Breakout 17: Safety Assurance of Automated Vehicles

Breakout 17: Safety Assurance

Wednesday, July 12, 1:30 PM – 5:30 PM
Golden Gate 3


  • Hermann Winner, Technische Universität Darmstadt (Germany), Institute of Automotive Engineering (FZD), Chair
  • Ching-Yao Chan, California PATH, UC Berkeley, Co-Chair


Safety Assurance of Automated Vehicle (SAAV) is a still unsolved problem for introduction of automated driving. In 2016, AVS experts of different countries have presented aspects and approaches of SAAV. These contributions and the discussions led to key issues, which will be in the focus of the 2017 AVS breakout session on Safety Assurance.
Starting with a 5-10 min stimulation presentation, we would motivate the audience to be ready for discussions. In 15-20 min discussions, we will find more about the opinions of the audience and would gather their proposals.


Session 1: Technical Approaches on Safety Assurance

Prof. Dr. Lutz ECKSTEIN, RWTH Aachen University, Chair of ika and Director of the board of fka, Germany
Having obtained a PhD in mechanical engineering, Lutz Eckstein joined Daimler AG where he became responsible for Safety Assurance of Advanced Driver Assistance Systems. In 2005 he was appointed by BMW AG to take over responsibility for HMI and Human Factors for all BMW, MINI and Rolls-Royce vehicles. Since 2010 Dr. Eckstein is chairing the Institute for Automotive Engineering of Aachen University, which has a strong record in innovative Chassis and Vehicle Concepts as well as in Automated Driving. He has contributed to more than 100 patents and is dedicated to increasing traffic safety as well as creating new driving experiences.

Creating a reference for Automated Driving – the approach followed by PEGASUS.
Since absolute safety is not existing, a commonly accepted safety reference for Automated Driving is needed. This speech gives a systematic description of the approach followed by the German project PEGASUS and points out, how this reference can be used along the development process in order to assure safety of Automated Driving functionalities. Moreover, the required tool chain is described and possible models for cooperation between stakeholders are discussed.

Karl ZIPSER, Ph.D., Helen Wills Neuroscience Institute, Berkeley DeepDrive Center & Redwood Center for Theoretical Neuroscience, UC Berkeley
Karl Zipser did his PhD on the primate visual system at the Department of Brain and Cognitive Sciences at M.I.T. His work there and in subsequent postdoc positions is recognized as an important contribution to the field and his publications have received hundreds of citations.
Following a transition to the visual arts, he studied fMRI methodology at UC Berkeley and has a research paper currently in press.Next Karl decided to combine his interest in deep networks with remote control cars, initially training the cars to drive on Berkeley sidewalks, then creating more than a dozen cars for multi-car experiments. He is currently pursing this research as part of the Berkeley DeepDrive program.

Vehicle-vehicle interaction is a major problem in autonomous driving research, but the most relevant interactions -- those involving dangerous situations such as high speed near misses or crashes -- cannot be safely or economically studied with real cars. We believe that scientific research on this problem requires a model system in which the cars and the environment are under control and 'risks' can be taken without risk to human beings or fear of expensive car demolition. For this purpose our Autonomous Model Car team has developed a fleet of self-driving 1:10 model cars and an outdoor arena for them to drive in. Neural networks of increasing behavioral complexity are trained on the data acquired from experimental sessions with five or more cars driving together.

Dr. Edward R. GRIFFOR, Associate Director, Smart Grid and Cyber Physical Systems Program Office
Software-defined Intra-Vehicular Networking for Autonomy. NIST has been able to use ‘software defined vehicle networks’ (SDN) to develop this new approach to vehicle networking, build the simulation environment in their labs and test this approach. In the presentation, they introduce software defined networking (SDN) for Intra-Vehicular Networks, bringing SDN’s traffic prioritization and resource management capabilities to make better use of the available bandwidth offered by vehicular buses and to enable the improved safety, security and reliability of automotive networks needed for automated vehicles. This approach has been tested for key AV systems.

Chad PARTRIDGE, CEO, Metamoto, Inc.,
Metamoto, Inc. is a startup specializing in test and validation of autonomous systems.
Chad is an accomplished executive making his recent mark as an entrepreneur in enterprise software contributing mission critical video, geospatial metadata, and computer vision within unmanned systems markets. Starting as co-founder and then as President, he grew Sensing Systems through to its acquisition by 2d3 and then provided executive leadership through its subsequent evolution, ultimately highlighted in 2d3 Sensing's acquisition by Boeing/Insitu.

