Page 41 - EE Times Europe Magazine - June 2025
P. 41
EE|Times EUROPE 41
OPINION | AUTONOMOUS DRIVING | SAFETY AND SECURITY
a video or reading a book, for instance. With
no human hands on the steering wheel and
no eyes on the road, full responsibility for the
dynamic driving task falls to the AD system.
When a fault occurs, the AD system must
continue operating long enough to bring the
vehicle to a controlled stop in a safe location.
For high-speed use cases, this reaction may
require several dozen seconds.
Building a fail-operational system capable
of such performance is no easy task. Modern
automotive hardware and software are highly
complex, so faults and functional
insufficiencies can never be completely elim-
inated. Ensuring the integrity and availability
of an AD system therefore requires robust
architectural strategies that integrate hard-
ware and software elements into a coherent,
fault-tolerant system.
Safe Automated Driving FINDING COMMON GROUND
THROUGH ABSTRACTION
Starts with Architecture Car manufacturers and their suppliers invest
significant resources developing proprietary
hardware and software architectures for AD
systems. These are highly specific to each
By Georg Niedrist, Moritz Antlanger, and Sascha Drenkelforth, vendor, depending on the intended use case
TTTech Auto and on legacy or supplier constraints. To a
great extent, they are also confidential, which
hinders cross-industry comparison and the
identification of best practices or the state of
the art.
Industry standards, on the other hand, are
often generic and abstract, specifying require-
ments or outlining high-level functional
architectures without venturing into the
solution space.
Occupying the middle ground between
Architecture is not just an implementation detail; it is proprietary approaches and standards are
a central enabler of safe automated driving. logical or “conceptual” architectures. These
focus on how a system ensures both cor-
Automated driving is moving from theory to reality. The first production vehicles rectness and availability of its functionality,
equipped with AD systems are reaching customers, ushering in a new era of mobility. These providing concrete guidance on fault contain-
early deployments—starting with specific use cases such as traffic jams—are only the beginning. ment and redundancy management without
As capabilities grow and operational design domains expand, the safety of AD systems must be revealing sensitive intellectual property. As
addressed on an architectural level. a result, they provide an ideal foundation for
At the heart of this transition lies a question: How can we design systems that are not only collaboration.
functionally capable but also inherently safe and secure, even in the presence of faults? The The Autonomous, an initiative promoting
answer requires a deep understanding of architectural principles and tradeoffs, and of the inter- safe automated driving, serves as a collab-
play among safety, redundancy, and real-world constraints. orative platform for industry and academia.
Since 2021, its Safety & Architecture
THE CASE FOR ARCHITECTURE IN AUTOMATED DRIVING Working Group has been consolidating the
With the initial deployment of AD systems in production vehicles, the rapid evolution of tech- state of the art in conceptual system archi-
nology, and the desired increases in functional capabilities, it is worthwhile analyzing various tectures for AD.
possible architectural patterns and assessing their suitability for different AD use cases. Safety
must remain the primary focus, but the interplay between safety and security also deserves close ASYMMETRY IS KEY
attention. In 2023, the Working Group released its first
report, “Safe Automated Driving:
THE CHALLENGE Requirements and Architectures,” focusing on IMAGE: SHUTTERSTOCK
The key difference between the already widely available SAE Level 2 advanced driver- the “intelligence” portion of the AD system,
assistance systems (ADAS) and SAE Level 3 or higher AD systems lies in the driver’s role. excluding sensors and actuators. It identified
Higher-level AD systems allow the driver to disengage from the driving task entirely—watching and evaluated five conceptual system
www.eetimes.eu | JUNE 2025
