Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Towards Closing the Gap between Model-Based Systems Engineering and Automated Vehicle Assurance: Tailoring Generic Methods by Integrating Domain Knowledge

Marcus Nolte, Markus Maurer

TL;DR

This paper addresses the challenge of aligning Model-Based Systems Engineering (MBSE) with automated vehicle safety assurance by proposing domain-specific SysML profiles derived from domain ontologies. It presents a meta-modeling approach to translate automotive domain concepts into SysML artifacts, enabling traceability from domain knowledge to system architectures, requirements, and safety analyses. A concrete example demonstrates how use cases, system context, and scenarios can be modeled within a domain-tailored Operational Concept to support ISO2018/ISO21448-aligned hazard and risk assessments. While promising for improving interdisciplinary communication and traceability, the approach acknowledges scalability and usability challenges and pursues future tooling and automation to facilitate adoption in practice.

Abstract

Designing, assuring and releasing safe automated vehicles is a highly interdisciplinary process. As complex systems, automated driving systems will inevitably be subject to emergent properties, i. e., the properties of the overall system will be more than just a sum of the properties of its integrated elements. Safety is one example of such emergent properties. In this regard, it must be ensured that effects of emergence do not render an overall system that is composed of safety-approved sub systems unsafe. The key challenges in this regard are twofold: Regarding the interdisciplinary character of the development and assurance processes, all relevant stakeholders must speak a common language and have a common understanding of the key concepts that influence system safety. Additionally, the individual properties of system elements should remain traceable to the system level. Model-Based Systems Engineering (MBSE) provides an interdisciplinary mindset, as well as methods and processes to manage emergent system properties over the entire system lifecycle. By this, MBSE provides tools that can assist the assurance process for automated vehicles. However, concepts from the domain of MBSE have a reputation for not being directly accessible for domain experts who are no experts in the field of Systems Engineering. This paper highlights challenges when applying MBSE methods to the design and development of automated driving systems. It will present an approach to create and apply domain-specific SysML profiles, which can be a first step for enhancing communication between different stake-holders in the development and safety assurance processes.

Towards Closing the Gap between Model-Based Systems Engineering and Automated Vehicle Assurance: Tailoring Generic Methods by Integrating Domain Knowledge

TL;DR

This paper addresses the challenge of aligning Model-Based Systems Engineering (MBSE) with automated vehicle safety assurance by proposing domain-specific SysML profiles derived from domain ontologies. It presents a meta-modeling approach to translate automotive domain concepts into SysML artifacts, enabling traceability from domain knowledge to system architectures, requirements, and safety analyses. A concrete example demonstrates how use cases, system context, and scenarios can be modeled within a domain-tailored Operational Concept to support ISO2018/ISO21448-aligned hazard and risk assessments. While promising for improving interdisciplinary communication and traceability, the approach acknowledges scalability and usability challenges and pursues future tooling and automation to facilitate adoption in practice.

Abstract

Designing, assuring and releasing safe automated vehicles is a highly interdisciplinary process. As complex systems, automated driving systems will inevitably be subject to emergent properties, i. e., the properties of the overall system will be more than just a sum of the properties of its integrated elements. Safety is one example of such emergent properties. In this regard, it must be ensured that effects of emergence do not render an overall system that is composed of safety-approved sub systems unsafe. The key challenges in this regard are twofold: Regarding the interdisciplinary character of the development and assurance processes, all relevant stakeholders must speak a common language and have a common understanding of the key concepts that influence system safety. Additionally, the individual properties of system elements should remain traceable to the system level. Model-Based Systems Engineering (MBSE) provides an interdisciplinary mindset, as well as methods and processes to manage emergent system properties over the entire system lifecycle. By this, MBSE provides tools that can assist the assurance process for automated vehicles. However, concepts from the domain of MBSE have a reputation for not being directly accessible for domain experts who are no experts in the field of Systems Engineering. This paper highlights challenges when applying MBSE methods to the design and development of automated driving systems. It will present an approach to create and apply domain-specific SysML profiles, which can be a first step for enhancing communication between different stake-holders in the development and safety assurance processes.

Paper Structure

This paper contains 7 sections, 7 figures.

Table of Contents

  1. Motivation
  2. Related Work
  3. Translating from Systems Engineering Concepts to Domain-Specific Concepts
  4. From Translated Concept Models to Domain-Specific Models
  5. From Domain Ontologies to Domain-Specific SysML Profiles
  6. Creating Models Based on Domain-Specific SysML Profiles
  7. Conclusion & Future Work

Figures (7)

  • Figure 1: Mapping of safety-related artefacts from iso21448 and iso2018 to iso15288-23 processes (matching colors indicate that an artefact is generated in the corresponding process).
  • Figure 2: Illustration of library-only vs. profile-based approach for domain-specific modeling in SysML. Left: The domain-specific stereotype Vehicle on the left inherits from the unspecific Stereotype Block. The custom stereotype is used in the model. Right: All model elements are typed with standard stereotype Block, a library component "Vehicle" provides a template for a specialized model element "EgoVehicle".
  • Figure 3: Extract of meta modeling approach for use cases and scenarios at the example of the PEGASUS 6-Layer model scholtes2021 (6th layer ommitted): Elements in the domain-specific SysML-profile are traced back to elements of a domain ontology. Grey concepts and relations stem from the automated driving domain, orange elements and relations from the Systems Engineering domain ("Scenarios" have different notions in both domains), blue arrows depict relations that translate between the domains. Green stereotypes are part of basic SysML 1.4, yellow stereotypes are part of the domain-specific profile.
  • Figure 4: Example scenario that we will use for the argumentation: The ego vehicle passes a row of parked vehicles, a pedestrian is stepping into ego vehicle's driving lane, and is occluded by the parked vehicles.
  • Figure 5: SysML (Operational) Use Case (top) and (Operational) System Context Diagram (bottom) representing the scenario in \ref{['fig:scenario']}.
  • ...and 2 more figures