjects to separately quantify threats and impacts. By adjusting
Luo, FengLi, ZhihaoWang, JiajiaLuo, Cheng
Technical Paper
A Collision Risk Assessment-Based Longitudinal Collision Avoidance Control Strategy for Tractor Semi-Trailers with Slip Ratio Control2025-01-803704/01/2025
With the advancement of intelligent transportation and smart logistics systems, tractor semi-trailers have gradually become one of the primary modes of transport due to their substantial cargo capacity. However, the growing number of tractor semi-trailers has raised significant traffic safety concerns. Due to their significant spring mass and strong body strength, accidents involving tractor semitrailers often result in severe consequences. Active collision avoidance control strategies provide assurance for vehicle safety. However, existing research predominantly focuses on passenger cars and small commercial vehicles. Research specifically addressing tractor semi-trailers, which have longer bodies and more complex dynamic characteristics, is relatively sparse. Therefore, this paper proposes a collision risk assessment-based longitudinal collision avoidance control strategy for tractor semi-trailers with slip ratio control. Firstly, the paper introduces the braking characteristics and
Yan, YangZheng, HongyuZhang, Yuzhou
Technical Paper
NVH Study of Axial Flux Motor for Electric Propulsion Systems2025-01-856804/01/2025
The advancement of high-performance electrification for electric vehicle (EV) development is continuously pushing the boundaries of electric motor technology. The axial flux motor (AFM) represents a promising application for high-performance EVs, offering potential advantages including up to twice the torque density and a 50% reduction in weight compared to regular IPM radial flux motors. The distinctive "pancake" configuration and high axial forces inherent to AFMs present notable NVH challenges, yet there is a lack of research exploring NVH analysis and risk assessment. In this paper, a 10-pole and 12-slot AFM motor is designed, prototyped, and tested, demonstrating the capability to deliver 320 Nm of peak torque and 140 kW of peak power. A comprehensive finite-element model is constructed, and the orthotropic stator material properties are evaluated using modal test data. The dominant axial stator modes are identified as the source of resonances in the system responses. A three
He, SongJensen, WilliamForsyth, AlexanderChang, LeZhang, PengGong, ChengYao, JianZou, YushengFedida, VincentDuan, ChengwuGSJ, Gautam
Technical Paper
System Theoretic Process Analysis (STPA) Standard for All IndustriesJ3307_202503 (Current)03/25/2025
This standard documents what is required to execute a System Theoretic Process Analysis (STPA) of safety-critical products or systems in all industries. This standard defines the terminology, the steps in using STPA, the activities flow, and the expected deliverables. This standard may be used when addressing compliance with contractual or regulatory requirements regarding risk assessments, safety assessments, development assurance, system security engineering, or other similar requirements as appropriate. In addition, this standard can be used to demonstrate that an effective STPA evaluation has been conducted when compliance is not of paramount concern. This standard is applicable to a broad set of uses including, but not limited to, corporate product development processes, organizational processes, regulatory groups, supplier processes, defense programs (e.g., government awards a contract to a company and the contract mandates STPA), defense program office (e.g., government safety
Functional Safety Committee
Technical Standard
Research on Automatic Emergency Braking Pedestrian System Considering Road Adhesion Coefficient10-09-03-002203/08/2025
To further optimize the automatic emergency braking for pedestrian (AEB-P) control algorithm, this study proposes an AEB-P hierarchical control strategy considering road adhesion coefficient. First, the extended Kalman filter is used to estimate the road adhesion coefficient, and the recursive least square method is used to predict the pedestrian trajectory. Then, a safety distance model considering the influence factor of road adhesion coefficient is proposed to adapt to different road conditions. Finally, the desired deceleration is converted into the desired pressure and desired current to the requirements of the electric power-assisted braking system. The strategy is verified through the hardware-in-the-loop (HIL) platform; the simulation results show that the control algorithm proposed in this article can effectively avoid collision in typical scenarios, the safe distance of parking is between 0.61 m and 2.34 m, and the stop speed is in the range of 1.85 km/h–27.64 km/h.
Wang, ZijunWang, LiangMa, LiangSun, YongLi, ChenghaoYang, Xinglong
Journal Article
A Traffic Conflict Risk Assessment Model for Highway Construction Zones Based on Trajectory Data2025-01-721702/21/2025
Highway construction zones present substantial safety challenges due to their dynamic and unpredictable traffic conditions. With the rising number of highway projects, limited accident data during brief construction phases underscores the need for alternative safety evaluation methods, such as traffic conflict analysis. This study addresses vehicular safety issues within the Kunshan section of the Shanghai-Nanjing Expressway, focusing on conflict risk assessment through a spatio-temporal analysis of a construction zone. Using drone-captured video, vehicle trajectories were extracted to derive key operational indicators, including speed and acceleration, providing a spatio-temporal foundation for analyzing traffic flow and conflict dynamics. A novel **Comprehensive Collision Risk Index (CCRI)** was introduced, integrating Time-to-Distance-to-Collision (TDTC) and Enhanced Time-to-Collision (ETTC) metrics to enable a multidimensional assessment of conflict risk. The CCRI captures both
Zhang, YuwenGuo, XiuchengMa, Yuheng
Technical Paper
Privacy Risk Assessment of Travel Trajectories in Metro AFC Data2025-01-721402/21/2025
The rapid expansion of metro systems in major cities worldwide has resulted in the accumulation of vast amounts of travel data through Automatic Fare Collection (AFC) systems. While this data is crucial for enhancing and optimizing transportation networks, it also raises significant concerns regarding passenger privacy due to the potential exposure of individual travel patterns. In this paper, we propose a novel privacy risk assessment model aimed at quantifying the uniqueness of travel trajectories and evaluating the associated privacy threats. Utilizing AFC data from Chengdu collected in March 2021, we first employ an information entropy approach to assess the uniqueness of travel trajectories across different time granularities. We then apply the K-Means clustering algorithm to classify these trajectories into categories based on their uniqueness levels, enabling us to investigate how factors like travel time and routes influence trajectory uniqueness. To further understand the
