Safety and Security Analysis of AEB for L4 Autonomous Vehicle Using STPA

Authors Shefali Sharma, Adan Flores, Chris Hobbs, Jeff Stafford, Sebastian Fischmeister

Thumbnail PDF


  • Filesize: 405 kB
  • 13 pages

Document Identifiers

Author Details

Shefali Sharma
  • Electrical and Computer Eng., University of Waterloo, Waterloo, Canada
Adan Flores
  • Electrical and Computer Eng., University of Waterloo,Waterloo, Canada
Chris Hobbs
  • QNX Software Systems Limited, Kanata, Canada
Jeff Stafford
  • Renesas Electronics America Inc., Farmington Hills, USA
Sebastian Fischmeister
  • Electrical and Computer Eng., University of Waterloo, Waterloo, Canada

Cite AsGet BibTex

Shefali Sharma, Adan Flores, Chris Hobbs, Jeff Stafford, and Sebastian Fischmeister. Safety and Security Analysis of AEB for L4 Autonomous Vehicle Using STPA. In Workshop on Autonomous Systems Design (ASD 2019). Open Access Series in Informatics (OASIcs), Volume 68, pp. 5:1-5:13, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2019)


Autonomous vehicles (AVs) are coming to our streets. Due to the presence of highly complex software systems in AVs, there is a need for a new hazard analysis technique to meet stringent safety standards. System Theoretic Process Analysis (STPA), based on Systems Theoretic Accident Modeling and Processes (STAMP), is a powerful tool that can identify, define, analyze and mitigate hazards from the earliest conceptual stage deployment to the operation of a system. Applying STPA to autonomous vehicles demonstrates STPA's applicability to preliminary hazard analysis, alternative available, developmental tests, organizational design, and functional design of each unique safety operation. This paper describes the STPA process used to generate system design requirements for an Autonomous Emergency Braking (AEB) system using a top-down analysis approach to system safety. The paper makes the following contributions to practicing STPA for safety and security: 1) It describes the incorporation of safety and security analysis in one process and discusses the benefits of this; 2) It provides an improved, structural approach for scenario analysis, concentrating on safety and security; 3) It demonstrates the utility of STPA for gap analysis of existing designs in the automotive domain; 4) It provides lessons learned throughout the process of applying STPA and STPA-Sec .

Subject Classification

ACM Subject Classification
  • Hardware → Safety critical systems
  • Networks → Cyber-physical networks
  • Functional Safety
  • Security
  • STPA
  • STPA-Sec
  • ISO 26262
  • AEB
  • Advanced Driver Assistance Systems (ADAS)
  • Automated Vehicles
  • SoC (System-On-Chip)


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Asim Abdulkhaleq and Stefan Wagner. Experiences with applying STPA to software-intensive systems in the automotive domain. Stuttgart, 2013. Google Scholar
  2. Asim Abdulkhaleq, Stefan Wagner, Daniel Lammering, Hagen Boehmert, and Pierre Blueher. Using STPA in Compliance with ISO 26262 for Developing a Safe Architecture for Fully Automated Vehicles. arXiv preprint, 2017. URL:
  3. N Leveson. An STPA Primer, Version 1. Massachusetts Institute of Technology, pages 22-65, 2013. Google Scholar
  4. Nancy Leveson. Engineering a safer world: Systems thinking applied to safety. MIT press, 2011. Google Scholar
  5. Archana Mallya, Vera Pantelic, Morayo Adedjouma, Mark Lawford, and Alan Wassyng. Using STPA in an ISO 26262 Compliant Process. In International Conference on Computer Safety, Reliability, and Security, pages 117-129. Springer, 2016. Google Scholar
  6. Shefali Sharma Adan Flores Chris Hobbs Jeff Stafford and Sebastian Fischmeister. Functional Safety and Cybersecurity Assessment of L4 Autonomous Emergency Braking System. University of Waterloo, 2018. Google Scholar
  7. Standard. ISO 26262 Road vehicles-Functional Safety. ISO, 2011. Google Scholar
  8. John Thomas. Systems Theoretic Process Analysis (STPA) Tutorial, 2013. Google Scholar
  9. John P Thomas IV. Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis. PhD thesis, Massachusetts Institute of Technology, 2013. Google Scholar
  10. W Young. STPA-SEC for cyber security mission assurance. Eng Syst. Div. Syst. Eng. Res. Lab, 2014. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail