ReSonAte: A Runtime Risk Assessment Framework for Autonomous Systems

TL;DR

ReSonAte is a dynamic risk assessment framework for autonomous systems that reasons over extended Bow-Tie Diagrams to estimate the likelihood of unsafe conditions considering system and environmental states.

Contribution

It extends Bow-Tie Diagrams with attributes for modeling conditional relationships and introduces a scalable technique for estimating risk in autonomous systems at runtime.

Findings

Enables real-time risk estimation considering system and environment states

Uses prior distributions and scenario modeling for risk analysis

Improves scalability by isolating control strategies and combining distributions

Abstract

Autonomous CPSs are often required to handle uncertainties and self-manage the system operation in response to problems and increasing risk in the operating paradigm. This risk may arise due to distribution shifts, environmental context, or failure of software or hardware components. Traditional techniques for risk assessment focus on design-time techniques such as hazard analysis, risk reduction, and assurance cases among others. However, these static, design-time techniques do not consider the dynamic contexts and failures the systems face at runtime. We hypothesize that this requires a dynamic assurance approach that computes the likelihood of unsafe conditions or system failures considering the safety requirements, assumptions made at design time, past failures in a given operating context, and the likelihood of system component failures. We introduce the ReSonAte dynamic risk estimation framework for autonomous systems. ReSonAte reasons over Bow-Tie Diagrams (BTDs) which capture information about hazard propagation paths and control strategies. Our innovation is the extension of the BTD formalism with attributes for modeling the conditional relationships with the state of the system and environment. We also describe a technique for estimating these conditional relationships and equations for estimating risk based on the state of the system and environment. To help with this process, we provide a scenario modeling procedure that can use the prior distributions of the scenes and threat conditions to generate the data required for estimating the conditional relationships. To improve scalability and reduce the amount of data required, this process considers each control strategy in isolation and composes several single-variate distributions into one complete multi-variate distribution for the control strategy in question.