Fan, XiaotingQu, XuYang, Hongtai
Technical Paper
Risk Assessment Model for Highway Accidents Using Bayesian Random-Parameters Regression Model2025-01-712102/21/2025
This paper presents a highway accident risk assessment model based on a Bayesian random-parameters logit model, aiming to evaluate the effects of real-time traffic conditions on crash risks on freeways. By incorporating random parameters to account for variations in the impacts of traffic variables across different freeway segments, the model offers greater flexibility and adaptability compared to traditional fixed-parameters logit models. The study utilizes traffic flow data collected from the Hangzhou-Shanghai-Ningbo expressway over a 14-month period, analyzing factors such as traffic density, average vehicle speed, and lane-changing frequency. The estimation process employs Markov Chain Monte Carlo (MCMC) methods, including Gibbs sampling and Metropolis-Hasting algorithms, to ensure model convergence and stability. Empirical results demonstrate significant impacts of these traffic variables on crash risks and successfully identify key variables with random effects, enhancing the
Feng, ShiWang, ZichenLiu, ShaoweihuaWang, FengZhang, YujieLuo, Xi
Technical Paper
Port Node Importance and Risk Assessment in Shipping Networks Based on An Improved PageRank Approach and Reliability Analysis2025-01-718302/21/2025
Since the rapid development of the shipping and port industries in the second half of the twentieth century, the introduction of container technology has transformed cargo management systems, while simultaneously increasing the vulnerability of global shipping networks to natural disasters and international conflicts. To address this challenge, the study leverages AIS data sourced from the Vessel Traffic Data website to extract ship stop trajectories and construct a shipping network. The constructed network exhibits small-world characteristics, with most port nodes having low degree values, while a few ports possess extremely high degree values. Furthermore, the study improved the PageRank algorithm to assess the importance of port nodes and introduced reliability theory and risk assessment theory to analyze the failure risks of port nodes, providing new methods and perspectives for analyzing the reliability of the shipping network.
Li, DingCheng, ChengZhao, XingxiLi, Zengshuang
Technical Paper
Identification and Quantitative Analysis Technique of Road Obstacle Safety Risks2025-01-720102/21/2025
The transition from manual to autonomous driving introduces new safety challenges, with road obstacles emerging as a prominent threat to driving safety. However, existing research primarily focuses on vehicle-to-vehicle risk assessment, often overlooking the significant risks posed by static or dynamic road obstacles. In this context, developing a system capable of real-time monitoring of road conditions, accurately identifying obstacle positions and characteristics, and assessing their associated risk levels is crucial. To address these gaps, this study proposes a comprehensive process for rapid obstacle identification and risk quantification, composed of three main components: road obstacle event detection and feature extraction, risk quantification and level assessment, and output of warning information and countermeasures. First, a rapid detection method suited for highway scenarios is proposed based on the YOLOv5 model, enabling fast detection and classification of obstacles in
Chen, TingtingChen, LeileiYu, WenluChen, Daoxie
Technical Paper
Truck Overload Warning and Risk Assessment Method Based on In-Vehicle System Data2025-01-721002/21/2025
Overloading of trucks will not only damage road infrastructure, lead to exhaust pollution, and even cause serious traffic accidents, resulting in huge losses of life and property. However, most of the methods to evaluate truck overloading are limited by environmental factors, so it is impossible to monitor truck overloading in real time. In order to solve this problem, a truck overload detection method based on real-time vehicle diagnosis big data is proposed in this paper. The method comprehensively considers multiple factors affecting the actual power of trucks through mathematical modeling. It based on the effects of overload on fuel combustion efficiency, harmful gas emission, exhaust temperature, and vehicle power loss, The truck overload evaluation model is constructed to judge whether the truck is overloaded or not in real time. Based on the truck overload assessment and truck accident risk factor extraction , a real-time operation risk assessment model based on fault tree
Chen, YuguangLin, HonghaoWang, Yanan
Technical Paper
Leveraging Triggering Conditions for Efficient Scenario-Based Testing of Automated Vehicles12-08-04-003502/19/2025
Scenario-based testing has become a central approach of safety verification and validation (V&V) of automated driving. The standard ISO 21448: Safety of the intended functionality (SOTIF) [1] proposes triggering conditions (e.g., an occluded traffic sign) as a new aspect to be considered to organize scenario-based testing. In this contribution, we discuss the requirements and the strategy of testing triggering conditions in an iterative, SOTIF-oriented V&V process. Accordingly, we illustrate a method for generating test scenarios for evaluating potential triggering conditions. We apply the proposed method in a two-fold case study: We demonstrate how to derive test scenarios and test these with a virtual automated driving system in simulation. We provide an analysis of the testing result to show how triggering condition-based testing facilitates spotting the weakness of the system. Besides, we exhibit the applicability of the method based on multiple triggering conditions and nominal
Zhu, ZhijingPhilipp, RobinHowar, Falk
Journal Article
Quantifying Hydroplaning Risk: Insights from Water Film Thickness Measurements on Maryland Highways02-18-02-001002/19/2025
