IAPSAM Logo

PSAM 16 Conference Session F05 Overview


Paper 1 TH11
Lead Author: Thor Myklebust     Co-author(s): Tor Stålhane stalhane@ntnu.no Sinuo Wu 238868@student.usn.no
Agile safety case for vehicle trial operations
In the last years, there has been an increase in agile development methods when developing safety-critical software. This approach fits well with the incremental improvement of autonomous vehicles, incremental expansion of the operational design domain, and new intelligent roadside units. There have to be new trials of self-driving vehicles in the years to come due to the expected improvements in the vehicles and intelligent roadside units. Therefore, it is essential that the process, including needed evidence for a safety case, is both agile and standardized to ensure confidence and trust by all parties involved. This paper shows how the trial operator can develop an Agile safety case for vehicle trial operations to ensure frequent updates based on: • The agile safety case • ISO 22737:2021 Low-speed automated driving • BSI PAS 1881:2020 "Assuring the safety of automated vehicle trials and testing - specification" standard • The BSI PAS 1883:2020 "Operational design domain (ODD) taxonomy for an automated driving system (ADS) - Specification" standard. The agile development approach enables the approval of safety to be done by the manufacture and operator in parallel with development. Through our more than a hundred safety case-related projects (mainly railway domain), we have also seen that a safety case approach results in increased safety awareness, confidence, and understanding of the safety challenges among the software developers and project engineers.
Paper TH11 | Download the paper file. | Download the presentation pdf file.
Name: Thor Myklebust (thor.myklebust@sintef.no)

Bio: Senior researcher, System Safety and development of safety-critical software His experience is in assessment and certification of products and systems since 1987. Has worked for the National Metrology Service, Aker Maritime, Nemko and SINTEF. Myklebust has participated in several international committees since 1988. Member of safety (NEK/IEC 65), the IEC 61508 maintenance committee, stakeholder UL 4600 autonomous products and railway (NEK/CENELEC/TC 9). He is co-author of three books (The Agile Safety Case, SafeScrum and Functional safety and proof of compliance) and published more than 250 papers and reports.

Country: NOR
Company: SINTEF Digital
Job Title: Senior researcher


Paper 2 CC273
Lead Author: Camila Correa-Jullian     Co-author(s): John McCullough jmccull@ucla.edu Marilia Ramos marilia.ramos@ucla.edu Jiaqi Ma jiaqima@ucla.edu Enrique Lopez Droguett eald@ucla.edu Ali Mosleh mosleh@ucla.edu

Presenter of this paper: Marilia Ramos (marilia.ramos@ucla.edu)
Safety Hazard Identification for Autonomous Driving Systems Fleet Operations in Mobility as a Service
The safe and reliable operation of Automated Driving Systems (ADS) in the context of Mobility as a Service (MaaS) depends on a multitude of factors external to the vehicle’s functionality and performance. In particular, it is expected that Level 4 ADS operations are supported by the actions of remote operators, specifically during the initial stages of deployment. In the future, fleet operators are expected to work with one or multiple ADS developers as technology providers to transform their fleets. Therefore, fleet management of ADS vehicles involved in MaaS will play an important role in ensuring traffic safety. In this work, we consider the role of fleet operators as separate entities than ADS developers. Fleet operators functions comprise a fleet management center (FMC), where the ADS vehicle is monitored and supervised, and an operations center (OPC), focused on vehicle inspection, maintenance and storage. Based on a L4 ADS MaaS system breakdown and identification of critical operational stages, we identify operational hazards through Event Sequence Diagram (ESD) and Fault Tree Analysis (FTA). The analysis highlights the role of the FMC and OPC in ensuring the correct operation of the vehicle and acting as a safety barrier for preventing or mitigating incidents.
Paper CC273 | Download the paper file. | Download the presentation pdf file.
Name: Camila Correa-Jullian (ccorreaj@ucla.edu)

Bio:

Country: USA
Company: UCLA
Job Title: PhD Student

Presenter Name:
Marilia Ramos (marilia.ramos@ucla.edu)

Bio:

Country: United States of America
Company: University of California Los Angeles
Job Title: Research Scientist


Paper 3 FR133
Lead Author: Franciszek Restel     Co-author(s): Lukasz Wolniewicz, lukasz.wolniewicz@pwr.edu.pl
Identification of safety relevant activities of train crews using the Functional Resonance Analysis Method (FRAM)
During training the classical traing process of train crews are used real vehicles. There are two disadvantages of this approach. The first, vehicles are out of order to perform commercial tasks. This factor cerates high costs and, to minimze them, the tarining time is kept as short as possible. Secondly, there is no possibilty to trainee dangerous sitations, as for example fire on board of a train. Thus, using of Virtual Reality in the traning process is a key undertaking to improve safety and efficiency of railway operation processes. The problem occurrs how to choose safety relevant situations for implenetation as scenarios in the Virtual Reality environment. The paper proposes a method for determining train crew activities based on activity execution variability. The variability of activity execution is characterized by precision and timeliness. The accuracy and timeliness of train crew activity performance were estimated mainly based on a survey of train crews, as well operation data from the Polish Railway Network Manager. The research problem is focussed on selection of the most impertant activities and scenarios that can be carried out by train crews. The research method has the following form. The structure of typical and atypical train crew activities and their interactions is modelled using the Functional Resonance Analysis Method (FRAM). Functions of the FRAM model represent activities of the train crews under their duty. For individual functions, the variability is determined taking into account precision, and time correctness of execution. Activities and scenarios requiring training are selected from the activities with the highest variability and the activities with the highest variability chains.
Paper FR133 | Download the paper file. | Download the presentation PowerPoint file.
Name: Franciszek Restel (franciszek.restel@pwr.edu.pl)

