Academic literature on the topic 'SOTIF (Safety Of The Intended Functionality)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'SOTIF (Safety Of The Intended Functionality).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "SOTIF (Safety Of The Intended Functionality)":
1
Expósito Jiménez, Víctor J., Bernhard Winkler, Joaquim M. Castella Triginer, Heiko Scharke, Hannes Schneider, Eugen Brenner, and Georg Macher. "Safety of the Intended Functionality Concept Integration into a Validation Tool Suite." ACM SIGAda Ada Letters 43, no. 2 (June 6, 2024): 69–72. http://dx.doi.org/10.1145/3672359.3672369.
Abstract:
Nowadays, the increasing complexity of Advanced Driver Assistance Systems (ADAS) and Automated Driving (AD) means that the industry must move towards a scenariobased approach to validation rather than relying on established technology-based methods. This new focus also requires the validation process to take into account Safety of the Intended Functionality (SOTIF), as many scenarios may trigger hazardous vehicle behaviour. Thus, this work demonstrates how the integration of the SOTIF process within an existing validation tool suite can be achieved. The necessary adaptations are explained with accompanying examples to aid comprehension of the approach.
2
Yan, Mingyue, Wuwei Chen, Qidong Wang, Linfeng Zhao, Xiutian Liang, and Bixin Cai. "Human–Machine Cooperative Control of Intelligent Vehicles for Lane Keeping—Considering Safety of the Intended Functionality." Actuators 10, no. 9 (August 28, 2021): 210. http://dx.doi.org/10.3390/act10090210.
Abstract:
Reasonably foreseeable misuse by persons, as a primary aspect of safety of the intended functionality (SOTIF), has a significant effect on cooperation performance for lane keeping. This paper presents a novel human–machine cooperative control scheme with consideration of SOTIF issues caused by driver error. It is challenging to balance lane keeping performance and driving freedom when driver error occurs. A safety evaluation strategy is proposed for safety supervision, containing assessments of driver error and lane departure risk caused by driver error. A dynamic evaluation model of driver error is designed based on a typical driver model in the loop to deal with the uncertainty and variability of driver behavior. Additionally, an extension model is established for determining the cooperation domain. Then, an authority allocation strategy is proposed to generate a dynamic shared authority and achieve an adequate balance between lane keeping performance and driving freedom. Finally, a model predictive control (MPC)-based controller is designed for calculating optimal steering angle, and a steer-by-wheel (SBW) system is employed as an actuator. Numerical simulation tests are conducted on driver error scenarios based on the CarSim and MATLAB/Simulink software platforms. The simulation results demonstrate the effectiveness of the proposed method.
3
Madala, Kaushik, Carlos Avalos-Gonzalez, and Gokul Krithivasan. "Workflow between ISO 26262 and ISO 21448 Standards for Autonomous Vehicles." Journal of System Safety 57, no. 1 (October 1, 2021): 34–42. http://dx.doi.org/10.56094/jss.v57i1.6.
Abstract:
Assuring safety is important in autonomous vehicles. The safety related to autonomous vehicles can be primarily viewed from two perspectives: the functional safety (FuSa) perspective and the safety of the intended functionality (SOTIF) perspective. While FuSa ensures the system has an acceptable risk with respect to malfunctions of electrical and electronic components, SOTIF ensures the system has an acceptable risk with respect to functional insufficiencies and performance limitations.
ISO 26262 and ISO 21448 are the state-of-the-art international standards used to ensure compliance with FuSa and SOTIF for autonomous automotive systems, respectively. The ISO 21448 standard mentions the need for alignment of ISO 26262 activities with the ISO 21448 activities and describes the mapping at a very high level. However, given the iterative nature of SOTIF activities in ISO 21448, the workflow between the two standards is not a direct one-toone mapping. Hence, we need a clear understanding how we can align ISO 26262 and ISO 21448 activities, and on how analysis done in one standard can impact the other.
To achieve this, in this paper we propose a detailed workflow between ISO 26262 and ISO 21448 standards. We discuss guidelines on how to find if a change to design due to SOTIF modification can affect FuSa analysis and vice versa. We also discuss the aspects we need to consider for agile development when we want to ensure the system being
4
Cao, Lipeng, Yansong He, Yugong Luo, and Jian Chen. "Layered SOTIF Analysis and 3σ-Criterion-Based Adaptive EKF for Lidar-Based Multi-Sensor Fusion Localization System on Foggy Days." Remote Sensing 15, no. 12 (June 10, 2023): 3047. http://dx.doi.org/10.3390/rs15123047.
Abstract:
The detection range and accuracy of light detection and ranging (LiDAR) systems are sensitive to variations in fog concentration, leading to the safety of the intended functionality-related (SOTIF-related) problems in the LiDAR-based fusion localization system (LMSFLS). However, due to the uncontrollable weather, it is almost impossible to quantitatively analyze the effects of fog on LMSFLS in a realistic environment. Therefore, in this study, we conduct a layered quantitative SOTIF analysis of the LMSFLS on foggy days using fog simulation. Based on the analysis results, we identify the component-level, system-level, and vehicle-level functional insufficiencies of the LMSFLS, the corresponding quantitative triggering conditions, and the potential SOTIF-related risks. To address the SOTIF-related risks, we propose a functional modification strategy that incorporates visibility recognition and a 3σ-criterion-based variance mismatch degree grading adaptive extended Kalman filter. The visibility of a scenario is recognized to judge whether the measurement information of the LiDAR odometry is disturbed by fog. Moreover, the proposed filter is adopted to fuse the abnormal measurement information of the LiDAR odometry with IMU and GNSS. Simulation results demonstrate that the proposed strategy can inhibit the divergence of the LMSFLS, improve the SOTIF of self-driving cars on foggy days, and accurately recognize the visibility of the scenarios.
