Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
ATRIUM - Architecting Under Uncertainty for ISO 26262 compliance
KTH, School of Industrial Engineering and Management (ITM), Machine Design (Dept.), Mechatronics.
KTH, School of Industrial Engineering and Management (ITM), Machine Design (Dept.), Mechatronics.ORCID iD: 0000-0002-4300-885X
Show others and affiliations
2017 (English)In: 2017 11TH ANNUAL IEEE INTERNATIONAL SYSTEMS CONFERENCE (SYSCON), IEEE , 2017, p. 786-793Conference paper, Published paper (Refereed)
Abstract [en]

The ISO 26262 is currently the dominant functional safety standard for electrical and electronic systems in the automotive industry. The Functional Safety Concept sub-phase in the standard requires the Preliminary Architectural Assumptions (PAA) for allocation of functional safety requirements. This paper justifies the need for, and defines a process ATRIUM, for consistent design of the PAA. ATRIUM is subsequently applied in an industrial case study for a function enabling highly automated driving at one of the largest heavy vehicle manufacturers in Europe, Scania CV AB. The findings from this study, which contributed to ATRIUM's institutionalization at Scania, are presented. The benefits of ATRIUM include (i) a fast and flexible way to refine the PAA, and a framework to (ii) incorporate information from legacy systems into safety design and (iii) rigorously track and document the assumptions and rationale behind architectural decisions under uncertain information. The contributions of this paper are (i) the analysis of the problem (ii) the process ATRIUM and (iii) findings and the discussion from the case study at Scania.

Place, publisher, year, edition, pages
IEEE , 2017. p. 786-793
Series
Annual IEEE Systems Conference, ISSN 1944-7620
Keywords [en]
ISO 26262, functional safety, HCV, HGV, architectures, automated driving, ATRIUM, decision making, architecting, uncertainty management, risk management
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-210967DOI: 10.1109/SYSCON.2017.7934819ISI: 000403403400111Scopus ID: 2-s2.0-85021446492ISBN: 978-1-5090-4623-2 (print)OAI: oai:DiVA.org:kth-210967DiVA, id: diva2:1121684
Conference
11th Annual IEEE International Systems Conference (SysCon), APR 24-27, 2017, Montreal, CANADA
Note

QC 20170712

Available from: 2017-07-12 Created: 2017-07-12 Last updated: 2018-02-28Bibliographically approved
In thesis
1. Architecting Safe Automated Driving with Legacy Platforms
Open this publication in new window or tab >>Architecting Safe Automated Driving with Legacy Platforms
2018 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Modern vehicles have electrical architectures whose complexity grows year after year due to feature growth corresponding to customer expectations. The latest of the expectations, automation of the dynamic driving task however, is poised to bring about some of the largest changes seen so far. In one fell swoop, not only does required functionality for automated driving drastically increase the system complexity, it also removes the fall-back of the human driver who is usually relied upon to handle unanticipated failures after the fact. The need to architect thus requires a greater rigour than ever before, to maintain the level of safety that has been associated with the automotive industry.

The work that is part of this thesis has been conducted, in close collaboration with our industrial partner Scania CV AB, within the Vinnova FFI funded project ARCHER. This thesis aims to provide a methodology for architecting during the concept phase of development, using industrial practices and principles including those from safety standards such as ISO 26262. The main contributions of the thesis are in two areas. The first area i.e. Part A contributes, (i) an analysis of the challenges of architecting automated driving, and serves as a motivation for the approach taken in the rest of this thesis, i.e. Part B where the contributions include, (ii) a definition of a viewpoint for functional safety according to the definitions of ISO 42010, (iii) a method to systematically extract information from legacy components and (iv) a process to use legacy information and architect in the presence of uncertainty to provide a work product, the Preliminary Architectural Assumptions (PAA), as required by ISO 26262. The contributions of Part B together comprise a methodology to architect the PAA.  

A significant challenge in working with the industry is finding the right fit between idealized principles and practical utility. The methodology in Part B has been judged fit for purpose by different parts of the organization at Scania and multiple case studies have been conducted to assess its usefulness in collaboration with senior architects. The methodology was found to be conducive in both, generating the PAA of a quality that was deemed suitable to the organization and, to find inadequacies in the architecture that had not been found earlier using the previous non-systematic methods. The benefits have led to a commissioning of a prototype tool to support the methodology that has begun to be used in projects related to automation at Scania. The methodology will be refined as the projects progress towards completion using the experiences gained.

A further impact of the work is seen in two patent filings that have originated from work on the case studies in Part B. Emanating from needs discovered during the application of the methods, these filed patents (with no prior publications) outline the future directions of research into reference architectures augmented with safety policies, that are safe in the presence of detectable faults and failures. To aid verification of these ideas, work has begun on identifying critical scenarios and their elements in automated driving, and a flexible simulation platform is being designed and developed at KTH to test the chosen critical scenarios.

