Department: System Evolution and Operation

Credit:

Adi Goldsrein, Unsplash

The department "System Evolution and Operation" (EVO) considers all phases (Deploy, Operate, Observe, Continuous Feedback) during the operation of highly and fully automated transportation systems. The focus of this department is on researching methods and tools that monitor and ensure compliance with integrity, responsibility and trust measures at system runtime. This lays the foundations for safeguarding the runtime of dynamically changing or evolving systems (evolution).

The main contributions of the department are research into methods and tools

  • to provide dynamically adaptable and configurable hardware/software platforms that are predictable and monitorable in terms of functional and extra-functional system properties (e.g. security, timing, performance, resource consumption) and can be modularly updated and expanded with the help of virtualization solutions.
  • for incremental approval from the component level (software component) via the subsystem (control unit with several software components) to the system (E/E architecture of the entire vehicle) during operation using self-explanatory and self-certifying components. Runtime validation and incremental approval of variable AI components are a particular challenge here.
  • for continuous runtime monitoring of the driving function and the operational design domain (ODD) of highly automated vehicles that will be able to adapt dynamically to changing environmental and operating conditions in the future.

Group: Deployment and Updates

In the "Deployment and Updates" group, the research questions primarily revolve around the modularization of hardware/software platforms to enable incrementally approvable updates. This technical basis is required in order to securely integrate new software and hardware versions into an existing system without affecting the behavior of the rest of the system and thus having to undergo a complete approval process again. Based on this fundamental update capability, procedures for the seamless transition between different software versions are being researched.

Another focus of the DU group is the optimization and evaluation of AI-based functions with regard to their implementation in resource-constrained embedded edge computing components, such as those used in vehicles or traffic infrastructure. Improvements to AI functions achieved through training in combination with the researched techniques for modular updates and the dynamic load distribution between vehicle and cloud computers required for this pose particular challenges for safeguarding the dynamic further development of vehicle functionality.

Group: Monitoring and Diagnosis

The "Monitoring and Diagnosis" group addresses the monitoring of embedded hardware/software systems (usually networked control units in vehicles and transport infrastructure) during operating hours.

This includes solutions for (formal) specification, instrumentation, and the observation and monitoring of functional and extra-functional system integrity (e.g. with regard to real-time behavior, resource usage and power dissipation). In addition to monitoring at runtime, the group also deals with the evaluation, local handling (reaction) and forwarding (feedback) of events that may occur during operation. Solutions are developed for problem detection and handling as well as for feedback to the system developers. The system is monitored across different levels of abstraction, while detected errors and deviations should initially be handled as locally as possible using compensation strategies or self-repair mechanisms. If local treatment is not possible, appropriate strategies are used at the next higher system level.

Group: Configuration and Evolution

The main focus of the "Configuration and Evolution" group is on safeguarding the operating environment of a highly or fully automated transport system. It is assumed that approval or authorization is granted under certain conditions. The Operational Design Domain (ODD) defines the area in which automated driving functions may be used and includes a specification of the scenery, environmental conditions and dynamic elements. The CE group is researching the automated and verifiably correct generation of ODD monitors, which continuously check whether the automation is within the permitted ODD and whether the function is working correctly within the permitted ODD as part of a runtime verification.

This monitoring of operational safety is followed by the dynamic safeguarding of exit strategies in order to keep the system in a safe operating state (including degradation of the automation).

Building on this, the group researches methods and tools for the runtime protection of highly automated systems that are able to adapt dynamically to changing environmental and operating conditions.

Contact

Dr. Kim Grüttner

Head of Department
German Aerospace Center
Institute of Systems Engineering for Future Mobility
Escherweg 2, 26121 Oldenburg
Germany