A Runtime Safety Monitoring Approach for Adaptable Autonomous Systems

Haupt, Nikita Bhardwaj; Liggesmeyer, Peter

doi:10.1007/978-3-030-26250-1_13

Cited by 9 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Are there mechanisms other than a very diligent development process to reduce the impact/damage of a security incident or a safety accident? Fortunately, the answer is yes and reads: Run-Time Monitoring [29][30][31][32][33][34]. In run-time monitoring, the system's behavior is observed and automatically checked for compliance against the desired behavior.…”

Section: Last Defensementioning

confidence: 99%

See 1 more Smart Citation

Safe and secure system architectures for cyber-physical systems

Furrer

2023

Informatik Spektrum

View full text Add to dashboard Cite

Cyber-physical systems are at the core of our current civilization. Countless examples dominate our daily life and work, such as driverless cars that will soon master our roads, implanted medical devices that will improve many lives, and industrial control systems that control production and infrastructure. Because cyber-physical systems manipulate the real world, they constitute a danger for many applications. Therefore, their safety and security are essential properties of these indispensable systems. The long history of systems engineering has demonstrated that the system quality properties—such as safety and security—strongly depend on the underlying system architecture. Satisfactory system quality properties can only be ensured if the fundamental system architecture is sound! The development of dependable cyber-physical architectures in recent years suggests that two harmonical architectures are required: a design-time architecture and a run-time architecture. The design-time architecture defines and specifies all parts and relationships, assuring the required system quality properties. However, in today’s complex systems, ensuring all quality properties in all operating conditions during design time will never be possible. Therefore, an additional line of defense against safety accidents and security incidents is indispensable: This must be provided by the run-time architecture. The run-time architecture primarily consists of a protective shell that monitors the run-time system during operation. It detects anomalies in system behavior, interface functioning, or data—often using artificial intelligence algorithms—and takes autonomous mitigation measures, thus attempting to prevent imminent safety accidents or security incidents before they occur. This paper’s core is the protective shell as a run-time protection mechanism for cyber-physical systems. The paper has the form of an introductory tutorial and includes focused references.

show abstract

Section: Last Defensementioning

confidence: 99%

“…A set of policies, expressed in a formal, machine-readable language [42]. A set of rules, expressed in a formal, machine-readable language [32]. Structural and behavioral models, expressed in a formal, machine-readable language [43,44].…”

Section: Run-time Monitoring Principlementioning

confidence: 99%

Safe and secure system architectures for cyber-physical systems

Furrer

2023

Informatik Spektrum

View full text Add to dashboard Cite

show abstract

“…As part of this it is important to ensure that effective monitoring is in place during operation that can identify when a response is required to ensure acceptable safety is maintained. Effective monitoring is important for all safety-related systems, however it is of particular importance for autonomous systems (AS) [7], [3], since it is expected that AS will experience more change during operation. This may be in the form of changes to the AS itself (updates to machine learning models or unanticipated failure modes of system components), or changes in the complex, dynamic operating environment in which AS are required to operate.…”

Section: Introductionmentioning

confidence: 99%

Identifying Run-Time Monitoring Requirements for Autonomous Systems Through the Analysis of Safety Arguments

Hawkins,

Ryan Conmy

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

It is crucial that safety assurance continues to be managed for autonomous systems (AS) throughout their operation. This can be particularly challenging where AS operate in complex and dynamic environments. The importance of effective safety monitoring in ensuring the safety of AS through-life is already well documented. These current approaches often rely on utilising monitored information that happens to be available, or are reliant solely on engineering judgement to determine the requirements. Instead, we propose to use a systematic analysis of the safety case as the basis for determining the run-time monitoring requirements. Safety cases are created for AS prior to deployment in order to demonstrate why they are believed to be sufficiently safe to go into operation. The safety case is therefore inevitably based upon predictions and assumptions about the system and its operation which may become untrue due to changes post-deployment. Our approach identifies specific run-time monitoring requirements for AS based upon a dialectic analysis of the safety case developed for the system. The advantage of the approach described is that it is systematic (through explicit consideration of elements of the safety case for the AS) and provides a way to justify the sufficiency of the resulting monitoring requirements (through creating explicit links the safety claims made about the AS).

show abstract

“…Service-oriented component fault trees are used for property derivation for runtime monitors with safety in mind [18]. Runtime monitors focus on the faulttolerant qualities [11] over emphasizing property generation, whereas property generation is our primary focus. Design-time safety measures that use STPA and model-based system engineering similar to our autonomous emergency braking (AEB) case study could incorporate our methods for runtime assurance [6].…”

Section: Introductionmentioning

confidence: 99%

STPA-driven Multilevel Runtime Monitoring for In-time Hazard Detection

Gautham¹,

Bakirtzis²,

Will³

et al. 2022

Preprint

View full text Add to dashboard Cite

Runtime verification or runtime monitoring equips safetycritical cyber-physical systems to augment design assurance measures and ensure operational safety and security. Cyber-physical systems have interaction failures, attack surfaces, and attack vectors resulting in unanticipated hazards and loss scenarios. These interaction failures pose challenges to runtime verification regarding monitoring specifications and monitoring placements for in-time detection of hazards. We develop a well-formed workflow model that connects system theoretic process analysis, commonly referred to as STPA, hazard causation information to lower-level runtime monitoring to detect hazards at the operational phase. Specifically, our model follows the DepDevOps paradigm to provide evidence and insights to runtime monitoring on what to monitor, where to monitor, and the monitoring context. We demonstrate and evaluate the value of multilevel monitors by injecting hazards on an autonomous emergency braking system model.

show abstract

A Runtime Safety Monitoring Approach for Adaptable Autonomous Systems

Cited by 9 publications

References 10 publications

Safe and secure system architectures for cyber-physical systems

Safe and secure system architectures for cyber-physical systems

Identifying Run-Time Monitoring Requirements for Autonomous Systems Through the Analysis of Safety Arguments

STPA-driven Multilevel Runtime Monitoring for In-time Hazard Detection

Contact Info

Product

Resources

About