Wet pavement conditions during rainfall present significant challenges to traffic safety by reducing tire–road friction and increasing the risk of hydroplaning. During high-intensity rain events, the roadway pavement tends to accumulate water, forming a film that can have serious implications for vehicle control. As the longitudinal speed of the vehicle increases, a water wedge forms in front of the tire, leading to partial loss of contact with the road. At critical hydroplaning speed, a complete water layer forms between the tire and the road. Although less common, dynamic hydroplaning poses severe risks when high-intensity rainfall coincides with high vehicle traveling speed, leading to a complete loss of control over vehicle steering capabilities. This study advances hydroplaning research by integrating real-world data from the Road Weather Information System (RWIS) with an existing hydroplaning model. This approach provides more accurate hydroplaning risk assessments, emphasizing
Vilsan, AlexandruSandu, CorinaAnghelache, Gabriel
Journal Article
Risk Assessment for Urban Logistics Operation of UA2024-01-701711/15/2024
In the context of insufficient international management experience, this study combines the current situation of Chinese aviation and the characteristics of unmanned aircraft (UA) operation, adopts the specific operations risk assessment (SORA) method, and conducts in-depth research on the trial operation risks of UA in urban low-altitude logistics scenarios, conducting effective evaluations and project practices. This study starts from two dimensions of ground risk and air risk, determines the boundaries required for safe operation of UA, and improves the robustness level of UA operation through ground risk mitigation measures and air risk mitigation measures. At the same time, a series of compliance verification methods are provided to meet 24 operational safety objectives (OSO) (including design characteristics, operational limitations, performance standards, safety characteristics, communication requirements, emergency response plans, etc.), ensuring that UA operation does not pose
Li, LiLiu, WeiweiFu, Jinhua
Technical Paper
Boosting Algorithms for the Accident Severity Classification12-08-04-003010/17/2024
Background: Road accident severity estimation is a critical aspect of road safety analysis and traffic management. Accurate severity estimation contributes to the formulation of effective road safety policies. Knowledge of the potential consequences of certain behaviors or conditions can contribute to safer driving practices. Identifying patterns of high-severity accidents allows for targeted improvements in terms of overall road safety. Objective: This study focuses on analyzing road accidents by utilizing real data, i.e., US road accidents open database called “CRSS.” It employs advanced machine learning models such as boosting algorithms such as LGBM, XGBoost, and CatBoost to predict accident severity classification based on various parameters. The study also aims to contribute to road safety by providing predictive insights for stakeholders, functional safety engineering community, and policymakers using KABCO classification systems. The article includes sections covering
Babaev, IslamMozolin, IgorGarikapati, Divya
Journal Article
Risk Analysis for Electric Vehicle Investments: Beta Trends and Monte Carlo Insights2024-24-002709/18/2024
The electric vehicle (EV) industry is seeing a significant increase in global investments. However, it faces major challenges, especially the shortage and rising costs of key raw materials needed for battery production. This situation creates higher economic risks for investors. This paper evaluates the risks of investing in the EV industry, considering current supply chain issues related to finding raw materials, manufacturing, and selling. The evaluation uses the beta coefficient, which measures how much an individual stock’s price is expected to fluctuate compared to the overall stock market. To examine the beta coefficient’s variability, a Monte Carlo simulation is used to calculate its changes, providing insights into the volatility of assets in the EV industry relative to market conditions. The simulation is repeated multiple times until consistent results are obtained. The main goal of this study is to offer a forward-looking tool to help with investment decisions in the
Gutierrez, MarcosTaco, Diana
Technical Paper
Oxygen Cylinder Installation GuideARP5021B (Current)09/13/2024
This document provides guidance for oxygen cylinder installation on commerical aircraft based on airworthiness requirements, and methods practiced within aerospace industry. It covers considerations for oxygen systems from beginning of project phase up to production, maintenance, and servicing. The document is related to requirements of DOT-approved oxygen cylinders, as well to those designed and manufactured to standards of ISO 11119. However, its basic rules may also be applicable to new development pertaining to use of such equipment in an oxygen environment. For information regarding oxygen cylinders itself, also refer to AIR825/12.
A-10 Aircraft Oxygen Equipment Committee
Recommended Practice
Cybersecurity Approval Criteria: Application of UN R1552024-01-298307/02/2024
The UN R155 regulation is the first automotive cybersecurity regulation and has made security a mandatory approval criterion for new vehicle types. This establishes internationally harmonized security requirements for market approval, presenting a challenge for manufacturers and suppliers to demonstrate compliance throughout the product life cycle. An issued type approval is internationally recognized by the member states of the UN 1958 Agreement. International recognition implies that uniform assessment criteria are applied to demonstrate compliance and to decide whether security efforts are sufficient. Independent accredited assessors assess the security engineering results during type approval. Considering the risk-based approach of ISO/SAE 21434 to security engineering, assessing whether threats have been appropriately addressed is a challenge. While there are currently no uniform assessment criteria at product level, the question arises as to which development artifacts serve as
Hellstern, MonaLanghanki, StefanGrün, FlorianKriesten, ReinerSax, Eric
Technical Paper
Digital Twinning and Protecting Controlled Unclassified Information24AERP06_0106/01/2024