5
Zhang, Shijie, Tao Tang, and Jintao Liu. "A Hazard Analysis Approach for the SOTIF in Intelligent Railway Driving Assistance Systems Using STPA and Complex Network." Applied Sciences 11, no. 16 (August 22, 2021): 7714. http://dx.doi.org/10.3390/app11167714.
Abstract:
The Intelligent Railway Driving Assistance System (IRDAS) is a novel kind of onboard system that relies on its own situational awareness function to ensure the safety and efficiency of train driving. In such systems, the use of situational awareness brings about a new fault-free safety problem, i.e., the safety of the intended functionality (SOTIF). It is essential to analyze the SOTIF-related hazardous factors for ensuring a safe train operation. In this paper, a hazard analysis approach is proposed to capture and evaluate SOTIF-related hazardous factors of IRDAS. This approach consists of an extended STPA-based hazardous factor identification part and a complex network-based hazardous factor evaluation part. In the first part, an extended control structure of STPA is designed for the modeling of the situational awareness process, followed by a new classification of SOTIF-related causal scenarios to assist the identification of causal scenarios. In the second part, a modeling method for heterogeneous complex networks and some customized topological indexes are proposed to evaluate the hazardous factors identified in the STPA causal analysis. The outcomes of the approach can help develop targeted hazard control strategies. The proposed approach has been applied to a new IRDAS operating in Tsuen Wan Line of Hong Kong MTR. The result shows that the approach is effective for the analysis of hazardous factors and is helpful for the formulation of hazard control strategies.
6
Peng, Liang, Hong Wang, and Jun Li. "Uncertainty Evaluation of Object Detection Algorithms for Autonomous Vehicles." Automotive Innovation 4, no. 3 (July 30, 2021): 241–52. http://dx.doi.org/10.1007/s42154-021-00154-0.
Abstract:
AbstractThe safety of the intended functionality (SOTIF) has become one of the hottest topics in the field of autonomous driving. However, no testing and evaluating system for SOTIF performance has been proposed yet. Therefore, this paper proposes a framework based on the advanced You Only Look Once (YOLO) algorithm and the mean Average Precision (mAP) method to evaluate the object detection performance of the camera under SOTIF-related scenarios. First, a dataset is established, which contains road images with extreme weather and adverse lighting conditions. Second, the Monte Carlo dropout (MCD) method is used to analyze the uncertainty of the algorithm and draw the uncertainty region of the predicted bounding box. Then, the confidence of the algorithm is calibrated based on uncertainty results so that the average confidence after calibration can better reflect the real accuracy. The uncertainty results and the calibrated confidence are proposed to be used for online risk identification. Finally, the confusion matrix is extended according to the several possible mistakes that the object detection algorithm may make, and then the mAP is calculated as an index for offline evaluation and comparison. This paper offers suggestions to apply the MCD method to complex object detection algorithms and to find the relationship between the uncertainty and the confidence of the algorithm. The experimental results verified by specific SOTIF scenarios proof the feasibility and effectiveness of the proposed uncertainty acquisition approach for object detection algorithm, which provides potential practical implementation chance to address perceptual related SOTIF risk for autonomous vehicles.
7
Zeller, Marc. "Safety Assurance of Autonomous Systems using Machine Learning: An Industrial Case Study and Lessons Learnt." INCOSE International Symposium 33, no. 1 (July 2023): 320–33. http://dx.doi.org/10.1002/iis2.13024.
Abstract:
AbstractIn order to assess AI/ML‐based autonomous systems in terms of safety, it is not sufficient to assess the system w.r.t. potential failures that could lead to hazards (e.g., as proposed by standards such as IEC 61508, ARP 4761, etc.). Also, functional weaknesses/insufficiencies of the used algorithms according to Safety Of The Intended Functionality (SOTIF) standard ISO 21448 must be considered. In this paper, we present an approach for the safety assessment of systems incorporating AI/ML models using a Model‐based Systems Engineering (MBSE) and a Model‐based Safety Assurance (MBSA) approach. Therefore, we introduce with Component Fault and Deficiency Trees (CFDTs) an extension of the model‐based Component Fault Tree (CFT) methodology. Thereby, we are able to describe cause‐effect relationships between individual failures and functional insufficiencies as well as system hazards and assess if all risks are mitigated. In this paper, we apply our approach to an industrial case study of a self‐driving toy vehicle (the PANORover) and present our lessons learnt.
8
Tomczak, Arkadiusz, Paweł Zalewski, and Rafał Gralak. "Simulation Analysis of ECDIS’ Route Exchange Funcionality Impact on Navigation Safety." Annual of Navigation 19, no. 2 (December 1, 2012): 109–20. http://dx.doi.org/10.2478/v10367-012-0021-9.
