From Uncertainty Representation to Safety Performance Monitoring for Operational Safety Assurance - A Systematic Approach

Recent advancements in Automated Driving Systems (ADS), driven by substantial investments, have significantly enhanced ADS technologies. However, traditional methods for the design, development, verification, and validation of safety-critical automotive systems are inadequate for managing the increased complexity and operational uncertainties of ADS, making the assurance of their operational safety in dynamic environments an unresolved challenge. Current operational safety approaches use various approaches to incrementally challenge the validity of assurance cases but lack the integration of field data. The increasing availability of real-time vehicle data presents an opportunity to identify potential runtime uncertainties affecting safety assurance cases. By continuously refining and expanding assurance cases with field data, additional evidence or counter-evidence, and other relevant information through a DevSafeOps process, the safe operation of ADS can be assured.
A crucial aspect of operational safety assurance is Safety Performance Monitoring (SPM) using Safety Performance Indicators (SPIs), which are essential for both operational safety and compliance with standards such as UL 4600 and BSI PAS 1881 for the deployment of ADS. SPIs quantify safety performance and can be used to monitor the validity of safety arguments during operation. SPIs at sufficiently detailed sub-claim levels can proactively identify potential violations of safety case claims in a `leading' manner, before safety-critical events occur. Additionally, they can provide supplementary evidence to address residual uncertainties after deployment.
This paper primarily addresses SPM for operational safety, presenting a novel systematic approach that spans from uncertainty representation in assurance cases using Dempster-Shafer theory to employing dialectics and argument defeaters, ultimately defining useful SPIs related to various claims in an assurance case. This approach aids in concretely identifying and defining SPIs based on an assurance case and facilitates the runtime field data-based validation of assurance cases, additionally aiding in standards conformance. The approach is demonstrated through a construction zone assist case study for ADS.

Keywords: Operational safety assurance, Safety performance monitoring, Autonomous driving systems, DevSafeOps.