In the increasingly connected and digital world, businesses are sprinting to integrate technological advancements into their corporate fabric. This is evident with the emerging concept of “digital twinning.” Digital twins are virtual representations of real-world objects or systems used to digitally model performance, identify inefficiencies, and design solutions. This helps improve the “real world” product, reduces costs, and increases efficiency. However, this replication of a physical entity in the digital space is not without its challenges. One of the challenges that will become increasingly prevalent is the processing, storing, and transmitting of Controlled Unclassified Information (CUI). If CUI is not protected properly, an idea to save time, money, and effort could result in the loss of critical data. The Department of Defense's (DoD) CUI Program website defines CUI as “government-created or owned unclassified information that allows for, or requires, safeguarding and
Magazine Article
Integrated Trajectory Planning and Tracking Control for Autonomous Vehicles Based on Pseudo-time-to-Collision Risk Assessment Model2024-01-504604/22/2024
In order to improve the obstacle avoidance ability of autonomous vehicles in complex traffic environments, speed planning, path planning, and tracking control are integrated into one optimization problem. An integrated vehicle trajectory planning and tracking control method combining a pseudo-time-to-collision (PTC) risk assessment model and model predictive control (MPC) is proposed. First, a risk assessment model with PTC probability is proposed by considering the differentiation of the risk on the relative motion states of the self and front vehicles, and the obstacle vehicles in the lateral and longitudinal directions. Then, a three-degrees-of-freedom vehicle dynamics model is established, and the MPC cost function and constraints are constructed from the perspective of the road environment as well as the stability and comfort of the ego-vehicle, combined with the PTC risk assessment model to optimize the control. Finally, a complex multi-vehicle obstacle avoidance scenario is
Yang, TaoLiu, LiangXu, Zhaoping
Technical Paper
Bayesian Network Model and Causal Analysis of Ship Collisions in Zhejiang Coastal Waters09-12-01-000604/10/2024
For taking counter measures in advance to prevent accidental risks, it is of significance to explore the causes and evolutionary mechanism of ship collisions. This article collects 70 ship collision accidents in Zhejiang coastal waters, where 60 cases are used for modeling while 10 cases are used for verification (testing). By analyzing influencing factors (IFs) and causal chains of accidents, a Bayesian network (BN) model with 19 causal nodes and 1 consequential node is constructed. Parameters of the BN model, namely the conditional probability tables (CPTs), are determined by mathematical statistics methods and Bayesian formulas. Regarding each testing case, the BN model’s prediction on probability of occurrence is above 80% (approaching 100% indicates the certainty of occurrence), which verifies the availability of the model. Causal analysis based on the backward reasoning process shows that H (Human error) is the main IF resulting in ship collisions. The causal chain that maximizes
Tian, YanfeiQiao, HuiHua, LinAi, Wanzheng
Journal Article
Process Improvements for Determining Fault Tolerant Time Intervals2024-01-279104/09/2024
ISO 26262-1:2018 defines the fault tolerant time interval (FTTI) as the minimum time span from the occurrence of a fault within an electrical / electronic system to a possible occurrence of a hazardous event. FTTI provides a time limit within which compliant vehicle safety mechanisms must detect and react to faults capable of posing risk of harm to persons. This makes FTTI a vital safety characteristic for system design. Common automotive industry practice accommodates recording fault times of occurrence definitively. However, current practice for defining the time of hazardous event onset relies upon subjective judgements. This paper presents a novel method to define hazardous event onset more objectively. The method introduces the Streetscope Collision Hazard Measure (SHMTM) and a refined approach to hazardous event classification. SHM inputs kinematic factors such as proximity, relative speed, and acceleration as well as environmental characteristics like traffic patterns
Jones, DarrenGangadhar, PavankumarMcGrail, RandallPati, SudiptaAntonsson, ErikPatel, Ravi
Technical Paper
Active Collision Avoidance System for E-Scooters in Pedestrian Environment2024-01-255504/09/2024
In the dense fabric of urban areas, electric scooters have rapidly become a preferred mode of transportation. As they cater to modern mobility demands, they present significant safety challenges, especially when interacting with pedestrians. In general, e-scooters are suggested to be ridden in bike lanes/sidewalks or share the road with cars at the maximum speed of about 15-20 mph, which is more flexible and much faster than pedestrians and bicyclists. Accurate prediction of pedestrian movement, coupled with assistant motion control of scooters, is essential in minimizing collision risks and seamlessly integrating scooters in areas dense with pedestrians. Addressing these safety concerns, our research introduces a novel e-Scooter collision avoidance system (eCAS) with a method for predicting pedestrian trajectories, employing an advanced Long short-term memory (LSTM) network integrated with a state refinement module. This method predicts future trajectories by considering not just past
Yan, XukeShen, Dan
Journal Article
Functional Safety Concept Design of Vehicle Steer-by-Wire System2024-01-279204/09/2024
Steer-By-Wire (SBW) system directly transmits the driver's steering input to the wheels through electrical signals. However, the reliability of electronic equipment is significantly lower than that of mechanical structures, and the risk of failure increases, so it is important to conduct functional safety studies on SBW systems. This paper develops the functional safety of the SBW system according to the requirements of the international standard ISO26262, and first defines the relevant items and application scope of SBW system. Secondly, the Hazard and Operability (HAZOP) method was used to combine scenarios and possible dangerous events to carry out Hazard Analysis and Risk Assessment (HARA), and the Automotive Safety Integrity Level (ASIL) was obtained according to the three evaluation indicators of Exposure, Severity and Controlabillity, and then the corresponding safety objectives were established and Fault Tolerant Time Interval (FTTI) was set. Finally, the safety analysis of the
Li, AohanKaku, ChuyoWang, ZhenhuaZheng, Hongyu
Technical Paper
Automated TARA Framework for Cybersecurity Compliance of Heavy Duty Vehicles2024-01-280904/09/2024
