Model-Based Systemic Hazard Analysis Approach for Connected and Autonomous Vehicles and Case Study Application in Automatic Emergency Braking System

Hazard analysis and safety requirements are very crucial for the safety-critical system design. For the traditional vehicle system safety analysis and design, Failure Modes and Effects Analysis (FMEA) and Fault Tree Analysis (FTA) are usually conducted to evaluate the risk. However, for Connected and Autonomous Vehicles (CAV), the autonomous system is more complex, and there are a lot of interactions among subsystems. Conventional hazard analysis methods on the basis of the linear chain of events are not applicable to CAVs because it is difficult to identify the potential hazards caused by system interactions or performance limits. A new hazard analysis method based on control theory and system theory, Systems Theory Process Analysis (STPA), can identify the potential hazards from the view of the whole system. Besides, Model-Based Systems Engineering (MBSE) approach is introduced to improve the consistency and traceability. In this article, a model-based hazard analysis method combining STPA and MBSE is proposed, which can map the development process in compliance with the International Organization for Standardization (ISO) 26262 and Safety Of The Intended Functionality (SOTIF) standards. System assumptions and architecture from system engineering foundations can be used to form the item definition in the safety analysis process. Hazards can be identified by the STPA method based on preliminary system functions. Furthermore, causal factors and safety constraints from Unsafe Control Actions (UCAs) can help developers to generate functional safety requirements and modify the preliminary system architecture. The Automatic Emergency Braking (AEB) system is taken as a typical example to demonstrate the effectiveness of this method. The hazardous state and casual factors for the AEB system is identified by STPA based on the system model, which is described by the systems modeling language (SysML). Meanwhile, the analysis results give the guidance for a safety-related system design. The proposed workflow promotes the collaboration between the system designer and safety analyzer and accelerates the system development iterations process.