Fabian Langer  - 

AIMobilityAudit – AI Evaluation in Automotive: The AIMobilityAudit project, led by the German Federal Office for Information Security (BSI) in partnership with ZF and TÜV Informationstechnik GmbH (TÜVIT), targets the development of processes for the security-focused evaluation of AI systems in vehicles, particularly for automated driving functions respectively assistant systems. Building on the initial AIMobilityAuditPrep project, which defined 50 evaluation requirements and created a basic framework for testing, AIMobilityAudit aims to fathom practical security assessments, e.g., on dedicated test tracks, and adjustments to the requirements thereupon. The project addresses the unique challenges of AI in vehicles, including the risk of deliberate adversarial attacks for the security and safety of (part-)autonomous vehicles. Through collaboration with industry, academia, and government, AIMobilityAudit shall establish a comprehensive foundation for AI security audits in autonomous vehicles, ensuring that AI systems are both resilient and trustworthy. The project’s outcomes will be groundwork for a technical guideline for the derivation of AI-specific evaluation requirements and their subsequent analysis, both in the digital domain as in real-world testing, supporting safer integration of AI into mobility. The presentation will give the AIMobilityAudit’s key challenges and the most valuable insights of the project.

Lukas Birkemeyer  - Scenario Generation for Testing Automated Driving Systems: 

 Established testing strategies in the automotive domain are not sufficient for testing Automated Driving Systems (ADS) due to the extremely large number of possible scenarios the ADS might face. Instead, the SOTIF-standard (ISO 21448) establishes scenario-based testing as state-of-the-art, explicitly using scenarios as test cases in the testing process to evaluate the system under test's behavior while interacting with its environment. Instead of focusing on requirements, scenario-based considers the system under test a black box enabling testing of AI components. However, the SOTIF standard does not specify how to generate scenarios, which hinders its practical application. In this talk, we elaborate on the state-of-the-art regarding scenario generation and discuss whether generated scenarios are SOTIF-compliant. Subsequently, we propose a combinatorial scenario generation approach to address the unsolved challenges of modeling an overall scenario space and covering it with a selection of scenarios. We analyze, compare, and discuss sampling strategies for generating SOTIF-compliant scenario suites. We apply mutation testing to assess the scenario suite's ability to detect potential failures in a rule-based system. Finally, we elaborate on the potential and challenges of transferring our findings to testing black-box systems.

Kathrin Grosse  - 

AI Security Testing for Autonomous Vehicles (AVs):

 AI security has received a lot of attention in the recent years, but securing complex systems like autonomous vehicles remains a critical challenge. We will approach this topic first from the perspective of AI security and corresponding reported incidents. However, real-world incidents are hard to collect. We thus take a second route and revisit the literature of demonstrated attacks on AVs. One aspect that is picked for discussion in the context of AV security testing is how realistic attacks are. Even under this condition, there is a large variety of attacks to be considered-pointing us towards the need for good test and system designs.

Padma Iyenghar/Emil Gracic/Gregor Pawelke  - 

How to achieve ASIL A and ASIL B conformance of machine learning products?:

This work introduces a novel design and testing concept for ML products with the goal of achieving the lower levels of safety in automotive - ASIL A and ASIL B. It provides a systematic procedure to close the gaps between ISO 26262 and ISO PAS 8800, which manifest in absence of a clear guidance for design and testing of ML products (ISO 26262) as well as in absence of the guidance for ASIL A or ASIL B conformity of them (ISO PAS 8800).

The procedure is based on four main pillars: 1. Defining proper lifecycle phases for ML development, 2. Introducing the most relevant desired (safety) properties and suitable test methods for each of the phases, 3. Evaluated rigor regarding the capability of each method for systematic testing of the desired properties, and finally a derivation of ASIL A or ASIL B related recommendations for each method