Abstract

Recently, conditional safety certificates (ConSerts) have been proposed as a novel means for the safety assurance of collaborations between open adaptive systems. Since the innovation potential of such collaborations has been recognized in many different application domains, it deemed desirable to demonstrate the general applicability of the ConSert approach across multiple domains. As yet, feasibility studies have only been conducted in the agricultural and ambient-assisted living domains showing that ConSerts can in principle assure a sufficient level of safety for collaborations in these domains. Therefore, this thesis addresses the application and evaluation of the ConSert approach in another case study in the automotive domain considering a platooning collaboration between two trucks, where an autonomously operated truck should automatically follow a human-driven truck leading the platoon. To enable ConSerts to constrain the effects of safety-critical system behavior deviations on the collaboration, a description of the collaboration’s intended behavior is required as a necessary prerequisite for the definition of concrete behavior deviations. Thus, a detailed approach for the systematic construction of related engineering models has been developed that resulted in a service-oriented description of the intended platooning behavior being suitable for the subsequent methodological derivation of ConSert models. In order to provide guarantees assuring that platooning is safe even during the presence of certain failure-caused behavior deviations, a simulative approach has been utilized based on a realistic platooning simulation model. The evaluation of the case study executed in this thesis has yielded two primary results: On the one hand, evidence has been provided that the ConSert approach can be successfully applied for platooning collaborations in the automotive domain. On the other hand, the proposed method for the specification of safe intended behaviors for collaborations has been defined to cover a wider scope leaving enough way to easily adapt it for similar application scenarios.