Abstract:
Abstract Modern Integrated Navigation Systems (INS) integrate information obtained from various sensors and functions. Processed data are presented on the computer display generally with the aim to increase navigator’s situation awareness and to reduce his/her workload. The investigations described in the paper were carried out to assess the advantages of the new functionality of the test INS (e-Navigation enhanced Integrated Navigation System ee-INS), developed in the EU financed EfficienSea Project, that looks and works like a standard ECDIS. This new functionality implements ‘Exchange of Intended Route’ service. The experiment was conducted in a full mission ship simulator environment with 20 experienced mariners. The bridge layout without ECDIS ‘Exchange of Intended Route’ functionality, and bridge layout with this functionality implemented, was applied in research and its results enabled to carry out their comparison. The navigators’ workload was measured by NASA-TLX method. Navigators’ situation awareness in respect to other ship’s state and the final passing distance were utilized to evaluate safety of navigation process.
9
Liungman, Krister, Kevin Mani, Anders Wanhainen, Linus Bosaeus, and Mario Lachat. "Safety and Functionality of a Guidewire Fixator." Innovations: Technology and Techniques in Cardiothoracic and Vascular Surgery 13, no. 1 (January 2018): 51–53. http://dx.doi.org/10.1097/imi.0000000000000468.
Abstract:
Objective A new endovascular tool, the Liungman Guidewire Fixator, has been developed to simplify endovascular treatment in complex aortic aneurysms. The device has been extensively tested in bench models and animal trials. To verify the safety and functionality demonstrated in the porcine model, the device was tested in ten patients undergoing endovascular aortic repair (EVAR) or fenestrated endovascular aortic repair (f-EVAR) treatment for abdominal aortic aneurysm. Methods The Liungman Guidewire Fixator consists of a braided stent-like, cylindrical structure with conical ends and a central channel for a 0.035” guidewire. When in use, it is slid along the guidewire and positioned in the target artery, where the Liungman Guidewire Fixator interacts with the arterial wall by anchoring the guidewire to the wall through a radial force. The Liungman Guidewire Fixator allows for uninterrupted blood flow passed the point of fixation. In this study, the Liungman Guidewire Fixator was tested in ten patients undergoing EVAR or f-EVAR treatment for abdominal aortic aneurysm. The device was deployed and retrieved crossover into the hypogastric artery, and the occurrence of thrombotic occlusion, arterial dissection, and vascular rupture or trauma was studied using angiography, as well as device ability to withstand guidewire tension. Results There were no instances of occlusion, dissection, or vascular trauma detected using angiography. In all cases, deployment and retrieval were successful, and the devices could withstand an applied tension of 3 N. In one instance, retrieval was challenging because of significant tortuosity, which was resolved by a coaxial catheterization. Conclusions Deployment was uneventful in all ten patients. Retrieval according to the intended instruction for use was performed in nine of the patients. In one patient, a coaxial catheterization was necessary. All devices withstood a retention force of 3 N.
10
Smith, Ian F. C. "Special Issue: Conflict management in design." Artificial Intelligence for Engineering Design, Analysis and Manufacturing 9, no. 4 (September 1995): 245–46. http://dx.doi.org/10.1017/s0890060400002791.
Abstract:
Most design tasks involve the management of conflict. Conflict arises when contradictory requirements are imposed upon characteristics of artifacts, upon the process of their creation and/or upon their intended use. Even individual design requires trade-offs because of competing design criteria, such as functionality, safety, cost, and social acceptance. The ability of designers to avoid or minimize conflict through judicious tradeoffs, careful negotiations and other methods become their most valuable skills.
Dissertations / Theses on the topic "SOTIF (Safety Of The Intended Functionality)":
1
Koné, Tchoya Florence. "Contribution à la démonstration de la sécurité du véhicule autonome, basée sur une stratégie de génération de scénarios, modélisée par niveaux d’abstraction et orientée par la sensibilité du VA, pour une validation par simulation." Electronic Thesis or Diss., Université de Lorraine, 2021. http://www.theses.fr/2021LORR0182.
Abstract:
Cette thèse CIFRE, réalisé au sein de Stellantis, fournit une stratégie de génération de scénarios, modélisée par niveaux d’abstraction et orientée par la sensibilité du VA, pour une validation par simulation. Ce travail s’inscrit dans le périmètre du standard ISO PAS 21448 /SOTIF (Safety Of The Intended Functionality). Pour ce faire, la démarche suivie s’articule autour de cinq contributions : (1) Une analyse de l’architecture fonctionnelle du VA et la mise en évidence des challenges liés à la validation de sa sécurité : aspects normatifs, chaines de simulation, la présence d’incertitude dans l’environnement opérationnel du VA. (2) La proposition d’un cadre conceptuel (modèle de connaissance) sur lequel s’appuiera la méthodologie de génération des scénarios qui sera proposée par la suite. (3) Une synthèse sur les indicateurs manipulés dans la littérature, ainsi que ceux, que nous retiendrons dans notre stratégie de génération finale dont notamment l’indicateur de sensibilité. Elle donne également une structure du système de génération des scénarios et de validation par simulation de la sécurité du VA, ainsi que la manière dont les indicateurs seront exploités dans cette structure. (4) La proposition d’une heuristique de génération des scénarios et l’estimation de l’indicateur de risque associé au VA. Cette quatrième contribution, s’appuie sur les éléments développés dans les contributions précédentes : le modèle conceptuel proposé (contribution 