Periodic Reporting for period 1 - FOCETA (FOUNDATIONS FOR CONTINUOUS ENGINEERING OF TRUSTWORTHY AUTONOMY)
Reporting period: 2020-10-01 to 2021-09-30
Addressing the need for deployment of learning-enabled autonomous systems in safety-critical scenarios, FOCETA develops foundations for continuous engineering of trustworthy learning-enabled autonomous systems. The targeted breakthrough lies within the convergence of data-driven and model-based engineering. This convergence is complicated by the need to apply V&V incrementally and avoid complete reverification and revalidation efforts.
FOCETA is built on three pillars: 1) integrate learning-enabled components (LEC) and model-based components via a contract-based methodology, which allows incremental modification of systems including threat models for cyber-security. 2) Adapt verification techniques applied during model-driven design to learning components to enable unbiased decision making. 3) Develop incremental synthesis techniques which enforce safety, security and performance optimization.
The FOCETA approach is applied to two use cases (UC) to demonstrate its viability, scalability and robustness, i.e. urban driving automation and intelligent medical devices.
FOCETA is built on three pillars: 1) integrate learning-enabled components (LEC) and model-based components via a contract-based methodology, which allows incremental modification of systems including threat models for cyber-security. 2) Adapt verification techniques applied during model-driven design to learning components to enable unbiased decision making. 3) Develop incremental synthesis techniques which enforce safety, security and performance optimization.
The FOCETA approach is applied to two use cases (UC) to demonstrate its viability, scalability and robustness, i.e. urban driving automation and intelligent medical devices.
WP1 Industrial requirements (UGA)
Defined the use case-specific requirements and the requirements for methodologies, methods and tools that will be implemented in WPs 2-4. Evaluation criteria detailed for each UC. For each initial objective, a validation target identified matching the TRL goals. A new specification formalism provided based on abstracting away the internal structure of the neural network. This formalism will match the specification requirements for learning enabled autonomous systems. The formalism adequacy was tested against different use case requirements.
WP2 Modelling and simulation for autonomy (AUTh)
Main achievements: process for continued model-based development of autonomous systems with LEC; ontology-based requirements formalization tool; extension of a component-based modelling language, theory and tools to mix model-based and LEC components; co-simulation of BIP formal models with LEC components together with other simulation components. Study on the attack surface and countermeasures for autonomous systems with LECs; two methods for designing secure-by-construction systems w.r.t. properties related to information leakage; automated threat repair method for a threat modelling and analysis framework that can identify potential threats and propose defense and mitigation actions. Open-source tool developed for mining shape expressions from time series. Template-based specification mining approach defined for detecting the state of anesthesia in a patient based on vital parameters.
WP3 Verification and Validation for Autonomy (ULIV)
Set of methods developed for testing convolutional neural networks (CNNs) and CNN-based object detectors for both testing and operational phases. Three testing techniques developed for test phase. First: coverage guided testing framework which uses coverage metrics to determine if test cases are adequate. Second: few sampling methods for the environment specifications. Shape expressions taken as the formalism for the environment specifications. Fault injection for the generation of test cases. For testing in operational phase: equivalence relation between test cases such that the equivalence relation may be refined with newly encountered test cases in operational time. Reliability assessment model developed to quantitatively evaluate the risk of failures for a CNN by using operational data. CNN models improved through testing: a general framework developed to evaluate the effectiveness of adversarial training w.r.t. several perspectives of CNN robustness.
WP4 Runtime Monitoring and Enforcement (TUG)
Theory and tools developed for runtime monitoring and enforcement for complex learning enabled systems that analyse the safety and faithfulness of decision making. New techniques and applications of runtime monitoring considered, i.e. runtime monitoring of Signal Temporal Logic and first-order past Linear Temporal Logic specifications. Approach presented for monitoring classification networks via box-based data abstraction. Runtime monitoring integrated in the FOCETA co-simulation architecture. New theory and application of runtime enforcement studied. Runtime enforcement for cyber-physical and distributed systems considered. Shield synthesis tool for probabilistic environments developed. Architecture for autonomous vehicles proposed, using a Responsibility Sensitive Safety module and integrating monitors to detect errors in the object detection. Method presented to generate driving scenarios which almost cause violation of safety requirements.
WP5 Methods and tools applied to industrial cases demonstrations (Siemens)
Methods and tools from previous work packages implemented in FOCETA use cases based on requirements defined in WP1. UC1: Safe and Secure Intelligent Automated Valet Parking; UC2: Anaesthetic drug Target Control Infusion. In UC1, a simulation toolchain set up with mainly vehicle, sensor and trajectories monitoring functions. Trajectory deviation analysed to fulfil deviation target in any operating condition. Software architecture developed. In UC2, a patient’s model developed and connected to control through PAVE360-digital twin interconnect to prepare the HiL/SiL benchmark platform.
WP6 Dissemination, Replication and Exploitation (L-UP)
Dissemination and communication plan defined and regular monitoring of dissemination and exploitation activities: presentations given at 13 dissemination events, 32 papers submitted to journals and conferences, 13 articles published in OA, project corporate identity defined, project public website released online, project LinkedIn page set up and regularly updated, communication set produced.
WP7 Management (UGA)
Coordinated, monitored and implemented the necessary measures for the achievement of FOCETA objectives on time, within the allocated budget and according to high quality standards; several actions implemented (meetings, amendments, reporting, etc.) to ensure the smooth running of the project.
WP8 Ethics requirements (UGA)
Compliance ensured with ethics requirements set by the EC. Ethical issues monitored with support of the Ethical Advisor.
