Online  /  24. Juni 2021, 1:00 - 6:00 pm

Chapter Event Safety & Architecture 2021

The »Chapter Event Safety & Architecture Chapter Event« will, in the first session, address dynamic assurance methods for balancing safety and performance in the highly dynamic context in which AVs need to operate safely. In the second session, methods for systematically engineering and assuring specification and operation within the ODD will be discussed.


Dynamic Risk Management for Autonomous Systems

Autonomous systems (AS) have enormous potential and are bound to be a major driver in future economic and societal transformations. Their key trait is that they pursue and achieve their more or less explicitly defined goals independently and without human guidance or intervention. In contexts where safety, or other critical properties, need to be guaranteed, it is, however, presently hardly possible to exploit autonomous systems to their full potential. Unknowns and uncertainties occur due to the high complexity of the autonomous behaviors, the technology used, and the volatile and highly complex system context in which AS operate. These characteristics render the base assumptions of established assurance methodologies (and standards) insufficient and make it necessary to investigate new approaches at runtime/operation.

One promising approach for building dependable autonomous systems is to design the system with the capability to identify, assess, and control risks. Implementing such Dynamic Risk Management (DRM) entails many challenges concerning the necessary self-awareness and situational awareness. On the one hand, powerful and thus complex self-awareness and context awareness are necessary to minimize risks, resolve conflicting objectives, and make acceptable trade-off decisions. On the other hand, the complexity of the models hinders the assurance of critical properties and prevents gaining sufficient confidence in DRM. DRM has the potential to not only outright enable certain types of systems or applications, but also to significantly increase the performance of existing ones. This is due to the fact that resolving unknowns and dealing with uncertainties at runtime makes it possible to get rid of worst-case assumptions that are typically detrimental to a system’s performance properties.


  • How to come up with risk metrics suitable for dynamic risk assessment?
  • How to define acceptable residual dynamic risk and how to assure a system accordingly?
  • How to aggregate individual dynamic risks into a situation or collective risks?
  • How to trade-off different (competing) risks against each other?
  • What are the existing metrics for dynamic risk assessment?


Systematic Engineering of Operational Design Domains for Autonomous Systems

Key capabilities of autonomous systems are their capability to perceive and understand their context as well as their (related) capability to operate safely and reliably and to fulfill their given mission. It is clear that this implies certain tailoring of the system towards a specific context, which is typically called Operational Design Domain (ODD). Given the complexity of the contexts of many autonomous systems (such as autonomous vehicles), compiling adequate and sound ODD specifications is a challenge. Systematic engineering approaches with adequate techniques and tools are hence required to facilitate this challenging task. While a lot of research is currently going on to specify the required contents of an ODD description, the issue of assuring that engineers will systematically specify these contents in a sufficiently complete way is still largely unresolved. Therefore, this focus topic focuses on systematic engineering methods for specifying ODDs in the context of the safety engineering lifecycle.


  • Relationship between ODD and architecture specification 
  • Relationship between ODD and safety analysis 
  • Relationship between ODD and safety argumentation/safety case 
  • Relationship between ODD and validation/verification
  • Current methods or standardization activities for ODD specification