System Theoretical Process Analysis For Safety And Security-Critical Design Of Intelligent Connected Vehicles

Vehicles have become Connected,Autonomous,Shared,and Electric(CASE),driving the emergence of Intelligent Connected Vehicles(ICV).While ICV bring convenience to daily life,they also face a series of hazards,such as Function damage and information leakage.Traditional hazard analysis methods(such as fault trees,etc.)only focus on component failures and ignore the impact of abnormal interactions between components on the system.Therefore,they cannot perform hazard analysis on complex embedded systems.To solve this problem,System Theory Process Analysis(STPA)appeared.STPA is a hazard analysis method for industrial systems to avoid system flaws.The interruption of the decision-making process and feedback process of information,the uncertainty of the Artificial Intelligence(AI)algorithm output,and the threats to security in ICV all make STPA face new challenges when performing hazard analysis on ICV.In addition,the results of hazard analysis using STPA have not been quantified,and the pending results of hazard analysis cannot be prioritized.In order to solve the above challenges,we propose a new three-stage hazard analysis method called STPA-ICV which can ensure the safety and security of ICV.STPA-ICV also takes functional safety and information security into consideration,and can be widely used in a variety of adaptive applications of ICV.By using STPA-ICV,clear structures of ICV can be constructed to improve network bandwidth and it is helpful to get detailed hazard scenarios and propose system optimization strategies.We take Adaptive Cruise Control(ACC)and Auto Emergency Braking(AEB)as case studies to conduct hazard analysis.In order to solve the problem that the STPA hazard results cannot be quantified,this paper proposes the Quant-STPA method to quantify the results of STPA for the first time.Quant-STPA starts from the quantification idea of Fault Tree Analysis.It combines the hazard scenario tree generated by STPA-ICV to establish the logical relationship between hazards and hazard scenarios,and calculate the probability of occurrence of system-level hazard;Quant-STPA method defines a unique standard to measure the importance of the hazard scenarios.This article also highlights the superiority of Quant-STPA through two comparative experiments and one case analysis.The STPA-ICV and Quant-STPA methods respectively carried out a qualitative analysis and a quantitative analysis of the hazards faced by ICV.Experiments show STPA-ICV can derive more hazard scenarios and is more efficient than existing STPA methods.Compared with the Fault Tree Analysis,Quant-STPA can quantify more dangerous scenarios and obtain more accurate and objective quantitative results.Both methods improve the efficiency of hazard analysis and provide new possibilities for the protection of safety and security of ICV.