The future of space exploration lies in cooperative autonomous systems. Ensuring their high-integrity remains a challenge. The Robust Software Engineering group at NASA Ames Research Center has been developing the Troupe project to explore the challenges with developing and assuring high-integrity of cooperative autonomous robotic systems. In particular, Troupe aims to develop a swarm of autonomous rovers capable of mapping unknown terrain, and assure their high-integrity using the advanced V&V tools developed in the group. In this paper, we present the evolution of the design of Troupe. We focus on the lessons learned in developing and assuring the rover swarm using core Flight System (cFS). In particular, we discuss the benefits and challenges in applying model-based development to develop the rover swarm.

Recent development in wireless technology enabling communication between vehicles led to introduction of the concept of Cooperative Adaptive Cruise Control (CACC), which uses wireless vehicle-to-vehicle communication and aims at string stable behavior in a platoon of vehicles. Degradation cascades have been proposed as a way to maintain a certain level of the system functionality in presence of failures. Such degradation behaviour is usually controlled by a runtime/state manager that performs fault detection and transitions the system into states where it will remain acceptably safe. In this paper, we propose a dynamic controller manager that focuses on both safety and performance of the system. In particular, it monitors the channel quality within the platoon and reacts by degrading platoon performance in presence of communication failures, or upgrading the performance when the communication quality is high enough. The reaction can include, e.g., adjusting the inter-vehicle distance or switching to another suitable platoon controller to prevent collisions. We focus on the functional and operational safety and evaluate the performance of the dynamic controller manager under different scenarios and settings in simulation experiments to demonstrate that it can avoid rear-end collisions in a platoon, continue platooning operation even in dense traffic scenarios where the state-of-the-art controllers fail to do so.

Over the past decade technological development has lead to systems being connected to public networks in many critical domains. In such systems bringing safety and security work has become even more important, as a connected safety-critical system is not safe if it is not secure. Given this, the main goal of this study is to investigate the current status of safety and security co-analysis in system engineering by conducting a Systematic Literature Review. In this work we have focused on the early system development stages and identified 33 relevant publications categorised as: combined safety and security approaches that consider the mutual influence of safety and security; safety informed security approaches that consider influence of safety on security; and, security informed safety approaches that consider influence of security on safety. The results showed that a number of identified approaches are driven by needs in fast developing application areas, e.g., automotive, while works focusing on combined analysis are mostly application area independent. Overall, the study shows that safety and security co-analysis is still a developing domain, which requires solutions that rely on two separate disciplines, namely safety and security engineering.

Latest technological trends lead toward systems connected to public networks even in critical domains. Bringing together safety and security work is becoming imperative, as a connected safety-critical system is not safe if it is not secure. The main objective of this study is to investigate the current status of safety and security co-analysis in system engineering by conducting a systematic literature review. The steps of the review are the following: the research questions identification; agreement upon a search string; applying the search string to chosen databases; a selection criterion formulation for the relevant publications filtering; selected papers categorization and analysis. We focused on the early system development stages and identified 33 relevant publications categorized as follows: combined safety and security approaches that consider the mutual influence of safety and security; safety-informed security approaches that consider influence of safety on security; and security-informed safety approaches that consider influence of security on safety. The results showed that a number of identified approaches are driven by needs in fast developing application areas, e.g., automotive, while works focusing on combined analysis are mostly application area independent. Overall, the study shows that safety and security co-analysis is still a developing domain.

Safety-critical systems are those systems whose malfunctioning can result in harm or loss of human life, or damage to property or the environment. Such systems usually need to comply with a domain- ...