2), la structure du système de génération et de validation ainsi que les indicateurs associés (contribution 3). (5) Enfin, la dernière contribution est une implémentation des propositions précédentes via un cas d’étude.Mots clés : Véhicule Autonome (VA), SOTIF (Safety Of The Intended Functionality), Limitation de performances fonctionnelles, Insuffisances fonctionnelles, Scénarios critiques, Métrique de sensibilité, Stratégie de génération de scénarios, Validation par simulationThis CIFRE thesis, carried out within Stellantis, provides a scenario generation strategy, modelled by levels of abstraction and oriented by the sensitivity of the AV, for a simulation-based validation process. This work is within the scope of the ISO PAS 21448 /SOTIF (Safety Of The Intended Functionality) standard.To do this, the approach followed is based on five contributions: (1) An analysis of the functional architecture of the AV and the highlighting of the challenges related to its safety validation: normative aspects, simulation chains, the presence of uncertainty in the operational environment of the AV. (2) The proposal of a conceptual framework (knowledge model) on which the scenario generation methodology to be proposed later will be based. (3) A summary of the indicators used in the literature, as well as those that we will use in our final generation strategy, including the sensitivity indicator. It also gives a structure of the system of scenario generation and simulation based validation of the safety of the AV, as well as the way in which the indicators will be exploited in this structure. (4) The proposal of a scenario generation heuristic and the estimation of the risk indicator associated with the AV. This fourth contribution is based on the elements developed in the previous contributions: the proposed conceptual model (contribution 2), the structure of the generation and validation system and the associated indicators (contribution 3). (5) Finally, the last contribution is an implementation of the previous proposals via a case study.Keywords: Autonomous Vehicle (AV), Safety Of The Intended Functionality (SOTIF), Functional performance limitation, Functional insufficiencies, Critical scenarios, Sensitivity metric, Scenarios generation strategy, Simulation-based Validation process
Books on the topic "SOTIF (Safety Of The Intended Functionality)":
1
Schnieder, Lars, and René S. Hosse. Leitfaden Safety of the Intended Functionality. Wiesbaden: Springer Fachmedien Wiesbaden, 2019. http://dx.doi.org/10.1007/978-3-658-25023-2.
2
Schnieder, Lars, and René S. Hosse. Leitfaden Safety of the Intended Functionality. Wiesbaden: Springer Fachmedien Wiesbaden, 2020. http://dx.doi.org/10.1007/978-3-658-30038-8.
3
Pimentel, Juan R., ed. Safety of the Intended Functionality Book 3 - Automated Vehicle Safety. Warrendale, PA: SAE International, 2019. http://dx.doi.org/10.4271/9780768002683.
4
Pimentel, Juan. Safety of the Intended Functionality Book 3 - Automated Vehicle Safety. Warrendale, PA: SAE International, 2019. http://dx.doi.org/10.4271/pt-205.
5
Pimentel, Juan. Safety of the Intended Functionality. SAE International, 2019.
6
Staff, SAE International (Society), and Juan R. Pimentel. Automated Vehicles: Safety of the Intended Functionality. SAE International, 2019.
7
Schnieder, Lars, and René S. Hosse. Leitfaden Safety of the Intended Functionality: Verfeinerung der Sicherheit der Sollfunktion auf dem Weg zum autonomen Fahren. Springer Vieweg, 2019.
8
Schnieder, Lars, and René S. Hosse. Leitfaden Safety of the Intended Functionality: Verfeinerung der Sicherheit der Sollfunktion auf dem Weg zum autonomen Fahren. Springer Vieweg, 2020.
Book chapters on the topic "SOTIF (Safety Of The Intended Functionality)":
1
Birch, John, David Blackburn, John Botham, Ibrahim Habli, David Higham, Helen Monkhouse, Gareth Price, Norina Ratiu, and Roger Rivett. "A Structured Argument for Assuring Safety of the Intended Functionality (SOTIF)." In Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops, 408–14. Cham: Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-55583-2_31.
2
Jaber, Nouraldin, Christopher Wagner, Swen Jacobs, Milind Kulkarni, and Roopsha Samanta. "Synthesis of Distributed Agreement-Based Systems with Efficiently-Decidable Verification." In Tools and Algorithms for the Construction and Analysis of Systems, 289–308. Cham: Springer Nature Switzerland, 2023. http://dx.doi.org/10.1007/978-3-031-30820-8_19.
Abstract:
AbstractDistributed agreement-based (DAB) systems use common distributed agreement protocols such as leader election and consensus as building blocks for their target functionality. While automated verification for DAB systems is undecidable in general, recent work identifies a large class of DAB systems for which verification is efficiently-decidable. Unfortunately, the conditions characterizing such a class can be opaque and non-intuitive, and can pose a significant challenge to system designers trying to model their systems in this class.In this paper, we present a synthesis-driven tool, Cinnabar, to help system designers building DAB systems ensure that their intended designs belong to an efficiently-decidable class. In particular, starting from an initial sketch provided by the designer, Cinnabar generates sketch completions using a counterexample-guided procedure. The core technique relies on compactly encoding root-causes of counterexamples to varied properties such as efficient-decidability and safety. We demonstrate Cinnabar ’s effectiveness by successfully and efficiently synthesizing completions for a variety of interesting DAB systems including a distributed key-value store and a distributed consortium system.
3
Liu, Shiming, Qunli Zhang, Peng Wang, Bin Feng, Chengqiang Huang, Yulin Zhang, Lanyue Tang, Lishengsa Yue, and Jian Sun. "Enhance SIL Simulation Through Driver Behaviour Modeling at Unprotected Left-Turn Scenario for Autonomous Driving SOTIF Analysis." In Advances in Transdisciplinary Engineering. IOS Press, 2024. http://dx.doi.org/10.3233/atde240032.
