Homogeneous Redundancy

Summary: Deploying redundant AI components (e.g., two brake control components) is a solution to deal with highly uncertain AI components that may make unethical decisions or adversary hardware components that produce malicious data or behave unethically.

Type of pattern: Product pattern

Type of objective: Trustworthiness

Target users: Architects, developers

Impacted stakeholders: Data scientists

Relevant AI ethics principles: Reliability and safety

Mapping to AI regulations/standards: ISO/IEC 42001:2023 Standard.

Context: AI systems are highly data dependent. The reason for the uncertainty of an AI system is that the data sources at runtime are unknown at development time when the training dataset is collected. The unethical decisions or behaviors of AI systems may cause serious damage to humans or the environment.

Problem: How can we prevent the AI system from taking unethical actions?

Solution: Deploying multiple redundant and identical AI components (e.g., two brake control components) is a solution to tolerate the individual AI component with high uncertainty that may make unethical decisions or the individual adversary hardware component that produces malicious data or behaves unethically [1]. A cross-check can be conducted for the outputs provided by multiple components of a single type. The results are accepted only there is a consensus among the redundant components.

Fig.1 Homogeneous redundancy

Benefits:

  • Fault-tolerance: The function provided by an individual AI component is running on redundant identical AI components. The results are accepted only if there is a consensus.
  • Increased safety and human control: The end user or the operator of the AI system can further review the results that are not accepted automatically according to a consensus protocol.

Drawbacks:

  • Increased operating cost: Running multiple identical AI components causes extra cost compared with running one single AI component.
  • Performance penalty: The execution time of multiple AI components and the time to reach consensus create a performance penalty.

Related patterns:

  • Multi-model decision maker: Both multi-model decision maker and homogenous redundancy applies redundancy as a commonly used reliability practice in traditional software system. The two redundancy patterns are applied at different levels, AI models and AI components, respectively.
  • Continuous deployment for RAI: Homogenous redundancy is a deployment strategy at component-level.

Known uses:

  • Tesla autopilot has two AI chips on each Tesla computer to make decisions based on consensus of the two AI chips.
  • Waymo contains multiple redundant components at various levels, including redundant braking, steering, and inertial measurement systems for vehicle positioning.
  • Baidu autonomous mini-bus has redundancy designs from sensors to algorithm modules to guard against hardware or software failures.

References:

[1] Nafreen, M., S. Bhattacharya, and L. Fiondella. Architecture-based Software Reliability Incorporating Fault Tolerant Machine Learning. in 2020 Annual Reliability and Maintainability Symposium (RAMS). 2020. IEEE.