Chad has been deeply involved with the Association for Unmanned Vehicle Systems International (AUVSI) and previously served on the AUVSI and AUVSI Foundation Board of Directors. Chad has a distinguished background and education in software engineering, machine learning, computer vision, sensing, control, automation, robotics, and hardware design. He has worked on various projects involving the development of complex autonomous systems. He holds engineering degrees from Stanford University, the University of Illinois, and the University of Michigan.


Satisfying safety requirements for AVs embodied in software and deep learning is a massive challenge of scale. Tests across many thousands of parameterized scenarios must be run during development and every time vehicle software, sensors, and infrastructure change. To realize this need, physical tests are supplemented with extensive on-demand simulation, which must validate the integrity of the software often before a vehicle hits the pavement. Traditional automotive simulation tools are not up to the task of this scale of simulation. Further, mature agile software engineering approaches, especially those involving continuous test and integration, provide a proven way forward. We will be discussing these topics surrounding evolving AV simulation best practices.

Session 2:

Presentations (2nd Session): Societal Perspectives on Safety Assurance

Bernard C. SORIANO, Ph.D., California Department of Motor Vehicles
Bernard C. Soriano is a Deputy Director for the California Department of Motor Vehicles and is in charge of the department’s autonomous vehicles program. He has over 30 years of engineering and management experience in the private and public sector. Bernard holds a Ph.D. in Engineering and was a Lieutenant in the U.S. Navy Reserve and has numerous publications and patents. His honors and achievements include selection as a finalist in the NASA astronaut program.

The presentation will explore the various measures that can be used to assess the safe operation of autonomous vehicles. The role of governmental agencies and the current landscape will also be discussed.

Ryan HARRINGTON, Exponent, Inc.
Ryan Harrington is a Principal within the Vehicle Engineering Practice at Exponent, Inc. Having worked directly on the development of automotive technologies and federal regulations, Mr. Harrington specializes in the analysis of complex technical and policy issues while fostering collaboration between industry executives, senior government officials, and engineers related to the deployment of automated vehicles, advanced driver assistance systems (ADAS) and fuel saving technologies. Prior to joining Exponent, Mr. Harrington was a Division Chief at the U.S. DOT’s Volpe Center where he led a cross-functional team focused on the deployment of emerging transportation technologies. In this role he initiated and co-authored a report reviewing Federal Motor Vehicle Safety Standards (FMVSS) as they relate to automated vehicles and he led the development of technology assumptions and engineering analyses used to develop Corporate Average Fuel Economy (CAFE) standards. Prior to joining the Volpe Center, Mr. Harrington worked at Cummins Inc. and Delphi Automotive Systems. Mr. Harrington holds a master’s degree in Automotive Engineering from the University of Michigan and a bachelor’s degree in Mechanical Engineering from the University of Nebraska.

The media frenzy surrounding automated vehicle technology and autonomous vehicles seems to be shaping unrealistic consumer expectations, at least for near-term deployments. This is compounded by the fact that increased technology complexity drives larger differences between consumer understanding and reality, leading to potential misuse. This presentation will focus on discussing the following questions. What role will instructions and warnings play in setting realistic consumer expectations? How can consumer education and marketing be used to shape more realistic expectations and thus more successful automated vehicle deployments?

Shawn KIMMEL, Ph.D., Lead Engineering, Booz Allen Hamilton
Shawn Kimmel is a robotics and automation engineer with over 10 years of experience developing automated vehicle (AV) technology and policy. He currently supports AV research at US DOT, including testing and standards. He obtained his graduate degrees from Virginia Tech and Colorado School of Mines, and previously researched vehicle automation for DARPA, RAND Corporation, National Academies, and Caterpillar. Notable accomplishments include leading testing and evaluation for DARPA Urban Challenge team Victor Tango (3rd place), developing system requirements for Caterpillar’s automated load-haul-dump and drilling machines, and serving as a technology policy adviser in US Congress, including drafting automated vehicle legislation that was passed into law in 2015.

Automated driving systems (ADS) present many challenges to existing vehicle testing and certification approaches in the US. The US DOT is undertaking research to identify potential testing frameworks and standards to support ADS safety assurance. This talk will discuss research to develop objective and repeatable test cases and scenarios for highly automated vehicles. Factors that are considered in test case development include ADS functionality, operational design domain (ODD), object and event detection and response (OEDR) requirements, and fail-safe/ fail-operational mechanisms. An analysis of the technical standards landscape will be discussed, which includes identifying the needs and gaps in technical standards for safety assurance.

Breakout 17 / 25