A System-Based Safety Assurance Framework for Human-Vehicle Interactions

With the introduction of vehicular digitization and automation, there has been significant growth in the number of Electronic Control Units (ECUs) inside vehicles, followed by the broader use of Advanced Driver Assistance Systems (ADAS) and Automated Driving Systems (ADSs). The growth of the number of ECUs has also significantly increased the number of user interfaces. To conduct safe driving, in addition to those related to the real-time control of the vehicle, a driver also needs to be able to digest information effectively and efficiently from various ECUs via the Human-Machine Interface (HMI). To evaluate the safety of ADS, including its interactions with system users, some work has suggested that they will need to be driven for over 11 billion miles. However, the number of test miles driven is not a meaningful metric for judging safety. Instead, the types of scenarios encountered by the driver-vehicle interactions during testing are critically important. With a hazard-based testing approach, this paper proposes that the extent to which testing miles are ‘smart miles’ that reflect hazard-based scenarios relevant to potential unsafe driver-vehicle interactions is fundamental. The authors proposed an extension based on STPA’s Human Mental Model to create hazard-based test scenarios related to human-machine interactions. The proposed approach has been applied to a real-world project associated with the testing of an SAE-Level 4 Autonomous Vehicle (AV) during its prototyping phase, which involves the interactions between the safety driver and the AV’s ADS and X-by-Wire system. The authors also proposed an extension to the Scenario Description Language (SDL) that can be used to define hazard-based test scenarios. The test scenarios generated from the extended SDL have been used for scenario-based testing in real-world and simulation environments.