The missing link: Developing a safety case for perception components in automated driving

TL;DR

This paper introduces ISCaP, a formal safety case template that links perception component safety requirements with overall system safety in automated driving, enhancing safety assurance for ML-based perception modules.

Contribution

It presents a novel, formal template for linking system-level safety requirements with perception component performance, addressing a critical gap in AD safety cases.

Findings

ISCaP provides strong traceability between safety levels.

The template supports incremental development of perception components.

Case study demonstrates practical applicability.

Abstract

Safety assurance is a central concern for the development and societal acceptance of automated driving (AD) systems. Perception is a key aspect of AD that relies heavily on Machine Learning (ML). Despite the known challenges with the safety assurance of ML-based components, proposals have recently emerged for unit-level safety cases addressing these components. Unfortunately, AD safety cases express safety requirements at the system level and these efforts are missing the critical linking argument needed to integrate safety requirements at the system level with component performance requirements at the unit level. In this paper, we propose the Integration Safety Case for Perception (ISCaP), a generic template for such a linking safety argument specifically tailored for perception components. The template takes a deductive and formal approach to define strong traceability between levels. We demonstrate the applicability of ISCaP with a detailed case study and discuss its use as a tool to support incremental development of perception components.