Abstract:
As the rapid advancement of artificial intelligence (AI), information and communication technologies, autonomous driving system (ADS) has increased permeation into the traditional automotive industry in recent years. To reduce the Safety of the Intended Functionality (SOTIF) risk of autonomous driving system hence improving its dependability, SIL simulations are extensively exploited as virtual mileage test in compensation of the prohibitively expensive and inefficient road test. In SIL simulation, unprotect left-turn is an intricate traffic scenario to be reproduced due to the intensive interaction between vehicles at the intersection. However, most state-of-the-art commercial simulation software omit the interaction modeling. Thus, in this paper, we proposed a driver behavior modeling approach at unprotected left-turn scenarios to enhance the authenticity of SIL simulation. The left-turn scenario was modelled through three stages, including interaction selection, interaction decision and driver behavior modeling, of which a logit model and intelligent driver model (IDM) were used for the latter two stages. After model calibration, it proves this approach can generate highly authentic traffic flow with unbiased feature distribution towards the real-world, indicating its potential in SIL simulation performance improvement.
4
Thilakaratne, Ruffina. "Parameters for Designing Functional and Quality Pocket Open Spaces in High-Density Cities." In Urban Green Spaces [Working Title]. IntechOpen, 2022. http://dx.doi.org/10.5772/intechopen.103136.
Abstract:
This study discusses parameters that are important for designing quality and functional open spaces in high-density cities. Research is often limited to large parks and public squares; studies on open spaces in high-density cities are rare. Hong Kong is a high-density high-rise city where people live in compact living environments small as 12 sqm. In such contexts, open spaces play a pivotal role on human well-being. Hong Kong consists of many pocket open spaces that are intended for passive recreation. Elderly use these public amenities predominantly. Therefore, accessibility, safety and user comfort become significant considerations. Improving existing pocket open spaces is essential since there are no plans for new parks in old districts. This study analysed eight pocket open spaces, adopting for their qualitative attributes. Microclimatic field data, photographic analysis, shadow analysis simulation and user perception survey shed light on spatial design, comfort and functional aspects. This study contributed to knowledge by developing guidelines to promote quality and functionality of pocket open spaces in high-density cities.
Conference papers on the topic "SOTIF (Safety Of The Intended Functionality)":
1
Abdulazim, Amr, Moustafa Elbahaey, and Abduallah Mohamed. "Putting Safety of Intended Functionality SOTIF into Practice." In SAE WCX Digital Summit. 400 Commonwealth Drive, Warrendale, PA, United States: SAE International, 2021. http://dx.doi.org/10.4271/2021-01-0196.
2
Adee, Ahmad, Peter Munk, Roman Gansch, and Peter Liggesmeyer. "Uncertainty Representation with Extended Evidential Networks for Modeling Safety of the Intended Functionality (SOTIF)." In Proceedings of the 29th European Safety and Reliability Conference (ESREL). Singapore: Research Publishing Services, 2020. http://dx.doi.org/10.3850/978-981-14-8593-0_5737-cd.
3
Czarnecki, Krzysztof, and Hiroshi Kuwajima. "STEAM & MoSAFE: SOTIF Error-and-Failure Model & Analysis for AI-Enabled Driving Automation." In WCX SAE World Congress Experience. 400 Commonwealth Drive, Warrendale, PA, United States: SAE International, 2024. http://dx.doi.org/10.4271/2024-01-2643.
Abstract:
<div class="section abstract"><div class="htmlview paragraph">Driving Automation Systems (DAS) are subject to complex road environments and vehicle behaviors and increasingly rely on sophisticated sensors and Artificial Intelligence (AI). These properties give rise to unique safety faults stemming from specification insufficiencies and technological performance limitations, where sensors and AI introduce errors that vary in magnitude and temporal patterns, posing potential safety risks. The Safety of the Intended Functionality (SOTIF) standard emerges as a promising framework for addressing these concerns, focusing on scenario-based analysis to identify hazardous behaviors and their causes. Although the current standard provides a basic cause-and-effect model and high-level process guidance, it lacks concepts required to identify and evaluate hazardous errors, especially within the context of AI.</div><div class="htmlview paragraph">This paper introduces two key contributions to bridge this gap. First, it defines the SOTIF Temporal Error and Failure Model (STEAM) as a refinement of the SOTIF cause-and-effect model, offering a comprehensive system-design perspective. STEAM refines error definitions, introduces error sequences, and classifies them as error sequence patterns, providing particular relevance to systems employing advanced sensors and AI. Second, this paper proposes the Model-based SOTIF Analysis of Failures and Errors (MoSAFE) method, which allows instantiating STEAM based on system-design models by deriving hazardous error sequence patterns at module level from hazardous behaviors at vehicle level via weakest precondition reasoning. Finally, the paper presents a case study centered on an automated speed-control feature, illustrating the practical applicability of the refined model and the MoSAFE method in addressing complex safety challenges in DAS.</div></div>
4
Madala, Kaushik, and Carlos Avalos Gonzalez. "Metrics for Machine Learning Models to Facilitate SOTIF Analysis in Autonomous Vehicles." In WCX SAE World Congress Experience. 400 Commonwealth Drive, Warrendale, PA, United States: SAE International, 2023. http://dx.doi.org/10.4271/2023-01-0829.
