Navigation
Minimap of introduction diagram
Minimap of stage diagram
View Diagram

AMLAS outline

Example 5 - Defining acceptable risk level
Example 6 - Translating safety requirements
Example 7 - Performance and robustness
Note 5 - Semantic gap
Note 6 - Under‐specificity
Note 7 - Safety criticality
Note 8 - Performance and robustness
Note 9 - Measurable features
Note 10 - Overall performance
Note 11 - Dimensions of variation
Note 12 - Tolerable risk

ML safety requirements argument pattern [I]

Data requirements [L]
Data requirements justification report [M]

Example 14 - Vehicle gathering video data
Example 15 - Handling missing data
Example 16 - Retinal scans
Example 17 - Augmenting the dataset
Example 18 - ML classifier for cancer
Note 16 - Justifying collected data
Note 17 - Rationale for existing data sources
Note 18 - Using simulators
Note 19 - Preprocessing of data
Note 20 - Labelling data
Note 21 - Combinations of variation
Data generation log [Q]

Example 19 - JAAD open dataset
Example 20 - Using US data in the UK
Example 21 - Data collection using controlled trials
Example 22 - Completeness of datasets
Example 23 - Occlusion
Note 22 - Financial and practical concerns
Note 23 - Simulation for data augmentation
Note 24 - Context-specific features
Note 25 - Dimensions of variability
Note 26 - Quantisation
Note 27 - Balance of datasets
Note 28 - Imbalanced dataset

ML data argument pattern [R]

Example 24 - Medical prognosis problems
Example 25 - Deep Neural Networks
Example 26 - Data samples from a photo simulator
Note 29 - Overfitting to training data
Note 30 - Trade-offs
Model development log [U]

Example 30 - Image analysis
Example 31 - Perception pipeline
Internal test results [X]

Model learning argument pattern [W]

Example 33 - Vehicle stopping distance
Example 34 - Contextual mutators
Example 35 - DeepMind retinal diagnosis system
Example 36 - Contextually meaningful values
Example 37 - Airborne collision avoidance system
Note 31 - Development and verification independence
Note 32 - Independence from verification data
Note 33 - Test completeness
Note 34 - Human evaluation
Note 35 - Point-wise robustness
ML verification evidence [Z]
Verification log [AA]

ML verification argument pattern [BB]

Example 42 - ML component for object classification
Example 43 - Pedestrian detection
Example 44 - Pedestrian detection - occlusion
Example 45 - Computational power
Example 46 - Pedestrian detection performance requirement
Note 37 - Violations of assumptions
Note 38 - Monitoring the system
Note 39 - Latency
Erroneous behaviour log [DD]

Operational scenarios [EE]

ML deployment argument pattern [GG]

System safety requirements

The safety requirements are generated from the system safety assessment process. Such a process covers hazard identification and risk analysis. Importantly, it shall determine the contribution (i.e. in the form of concrete failure conditions) that the output of the machine learning component makes to potential system hazards. A simplified linear chain of events that links a machine learning failure with a hazard is illustrated in Figure 3 below.

Simplified chain of failure events (Adapted from [57])

Figure 3: Simplified Chain of Failure Events (Adapted from [57])

Note 3 - Risk acceptance criteria

It is important for the System Safety Requirements to explicitly capture risk acceptance criteria. Such criteria can generally be derived from the following sources:

  • An existing system against which the proposed system can be compared. This may include a threshold of acceptance above (or below) current performance.
  • Existing standards for the acceptance of safety-critical systems.
  • The views of stakeholders, including domain experts and users, who have a deep understanding of the context into which the system is to be deployed. These opinions may be founded on:
    • A scientific understanding of the processes at play e.g. vehicle dynamics.
    • An understanding of the legal and ethical frameworks which govern the context.
    • Personal experience.
    • A study of similar systems and the lessons learnt from failures within these systems and operational contexts.
Continue to: Artefact B. Description of the system environment
  • Assuring Autonomy logo
  • Lloyd's Register Foundation Logo
  • University of York logo

Our site depends on cookies to provide our service to you. If you continue to use this site we will assume that you are happy with that. View our privacy policy.