Bio:

Country: ---
Company:
Job Title:


Paper 4 SU247
Lead Author: Susanna Kristensen     Co-author(s): Yiliu Liu yiliu.liu@ntnu.no Ingrid Bouwer Utne ingrid.b.utne@ntnu.no
Dynamic risk analysis of maritime autonomous surface ships
Background In the future, ships may utilize different technologically advanced solutions to perform their missions, for example supervisory risk control and intelligent power management (Utne et al., 2020), use of alternative energy sources (Pan et al., 2021), and use of sensors and cameras for ocean surveillance and navigation (Pizarro & Singh, 2003), and more. Maritime autonomous surface ships (MASS) are under development (IMO, 2021). The risks during MASS operations will be affected by dynamic factors relating to the operation environment, the technical systems, and the mission specifications. This introduces the need for dynamic risk analysis. For MASS, sensors, actuators, and computers, gradually take over the task previously performed by the crew (Utne et al., 2017). The implementation of autonomous functionalities on ships can have many advantages. However, it also makes the realization of necessary functions on board the vessel, such as maintaining an adequate level of situational awareness and performing safe navigation, more dependent on technical components. Better situational awareness may be achieved with more sensors and higher sampling frequency. However, this would require more power. Green energy sources are a part of the future of maritime system operations. Ships can use for example batteries, fuel cells, solar power, or wind energy, together with or instead of the conventional combustion engines (Pan et al., 2021). A challenge related to the use of green energy sources is the dependence on environmental factors, such as sun or wind, for generating power. These factors are outside the control of the system operator, which may add to the challenge of providing a stable energy supply for propulsion and on-board systems, compared to when combustion engines are used. The importance of a stable power supply to power the on-board systems can have implications for safety, and hence also for decision-making during operation. Objective The objective of this paper is to develop a method for performing dynamic risk analysis for MASS, where the objective is to investigate the impact of inadequate situational awareness and loss of power on the mission performance. For MASS, a trade-off between maintaining a sufficient level of situational awareness and avoiding a complete loss of power, must be made. By including risk in this decision, safer and more efficient operations can be achieved. Method A method for modeling the risks related to MASS operations is proposed. Dynamic Bayesian network is used to model the risk. Dynamic Bayesian networks facilitates the inclusion of time-dependent factors and their effect on risk (Jensen & Nielsen, 2007). This makes it a suitable method for modelling risk related to MASS, as such systems are affected by dynamic factors. The method is applied to a case study. The risk of not performing the mission for the AutoNaut unmanned surface vessel (USV) is analysed. The USV is meant for performing scientific missions in the ocean and uses wind and solar power for propulsion and for powering all on-board systems (Dallolio et al., 2019). (Expected) results The results from this study includes a proposed methodology for analysis risk for MASS operations. The proposed methodology can be used to identify relevant factors to include in the risk analysis of a general MASS, with a focus on performing the intended missions while maintaining an adequate level of situational awareness and avoiding loss of power. The resulting risk model may be used for decision support for operators during the planning and performance of MASS operations. By using dynamic Bayesian networks, the development of risk during a mission can be modelled, and critical time steps can be identified. This will give the operators an indication for when more resources must be allocated for reducing risks. The results from the case study show that the risk related to the USV operation changes with time and is affected by environmental factors. It also shows that the prioritization between using power on maintaining a high level of situational awareness and preserving power when there is limited opportunity to generate power is important for safe and efficient operation of the USV. References Utne, I. B., Rokseth, B., Sørensen, A. J., Vinnem, J. E., 2020. Towards supervisory risk control of autonomous ships. Reliability engineering & system safety, 196, pp. 106757. Pizarro, O., Singh, H., 2003. Toward larg-area mosaicing for underwater scientific applications. IEEE journal of oceanic engineering, 28, pp. 651-672. International Maritime Organisation, 2021. In focus: Autonomous shipping. https://www.imo.org/en/MediaCentre/HotTopics/Pages/Autonomous-shipping.aspx. Pan, P., Sun, Y., Yuan, C., Yan, X., Tang, X., 2021. Research progress on ship power systems integrated with new energy sources: A review. Renewable and sustainable energy reviews 144, 111048. Dallolio, A., Agdal, B., Zolich, A., Alfredsen, J.A., Johansen, T.A., 2019. Long-endurance green energy autonomous surface vehicle control architecture. OCEANS 2019 MTS/IEEE SEATTLE , 1–10. Utne, I.U., Sørensen, A.J., Schjølberg, I., 2017. Risk management of autonomous marine systems and operations, in: Proceedings of the ASME 2017 36th International Conference on Ocean, Offshore and Arctic Engineering, pp. 1–10. Jensen, F.V., Nielsen, T.D., 2007. Bayesian Networks and Decision Graphs. Springer, New York, NY.
Paper SU247 | Download the paper file. | Download the presentation PowerPoint file.
Name: Susanna Kristensen (susanna.d.kristensen@ntnu.no)

Bio: PhD student at the Department of Marine Technology at the Norwegian University of Science and Technology (NTNU). I have a master's degree in Marine Technology from the Department of Marine Technology at (NTNU) from 2021. The topic of my PhD research is online risk modeling of autonomous ships. The research is performed as a part of the SFI Autoship research project.

Country: NOR
Company: Norwegian University of Science and Technology
Job Title: PhD student