Lessons-learned from Applying STAMP Safety and Security Analysis on AEB for L4 Autonomous Driving

Abstract—Autonomous vehicles (AV) are coming to our streets. Due to the presence of highly complex software systems in AVs, there is a need for a new hazard analysis technique to meet stringent safety standards. System Theoretic Process Analysis (STPA) based on Systems Theoretic Accident Modeling and Processes (STAMP) is a powerful tool to identify, define, analyze and mitigate hazards from the earliest conceptual stage of development to the operation of a system. Applying STPA to autonomous vehicles demonstrates STPA's applicability for the preliminary hazard analysis, alternative available, developmental test, organizational design, and functional design to each unique safety operation.
This paper describes the STPA process used to generate system design requirements for an Autonomous Emergency Braking (AEB) system using a top-down analysis approach to system safety.
The paper makes the following contributions to practicing STPA for safety and security:
1) It describes the incorporation of safety and security analysis in one process and discusses the benefits of doing so;
2) It provides an improved structured approach for scenario analysis concentrating on safety and security; 3) It demonstrates the utility of STPA
analysis for gap analysis of existing designs in the automotive domain;
4) It provides lessons learned throughout the process of applying STPA and STPA-sec.