Robust Contingency Planning and System Design for Safe and Secure Autonomous Road Vehicles

Abstract

Before autonomous vehicles are able to be widely deployed, a number of security and algorithmic challenges must be addressed. Current autonomous vehicles that provide motion safety guarantees exhibit excessively conservative driving behavior when operating in road environments containing highly dynamic obstacles. In this thesis we present a contingency-based motion planning framework for autonomous road vehicles. Probabilistic state predictions are generated for each discrete action of nearby obstacle vehicles, and multiple contingency trajectories are planned such that safe execution is possible under each possible discrete action. An online estimation algorithm is used to infer the discrete obstacle action from sensor observations and inform execution-time contingency selection. We present a fast upper bound on a metric of distinguishability that approximates the predicted probability of correctly identifying the discrete action of an obstacle from a set of possible hypotheses. The metric is used to optimize expected execution cost and safety of a set of contingency trajectories. Simulated experiments show that the proposed planning framework produces trajectories with a lower cost and stronger safety guarantees than that of prior work, and this performance improvement persists across a range of vehicle and obstacle initial conditions. Additionally, a prototype system architecture for a verifiably secure autonomous vehicle is presented. The system architecture is designed to enforce separation of trusted and untrusted information flows. A map verification algorithm is used to verify external data coming from an untrusted source. Motion planning and map verification software components are developed with existing tools that enforce information flow control at the language level. The architecture is implemented on a mobile robotic testbed and experiments are performed to simulate a remote attack scenario. Experimental results show that the architecture is resistant to malicious external data, and can operate safely even when external communications are compromised. Analogies are drawn between the prototype architecture and hardware and software components on real-world autonomous vehicles.