From Hazard Analysis to Hazard Mitigation Planning: The Automated Driving Case

  • Mario Gleirscher
  • Stefan Kugele
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10227)


Vehicle safety depends on (a) the range of identified hazards and (b) the operational situations for which mitigations of these hazards are acceptably decreasing risk. Moreover, with an increasing degree of autonomy, risk ownership is likely to increase for vendors towards regulatory certification. Hence, highly automated vehicles have to be equipped with verified controllers capable of reliably identifying and mitigating hazards in all possible operational situations. To this end, available methods for the design and verification of automated vehicle controllers have to be supported by models for hazard analysis and mitigation.

In this paper, we describe (1) a framework for the analysis and design of planners (i.e., high-level controllers) capable of run-time hazard identification and mitigation, (2) an incremental algorithm for constructing planning models from hazard analysis, and (3) an exemplary application to the design of a fail-operational controller based on a given control system architecture. Our approach equips the safety engineer with concepts and steps to (2a) elaborate scenarios of endangerment and (2b) design operational strategies for mitigating such scenarios.


Risk analysis Hazard mitigation Safe state Controller design Autonomous vehicle Automotive system Modeling Planning 



We are grateful to Maximilian Junker for a thorough review of this work. Moreover, we thank our project partners from the German automotive industry for inspiring discussions and providing a highly innovative practical context for our research. Furthermore, we thank our peer reviewers for suggestions on the use of risk structures, signal processing, and regulatory certification.


  1. 1.
    Babin, G., Ait-Ameur, Y., Pantel, M.: Correct instantiation of a system reconfiguration pattern: a proof and refinement-based approach. In: 17th International Symposium on High Assurance Systems Engineering (HASE), pp. 31–38, January 2016Google Scholar
  2. 2.
    Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  3. 3.
    Eastwood, R., Alexander, R., Kelly, T.: Safe multi-objective planning with a posteriori preferences. In: 17th International Symposium on High Assurance Systems Engineering (HASE), pp. 78–85, January 2016Google Scholar
  4. 4.
    Ericson, C.A.: Hazard Analysis Techniques for System Safety, 2nd edn. Wiley, Hoboken (2015)Google Scholar
  5. 5.
    Gleirscher, M., Kugele, S.: Reaching safe states in autonomous road vehicles. In: 35th Annual International Conference on Computer Safety, Reliability and Security (SAFECOMP). HAL, September 2016. extended abstract
  6. 6.
    Gleirscher, M., Kugele, S.: Defining risk states in autonomous road vehicles. In: IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), Singapore, January 2017Google Scholar
  7. 7.
    Güdemann, M., Ortmeier, F.: A framework for qualitative and quantitative formal model-based safety analysis. In: IEEE 12th International Symposium on High Assurance Systems Engineering (HASE), pp. 132–141, November 2010Google Scholar
  8. 8.
    Jha, S., Raman, V.: Automated synthesis of safe autonomous vehicle control under perception uncertainty. In: Rayadurgam, S., Tkachuk, O. (eds.) NFM 2016. LNCS, vol. 9690, pp. 117–132. Springer, Cham (2016). doi: 10.1007/978-3-319-40648-0_10 CrossRefGoogle Scholar
  9. 9.
    Leveson, N.G.: Engineering a Safer World: Systems Thinking Applied to Safety. Engineering Systems. MIT Press, Cambridge (2012)Google Scholar
  10. 10.
    Rizaldi, A., Althoff, M.: Formalising traffic rules for accountability of autonomous vehicles. In: IEEE 18th International Conference on Intelligent Transportation Systems, pp. 1658–1665, September 2015Google Scholar
  11. 11.
    Rizaldi, A., Immler, F., Althoff, M.: A formally verified checker of the safe distance traffic rules for autonomous vehicles. In: Rayadurgam, S., Tkachuk, O. (eds.) NFM 2016. LNCS, vol. 9690, pp. 175–190. Springer, Cham (2016). doi: 10.1007/978-3-319-40648-0_14 CrossRefGoogle Scholar
  12. 12.
    SAE International: J3016: Taxonomy and Definitions for Terms Related to On-Road Motor Vehicle Automated Driving Systems. Technical report, January 2014Google Scholar
  13. 13.
    Wardziński, A.: Safety assurance strategies for autonomous vehicles. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 277–290. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-87698-4_24 CrossRefGoogle Scholar
  14. 14.
    Wei, J., Snider, J.M., Kim, J., Dolan, J.M., Rajkumar, R., Litkouhi, B.: Towards a viable autonomous driving research platform. In: Proceedings of the 2013 IEEE Intelligent Vehicles Symposium (IV), pp. 763–770, June 2013Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Technische Universität MünchenMunichGermany

Personalised recommendations