Design-time system risk assessment based on hazard analysis information has been a core activity of System risk management. This is popularly reffered to as the pre-determined risk assessment and widely used in the aviation domain. Despite its importance, pre-determined risk assessment only uses design-time system and operating environment information to estimate the risk, which is not sufficient for cyber-physical systems that operate in uncertain environments. To address this problem, we introduce the Runtime Safety Evaluation in Autonomous Systems (ReSonAte) framework for quantitative assessment of a system’s dynamic risk at runtime. ReSonAte uses the hazard information from design-time Bow-Tie Diagrams along with the information about the system’s current state (e.g. from anomaly detectors, assurance monitors, etc.) and the operating environment (e.g., weather, traffic, etc.) to estimate current hazard rates. These hazard rates are then used to determine the likelihood of system-level consequences described in the Bow-Tie Diagram. Recommended Reading

Demonstration

A demonstration of the ReSonAte framework estimating the AVs risk in CARLA simulation. Resonate estimated collision rate as the Autonomous Vehicle navigated through a nominal CARLA scene with weather(cloud = 0.0, precipitation = 0.0, deposits = 0.0). The scene gets adverse with high brightness. The B-VAE assurance monitor detects the increase in brightness and its martingale increases. The Blur detectors and Occlusion detector (on the left) remain low throughout. The likelihood of a collision increases with the adverse brightness, and as expected, the AV goes very close to the other vehicle stopped in front. You can learn more about the platform from our GitHub