For connected automated vehicles (CAVs), safety and security are two interrelated critical issues since many in-vehicle components are both safety critical and security critical. To achieve both safety and security in the presence of functional failures or cyberattacks, this article proposes a dynamic heterogeneous redundancy (DHR) scheme for CAVs. The basic idea is that each safety- and security-critical in-vehicle component should employ a DHR architecture, which is constructed by multiple heterogeneous executors with the same function. With redundancy, the functional safety can be achieved when one executor fails. Meanwhile, based on the principle that the probability is extremely low that two or more heterogeneous executors with the same function will fail for the same vulnerability, security can be ensured by using simple consensus mechanisms to detect abnormal executors caused by any cyberattacks. A DHR prototype has been designed and installed on an automated bus. Test results show that the proposed DHR is effective in enhancing both safety and security for CAVs.

中文翻译：

---

互联自动驾驶汽车基于动态异构冗余的联合安全与保障：初步仿真和现场测试结果

对于联网的自动驾驶汽车 (CAV)，安全和保障是两个相互关联的关键问题，因为许多车载组件既是安全关键又是安全关键。为了在存在功能故障或网络攻击的情况下实现安全和保障，本文提出了一种用于 CAV 的动态异构冗余 (DHR) 方案。基本思想是每个安全和安全关键的车载组件都应该采用 DHR 架构，该架构由多个具有相同功能的异构执行器构建。通过冗余，可以在一个执行器发生故障时实现功能安全。同时，基于两个或多个具有相同功能的异构执行器因同一个漏洞失败的概率极低的原则，通过使用简单的共识机制来检测由任何网络攻击引起的异常执行者，可以确保安全性。DHR 原型已设计并安装在自动公交车上。测试结果表明，所提出的 DHR 可有效提高 CAV 的安全性和保障性。