Recent advancements towards autonomous heavy-duty vehicles are directly associated with increased interconnectivity and software driven features. Consequently, rise of this technological trend is bringing forth safety and cybersecurity challenges in form of new threats, hazards and vulnerabilities. As per the recent UN vehicle regulation 155, several risk-based security models and assessment frameworks have been proposed to counter the growing cybersecurity issues, however, the high budgetary cost to develop the tool and train personnel along with high risk of leakage of trade secrets, hinders the automotive manufacturers from adapting these third party solutions. This paper proposes an automated Threat Assessment & Risk Analysis (TARA) framework aligned with the standard requirements, offering an easy to use and fully customizable framework. The proposed framework is tailored specifically for heavy-duty vehicular networks and it demonstrates its effectiveness on a case study. The
Mairaj ud din, QaziAhmed, Qadeer
Technical Paper
Design Optimization and Methodology for Safe Wheel End Joint2024-01-265204/09/2024
Threaded joints are considered the most basic of components. Although in use for over a century, significant problems still exist with their usage. Wheel bolt loosening in overloaded segments such as HD tippers and high-speed intercity buses poses a safety challenge for drivers, passengers, and pedestrians. Wheel nut loosening is a notable cause of service, fretting, and cracks in the mating components; contributing a significant chunk of warranty cost to the company. The need of the hour is to reinforce these joints while keeping resources at bay. This paper establishes a methodology for the evaluation and design of a safe wheel bolt joint interface including key parameters such as embedding, axial forces, and shear forces. It is necessary to obtain the minimum preload requirement for a wheel bolt joint to hold the clamped surfaces intact, which if not maintained otherwise would cause relative movement, play, shear load onto the bolt, and eventually failure. For physically auditing
Raghatate, ShreyasSharma, SuchitSindal, Vinayak
Technical Paper
Integrating Functional and Component-Level Threat Analyses in Automotive Systems: A Holistic Approach to Risk Assessment2024-01-279704/09/2024
Threat Analysis Risk Assessment (TARA) for automotive systems is standardized in ISO/SAE 21434. Traditionally these analyses have been bifurcated into either analysis focused on system functionality identifying impacts to assets based on the mission of the product, or analysis targeting vulnerabilities associated with the hardware and software of interfaces selected to be a part of a product. Furthermore, in the age of Software Defined Vehicles, the challenges to decouple use cases and the software that implements such from specific fixed hardware designs magnifies the disconnect between these risk methods. Use Case Based threat analysis, grounded in understanding features, stakeholders, and user stories, inherently yields security requirements tailored to specific functionalities and their contexts. While component-based threat analysis, derived from enumerations of vulnerabilities associated with interface choices, inherently yields security requirements tailored to specific defenses
Mazzara, BillDavidovich, Issak
Technical Paper
Towards a New Approach for Reducing the Safety Validation Effort of Driving Functions Using Prediction DivergenceSAE-PP-0038403/09/2024
An essential component in the approval of advanced driver assistance systems (ADAS) and automated driving systems (ADS) is the quantification of residual risk, which demonstrates that hazardous behavior (HB) occurs less frequently than specified by a corresponding acceptance criterion. In the case of HB with high potential impact severity, only very low accepted frequencies of occurrence are tolerated. To avoid uncertainties due to abstractions and simplifications in simulations, the proof of the residual risk in systems such as advanced emergency braking systems (AEBS) is often partially or entirely implemented as system-level field test. However, the low rates and high confidence required, common for residual risk demonstrations, result in a significant disadvantage of these field tests: the long driving distance required. In this publication, the prediction divergence principle (PDP) is presented as an approach that has the potential to reduce the testing effort in the future
Betschinske, DanielSchrimpf, MalteLippert, MoritzPeters, Steven
Pre-Print Article
DRBFM Methodology Applied to Design Changing in Fuel Supply Modules2023-36-005401/08/2024
Robustness and reliability are key elements for product success in the automotive market. On this purpose, the Design Review Based on Failure Modes (DRBFM) is a product development methodology to guide on potential risks assessment related to new design proposals. This paper shows the DRBFM structure and mindset for new products, using function and behavior evaluation. Moreover, the methodology will be demonstrated for a real automotive case, considering a new component design for Fuel Supply Module (FSM). The FSM is responsible to deliver fuel to the engine and maintain the pressure in the fuel rail during the spark engine operation. To fit these main functions, the electrical fuel pump inside the module must be always working submerged even if the fuel tank is almost empty. This the reason for this product has the jet pump component that is responsible to actively drag fuel during this worst fuel tank volume condition. During a new FSM customer application, the function presented
de Azevedo Fernandes, Luiz Eduardode Oliveira Melo, Lazaro BeneditoAndré, Marco Pellizzon
Technical Paper
Test Concrete Scenarios Extraction of Lane-Changing Scenarios Based on China-FOT Naturalistic Driving Data2023-01-705512/20/2023
On account of the insufficient lane-changing scenario test cases and the inability to conduct graded evaluation testing in current autonomous driving system field testing, this paper proposed an approach that combined data-driven and knowledge-driven methods to extract lane-changing test concrete scenarios with graded risk levels for field testing. Firstly, an analysis of the potentially hazardous areas in lane-changing scenarios was conducted to derive key functional lane-changing scenarios. Three typical key functional lane-changing scenarios were selected, namely, lane-changing with a preceding vehicle braking, lane-changing with a preceding vehicle in the same direction, and lane-changing with a rear cruising vehicle in the adjacent lane, and their corresponding safety goals were respectively analyzed. Secondly, the GAMAB criterion was introduced as an evaluation standard for autonomous driving systems. By utilizing lane-changing scenario data selected from the China-FOT
