Human interaction safety analysis (HISA)

Find safety issues in human-machine interaction (HMI) protocols. The aim of the method is to enable the HMI design to be improved to reduce safety risks, and the analysis results can also be used as part of a safety case.

Method Purpose Short description of the method's purpose and main benefits

Method description A detailed description of the method

This is a safety analysis method which systematically identifies interaction failures between humans and machines. The focus so far has been on analysis of protocols for transition of control of the dynamic driving task between a human driver and an automated driving system. However, the aim is to extend it to other types of interaction as between humans and cyber-physical systems as well as make use of real-world data to improve the analysis results [HIS1, HIS2].

The process consists of the following steps: (1) propose a communication protocol; (2) create the interaction sequence between a HU (Human User) and a machine as two communicating entities through the HMI, considering the possible combinations of time intervals (Figure ‎3.8, top left where the machine is an ADS – automated driving system); (3) perform cause-consequence analysis (CCA) by constructing cause-consequence diagrams (CCD) based on the interaction sequences (Figure ‎3.8, top right), and for each failed event on the CCD perform a fault tree analysis (FTA) considering a model of human behaviour (Figure ‎3.8, bottom); and lastly (4) perform a risk assessment for identified potential faults and improve the HMI design if the residual risk is considered unacceptable. The results of the analysis should be useful as a part of the argument for safety of the ADS, and thus used in the ADS safety case.

Figure ‎3.8 Illustration of the HISA method

Method Strengths A listof the strengths of the method

Enables analysis of HMI frameworks with respect to both Electrical and Electronics (E/E) and human errors (functional safety and human factors expertise is combined).
Provides (analytical) evidence for an ADS safety case.

Method Limitations The limitations of the method

Lack of dedicated tool support (existing tools for e.g. sequence diagrams and FTA can be used).
Low TRL, lack of application to real use cases.

Method References Bibliography references to papers about the method.

[HIS1] Warg, F., Ursing, S., Kaalhus, M. and Wiik, R., 2020, January. Towards Safety Analysis of Interactions Between Human Users and Automated Driving Systems. In 10th European Congress on Embedded Real Time Software and Systems (ERTS 2020).

[HIS2] M. Skoglund, F. Warg, and B. Sangchoolie: Agreements of an automated driving system, in 37th International Conference on Computer Safety, Reliability, & Security (SAFECOMP 2018) - Fast Abstract, Sep. 2018.

Method Dimensions

Evaluation Environment Type Type of environment where the method is applied. It can be more than one type of environment. (Dimension 1)

Evaluation Type Type of evaluation performed with that method. If a method is hybrid, more than one type can be selected. (Dimension 2)

Type of Component Under Evaluation Type of components that can be evaluated with that method. It can be more than one type. (Dimension 3)

Evaluation Stage The evaluation stage where the method is used. (Dimension 5)

Purpose of the Component Under Evaluation The type of purpose that can be evaluated by a method. It can be more than one type. (Dimension 6)

Type of Requirement Under Evaluation The type of requirements that a method is able to evaluate. It can be more than one type. (Dimension 7)

Evaluation Performance Indicator The type of evaluation criteria or KPI that a method is able to improve. It can be more than one type. (Dimension 8)

Relations

Related Methods A method could be related to other methods.

Tools A method can use zero or more tools.

Part Method A method (when it is a combination: Combination of method artefact that is a specialization of a V&V Method) could be composed of a set of V&V Methods.

Test Case or Verification and Validation activity Test Case or V&V activity performed in a Use Case. We will link to the method to the test cases where the method is used.

Standards A method can be linked with standards.

Context

Workflow

Contents

There are currently no items in this folder.