Abstract [sv]

Efterfrågan på nya funktioner leder till en ständigt ökande komplexitet i moderna fordon, speciellt i de inbyggda datorsystemen. Införande av autonoma fordon utgör inte bara det mest aktuella exemplet på detta, utan medför också en av de största förändringar som fordonsbranschen sett. Föraren, som ”back-up” för att hantera oväntade situationer och fel, finns inte längre där vid höggradig automation, och motsvarande funktioner måste realiseras i de inbyggda system vilket ger en drastisk komplexitetsökning. Detta ställer systemarkitekter för stora utmaningar för att se till att nuvarande nivå av funktionssäkerhet bibehålls.

Detta forskningsarbete har utförts i nära samarbete med Scania CV AB i det Vinnova (FFI)-finansierade projektet ARCHER. Denna licentiatavhandling har som mål att ta fram en metodik för konceptutveckling av arkitekturer, förankrat i industriell praxis och principer, omfattande bl.a. de som beskrivs i funktionssäkerhetsstandards som ISO 26262.

Avhandlingen presenterar resultat inom två områden. Det första området, del A, redovisar, (i) en analys av utmaningar inom arkitekturutveckling för autonoma fordon, vilket också ger en motivering för resterande del av avhandlingen. Det andra området, del B, redovisar, (ii) en definition av en ”perspektivmodell” (en s.k. ”viewpoint” enligt ISO 42010) för funktionssäkerhet, (iii) en metod för att systematiskt utvinna information från existerande komponenter, och (iv) en process som tar fram en arbetsprodukt för ISO 26262 – Preliminära Arkitektur-Antaganden (PAA). Denna process använder sig av information från existerande komponenter – resultat (iii) och förenklar hantering av avsaknad/osäker information under arkitekturarbetet. Resultaten från del B utgör tillsammans en metodik för att ta fram en PAA.

En utmaning i forskning är att finna en balans mellan idealisering och praktisk tillämpbarhet. Metodiken i del B har utvärderats i flertalet industriella fallstudier på Scania i samverkan med seniora arkitekter från industrin, och har av dessa bedömts som relevant och praktiskt tillämpningsbar. Erfarenheterna visar att metodiken stödjer framtagandet av PAA’s av   lämplig kvalitet och ger ett systematiskt sätt att hantera osäkerhet under arkitekturutvecklingen. Specifikt så gjorde metoden det möjligt att identifiera komponent-felmoder där arkitekturen inte var tillräcklig för åstadkomma önskad riskreducering, begränsningar som inte hade upptäckts med tidigare metoder. Ett prototypverktyg för att stödja metodiken har utvecklats och börjat användas på Scania i projekt relaterade till autonoma fordon. Metodiken kommer sannolikt att kunna förfinas ytterligare när dessa projekt går mot sitt slut och mer erfarenheter finns tillgängliga.

Arbetet i del B har vidare lett till två patentansökningar avseende koncept som framkommit genom fallstudierna. Dessa koncept relaterar till referensarkitekturer som utökats med policies för personsäkerhet (Eng. ”safety”) för att hantera detekterbara felfall, och pekar ut en riktning för framtida forskning. För att stödja verifiering av dessa koncept har arbete inletts för att identifiera kritiska scenarios för autonom körning. En flexibel simuleringsplattform håller också på att designas för att kunna testa kritiska scenarios.

Place, publisher, year, edition, pages
Stockholm, Sweden: KTH Royal Institute of Technology, 2018. p. 76
Keywords
architectures, automated driving, autonomous vehicles, methods, processes, tools, functional safety, ISO 26262, diagnostic specifications, platform based design, legacy integration, functional safety concept, preliminary architectural assumptions, uncertainty management, design decisions
National Category
Embedded Systems Computer Systems
Identifiers
urn:nbn:se:kth:diva-223687 (URN)TRITA-ITM-AVL 2018:3 (Local ID)978-91-7729-693-5 (ISBN)TRITA-ITM-AVL 2018:3 (Archive number)TRITA-ITM-AVL 2018:3 (OAI)
Presentation
2018-03-08, Gladan, Brinellvägen 83, Stockholm, 10:00 (English)
Opponent
Supervisors
Projects
Vinnova-FFI funded Project ARCHER
Funder
VINNOVA, F6255
Available from: 2018-03-01 Created: 2018-02-28 Last updated: 2018-03-01Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Mohan, NaveenTörngren, MartinBehere, Sagar

Search in DiVA

By author/editor
Mohan, NaveenTörngren, MartinBehere, Sagar
By organisation
Mechatronics
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 154 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf