When driving, humans adapt their actions, such as delaying entry into a roundabout, based on their perception of the risks of the situation, e.g., the behavior of other drivers and other relevant situational information. To integrate effectively into traffic and to achieve acceptable levels of safety performance whilst avoiding overly-conservative driving strategies that would render them useless, autonomous road vehicles (AV) need to have the capability to reason about risk based on uncertain and incomplete situational information and adapt their behavior in order to stay safe. The aim of this project is to develop a commonly accepted methodology for Dynamic Risk Management (DRM) for automated driving functions.
Dynamic Risk Management for Autonomous Vehicles
The approach would apply a multi-layered safety architecture for AVs, augmenting established safety architectures with DRM. More precisely, the project yields a runtime architecture as well as a methodology supporting the engineering of safe AVs using this architecture.
Robustness and Explainability
In order to enable the function itself, as well as to provide reliable input to the DRM, it is paramount that the perception functions (including those based on machine learning) are performant, robust and explainable.
Monitoring
As of today, it is technically not feasible to completely assure safety of machine learning (ML) algorithms. That is why an additional layer provides mechanisms to monitor the performance of the ML algorithms and inform the DRM about the system’s current capability state as an important input for adapting the system to the current situation.
DRM Layer
Based on this ability to accurately perceive the environment, or at least determine with which level of accuracy the environment can currently be perceived, DRM forms the third layer of the architecture. A core element of the DRM layer will be tactical safety management
An Ambitious Project Undertaken by Three Partners
Together, the three project Partners Fraunhofer IKS, Fraunhofer IESE and the University of York (UoY) can achieve this ambitious goal. IKS can come up with approaches for cognitive monitoring of ML-based perception. Based on the monitoring approach, IESE can complete their previous work on dynamic risk management. UoY can steer the development of the methodologies so that they can be used in a safety-critical context and harmonize with their commonly accepted and well-established safety assurance framework. This is directly related to the fundamental challenge of coming-up with an approach that will be accepted by industry and standardization groups. Safety standards describe what is commonly accepted for the development of safety-critical software but not for safety-critical models based on ML. The same holds for many other aspects that are necessary to develop the “Layers Of Protection Architecture for Autonomous Systems” (LOPAAS) for DRM. Together, IKS, IESE and UoY have the body of knowledge that is necessary to develop a LOPAAS framework that has high chances to become a commonly accepted solution.
Fraunhofer ICON
On the side of Fraunhofer, this collaboration will be supported by an internal grant to Fraunhofer IESE and Fraunhofer IKS in the framework of Fraunhofer’s internal program ICON. This program is designed to encourage and support Fraunhofer institutes to initiate long- lasting strategic collaborations with excellent research partners outside Germany through which the partners, both contributing in a balanced manner, co-create valuable innovation for the (direct or indirect) benefit of industry partners.
During or after ICON, LOPAAS could become a European or international standard. For instance, it could become part of the technical report ISO TR 4804 “Road vehicles — Safety and cybersecurity for automated driving systems — Design, verification and validation” and a subsequent ISO standard. Automotive domain independent solutions could feed into the technical report ISO/IEC AWI TR 5469“Artificial intelligence — Functional safety of AI-based systems”. In this case, industry will definitely apply the LOPAAS methods. IKS, IESE and UoY will be the first address for necessary consulting and guidance. Further, the large-scale application will most likely result in new challenges that will motivate further collaboration between IKS, IESE and UoY.