Integrating STPA into ISO 26262 Process for Requirement Development

Suo, Dajiang; Yako, Sarra; Boesch, Mathew; Post, Kyle

doi:10.4271/2017-01-0058

Cited by 8 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Abdulkhaleq et al (2018) finds that the interaction of ADS with the human, environment or other traffic participants could be sufficiently addressed. Suo et al (2017) and Mallya et al (2016) propose ways to integrate STPA into the ISO26262 process.…”

Section: Safety Assessmentmentioning

confidence: 99%

Systems-Theoretic Safety Assessment of Teleoperated Road Vehicles

Hoffmann¹,

Diermeyer²

2021

Preprint

View full text Add to dashboard Cite

Teleoperation is becoming an essential feature in automated vehicle concepts, as it will help the industry overcome challenges facing automated vehicles today. Teleoperation follows the idea to get humans back into the loop for certain rare situations the automated vehicle cannot resolve. Teleoperation therefore has the potential to expand the operational design domain and increase the availability of automated vehicles. This is especially relevant for concepts with no backup driver inside the vehicle. While teleoperation resolves certain issues an automated vehicle will face, it introduces new challenges in terms of safety requirements. While safety and regulatory approval is a major research topic in the area of automated vehicles, it is rarely discussed in the context of teleoperated road vehicles. The focus of this paper is to systematically analyze the potential hazards of teleoperation systems. An appropriate hazard analysis method (STPA) is chosen from literature and applied to the system at hand. The hazard analysis is an essential part in developing a safety concept (e.g., according to ISO26262) and thus far has not been discussed for teleoperated road vehicles.

show abstract

Section: Safety Assessmentmentioning

confidence: 99%

Systems-Theoretic Safety Assessment of Teleoperated Road Vehicles

Hoffmann¹,

Diermeyer²

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Therefore, developing safety requirements for road vehicle electrical and/or electronic (E/E) systems is challenging. First, in the early conceptual phase, engineers need to consider not only safety-related goals, but also other system-level goals, such as performance and information security, which determines whether stakeholders' will be satisfied with the new product [1,2]. Second, traditional safety analysis methods focusing on component failures are difficult to be used alone in safety analysis of software-intensive modern complex systems [3][4][5].…”

Section: Introductionmentioning

confidence: 99%

“…In recent years, STPA has been successfully used in various safety-critical systems of many fields , such as STPA for automotive systems [2,[7][8][9][10][11][12][13][14], STPA for defense system [15], for medical devices such as a radiation therapy system [16], for nuclear industry [17] and for aerospace related systems [18][19][20][21][22], etc.…”

mentioning

confidence: 99%

A Novel Hazard Analysis and Risk Assessment Approach for Road Vehicle Functional Safety through Integrating STPA with FMEA

2020

View full text Add to dashboard Cite

ISO26262: 2018 is an international functional safety standard for electrical and/or electronic (E/E) systems within road vehicles. It provides appropriate safety requirements for road vehicles to avoid unreasonable residual risk according to automotive safety integrity levels (ASILs) derived from hazard analysis and risk assessment (HARA) required in the ISO26262 concept phase. Systems theoretic process analysis (STPA) seems to be designed specifically to deal with hazard analysis of modern complex systems, but it does not include risk evaluation required by most safety related international standards. So we integrated STPA into Failure Mode and Effect Analysis (FMEA) template to form a new method called system theoretic process analysis based on an FMEA template, STPAFT for shot, which could not only meet all the requirements of the concept phase in ISO26262, but also make full use of the advantages of the two methods. Through the focus of FMEA on low-level components, STPAFT can obtain more detailed causal factors (CFs), which is very helpful for derivation of safety goals (SGs) and the functional safety requirements (FSRs) in the concept phase of ISO26262. The application of STPAFT is described by the case study of fuel level estimation and display system (FLEDS) to show how the concept phase of ISO26262 could be supported by STPAFT.

show abstract

“…The urgent need for a combined safety and cybersecurity analyses and processes in the product life cycle is recognized not only in the automobile industry, but also in other safety-critical areas such as railway, airline, nuclear and industrial control systems, etc. [30] [31] [35] In the automotive domain, although original equipment manufacturers (OEMs) have been trying to improve the coordination between functional safety and cyber-security activities [1] due to the impact of increases in the level of connectivity and automation, simultaneously ensuring system safety and security is challenging because of the large number of causal relations between hazards and threats. As Parkinson et al [2] suggest, for complex systems such as AVs, "the full extent of which sensors might be compromised and their effect on a vehicle's function is not known."…”

Section: Introductionmentioning

confidence: 99%

“…The analyses of safety hazards (which we will sometimes refer to as 'hazards') and cybersecurity threats (which we will refer to as 'threats') are usually conducted separately when developing cyberphysical systems such as autonomous vehicles (AVs). The urgent need for a combined safety and cybersecurity analyses and processes in the product life cycle is recognised not only in the automobile industry but also in other safety-critical areas such as railway, airline, nuclear and industrial control systems and so on [1][2][3]. In the automotive domain, although original equipment manufacturers have been trying to improve the coordination between functional safety and cyber-security activities [4] due to the impact of increases in the level of connectivity and automation, simultaneously ensuring system safety and security is challenging because of the large number of causal relations between hazards and threats.…”

Section: Introductionmentioning

confidence: 99%