Yin, QiMa, ZhixiongZhu, XichanFang, Xiaowei
Technical Paper
Considerations for ISO 26262 ASIL Hazard ClassificationJ2980_202310 (Current)10/02/2023
This SAE Recommended Practice presents a method and example results for determining the Automotive Safety Integrity Level (ASIL) for automotive motion control electrical and/or electronic (E/E) systems. The ASIL determination activity is required by ISO 26262-3, and it is intended that the process and results herein are consistent with ISO 26262. The technical focus of this document is on vehicle motion control systems. The scope of this SAE Recommended Practice is limited to collision-related hazards associated with motion control systems. This SAE Recommended Practice focuses on motion control systems since the hazards they can create generally have higher ASIL ratings, as compared to the hazards non-motion control systems can create. Because of this, the Functional Safety Committee decided to give motion control systems a higher priority and focus exclusively on them in this SAE Recommended Practice. ISO 26262 has a wider scope than SAE J2980, covering other functions and accidents
Functional Safety Committee
Recommended Practice
A Deep Neural Network Attack Simulation against Data Storage of Autonomous Vehicles12-07-02-000809/29/2023
In the pursuit of advancing autonomous vehicles (AVs), data-driven algorithms have become pivotal in replacing human perception and decision-making. While deep neural networks (DNNs) hold promise for perception tasks, the potential for catastrophic consequences due to algorithmic flaws is concerning. A well-known incident in 2016, involving a Tesla autopilot misidentifying a white truck as a cloud, underscores the risks and security vulnerabilities. In this article, we present a novel threat model and risk assessment (TARA) analysis on AV data storage, delving into potential threats and damage scenarios. Specifically, we focus on DNN parameter manipulation attacks, evaluating their impact on three distinct algorithms for traffic sign classification and lane assist. Our comprehensive tests and simulations reveal that even a single bit-flip of a DNN parameter can severely degrade classification accuracy to less than 10%, posing significant risks to the overall performance and safety of
Kim, InsupLee, GanggyuLee, SeyoungChoi , Wonsuk
Journal Article
Counterfeit Electrical, Electronic, and Electromechanical (EEE) Parts: Tools for Risk Assessment of Other than an Authorized Source (e.g., Independent Distributors)ARP6178A (Current)08/01/2023
This SAE Aerospace Recommended Practice (ARP) is a tool that organizations may use to evaluate a non-authorized supplier’s processes for the prevention, detection, containment, adjudication, and reporting of suspect counterfeit and counterfeit EEE parts. See 3.1.1 and 3.1.2, which reference the use of AS6081 when performing pre-visit self-assessment and on-site assessment of non-authorized suppliers. This ARP is applicable for all organizations that procure EEE parts from suppliers other than authorized sources (e.g., independent distributors).
G-19 Counterfeit Electronic Parts Committee
Recommended Practice
A Three-Layer Model for Ice Crystal Icing in Aircraft Engines2023-01-148106/15/2023
This paper presents the current state of a three-layer surface icing model for ice crystal icing risk assessment in aircraft engines, being developed jointly by Ansys and Honeywell to account for possible heat transfer from inside an engine into the flow path where ice accretion occurs. The bottom layer of the proposed model represents a thin metal sheet as a substrate surface to conductively transfer heat from an engine-internal reservoir to the ice layer. The middle layer is accretion ice with a porous structure able to hold a certain amount of liquid water. A shallow water film layer on the top receives impinged ice crystals. A mass and energy balance calculation for the film determines ice accretion rate. Water wicking and recovery is introduced to transfer liquid water between film layer and porous ice accretion layer. Numerical tests have been conducted to verify new model behaviors like substrate surface heat absorption into the accretion layer in the form of meltwater, water
Zhang, YueNarayanasamy, KarthikSandel, WolfgangNilamdeen, ShezadOzcer, Isik
Technical Paper
Full Vehicle Virtual Acoustic Prototyping using Test-Based models and Blocked Force descriptions2023-01-108505/08/2023
Vehicle Acoustic Prototyping in the mid to high frequency range is challenging with numerical models only. To overcome this challenge, over the past decade, experimental techniques were developed that allow the engineer to incorporate Test-Based models in their (numerical) simulation as well. Using Virtual Point Technology these Test-Based models serve well to describe, for example, the complex dynamics of the vehicle body Noise Transfer Functions. Here the high modal density and damping characteristics are simply measured on a mule or prototype vehicle and coupled to numerical models of the drivetrain using Dynamic Substructuring. As such accurate predictions and/or risk assessments can be made much earlier in the mid and high frequency range during the vehicle development stage. While test-based models serve well to describe the coupled vehicle dynamics, loads to compute actual vehicle responses are needed as well. Here, so-called Equivalent or Blocked Forces are ideal as they are
de Klerk, Dennis
Technical Paper
Probabilistic Risk Assessment of Accidental Damage to Civil Aircraft Composite Structures01-16-02-001604/26/2023
In view of the structural accidental events in the ongoing airworthiness stage of civil aircraft, it is necessary to conduct a risk assessment to ensure that the risk level is within an acceptable range. However, the existing models of risk assessment have not effectively dealt with the risk of accidental structural damage due to random failure. This article focuses on probabilistic risk assessment using the Transport Airplane Risk Assessment Methodology (TARAM) of accidental structural damage of civil aircraft. Based on the TARAM and probability reliability integral, a refined failure frequency probability calculation model is established to elaborate on composite structure failure frequency. A case study is analyzed for the outer wing plane of an aircraft having impact damage of composite materials. Finally, results of the risk assessment without correction and risk assessment with correction are presented for detailed visual inspection and general visual inspection.
