Geffert, A.; Dodinoiu, A.; Lan, T.; Rüdiger, R.; Becker, U.:
Formalization of automation risks for dependability-based safeguarding of the nominal function.
9. Tagung Automatisiertes Fahren, November 2019. Lehrstuhl für Fahrzeugtechnik (TU München) mit TÜV SÜD Akademie.


To safeguard vehicles of higher automation levels, there is currently no generally accepted approach to handle the potentially deficient nominal function of sensor systems for automated driving. In this paper, corresponding risks depending on sensor quality are covered using the example of a GNSS-based multi-sensor localization system as an absolute position sensor for land vehicles. Therefore, basic measurement quality characteristics like integrity are transferred to dependability measures. Based on the PROFUND approach standardized in IEC 62551 with Petri nets, the dependability of that sensor system (including nominal function) is formalized and related to the Stanford diagram. After exemplifying important cases by means of the net model and considering safety-related design aspects, extended nominal functions of multiple channels are contemplated. For that purpose, the concept of risk genesis and various risk mitigation strategies are discussed. Moreover, a comparison between filtering and voting with Kalman filters is conducted based on numerical simulations. The approach in this paper connects GNSS, dependability (PROFUND), FuSa, SOTIF, data fusion, and fault tolerance for safe automation of road vehicles. Further Petri net models for multi-channel measurement systems and higher levels of the PROFUND net need to be developed to formalize the behavior of degradation strategies and to predict the associated risk of the nominal function by simulation.