This study presents a structured evaluation framework for reasonably foreseeable
misuse in automated driving systems (ADS), grounded in the ISO 21448 Safety of
the Intended Functionality (SOTIF) lifecycle. Although SOTIF emphasizes risks
that arise from system limitations and user behavior, the standard lacks
concrete guidance for validating misuse scenarios in practice.
To address this gap, we propose an end-to-end methodology that integrates four
components: (1) hazard modeling via system–theoretic process analysis (STPA),
(2) probabilistic risk quantification through numerical simulation, (3)
verification using high-fidelity simulation, and (4) empirical validation via
driver-in-the-loop system (DILS) experiments. Each component is aligned with
specific SOTIF clauses to ensure lifecycle compliance.
We apply this framework to a case of driver overreliance on automated emergency
braking (AEB) at high speeds—a condition where system intervention is
intentionally suppressed. Initial numerical analysis suggested that the scenario
narrowly satisfies the acceptance criteria. Applying the proposed framework to
this scenario reveals that significant safety risks can persist even when the
system functions according to its design intent.
Our findings demonstrate that foreseeable misuse can be formally modeled,
simulated, and empirically validated within the SOTIF framework. The proposed
approach enables system developers to quantify behavioral risk and assess
human-centered edge cases with greater rigor. This work contributes to
operationalizing SOTIF for behavioral safety assurance and lays the foundation
for future research on risk mitigation through adaptive HMI and context-aware
alerts.