Jia, BaohuiFang, JiachenLu, XiangXiong, Yijie
Journal Article
Scenario-Based Risk Quantification Approach for Assuring Safety in Autonomous Vehicles2023-01-058404/11/2023
Contemporary cutting-edge technologies, such as automated driving brought up vital questions about safety and relativized the safety assurance and acceptance criterion on different aspects. New risk assessment, evaluation, and acceptance justifications are required to assure that the assumptions and benchmarking are made on a reasonable basis. While there are some existing risk evaluation methods, most of them are qualitative in nature and are subjective. Moreover, information such as the safety performance indicators (SPIs) of the sensors, algorithms, and actuators are often not utilized well in these methods. To overcome these limitations, in this paper we propose a risk quantification methodology that uses Bayesian Networks to assess if the residual risk is reasonable under a given scenario. Our scenario-based methodology utilizes the SPIs and uncertainty estimates of sensors, algorithms, and actuators as well as their characteristics to quantify risk using the conditional
Madala, KaushikSolmaz, Mert
Technical Paper
An Adaptable Security by Design Approach for Ensuring a Secured Remote Monitoring Teleoperation (RMTO) of an Autonomous Vehicle2023-01-057904/11/2023
Remote Monitoring and Teleoperation (RMTO) of Autonomous Vehicles (AV) is advancing rapidly in the industry. Researchers and industrial partners explore the role RMTO plays in helping AV navigate complicated situations, among many others. At the heart of this lies the problem of potential pathways and attack vectors or threat surfaces by which a malicious attack can be carried out on an RMTO and an AV. The separation of cybersecurity considerations in RMTO is barely considered, as so far, most available research and activities are mainly focused on AV. The main focus of this paper is addressing RMTO cybersecurity utilising an adaptable security-by-design approach, although security-by-design is still in the infant state within automotive cybersecurity. An adaptable security-by-design approach for RMTO covers Security Engineering Life-cycle, Logical Security Layered Concept, and Security Architecture. Based on the international automotive cybersecurity standards - ISO/SAE 21434, a
Iyieke, VictormillsBryans, JeremyRobinson, TomKosmas, OdysseasShipman, AlastairJadidbonab, Hesamaldin
Technical Paper
Comparison of Infrastructure- and Onboard Vehicle-Based Sensor Systems in Measuring Operational Safety Assessment (OSA) Metrics2023-01-085804/11/2023
The operational safety of Automated Driving System (ADS)-Operated Vehicles (AVs) are a rising concern with the deployment of AVs as prototypes being tested and also in commercial deployment. The robustness of safety evaluation systems is essential in determining the operational safety of AVs as they interact with human-driven vehicles. Extending upon earlier works of the Institute of Automated Mobility (IAM) that have explored the Operational Safety Assessment (OSA) metrics and infrastructure-based safety monitoring systems, in this work, we compare the performance of an infrastructure-based Light Detection And Ranging (LIDAR) system to an onboard vehicle-based LIDAR system in testing at the Maricopa County Department of Transportation SMARTDrive testbed in Anthem, Arizona. The sensor modalities are located in infrastructure and onboard the test vehicles, including LIDAR, cameras, a real-time differential GPS, and a drone with a camera. Bespoke localization and tracking algorithms are
Das, SiddharthRath, PrabinLu, DuoSmith, TylerWishart, JeffreyYu, Hongbin
Technical Paper
Generic X-Domain Hazard Analysis and Risk Assessment2023-01-058004/11/2023
X-Domain describes the merging of different domains (i.e., braking, steering, propulsion, suspension) into single functionalities. One example in this context is torque-vectoring. Different goals can be pursued by applying X-Domain features. On the one hand, savings in fuel consumption and an improved vehicle driving performance can be potentially accomplished. On the other hand, safety can be improved by taking over a failed or degraded functionality of one domain by other domains. The safety-aspect from the viewpoint of requirements is highlighted within this contribution. Every automotive system being developed and influencing the vehicle safety must fulfill certain safety objectives. These are top-level safety requirements (ISO 26262-1) specifying functionalities to avoid unreasonable risk. Every safety objective is associated with an Automotive Safety Integrity Level (ASIL) derived from a Hazard Analysis and Risk Assessment (HARA). Current HARA-approaches are conducted on a domain
Schrade, SimonNowak, XiVerhagen, ArminSchramm, Dieter
Technical Paper
Evaluating Automated Vehicle Scenario Navigation Using the Operational Safety Assessment (OSA) Methodology2023-01-079704/11/2023
The operational safety of Automated Driving System-equipped vehicles (AVs) is a critical issue with AVs being deployed on public roads. Methodologies for evaluating the operational safety are therefore necessary to maintain public safety. One possible approach is a safety case established by the AV developer that uses evidence to support a structured argument that the AV exhibits a given level of operational safety. One of the key components of a safety case for AVs is a set of testing results showing behavioral competency in a variety of scenarios within the AV’s operational design domain (ODD). The Institute of Automated Mobility (IAM) has previously published operational safety assessment (OSA) metrics along with a means to evaluate the severity of violations of the safety envelope-type OSA metrics for navigation of individual scenarios in the proposed OSA Methodology. The objective of the OSA Methodology is to objectively quantify the safety performance of each scenario navigated
Como, StevenWishart, Jeffrey
Technical Paper
Safety Distance Determination Methods for Hydrogen Refueling Stations: A Review13-04-01-000612/30/2022
Hydrogen refueling stations (HRSs) have been widely built in many countries to meet the requirements of the rapidly developing hydrogen-fueled vehicle industry. Safety distances are key parameters for HRS designs, but the codes and standards used for determining safety distances vary in different countries. The two main methods for determining the safety distances for HRSs are the consequence-based method and the quantitative risk assessment (QRA)-based method. This article reviews the two methods to show state-of-the-art research on determining safety distances globally. This review shows that the harm criteria in the consequence models differ greatly in the literature and the QRA-based method is a more reasonable way to determine the HRS safety distances. In addition, the QRA models lack reliable frequency data and uniform risk acceptance criteria. Future standardized QRA models should be developed with unified regulations and standards for hydrogen infrastructure.
