Integrating security in hazard analysis using STPA-Sec and GSPN: A case study of automatic emergency braking system

Abstract

Hazard analysis is a vital step in developing intelligent connected vehicles, aiming to eliminate or control hazards in the initial stages of system development and to provide theoretical support for the system’s safety design. However, conventional hazard analysis methods, such as Fault Tree Analysis and Failure Mode and Effects Analysis, suffer from two shortcomings: they do not account for the impact of cybersecurity factors on system safety and do not provide sufficient quantification of hazard scenarios. To this end, we propose a quantifiable hazard analysis method with security consideration, which integrates System Theoretic Process Analysis for Security (STPA-Sec) and Generalized Stochastic Petri Net (GSPN), supporting the extraction, modeling, and quantification of hazards. Specifically, we employ STPA-Sec for qualitative analysis to identify causal scenarios, safety requirements, security requirements, and the corresponding mitigations. Then, based on the identified causal scenarios, a GSPN model is established to quantify system-level hazards. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards but also provides a quantitative assessment. Comparative assessments suggest that the proposed method exhibits an advantage in terms of analysis processes (integrating security) and results (quantification).