Unmanned Systems Technology 002 | Scion SA-400 | Commercial UAV Show report | Vision sensors | Danielson Trident I Security and safety systems | MIRA MACE | Additive manufacturing | Marine UUVs

60 changes or activity that are outside the accepted behaviours. The argument is that the agents can be smaller, more manageable and verifiable code that can be developed with formal methods. This also presents a smaller ‘attack surface’ for malicious attacks, making the system more secure, and can be used to monitor the overall health of the system, for example by making a vehicle return to base before a component fails. However, this latter use increases the complexity of the agent and undermines the advantages of using such an approach. But even the agent approach still needs an overall safety and security case to determine an acceptable course of action or actions if the agent detects problems, making the whole software system definition a complex matter. As a result, determining the optimum partitioning between system software and agent is also an area of intense research. All of this is creating a new focus on cognitive tools and reasoning. An autonomous system has to be seen in the context of an environment of some sort, and probabilistic arguments are not deterministic, so it is not possible to envision and therefore test for every set of circumstances. The problem is that it is expensive to try to get these answers through traditional techniques such as testing. There are a number of different aspects to the development of these new tools. Autonomous systems are increasingly controlled by a rule- based decision process, but the rules can change depending on the environment and the position of sensors and actuators. For some sectors, such as agricultural equipment, the physical security to prevent unattended autonomous vehicles being stolen may be considered to be more important than the risk of hacking. Monitoring and diagnostics This also links to the overall system reliability, as component failures or degradation can have a negative impact on a rule-based decision approach, so developers need to think about the effect of health checks on the decision- making process. As an illustration, only 20% of the control system of an aircraft is actually control – the other 80% is monitoring – so the integrity of the system depends very much on the diagnostics, which can influence the development of the software. Diagnostics are also often an area where the security of a system can be compromised, as this is where data enters and leaves it. Using internal diagnostics to determine when an autonomous system should return to base to replace a module before it fails is one way to reduce that security risk and enhance the safety case. So a lot of the safety and security development for autonomous systems is more around acceptable behaviours and behaviour boundaries rather than deterministic rules. This means that testing and verification is more about testing the boundary of operation of the rules, time and time again. But this also leads to a key new aspect of autonomous systems, in that the system can decide for itself about the best course of action to take. This ‘rational agent’ approach combines ‘beliefs’ about its environment, the goals it wishes to achieve and deliberation strategies for deciding between options. Clearly, formal verification is needed for this. By verifying the rational agent, we verify not what the system does but what it tries to do and why it decided to try that option. For this we need appropriate abstractions of the real control and sensing aspects, and tools that can handle the formal verification reliably. This has led to projects such as PICASSOS (Proving Integrity of Complex Automotive Systems of Systems) at the University of Warwick to develop tools for systems such that they can be verified easily, cheaply, repeatably and quickly. It aims to prove the integrity of complex automotive systems – the systems of systems – and so has been looking closely at driverless vehicles. Led by Ricardo in the UK, the project brings together Axeon Power, D-RisQ, Jaguar Land Rover and Oxford and Coventry universities to apply automated formal methods to break away from the traditional approach of large amounts of processes supported by documentation. The project aims to develop tools for developing the initial specifications and creating a prototype set of tools and processes to be applied in initial trials, and roll out training in the use of the new tools and techniques. Work such as this is vital to the Spring 2015 | Unmanned Systems Technology IKV’s medina tool for developing safety code