Zhang, JiaxinKong, XianglingBa, QingxinWang, PingLi, Xuefang
Journal Article
Numerical Study of Hydrogen Releases and Explosions in a Skid-Mounted Hydrogen Refueling Station13-04-01-000712/30/2022
Many countries are developing hydrogen energy systems for fuel cell vehicles to embrace the low-carbon economy. Hydrogen refueling stations are one of the key infrastructure components for the hydrogen-fueled economy. Skid-mounted hydrogen refueling stations have smaller footprints and lower costs than traditional hydrogen refueling stations, so they can be more easily commercialized. The present work modeled hydrogen releases from a skid-mounted hydrogen refueling station using the flame acceleration simulation (FLACS) software. The hydrogen releases and dispersion were modeled for unintended leakages from the storage tube bundles of a skid-mounted hydrogen refueling station for 5 mm and 10 mm leak diameters in three different release directions. Hydrogen explosions were modeled for flammable clouds ignited at different instants after the hydrogen leakage. The results show that the hydrogen concentrations in the personnel operating area are lower than in other areas, but the flammable
Zhao, ZeyingXiao, GuopingZhang, XuBa, QingxinWang, JianqiangLi, Xuefang
Journal Article
Identification and Verification of Attack-Tree Threat Models in Connected Vehicles2022-01-708712/22/2022
As a result of the ever-increasing application of cyber-physical components in the automotive industry, cybersecurity has become an urgent topic. Adapting technologies and communication protocols like Ethernet and WiFi in connected vehicles yields many attack scenarios. Consequently, ISO/SAE 21434 and UN R155 (2021) define a standard and regulatory framework for automotive cybersecurity, Both documents follow a risk management-based approach and require a threat modeling methodology for risk analysis and identification. Such a threat modeling methodology must conform to the Threat Analysis and Risk Assessment (TARA) framework of ISO/SAE 21434. Conversely, existing threat modeling methods enumerate isolated threats disregarding the vehicle’s design and connections. Consequently, they neglect the role of attack paths from a vehicle’s interfaces to its assets. In other words, they are missing the TARA work products, e.g., attack paths compromising assets or feasibility and impact ratings
Ebrahimi, MasoudStriessnig, ChristophCastella Triginer, JoaquimSchmittner, Christoph
Technical Paper
Perception-Aware Path Planning for Autonomous Vehicles in Uncertain Environment2022-01-707712/22/2022
Recent researches in autonomous driving mainly consider the uncertainty in perception and prediction modules for safety enhancement. However, obstacles which block the field-of-view (FOV) of sensors could generate blind areas and leaves environmental uncertainty a remaining challenge for autonomous vehicles. Current solutions mainly rely on passive obstacles avoidance in path planning instead of active perception to deal with unexplored high-risky areas. In view of the problem, this paper introduces the concept of information entropy, which quantifies uncertain information in the blind area, into the motion planning module of autonomous vehicles. Based on model predictive control (MPC) scheme, the proposed algorithm can plan collision-free trajectories while actively explore unknown areas to minimize environmental uncertainty. Simulation results under various challenging scenarios demonstrate the improvement in safety and comfort with the proposed perception-aware planning scheme.
Chen, ZhanXiong, LuTang, Chen
Technical Paper
Multi-lane Lane Change Decision and Trajectory Planning of Vehicle Based on Logic Regression Algorithm and Gaussian Probability Density Model2022-01-707012/22/2022
Aiming at the trajectory planning of autonomous vehicles in lane changing under muti-lane traffic scenarios, a multi-lane lane change decision and trajectory planning algorithm based on Logic Regression Algorithm and Gaussian Probability Model is proposed. Firstly, the target state (time and velocity) of vehicle during lane change is sampled and lateral trajectory (5th polynomial) and longitudinal trajectory (4th polynomial) are planned based on the target state; Secondly, cost evaluation function of trajectory is established and optimal trajectory is selected based on three aspects of safety, comfort and lane changing time. In the assessment of safety, response weighting function is established to characterize the ability of autonomous vehicle to respond to accidents along the path, and the comfort is evaluated by the lateral and longitudinal jerk; Farther, Gaussian probability density model is used to predict the state of target vehicle (TV) in the target lane, and in order to
Zhao, YingYu, TingZhang, QiZhang, ZhihaoWang, Yueqiang
Technical Paper
The Functional Safety Development of DCT Equipped P2 Hybrid System2022-01-712612/16/2022
This paper introduces one functional safety development solutions of Dual Clutch Transmission (DCT) equipped with Position 2 (P2) hybrid control system, which mainly includes the concept development stage (only for selected part), the system development stage (only for selected part), the hardware development stage (only for selected part) and the software development stage (only for selected part). It is carried out based on ISO 26262 standard and the selected system topology (details can be found in the paragraph). In the concept development stage of the DCT equipped with P2 hybrid control system, the hazard analysis and risk assessment of the item will be carried out based on the selected objects according to defined working condition. Especially the hybrid transmission control features are analyzed. And the safety goals will be summarized according to the evaluation results. The preliminary system architecture, functional safety requirements and concepts will be analyzed based on
Chen, JingjunYang, QingZhang, Kuankuan
Technical Paper
Common Vulnerability Considerations as an Integral Part of the Automotive Cybersecurity Engineering Process2022-28-030410/05/2022
In the present scenario, the automotive industry is driven by information technology. Most of the innovations such as automotive interconnectivity, e-mobility, automotive electronics are data-driven systems to decide and to act on the functionality of vehicle architecture. Connectivity has its own concerns about message spoofing, tampering, and increased privacy-focused information hardening by exploiting weak points. Weaknesses ends up in a vulnerability resulting in legal consequences, reputation, cost of recalls, installation of software package bug fixes. Vulnerability tracking and control are taken into consideration because of the incident responses for on-avenue vehicles. Several weaknesses associated with degreed vulnerabilities are documented in databases like CWE (common weakness enumeration) and CVE (common vulnerability and exposures) respectively, significantly to automotive, it’s miles obvious that most of the methods employed by the attackers are known and reused
venkatachalapathy, Sreenikethana
Technical Paper
Letter from the Guest Editors01-15-02-000809/24/2022
Letter from the Guest Editors
Rajpathak, DnyaneshRoboff, MarkYu, HuafengBiswas, Gautam
Journal Article
Items per page:
1 – 50 of 402