In Fall 2016 I established the RiSA²S laboratory, focusing on the investigation of Risk and Safety Assessment for Autonomous Systems. The lab has so far sponsored the work of two graduate students, as well as seven undergraduate students. Current RiSA²S projects include:

1. Impact of Smart Phones' Interaction Modality on Driving Performance for Conventional and Autonomous Vehicles: The project will investigate how different modes of interaction of drivers with a smart phone (i.e., manual texting vs. voice usage) affect driver’s distraction and performance in both conventional and semi-autonomous vehicles. Quality of execution of maneuvers as well as timing and tracking of eye/gaze focus areas will be assessed in this human-in-the-loop simulation study.(Funding acquired $73,800)
2. Regional Planning and Regulatory Priorities for Integrating Drone Technology in Smart Cities: The goal of this project is to investigate priorities and highlight regulatory concerns from local and state policy-makers on the integration of drone technology in smart cities of the future. This project is done in collaboration with Dr. Tyler Spence from the Aviation Program. (Funding acquired $61,300)
3. Drivers Reactions to Autopilot’s Disengagements, and Regulatory Implications for Semi-Autonomous Vehicles: This study analyzes situation awareness and reaction times of human drivers placed in autopilot disengagement scenarios. In semi-autonomous vehicles, a human pilot is allowed to cooperate with the software that acts as “brain” of the vehicle, and serves as back-up whenever the software autopilot disengages after a failure. The project undertakes driver-in-the-loop simulation to examine actual responses of drivers that face an autopilot disengagement. (Funding acquired $73,500)
4. Analysis of Autonomous Vehicles Disengagement and Accident Reports from the California Department of Motor Vehicles: This study tackled the analysis of the public CA DMV archive on AVs disengagements and accidents from 2014 to 2017. This work is now concluded and led to three journal publications and two conference presentations. It was also instrumental in achieving the awarding of additional funding to further RiSA²S research. (Funding acquired $36,000)
5. Integrating Smart Cars in Smart Cities - A Particle Swarm Problem: This study explored an unconventional approach to solve the problem of safely integrating smart vehicles within Smart Cities.  Specifically, it explored the creation of ad-hoc rules for coordinating the motion of multiple AVs that mimic swarm and flock movement (or particle swarm motion). The goal was that of generalizing what systems like adaptive cruise control do currently in the context of multiple vehicles used as reference frame. The work is now completed and led to a conference presentation as well as to a technical MTI report. (Funding acquired $ 5,000)
6. Integrating Best-Practices for Aviation Accident Reporting into DMV Accident Reports for Ground Autonomous Vehicles: This project looks at shortcomings and limitations in the templates/layouts currently in use by the California Department of Motor Vehicles for reporting accidents that involve autonomous vehicles. Drawing from the extensive body of accident databases within the aviation industry, this project will provide a new template for autonomous vehicles accident reports, informed by how the aviation industry has been dealing with autopilot failures since the late 1980s.(Funding acquired $ 5,000)

 

Other Research Topics

Additional themes relates to system safety are of interest to me and my team of students and in the past my work and publications have focused on the following areas:

 

1. Safety Supervisory Control for Risk-Informed Safety Interventions

While different analytical tools are available for risk analysis (many of which are included under the heading of Probabilistic Risk Assessment (PRA) or variations on it), formal frameworks and analytical approaches to system safety and to guide safety interventions (both on-line and off-line) are conspicuously missing from the safety literature. An analytical and multidisciplinary system approach to safety and accident causation and prevention is lacking, and it is largely absent from engineering education. This work is aimed at developing a novel framework for safety supervisory control that can scan the system for off-nominal events and provide a direct feedback to the operator for guiding, ranking, and prioritizing safety interventions. The framework is built on two main ingredients of model-based hazard monitoring, where the notion of hazard level is central (a concept close to that of a danger index in robotics), and of temporal logic for the expression of safety constraints on the system behaviour. The proposed approach leverages a novel dimension of "temporal contingency" that shifts the traditional perspective of PRA and its reliance on conditional probability to a time-based perspective. The important question "how likely is it?" addressed by PRA is thus translated into the equally important one "how much time do we have to intervene?".

 

2. System Safety Principles

System safety and risk analysis, while complementary to each other, differ in one important way. Risk analysis, at its core, is the imagination of failure and anticipatory rationality examining the possibility of adverse events and failure mechanisms. The tools of risk analysis support this imaginative effort; they help identify and prioritize risks, inform risk management, and support risk communication. They do not provide however design or operational guidelines and principles for eliminating or mitigating the identified risks. The tools subsumed under risk analysis can help assess the effectiveness of measures taken to address various risks, but they offer no support in identifying or conceiving what these measures ought to be. Such considerations fall instead within the purview of system safety. Detailed safety measures abound for dealing with particular hazards, such as electrocution and fire, for example. But the proliferation of safety measures in domain-specific areas is not convenient for devising safety measures to handle new or emerging hazards, it cannot be abstracted to a higher-level for a domain-independent application, and it is not well suited for general safety education and training of engineers and decision-makers. What is more useful for such audiences are general safety principles and strategies, from which specific safety measures can be derived or related to. To this aim a set of five system safety principles can be synthesized. They are: the fail-safe principle; the safety margins principle; the ungraduated response principle; the defense-in-depth principle; the observability-in-depth principle. This set of domain-independent guidelines for the design and operation of safety features is analytically defined in relation to some of the concepts previously presented. The analytical definition can be then translated into safety properties through the use of Temporal Logic. The use of temporal logic provides a formally verifiable language and opens the door to the automatic checking in real-time of the safety properties.

 

3. Accident Causation and the Chain of Causality

New modeling and interpretative capabilities for accident causation and prevention are needed to overcome some of the limitations in the current way of thinking about, analyzing, and handling system accidents. As new technologies and systems are developed, new failure modes emerge and new patterns by which accidents unfold. A safety gap is growing between the software-intensive technological capabilities of present systems and our understanding of the various ways they can fail, thus hindering the ability to properly comprehend and prevent (some new types of) accidents. These new models would go beyond the current probability-based toolset of risk analysis, and complement the event-based perspective of traditional approaches. To this aim I am investigating new tools that are capable of integrating within the same analysis hardware, software, and operator's control actions and responses. Many researchers have recognized the "still too much hardware oriented" perspective of traditional tools, and new approaches can be borrowed from disciplines that have not traditionally been employed in risk assessment, like control theory and software engineering. If a revolution of our way of framing these issues is needed, such revolution needs also to account for the lexicon and the terminology we use. I explored the notions of Agonist, Antagonist, and Inverse Agonist actions, borrowed from linguistics and biochemistry, and exploited them to bear on risk analysis issues and re-interpret the notions of accident sequence and hazard escalation. Primitives of causality, which result from different interactions between Agonists, Antagonists, and Inverse Agonists, can also be identified. These primitives of causality can then be carefully examined, and it is suggested they provide a more nuanced understanding of how an accident sequence progresses and how it can be terminated (i.e., accident causation and prevention).