Abstract:
<div class="section abstract"><div class="htmlview paragraph">Machine Learning (ML) components are widely adopted in autonomous vehicles to perform tasks such as perception and planning. Despite the multiple uses of machine learning components and their benefits, incorrect outputs from machine learning components can compromise the safety of the system. The limitations of the machine learning algorithms and their acceptable level of performance that results in a reasonable level of residual risk are considered as a part of ISO 21448, the safety of the intended functionality (SOTIF) standard. Currently, to measure the performance of machine learning models, statistical metrics such as accuracy, recall, precision, and F1-measure are often used depending on the nature of the data and task. While these metrics help in understanding which machine learning model is better and can be chosen as a part of the vehicle’s architecture, they do not provide much information regarding safety, in particular, SOTIF. There is a need for new metrics to better assess safety corresponding to these machine learning models. The new metrics need to focus more if an incorrect output from the model results in crashes and near crashes and aid in proposing design changes that help to reduce the residual risk of the vehicle. To achieve this goal, in this paper we discuss the limitation of current metrics with an example architecture that uses machine learning models and propose new scenario-based metrics that help in better analysis of machine learning models for SOTIF.</div></div>
5
Singh, Tajinder, Edwin van Hassel, Akshay Sheorey, and Mohsen Alirezaei. "A Systematic Approach for Creation of SOTIF’s Unknown Unsafe Scenarios: An Optimization based Method." In WCX SAE World Congress Experience. 400 Commonwealth Drive, Warrendale, PA, United States: SAE International, 2024. http://dx.doi.org/10.4271/2024-01-1966.
Abstract:
<div class="section abstract"><div class="htmlview paragraph">Verification and validation (V&V) of autonomous vehicles (AVs) is a challenging task. AVs must be thoroughly tested, to ensure their safe functionality in complex traffic situations including rare but safety-relevant events. Furthermore, AVs must mitigate risks and hazards that result from functional insufficiencies, as described in the Safety of the Intended Functionality (SOTIF) standard. SOTIF analysis includes iterative identification of driving scenarios that are not only unsafe, but also unknown. However, identifying SOTIF’s unknown-unsafe scenarios is an open challenge. In this paper we proposed a systematic optimization-based approach for identification of unknown-unsafe scenarios. The proposed approach consists of three main steps including data collection, feature extraction and optimization towards unknown unsafe scenarios. In the data collection step, we proposed an efficient way of data collection by focusing on key areas of the Operational Design Domain (ODD) (e.g., intersections). In step 2, the graph-based method is used to model the selected region(s) in the ODD. The generated graph is used to aggregate actor behaviors recorded during data collection in different parameter distributions (e.g. speeds or offset to center of the lane). In step 3, the generated graph for road layout and parameter distributions for actors are used in an optimization algorithm. The objective function for the optimization algorithm consists of a criticality metric, a proprietary KPI to identify unknown scenarios here called unexpectedness, multiplied by probability of scenario calculated from actor probability distributions. Using the objective function, the optimization algorithm can identify unknown-unsafe scenarios with highest probability for the selected region(s) in the ODD. The approach is implemented on an intersection and identified unknown-unsafe scenarios are reported in the paper.</div></div>
6
Almasri, Hossam, Hsing-Hua Fan, and Venkateswara Raju Mudunuri. "A Method for Determining Mileage Accumulation for Robustness Validation of Advanced Driver Assistance Systems (ADAS) Features." In WCX SAE World Congress Experience. 400 Commonwealth Drive, Warrendale, PA, United States: SAE International, 2024. http://dx.doi.org/10.4271/2024-01-1977.
Abstract:
<div class="section abstract"><div class="htmlview paragraph">Robustness testing of Advanced Driver Assistance Systems (ADAS) features is a crucial step in ensuring the safety and reliability of these systems. ADAS features include technologies like adaptive cruise control, lateral and longitudinal controls, automatic emergency braking, and more. These systems rely on various sensors, cameras, radar, lidar, and software algorithms to function effectively. Robustness testing aims to identify potential vulnerabilities and weaknesses in these systems under different conditions, ensuring they can handle unexpected scenarios and maintain their performance.</div><div class="htmlview paragraph">Mileage accumulation is one of the validation methods for achieving robustness. It involves subjecting the systems to a wide variety of real-world driving conditions and driving scenarios to ensure the reliability, safety, and effectiveness of the ADAS features. Following ISO 21448 (Safety of the intended functionality-SOTIF), known hazardous scenarios can be tested and validated through robustness testing and validation. Unknown hazardous scenarios can be exposed and identified as known hazardous scenarios through accumulated miles. However, determining the mileage needed for acceptance still poses a challenge.</div><div class="htmlview paragraph">This paper presents a potential methodology utilizing the Sequential Probability Ratio Test (SPRT) as acceptance criteria to determine the required mileage accumulation and to evaluate the robustness of the ADAS feature. Selection of the baseline ratio for SPRT depends on the maturity level of the ADAS features and Operational Design Domain (ODD) / Object Event Detection Response (OEDR) coverage. Furthermore, SPRT utilizes the likelihood ratio approach to establish an acceptable, rejection and continuation regions. Number of hours/miles of accumulation and the number of mishaps/hazards are the two main factors for the robustness example shown in the paper. This paper demonstrates how to use these established regions to gain various levels of confidence and prove out the robustness of the ADAS features.</div></div>
7
Lujan, Carlos, Cesar Elpuente, and Oriol Flix. "New assessment and testing methodology for vehicle type approval." In EuroBrake 2022. FISITA, 2022. http://dx.doi.org/10.46720/eb2022-ibc-003.
