A Hazard Analysis Approach for Automated Driving Shared Control 2024-01-2056

Systems-Theoretic Process Analysis (STPA) is being used as a hazard analysis technique within automotive, due in part to its systems engineering viewpoint making it suitable to automated driving feature analysis and with several new and emerging standards and guidelines suggesting its use as one option its familiarity is increasing. Approaches incorporating the human into the STPA Control Structure Diagram (CSD) have been proposed, such as Engineering for Humans: A New Extension to STPA [1]. Such approaches position the human as the top controller in the CSD hierarchy. While placing the human at the top of the CSD is suited to reasoning about supervisory human machine interactions, perhaps in an industrial control setting, we argue that a different approach is needed to address automotive shared control. In an automotive context the driver is integral to vehicle control. Even for vehicle features delivering partial or conditional automation, low level vehicle control tasks may be shared between the driver and the automation. For example, Lane Keep Assistance (LKA) haptic lateral shared control or steer-by-wire input-mixing lateral shared control. In such situations human and machine control is shared between high-level supervisory tasks and lower-level manoeuvring and control tasks. This necessitates modelling the driver differently within the STPA CSD. In this paper we present a vehicle control model and STPA inspired method, which when used together can help the analyst reason about the nature of shared control and potential hazard causes in an automated driving context.