Research Outlook

Masters (2nd level) classification icon

[raivo.sell] Verification and Validation Capability 1) Components: Validation of AI components continue to be a stumbling block to overall safety. Continued research is required on methods to mathematically measure completeness, efficiently generate tests, and bound AI behavior. Research directions in areas such as explainable AI, digital twin monitors, and more formal methods may well move the state-of-the-art forward. 2) Scalability: Today, cyber-physical systems do not have a clear hierarchy of abstraction which allows for scaling. Research is required to develop methods where component validation results can lead to higher abstraction validation leading to scale. Learning from the broad methodologies of design artifacts, which enable scaling from semiconductor electronics space, may be good guides for this research direction. 3) Progressive structure: To project trust from consumers and regulators, the industry must develop a clear process which shows a progressive structure of safety progress. A key part of this process are clear arguments for lack of regression of functionality in OTA updates and inclusion of feedback from field failures. Verification and Validation Test Apparatuses 1. Virtual: As methodologies develop for V&V, virtual testing tools will be required to support them. This means that the work done in standards organizations such as ASAM must continue as a key enabling feature to develop these methodologies. 2. Physical: Test tracks must continue to adapt to support their key functions in the overall flow. Specifically, they must provide resources for characterization of virtual models for simulation and be able to quickly recreate complex scenarios from simulation or field failure. Thus, a movie set operational model will be critical for success. 3. EMI: Due to the heavy use of active sensing technologies, EMI is a critical new issue for cyber-physical systems. Today, EMI testing is limited to static testing devices such as anechoic chambers. However, with cyber-physical systems, the combination of mechanical movement and complex reflective materials requires a movement in the state-of-art of EMI testing. Further, today, programmatic methods such as LabView enable efficient test programming for electronics, yet nothing similar exists for cyber-physical EMI testing [48]. Cybersecurity 1. Systematic risk: Networked cyber-physical systems are introducing the notion of systematic risk to bad actors. Governmental oversight is required to ensure that all levels of this chain from physical security to the software architecture are fully dependable. 2. Sensors: Various electronics modalities (e.g., LiDAR, radar, GPS) are critical to autonomous operation while also being vulnerable to spoofing. Research is required to detect and mitigate these spoofing effects. 3. Cyber-security: The surface for cyber-security attacks is constructed through the design and validation process of the product. The V&V process should include a minimization available for adversarial attacks through communication interfaces. This effectively adds a new constraint to the V&V process. Supply Chain: 1. Economics: The economics of semiconductors will limit the development of chips for limited volume markets. Thus, developing methodologies which provide security, reliability and performance from Commercial Off-The-Shelf (COTS) products is critical for success. 2. Design: Field maintainability, skew minimization, and total lifetime cost have been active topics in many industries, but not typically for the electronics components. With the increasing absorption of electronics components, a clear Design for Supply Chain function is required to understand the down-stream costs of electronic design choices in Electronic Design Systems. 3. Supply Chain: In the construction of supply chain relationship, there is often a functional decomposition to suppliers. However, for integrated products, a peek through and joint development of the underlying hardware/software system is highly recommended. Of course, this is exactly the direction taken by the concept of a software defined vehicle. 4. Hardware Fabrics: Building on a minimal number of high -volume semiconductor chips is critical to the long- term viability of the LLC supply chain. To enable this process, a broader concept of hardware programmable fabrics which include software, digital hardware, and analog/sensor function must be developed. Development of this newer version of the computer architecture is key to absorbing the supply chain shocks from the consumer marketplace. Finally, at a systems level there are two strong recommendations: 1. Integrated Functional Approach: V&V, Cybersecurity, and supply chain form the crux of the product assurance function. Thinking of these in an integrated, not siloed, fashion, especially in the process of initial product design, is highly recommended. 2. Learnings from adjacent fields: Automotive is the largest cyber-physical marketplace. The critical learnings from automotive for other ground vehicles as well as adjacent fields such as airborne, space, and marine systems is highly recommended.