@inproceedings{1109,
  author = {Charles Hartsell and Shreyas Ramakrishna and Abhishek Dubey and Daniel Stojcsics and Nagabhushan Mahadevan and Gabor Karsai},
  title = {ReSonAte: A Runtime Risk Assessment Framework for Autonomous Systems},
  abstract = {<p><span dir="ltr">Autonomous Cyber Physical Systems (CPSs) are</span><br><span dir="ltr">often required to handle uncertainties and self-manage the system</span><br><span dir="ltr">operation in response to problems and increasing risk in the</span><br><span dir="ltr">operating paradigm. This risk may arise due to distribution</span><br><span dir="ltr">shifts, environmental context, or failure of software or hardware</span><br><span dir="ltr">components. Traditional techniques for risk assessment focus on</span><br><span dir="ltr">design-time techniques such as hazard analysis, risk reduction,</span><br><span dir="ltr">and assurance cases among others. However, these static, design-</span><br><span dir="ltr">time techniques do not consider the dynamic contexts and failures</span><br><span dir="ltr">the systems face at runtime. We hypothesize that this requires</span><br><span dir="ltr">a dynamic assurance approach that computes the likelihood</span><br><span dir="ltr">of unsafe conditions or system failures considering the safety</span><br><span dir="ltr">requirements, assumptions made at design time, past failures in a</span><br><span dir="ltr">given operating context, and the likelihood of system component</span><br><span dir="ltr">failures. We introduce the ReSonAte dynamic risk estimation</span><br><span dir="ltr">framework for autonomous systems. ReSonAte reasons over Bow-</span><br><span dir="ltr">Tie Diagrams (BTDs) which capture information about hazard</span><br><span dir="ltr">propagation paths and control strategies. Our innovation is the</span><br><span dir="ltr">extension of the BTD formalism with attributes for modeling</span><br><span dir="ltr">the conditional relationships with the state of the system and</span><br><span dir="ltr">environment. We also describe a technique for estimating these</span><br><span dir="ltr">conditional relationships and equations for estimating risk based</span><br><span dir="ltr">on the state of the system and environment. To help with this</span><br><span dir="ltr">process, we provide a scenario modeling procedure that can</span><br><span dir="ltr">use the prior distributions of the scenes and threat conditions</span><br><span dir="ltr">to generate the data required for estimating the conditional</span><br><span dir="ltr">relationships. To improve scalability and reduce the amount of</span><br><span dir="ltr">data required, this process considers each control strategy in</span><br><span dir="ltr">isolation and composes several single-variate distributions into</span><br><span dir="ltr">one complete multi-variate distribution for the control strategy</span><br><span dir="ltr">in question. Lastly, we describe the effectiveness of our approach</span><br><span dir="ltr">using two separate autonomous system simulations: CARLA and</span><br><span dir="ltr">an unmanned underwater vehicle.</span></p>},
  year = {2021},
  journal = {16th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS},
  pages = {118-129},
  month = {05},
  publisher = {IEEE},
  address = {Madrid, Spain},
  isbn = {978-1-6654-0289-7},
  url = {https://ieeexplore.ieee.org/document/9462019},
  doi = {10.1109/SEAMS51251.2021.00025},
}