Breakout #6

Breakout Session #6

Safety Assurance

Tuesday, July 19

Room- Continental 7


  • Chair: Hermann Winner, Technische Universität Darmstadt (Germany), Institute of Automotive Engineering (FZD)
  • Co-Chair: Ching-Yao Chan, California PATH, UC Berkeley


After the rapid progress in functional skills of automated driving the question on how the safety of automated vehicles can be assured becomes more and more the key question for introduction. Up to now there is no distinguished or reference way defined to validate the safety of automated vehicles. In this break-out session different approaches to Safety Assurance from projects preparing the introduction of AV are presented as well as the requirements from society and authorities on feasibility within the current or expected technological constraints.

Obviously a riskless introduction is an illusion, so risk management has to be part of the introduction hand in hand with the testing methodology and certification process which is discussed as well.

Based on these presentations two panel discussions should extract the most urgent issues and how they have to be addressed.


  • An overview about the approaches to safety assurance from different projects on different continents in order to understand the thoughts of researchers around the world
  • Participant exchange on the safety targets and their approach to certification
  • Presentations deliver an overview of the safety assurance approaches and respective methods
  • Participants obtain an understanding of the discussed methods
  • The panel discussion should identify the next steps for a safety assurance strategy


Presentations (1st Session):

Speaker: Jonas NILSSON, Volvo Car Corporation, Gothenburg
Title: Dependability and Verification for Self-Driving Cars – The Drive Me Approach
Abstract: The development of self-driving cars represents a paradigm shift for the automotive industry. This talk is based on experiences from the Drive Me project and focuses on the new challenges in safety and dependability brought by autonomy. In addition, the talk will elaborate on the impact these challenges has on safety assurance and verification.
Bio: Jonas Nilsson currently leads research and development activities focused on dependability and verification of autonomous vehicles at Volvo Cars. He has since 2005 worked with active safety systems and autonomous vehicles. He received the B.E. degree from the Thayer School of Engineering at Dartmouth, Hanover, NH, USA, in 2004, a M.Sc. in vehicle engineering from the Royal Institute of Technology (KTH), Stockholm, Sweden, in 2005 and a Ph.D. in Mechatronics from Chalmers University of Technology, Gothenburg, Sweden in 2014.

Speaker: Naohisa HASHIMOTO, National Institute of Advanced Industrial Science and Technology (AIST), Japan
Title: Results and Discussion Based on the Projects in Japan
Abstract: As the technology on automated vehicles progress, safety assurance has becomes more important. Safety of automated vehicles depends on several aspects including sensors, algorithms, system architectures and human factors. Different automated vehicle projects can be categorized according to objectives and safety should be evaluated considering each category. We would like to discuss these topics studying through the automated vehicle projects in Japan.
Bio: Naohisa Hashimoto is a senior researcher of smart mobility research team in National Institute of Advanced Industrial Science and Technology (AIST). He received Ph.D from Keio University in 2005. During 2010-2011, he was a visiting researcher of the Ohio State University and Center of Automotive Research. He is a visiting assistant professor of Utsunomiya University from 2015

Speaker: Walther WACHENFELD, Technische Universität Darmstadt (Germany)
Title: Safety Assurance Based on an Objective Identification of Scenarios – One Approach of the PEGASUS-Project
Abstract: Assessing automation by test-driving is economically not feasible ahead of introduction. Thus, testing has to be shifted to other testing tools. These tools need information on relevance of scenarios to reduce the test effort. What is of relevance when assessing automated driving? Within the PEGASUS project one goal is to answer this question for highly automated driving on highways. This presentation proposes and discusses an objective identification of scenarios and their relevance for assessing safety.
Bio: Walther Wachenfeld completed in 2012 his diploma on Electrical Engineering and Information Technology with a major in Mechatronics at the Technische Universität Darmstadt, Germany. Since 2013 he is a research associate at the Institute of Automotive Engineering at Technische Universität Darmstadt. For three years until the end of 2015 he studied different topics regarding automated driving within the project “Autonomous Driving” of the Daimler and Benz Foundation. As a member of Technische Universität Darmstadt he was part of the team to acquire the PEGASUS project funded by the German Federal Ministry for Economic Affairs and Energy. Since then his work concentrates on the development of a methodology for safety assurance of automated vehicles within PEGASUS.

Speaker: Lutz ECKSTEIN, RWTH Aachen University (Germany), Institute for Automotive Engineering (ika)
Title: Developing and Assessing Automated Driving - Contribution of the Project PEGASUS
Abstract: The development and assessment of functionalities for automated driving induces numerous interacting challenges. The assessment and certification of automated driving probably constitutes the most demanding challenge, which requires a sophisticated, collaborative approach. In this presentation a novel approach to structure and visualize the interdependencies of challenges is proposed. Special emphasis is put on the question of assessment and certification on the way to automated driving, and the contribution of different projects is described.
Bio: Lutz Eckstein is full professor at RWTH Aachen University, directing the Institute for Automotive Engineering (ika). Having obtained a PhD in mechanical engineering on future control concepts, he was responsible for Active Safety of Advanced Driver Assistance Systems at Daimler AG. From 2005 on he has been general manager for HMI at BMW AG, defining the interaction with all functionalities of BMW, MINI and Rolls-Royce vehicles. With his appointment by Aachen University in 2010, Lutz Eckstein devised and coordinated the development of a modular infrastructure for research on ADAS and Automated Driving, ranging from simulation methods via driving simulators to the ATC proving ground, offering all relevant communication technologies

Panel discussion with speakers of 1st session

Coffee break

Presentations (2nd Session):