Abstract:
"Technological innovations in the field of Connected and Automated Driving have a strong impact in different areas in the automotive industry. Among those areas, the effect on vehicle homologation procedures is game changing, in a way that requires a brand-new approach. Traditionally, the homologation process based on the UNECE Regulatory framework has been a single step at the end of the development phase, where regulations normally defined a series of repeatable scenarios to be evaluated, where the effect of the driver is typically suppressed by means of the measurement of the inputs on the vehicle commands or by means of the use of driving robots. This approach was initially challenged by the introduction of assisted systems, such as Advance Emergency Brake. Those systems are commanded by Electronic Control Systems which, in some circumstances, may control certain vehicle functions, such as braking or steering. The introduction of such functions required a different approach to the vehicle type approval, to evaluate possible failures associated to the Electronic Control Systems. In such context, concepts such as Functional Safety (FuSa) or Safety Of The Intended Functionality (SOTIF) were introduce as part of the type approval process. This new approach turned the technical evaluation of the compliance from a testing activity in selected scenarios into a combination of testing and assessment of the manufacturer safety concept. However, the introduction of the first SAE L3 functions into the market add a new layer of complexity into the type approval. Such technologies replace the human driver during certain dynamic driving tasks, within an unlimited number of scenarios. This circumstance does not allow the classic strategy of removing the human effect from the test scenarios and required a second loop in the modification of the type approval processes, so as to move from an evaluation of the performance to an evaluation of the behaviour of the vehicle. As a result, UNECE WP.29 published the “Framework Document on Automated/Autonomous Vehicles”, a document whose purpose was: a) To provide guidance to WP.29 subsidiary Working Parties (GRs) by identifying key principles for the safety and security of automated/autonomous vehicles of levels 3 and higher. b) To define the work priorities for WP.29 and indicate the deliverables, timelines and working arrangements for those certain work products related to those priorities. Consequently, several actions took place which have paved the road into a new type approval approach, currently under development, but with a series of principles widely accepted by the rulemaking community. Examples of such actions include: a) New working group structure within UNECE WP.29 b) Development of a series of New Assessment and Testing Methods (NATM) which combine the classic test on the proving ground with new tools, such as the assessment of the manufacturer safety concept, the use of simulation or the real-world testing. "
8
Krishnan, Shyma, and Praveen Kumar Venkatesh. "Validation Challenges of Safety of the Intended Functionalities (SOTIF) Risks/Hazards." In 10TH SAE India International Mobility Conference. 400 Commonwealth Drive, Warrendale, PA, United States: SAE International, 2022. http://dx.doi.org/10.4271/2022-28-0005.
9
Wu, Zhitao, Xiaoming Yang, Ping Chen, Zongshun Qu, and Jun Lin. "Multi-Scale Software Network Model for Software Safety of the Intended Functionality." In 2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). IEEE, 2021. http://dx.doi.org/10.1109/issrew53611.2021.00071.
10
Hu, Jia, Tian Xu, and Ruicong Zhang. "Testing and Evaluation of Autonomous Vehicles Based on Safety of the Intended Functionality." In 2021 6th International Conference on Transportation Information and Safety (ICTIS). IEEE, 2021. http://dx.doi.org/10.1109/ictis54573.2021.9798586.
Reports on the topic "SOTIF (Safety Of The Intended Functionality)":
1
Gunay, Selim, Fan Hu, Khalid Mosalam, Arpit Nema, Jose Restrepo, Adam Zsarnoczay, and Jack Baker. Blind Prediction of Shaking Table Tests of a New Bridge Bent Design. Pacific Earthquake Engineering Research Center, University of California, Berkeley, CA, November 2020. http://dx.doi.org/10.55461/svks9397.
Abstract:
Considering the importance of the transportation network and bridge structures, the associated seismic design philosophy is shifting from the basic collapse prevention objective to maintaining functionality on the community scale in the aftermath of moderate to strong earthquakes (i.e., resiliency). In addition to performance, the associated construction philosophy is also being modernized, with the utilization of accelerated bridge construction (ABC) techniques to reduce impacts of construction work on traffic, society, economy, and on-site safety during construction. Recent years have seen several developments towards the design of low-damage bridges and ABC. According to the results of conducted tests, these systems have significant potential to achieve the intended community resiliency objectives. Taking advantage of such potential in the standard design and analysis processes requires proper modeling that adequately characterizes the behavior and response of these bridge systems. To evaluate the current practices and abilities of the structural engineering community to model this type of resiliency-oriented bridges, the Pacific Earthquake Engineering Research Center (PEER) organized a blind prediction contest of a two-column bridge bent consisting of columns with enhanced response characteristics achieved by a well-balanced contribution of self-centering, rocking, and energy dissipation. The parameters of this blind prediction competition are described in this report, and the predictions submitted by different teams are analyzed. In general, forces are predicted better than displacements. The post-tension bar forces and residual displacements are predicted with the best and least accuracy, respectively. Some of the predicted quantities are observed to have coefficient of variation (COV) values larger than 50%; however, in general, the scatter in the predictions amongst different teams is not significantly large. Applied ground motions (GM) in shaking table tests consisted of a series of naturally recorded earthquake acceleration signals, where GM1 is found to be the largest contributor to the displacement error for most of the teams, and GM7 is the largest contributor to the force (hence, the acceleration) error. The large contribution of GM1 to the displacement error is due to the elastic response in GM1 and the errors stemming from the incorrect estimation of the period and damping ratio. The contribution of GM7 to the force error is due to the errors in the estimation of the base-shear capacity. Several teams were able to predict forces and accelerations with only moderate bias. Displacements, however, were systematically underestimated by almost every team. This suggests that there is a general problem either in the assumptions made or the models used to simulate the response of this type of bridge bent with enhanced response characteristics. Predictions of the best-performing teams were consistently and substantially better than average in all response quantities. The engineering community would benefit from learning details of the approach of the best teams and the factors that caused the models of other teams to fail to produce similarly good results. Blind prediction contests provide: (1) very useful information regarding areas where current numerical models might be improved; and (2) quantitative data regarding the uncertainty of analytical models for use in performance-based earthquake engineering evaluations. Such blind prediction contests should be encouraged for other experimental research activities and are planned to be conducted annually by PEER.
