A Hierarchy of Monitoring Properties for Autonomous Systems

Summary

Monitoring capabilities play a central role in mitigating safety risks of current, but especially future autonomous aircraft systems. These future systems are likely to include complex components such as neural networks for environment perception, which pose a challenge for current verification approaches; they are considered as black-box components. To assure that these black-boxes comply to their specification, they are typically monitored to detect violations during execution in respect to their input and output behavior. Such behavioral properties often include more complex aspects such as temporal or spatial notions. Besides monitoring their behavior, the outputs can also be compared to data from other assured sensors or components of the aircraft, making monitoring an even more integral part of the system, which ideally has access to all available resources to assess the overall health of the operation. Current approaches using handwritten code for monitoring functions run the risk of not being able to keep up with these challenges. Therefore, in this paper, we present a hierarchy of monitoring properties that provides a perspective for overall health. We also present a categorization of monitoring properties and show how different monitoring specification languages can be used for formalization. These monitoring languages represent a higher abstraction of general-purpose code and are therefore more compact and easier for a user to write and read. They improve the maintainability of monitoring properties that is required to handle the increased complexity of future autonomous aircraft systems.