THÈSE DE DOCTORAT de l’Université de recherche Paris Sciences et Lettres PSL Research University Préparée à MINES ParisTech Safety benefit assessment, vehicle trial safety and crash analysis of automated driving : a Systems Theoretic approach Evaluation des gains de sécurité, sécurisation des essais et analyse des accidents du véhicule autonome : une approche systémique Ecole doctorale n°432 SCIENCES ET METIERS DE L’INGENIEUR Spécialité : SCIENCES ET GENIE DES ACTIVTES A RISQUES COMPOSITION DU JURY: M. Paul SALMON University of the Sunshine Coast, Rapporteur M. Enrico ZIO Politecnico di Milano, Rapporteur Stephanie ALVAREZ GOMEZ Mme. Nancy LEVESON Massachusetts Institute of Technology, Examinateur Dirigée par Franck GUARNIERI M. Pierre VAN ELSLANDE Encadrée par Yves PAGE IFSTTAR, Examinateur M. Franck GUARNIERI MINES ParisTech, Examinateur M. Yves Page Dirigée par Franck GUARNIERI Renault, membre invité Table of Contents Table of Contents ...................................................................................................................... iii List of Figures ........................................................................................................................... viii List of Tables ............................................................................................................................... x Chapter 1: Introduction .............................................................................................................. 1 1.1 Problem statement ...................................................................................................... 1 1.2 Research aims .............................................................................................................. 4 1.3 Research approach ...................................................................................................... 4 1.4 Thesis structure ........................................................................................................... 5 Chapter 2: Vehicle automation, Road Safety and Systems Theoretic approaches .................... 8 2.1 Chapter overview ........................................................................................................ 8 2.2 Vehicle automation ..................................................................................................... 9 2.2.1 Vehicle automation definition and taxonomy ..................................................... 9 2.2.2 Motivation for vehicle automation .................................................................... 15 2.2.3 Paths to vehicle automation .............................................................................. 16 2.2.4 Challenges for vehicle automation .................................................................... 17 2.3 Road safety ................................................................................................................ 20 2.3.1 Road safety as a lack of safety ........................................................................... 20 2.3.2 Road safety as a system ..................................................................................... 21 2.3.3 Road safety perspectives over time ................................................................... 24 2.3.4 Safe System approach ........................................................................................ 25 2.4 Systems theoretic approaches to safety ................................................................... 28 2.4.1 Systems theory and road safety ......................................................................... 29 2.4.2 The Risk Management Framework .................................................................... 31 iii 2.4.3 System-Theoretic Accident Model and Processes (STAMP) .............................. 34 2.4.4 Functional Resonance Analysis Method (FRAM) ............................................... 37 2.4.5 Synthesis of the systems theoretic approaches to safety.................................. 39 2.5 STAMP, STPA and CAST as the conceptual framework for the thesis ....................... 41 2.5.1 Why STAMP ........................................................................................................ 41 2.5.2 Background ......................................................................................................... 42 2.5.3 System Theoretic Accident Model and Processes (STAMP) .............................. 45 2.5.4 STPA .................................................................................................................... 50 2.5.5 CAST .................................................................................................................... 55 2.5.6 The STAMP-based approach of the thesis ......................................................... 61 Chapter 3: Examining the safety benefit assessment of automated driving systems .............. 62 3.1 Chapter overview ...................................................................................................... 62 3.2 Introduction ............................................................................................................... 63 3.2.1 Aim and objectives ............................................................................................. 67 3.3 Methods ..................................................................................................................... 68 3.3.1 Highway pilot system description ...................................................................... 68 3.3.2 Estimation of the target population ................................................................... 68 3.3.3 Identification of the safety requirements through STPA ................................... 68 3.3.4 Definition of questions to assist the evaluation of direct safety mechanisms .. 69 3.4 Findings ...................................................................................................................... 70 3.4.1 Highway pilot system ......................................................................................... 70 3.4.2 Target Population ............................................................................................... 72 3.4.3 Safety Requirements .......................................................................................... 75 3.4.4 Questions to consider in the evaluation of direct mechanisms (1-2) .............. 100 3.5 Discussion ................................................................................................................ 105 iv 3.5.1 Target population ............................................................................................. 105 3.5.2 STPA and Safety Requirements ........................................................................ 107 3.5.3 Questions derived from the safety requirements ........................................... 109 3.6 Conclusions .............................................................................................................. 111 3.6.1 Future work ...................................................................................................... 112 Chapter 4: Using STPA to ensure the safety of automated driving trials ................................ 113 4.1 Chapter overview .................................................................................................... 113 4.2 Introduction ............................................................................................................. 114 4.2.1 Study aim and objectives ................................................................................. 115 4.3 Methods ................................................................................................................... 116 4.3.1 STPA analysis on the vehicle trial process ........................................................ 117 4.3.2 STPA analysis on an automated driving trial operation ................................... 117 4.3.3 Framework to ensure the safety of automated driving trials .......................... 118 4.4 Findings .................................................................................................................... 119 4.4.1 STPA analysis on the vehicle trial process ........................................................ 119 4.4.2 STPA analysis on an automated driving trial operation ................................... 126 4.4.3 Framework to ensure the safety of automated driving trials .......................... 133 4.5 Discussion ................................................................................................................ 145 4.5.1 The scope of the framework ............................................................................ 146 4.5.2 The contents of the framework ....................................................................... 147 4.6 Conclusion ............................................................................................................... 148 4.6.1 Future work ...................................................................................................... 148 Chapter 5: CASCAD—an accident analysis method for crashes involving automated driving 149 5.1 Chapter overview .................................................................................................... 149 5.2 Introduction ............................................................................................................. 150 v 5.3 Methods ..................................................................................................................