Comparison of STPA with FMEA for analyzing safety of autonomous driving system

Abstract: The safe behavior of an autonomous driving system (ADS) depends upon safe interactions between the system’s software and hardware elements, the surrounding environment, the human driver in the vehicle, organizational and legal requirements, and so on. Traditional safety analysis methods such as failure mode effect analysis (FMEA) and fault tree analysis (FTA) focus on system’s safety due to failure of electrical and electronics components. These methods are unsuitable for handling complex interactions that may pose a safety risk even if no system element fails. STPA is a novel safety analysis method that models the system as a dynamic structure. It analyzes the interacting system elements and provides guidelines to constrain their behavior to ensure safety.   This thesis explores the safety requirements of an ADS, applies STPA and FMEA to the function-level architecture of a generic ADS, and investigates the suitability of the safety analysis methods to meet the safety requirements of a complex system like ADS. The results of the analyses are validated by conducting interviews with system safety practitioners and seeking their opinion on the process and approaches of the two methods. The study concludes that the methods complement each other, and their different approaches are essential to achieve completeness of safety analysis.