Defined the use case-specific requirements and the requirements for methodologies, methods and tools that will be implemented in WPs 2-4. Evaluation criteria detailed for each UC. For each initial objective, a validation target identified matching the TRL goals. A new specification formalism provided based on abstracting away the internal structure of the neural network. This formalism will match the specification requirements for learning enabled autonomous systems. The formalism adequacy was tested against different use case requirements.
WP2 Modelling and simulation for autonomy (AUTh)
Main achievements: process for continued model-based development of autonomous systems with LEC; ontology-based requirements formalization tool; extension of a component-based modelling language, theory and tools to mix model-based and LEC components; co-simulation of BIP formal models with LEC components together with other simulation components. Study on the attack surface and countermeasures for autonomous systems with LECs; two methods for designing secure-by-construction systems w.r.t. properties related to information leakage; automated threat repair method for a threat modelling and analysis framework that can identify potential threats and propose defense and mitigation actions. Open-source tool developed for mining shape expressions from time series. Template-based specification mining approach defined for detecting the state of anesthesia in a patient based on vital parameters.
WP3 Verification and Validation for Autonomy (ULIV)
Set of methods developed for testing convolutional neural networks (CNNs) and CNN-based object detectors for both testing and operational phases. Three testing techniques developed for test phase. First: coverage guided testing framework which uses coverage metrics to determine if test cases are adequate. Second: few sampling methods for the environment specifications. Shape expressions taken as the formalism for the environment specifications. Fault injection for the generation of test cases. For testing in operational phase: equivalence relation between test cases such that the equivalence relation may be refined with newly encountered test cases in operational time. Reliability assessment model developed to quantitatively evaluate the risk of failures for a CNN by using operational data. CNN models improved through testing: a general framework developed to evaluate the effectiveness of adversarial training w.r.t. several perspectives of CNN robustness.
WP4 Runtime Monitoring and Enforcement (TUG)
Theory and tools developed for runtime monitoring and enforcement for complex learning enabled systems that analyse the safety and faithfulness of decision making. New techniques and applications of runtime monitoring considered, i.e. runtime monitoring of Signal Temporal Logic and first-order past Linear Temporal Logic specifications. Approach presented for monitoring classification networks via box-based data abstraction. Runtime monitoring integrated in the FOCETA co-simulation architecture. New theory and application of runtime enforcement studied. Runtime enforcement for cyber-physical and distributed systems considered. Shield synthesis tool for probabilistic environments developed. Architecture for autonomous vehicles proposed, using a Responsibility Sensitive Safety module and integrating monitors to detect errors in the object detection. Method presented to generate driving scenarios which almost cause violation of safety requirements.
WP5 Methods and tools applied to industrial cases demonstrations (Siemens)
Methods and tools from previous work packages implemented in FOCETA use cases based on requirements defined in WP1. UC1: Safe and Secure Intelligent Automated Valet Parking; UC2: Anaesthetic drug Target Control Infusion. In UC1, a simulation toolchain set up with mainly vehicle, sensor and trajectories monitoring functions. Trajectory deviation analysed to fulfil deviation target in any operating condition. Software architecture developed. In UC2, a patient’s model developed and connected to control through PAVE360-digital twin interconnect to prepare the HiL/SiL benchmark platform.
WP6 Dissemination, Replication and Exploitation (L-UP)
Dissemination and communication plan defined and regular monitoring of dissemination and exploitation activities: presentations given at 13 dissemination events, 32 papers submitted to journals and conferences, 13 articles published in OA, project corporate identity defined, project public website released online, project LinkedIn page set up and regularly updated, communication set produced.
WP7 Management (UGA)
Coordinated, monitored and implemented the necessary measures for the achievement of FOCETA objectives on time, within the allocated budget and according to high quality standards; several actions implemented (meetings, amendments, reporting, etc.) to ensure the smooth running of the project.
WP8 Ethics requirements (UGA)
Compliance ensured with ethics requirements set by the EC. Ethical issues monitored with support of the Ethical Advisor.
• WP1: A high-level specification will be provided that is testable and checkable at runtime. The formalism will be demonstrated on the FOCETA UCs.
• WP2: Continued model-based design of autonomous systems with LEC components able to preserve system safety. Incremental modelling and analysis of threats and countermeasures for autonomous systems with LEC components. Disciplined approach for building, verifying, and certifying trustworthy LECs and systems.
• WP3: Novel testing and verification techniques for DL-based perceptional and control components of autonomous systems. Novel techniques that utilise ML to support the testing and verification of autonomous systems.
• WP4: Novel monitoring and enforcement techniques to guarantee safety and detect decision faithfulness for DL-based perceptional and control components of autonomous systems. Novel architectures to integrate monitoring and enforcement technologies into autonomous systems.
• WP5: Vehicle-level integration and testing of FOCETA technologies within the automotive environment at software and hardware levels. FOCETA technologies validation by developing a HiL Test-bench platform for an autonomous infusion pump controller for Depth of Anaesthesia.
• WP2: Continued model-based design of autonomous systems with LEC components able to preserve system safety. Incremental modelling and analysis of threats and countermeasures for autonomous systems with LEC components. Disciplined approach for building, verifying, and certifying trustworthy LECs and systems.
• WP3: Novel testing and verification techniques for DL-based perceptional and control components of autonomous systems. Novel techniques that utilise ML to support the testing and verification of autonomous systems.
• WP4: Novel monitoring and enforcement techniques to guarantee safety and detect decision faithfulness for DL-based perceptional and control components of autonomous systems. Novel architectures to integrate monitoring and enforcement technologies into autonomous systems.
• WP5: Vehicle-level integration and testing of FOCETA technologies within the automotive environment at software and hardware levels. FOCETA technologies validation by developing a HiL Test-bench platform for an autonomous infusion pump controller for Depth of Anaesthesia.