W06 Can Autonomy be Safe?
ASD Workshop (Tuesday April 18: 14h - 18h00): Can Autonomous Systems Be Safe?
Despite the advancement of machine learning and artificial intelligence, safety still constitutes a main hurdle for supporting high levels of autonomy in domains such as self-driving cars, where thousands of car accidents involving autonomous functionalities are reported every year. There are many more examples where autonomous systems reliability and safety are core requirements, from robotics, trains or UAVs all the way to large systems-of-systems, such as the smart grid. The design of safety-critical and high-reliability systems is governed by strict regulations covering the whole product life cycle, from conception to production to deployment and maintenance. The design process according to safety standards typically assumes a correct and complete system specification. For autonomous systems, it is often impossible to show that the specification is complete, due to the underspecified environment and evolving, and often emerging, behaviour. Verification and test of autonomous systems, as well as monitoring safety goals in operation, are huge system design challenges. The set-backs in ambitious autonomous driving goals raise the question if systems autonomy is an appropriate concept for safety critical systems at all. On the other hand, systems autonomy with advanced capabilities, such as self-protection or self-awareness in decision making, might help to control risk under uncertainty and change, and might become an asset and even an enabler for critical complex systems design. So, guaranteeing safety emerges as challenging, but central topic in the design of autonomous systems.
This year, the workshop offers a unique opportunity for participants to contribute to the discussion and be part of a community working on the design of autonomous systems.
The workshop will start with introductory talks by experts from academia and industry that will highlight main challenges for safe systems autonomy and applications. After that, there is an opportunity for a limited number of short pitches (ca. 3 min) where workshop participants can give a statement about the main challenging question of “Can Autonomous Systems Be Safe?”, an abstract of the topic is available below. Statements can be on your research topics, practical issues, limitations, visions, or design ideas and suggestions. The short talks will be arranged in thematic blocks, followed by a discussion each.
The last part will be an open discussion with all presenters of the workshop and the audience. In the end, the results will be summarized in a report that will be made available to the workshop participants.
14h00 - 15h30:
- 14h00: Opening and Welcoming
- 14h15: Collective Reasoning for Safe Autonomous Systems Design, Selma Saidi, Professor of Embedded Systems, TU Dortmund University, Germany
- Abstract: Collaboration in multi-agent autonomous systems (AS) is critical to increase performance while ensuring safety. However, due to differences in e.g., perception qualities, some AS should be considered more trustworthy than others to contribute building collaboratively a common environmental model, especially during disagreement. We discuss in this talk increase reliability of autonomous systems by relying on collective knowledge. We borrow concepts from social epistemology to exploit individual characteristics of autonomous systems, and define and formalize rules for collective reasoning to achieve collaboratively increased safety, trustworthiness and good decision-making under uncertainty.
- 14h30: Limitation-aware designs – a road towards safer systems in complex environments, Peter Schneider, Safety Expert @Bosch Research, Robert Bosch GmbH
- Abstract: The development of safe autonomous driving systems (ADS) revealed many interdependent design challenges that often cannot simply be solved one-by-one (or measure-by-measure) but need more holistic solution approaches. Traditionally automotive safety engineering relies a lot on composing safe systems from well-defined and intrinsically safe components. For systems that operate in constantly changing environments, finding a practical and safe ‘one-size-fits-all’-solution via static designs and the traditional safety engineering toolbox becomes increasingly hard. Hence, instead of further and further tweaking single components to potentially reach ‘safety-grade’ reliability at some point (or risking getting lost in the long-tail problem), we propose to set a stronger research focus on safety engineering tools and technologies that support the creation of limitation-aware and adaptive system designs which are able to dynamically handle component limitations, without compromising on the system application’s safety goals. In order to illustrate some of the aforementioned challenges in a practical example, this talk will discuss a few of the interdisciplinary design challenges in the development of a safe ADS environment sensing system. Furthermore, different possible solution strategies are discussed on how to potentially enhance the system’s ‘safety-by-design’ via limitation modelling, design automation and safety-oriented compensation of limitations through interactions with other systems.
- 14h45: Safety Cases for Autonomous Systems, Richard Hawkins, Senior Research Fellow, Assuring Autonomy International Programme (AAIP), Department of Computer Science, University of York, UK
- Abstract: Demonstrating sufficient safety is challenging for all systems, but is even more so for autonomous systems (AS). Autonomy increases uncertainty in the safe operation of autonomous systems, particularly when operating in complex, dynamic and open environments; the pace of technological change in AS also tends to be greatly increased; in addition there is little established best practice to guide safety assurance activities. In this talk I will discuss how safety cases provide a means to address these uncertainties and provide confidence in the safety of an AS by providing explicit safety arguments supported by evidence. I will discuss guidance we have developed at the University of York on the assurance activities to be undertaken and the evidence required to be generated to create a compelling safety case for an AS.
- 15h00: First Round of Statements
- Opening Statement: Digital Twins Enabling Safe Autonomy, Unmesh Bordoloi, Siemens Mentor
- 15h30: Coffee Break
- 16h00: Second Round of Statements
- 16h30: Panel Discussion
- 17h30: Summary of the Workshop and Closing