2
Wu, Yingjie, Selim Gunay, and Khalid Mosalam. Hybrid Simulations for the Seismic Evaluation of Resilient Highway Bridge Systems. Pacific Earthquake Engineering Research Center, University of California, Berkeley, CA, November 2020. http://dx.doi.org/10.55461/ytgv8834.
Abstract:
Bridges often serve as key links in local and national transportation networks. Bridge closures can result in severe costs, not only in the form of repair or replacement, but also in the form of economic losses related to medium- and long-term interruption of businesses and disruption to surrounding communities. In addition, continuous functionality of bridges is very important after any seismic event for emergency response and recovery purposes. Considering the importance of these structures, the associated structural design philosophy is shifting from collapse prevention to maintaining functionality in the aftermath of moderate to strong earthquakes, referred to as “resiliency” in earthquake engineering research. Moreover, the associated construction philosophy is being modernized with the utilization of accelerated bridge construction (ABC) techniques, which strive to reduce the impact of construction on traffic, society, economy and on-site safety. This report presents two bridge systems that target the aforementioned issues. A study that combined numerical and experimental research was undertaken to characterize the seismic performance of these bridge systems. The first part of the study focuses on the structural system-level response of highway bridges that incorporate a class of innovative connecting devices called the “V-connector,”, which can be used to connect two components in a structural system, e.g., the column and the bridge deck, or the column and its foundation. This device, designed by ACII, Inc., results in an isolation surface at the connection plane via a connector rod placed in a V-shaped tube that is embedded into the concrete. Energy dissipation is provided by friction between a special washer located around the V-shaped tube and a top plate. Because of the period elongation due to the isolation layer and the limited amount of force transferred by the relatively flexible connector rod, bridge columns are protected from experiencing damage, thus leading to improved seismic behavior. The V-connector system also facilitates the ABC by allowing on-site assembly of prefabricated structural parts including those of the V-connector. A single-column, two-span highway bridge located in Northern California was used for the proof-of-concept of the proposed V-connector protective system. The V-connector was designed to result in an elastic bridge response based on nonlinear dynamic analyses of the bridge model with the V-connector. Accordingly, a one-third scale V-connector was fabricated based on a set of selected design parameters. A quasi-static cyclic test was first conducted to characterize the force-displacement relationship of the V-connector, followed by a hybrid simulation (HS) test in the longitudinal direction of the bridge to verify the intended linear elastic response of the bridge system. In the HS test, all bridge components were analytically modeled except for the V-connector, which was simulated as the experimental substructure in a specially designed and constructed test setup. Linear elastic bridge response was confirmed according to the HS results. The response of the bridge with the V-connector was compared against that of the as-built bridge without the V-connector, which experienced significant column damage. These results justified the effectiveness of this innovative device. The second part of the study presents the HS test conducted on a one-third scale two-column bridge bent with self-centering columns (broadly defined as “resilient columns” in this study) to reduce (or ultimately eliminate) any residual drifts. The comparison of the HS test with a previously conducted shaking table test on an identical bridge bent is one of the highlights of this study. The concept of resiliency was incorporated in the design of the bridge bent columns characterized by a well-balanced combination of self-centering, rocking, and energy-dissipating mechanisms. This combination is expected to lead to minimum damage and low levels of residual drifts. The ABC is achieved by utilizing precast columns and end members (cap beam and foundation) through an innovative socket connection. In order to conduct the HS test, a new hybrid simulation system (HSS) was developed, utilizing commonly available software and hardware components in most structural laboratories including: a computational platform using Matlab/Simulink [MathWorks 2015], an interface hardware/software platform dSPACE [2017], and MTS controllers and data acquisition (DAQ) system for the utilized actuators and sensors. Proper operation of the HSS was verified using a trial run without the test specimen before the actual HS test. In the conducted HS test, the two-column bridge bent was simulated as the experimental substructure while modeling the horizontal and vertical inertia masses and corresponding mass proportional damping in the computer. The same ground motions from the shaking table test, consisting of one horizontal component and the vertical component, were applied as input excitations to the equations of motion in the HS. Good matching was obtained between the shaking table and the HS test results, demonstrating the appropriateness of the defined governing equations of motion and the employed damping model, in addition to the reliability of the developed HSS with minimum simulation errors. The small residual drifts and the minimum level of structural damage at large peak drift levels demonstrated the superior seismic response of the innovative design of the bridge bent with self-centering columns. The reliability of the developed HS approach motivated performing a follow-up HS study focusing on the transverse direction of the bridge, where the entire two-span bridge deck and its abutments represented the computational substructure, while the two-column bridge bent was the physical substructure. This investigation was effective in shedding light on the system-level performance of the entire bridge system that incorporated innovative bridge bent design beyond what can be achieved via shaking table tests, which are usually limited by large-scale bridge system testing capacities.