Speaker: Tim Allan WHEELER, Stanford University, Intelligent Systems Laboratory
Title: Establishing Trust in Autonomous Vehicles – an Aerospace Perspective
Abstract: Autonomous vehicles and other emerging active driving systems require advanced science and engineering methodologies by which trust can be established. Lack of public trust in the safety and underlying technology of autonomous vehicles currently impedes their widespread acceptance and limits the impact autonomy can have in improving both safety and efficiency. The route to building trust lies in the creation of a scientific, unified, transparent framework to optimize and evaluate active driving systems. We propose a cross-industry standard model by which the safety of active driving systems can be evaluated, based on approaches successfully applied in international civil aviation.
Bio: Tim Allan Wheeler is a graduate student of Aeronautics and Astronautics at Stanford University. He is a Ph.D. candidate under the mentorship of Prof. Mykel Kochenderfer of the Stanford Intelligent Systems Laboratory, applying decision making theory to the problem of automotive safety. Tim is a Burt and Deedee McMurtry fellow. He received his B.S. in aerospace engineering from U.C. San Diego in 2013. Tim's research focuses on autonomous cars, particularly in designing tools for the rigorous analysis of active driving systems.

Speaker: Nidhi KALRA, RAND Center for Decision Making under Uncertainty
Title: Driving Autonomous Vehicles to Safety
Abstract: How safe should autonomous vehicles be before they are allowed on the roads? How do we (not) prove they are safe? How might our near-term safety choices affect the long-term evolution of the technology? I will explore these and other pressing policy questions and suggest how adaptive regulation may be a promising way to answer them.
Bio: Nidhi Kalra is a senior information scientist at the RAND Corporation, professor at the Pardee RAND Graduate School, and codirector of RAND's Center for Decision Making Under Uncertainty. She has led many projects on energy, environment, and science and technology policy. She recently co-led a study providing policy guidance on autonomous vehicle technologies. In 2013, she served as a senior decision scientist in the Office of the Chief Economist of Sustainable Development at the World Bank. Kalra received her Ph.D. in robotics from Carnegie Mellon University's Robotics Institute.

Speaker: Marcos PILLADO, Applus IDIADA, Spain
Title: Functional validation and performance assessment of automated truck platoons in controlled environments
Abstract: Platooning of heavy duty vehicles (HDV) provides the opportunity to save fuel, increase safety and add road capacity. The COMPANION (Cooperative dynamic formation of Platoons for safe and energy-optimized goods transportation) project aims to develop and validate a system for creation, coordination and operation of platoons. A complete integration of the entire system is performed in the project in order to make a global assessment of the full system. This paper presents the testing methodology used for the validation and performance assessment of the platooning manoeuvres and the on-board HMI in a controlled scenario.
Bio: Mr Marcos Pillado is Project manager, Electronics. He is Telecommunication Engineer for the University of Vigo. He has extensive experience in innovation and product development for mobile devices and vehicular networks. He has solid practical experience in the design, integration and validation of communication architectures for C-ITS, playing an active role in standardization of C-ITS architecture and V2X communications. Currently, he is leading cutting edge connected and automated driving projects.

Speaker: Michael WAGNER, Carnegie Mellon University
Title: Challenges in Autonomous Vehicle Testing and Validation
Abstract: Software testing is all too often simply a bug hunt rather than a well considered exercise in ensuring quality. A more methodical approach than a simple cycle of system-level test-fail-patch-test will be required to deploy safe autonomous vehicles at scale. The ISO 26262 development V process sets up a framework that ties each type of testing to a corresponding design or requirement document, but presents challenges when adapted to deal with the sorts of novel testing problems that face autonomous vehicles. We have identified five major challenge areas in testing according to the V model for autonomous vehicles and discuss promising potential solutions While significant challenges remain in safety-certifying the type of algorithms that provide high-level autonomy themselves, it seems within reach to instead architect the system and its accompanying design process to be able to employ existing software safety approaches.
Bio:Michael Wagner is a Senior Program Manager at the National Robotics Engineering Center at Carnegie Mellon University and a co-founder of the start-up company Edge Case Research, LLC. He has almost twenty years of experience developing advanced robotic systems for industry, the Department of Defense, and NASA. Since 2006 his work has focused on building safer robots and researching ways for verifying autonomy

Speaker: Andrew LACHER, Unmanned and Autonomous Systems Research Strategist, The MITRE Corporation
Title: Applicability of Lessons Learned from Aviation Safety Management System for Automated Vehicles
Abstract: In January 2016, US DoT, NHTSA, and the automotive industry agreed to examine the existing aviation industry voluntary/anonymous safety information reporting systems to understand whether such an approach could be utilized in the auto sector. Safety data sharing is one of the components of a Safety Management System (SMS) which is a standard recognized throughout the aviation industry worldwide. Using SMS practices, the Commercial Aviation Safety Team (a combined industry/Government group) reduced the risk of commercial aviation fatalities in the US by 83% in 10 years. What lessons learned from SMS can be applied to the auto sector? What are some of the similarities and differences between the aviation and auto sectors? How will the movement towards automated and connected driving effect SMS-like practices?
Bio: Andrew Lacher has 30 years of systems engineering experience mostly in the aviation and transportation systems domain. He currently has a leadership role in defining The MITRE Corporation’s research strategy in unmanned and autonomous systems. He is focused on the safe integration of Unmanned Aircraft System (UAS) in civil airspace as well as methods to calibrate the trustworthiness of autonomous systems including automated driving. Much of Mr. Lacher’s research and analysis activities involve improving the safety, security, and efficiency of transportation operations through the application of new information technologies. He serves on a number of committees, standards working groups, and external research advisory panels. He was one of the authors of a National Research Council study on Autonomy in Civil Aviation and currently serves on the FAA’s RE&D Advisory Committee for Aircraft Safety.

Panel discussion with speakers of the 2nd session

Breakout 6 / 22