Missing no Interaction—Using STPA for Identifying Hazardous Interactions of Automated Driving Systems
DOI: 10.24900/ijss/0201115124.2018.0301
archive: archived pipeline: cataloged verified
Get this paper ↗ (DOI — opens at the source; we link to it, we don't host it)
Summary
This paper addresses the challenge of ensuring safety in automated driving systems (ADS), specifically focusing on "safety-in-use" hazards that arise from inadequate interactions rather than component malfunctions. Traditional automotive safety standards like ISO 26262 and analysis methods such as Fault Tree Analysis (FTA) primarily target functional failures. However, ADS complexity introduces risks from interactions between the system, human drivers, other traffic participants, and the environment. The authors argue that existing hazard analysis approaches are insufficient for systematically identifying these interaction-based hazards, which often result from oversight in functional specifications. The research objective is to evaluate System-Theoretic Process Analysis (STPA) as a holistic method for identifying hazardous interactions in the absence of system malfunctions. The study applies STPA to the "Cruising Chauffeur®," a SAE Level 4 automated driving system developed by Continental. The analysis focused specifically on the "Lane Change" functionality. The researchers followed the standard STPA procedure: identifying system-level accidents and hazards, establishing safety constraints, and constructing a safety-control structure diagram to identify unsafe control actions and causal factors. To validate the approach, the authors compared the safety requirements generated by STPA against those derived from a traditional brainstorming-based Safety-in-Use Analysis (SiUA) conducted by safety experts. The study classified interactions into types such as Automated Driving System-and-other Traffic Participants (AIP) and Driver Human-and-Driver Machine Interaction (HIM). The results indicate that STPA successfully identified 41 safety requirements across various analysis levels, including 14 unsafe control actions for the lane change function. When mapped against the SiUA results, STPA captured several safety-in-use requirements, such as the need to abort lane changes due to unexpected prerequisite changes or the necessity of detecting traffic participants. However, the comparison revealed distinct differences. STPA generated a broader set of requirements, including functional safety and general functional requirements, which increased the effort required to filter for safety-in-use specific items. Additionally, STPA requirements tended to be more abstract compared to the scenario-specific outputs of the brainstorming method. The authors noted that while STPA is effective at identifying interaction hazards, its lack of specificity to safety aspects requires significant expert effort to distinguish safety-in-use requirements from other types. The paper concludes that STPA is a valuable, holistic approach for addressing the complex interactions inherent in automated driving systems. It can identify hazardous interactions that traditional methods might miss, thereby supporting the development of comprehensive safety requirements. However, the authors highlight that STPA is not exclusively tailored for safety-in-use, leading to a mixed output of requirement types. They suggest that future work should develop a specialized STPA-based approach focused specifically on safety-in-use to streamline the analysis process and help experts efficiently address interaction-related hazards without the overhead of filtering unrelated functional safety requirements.
Provenance
The full processing record for this entry. Every stage of this paper's journey through the pipeline is logged — what ran, with which tool and model, how many attempts it took, and when it last completed.
| Stage | Outcome | Tool | Model | Prompt | Attempts | Completed |
|---|---|---|---|---|---|---|
| discover | success | OpenAlex-citations | — | — | 1 | 2026-06-18 |
| archive | success | openalex | — | — | 5 | 2026-06-25 |
| extract | success | pdftotext | — | — | 2 | 2026-06-26 |
| clean | success | clean | — | — | 1 | 2026-06-26 |
| chunk | success | chunk | — | — | 1 | 2026-06-26 |
| embed | success | embed | Qwen/Qwen3-Embedding-8B | — | 1 | 2026-06-26 |
| enrich | failed | — | — | — | 4 | 2026-06-26 |
| promote | success | — | — | — | 1 | 2026-06-18 |
| summarize | success | llm | qwen3.6-27b-prismaquant | summ-v5 | 1 | 2026-06-26 |
| tag | success | vector_similarity | — | — | 6 | 2026-06-26 |
| verify | success | — | — | — | 1 | 2026-06-26 |
Summary generated by qwen3.6-27b-prismaquant on 2026-06-26; verification: verified.
Topics
Ranked by relevance to this paper. Hover a topic for its definition.
Information type
What kind of knowledge this paper contributes, grouped by family — independent of topic (what it is about) and method (how it was studied).
- Theoretical Contribution: conceptual framework