Safety and Security Analysis of AEB for L4 Autonomous Vehicle Using STPA

Autonomous vehicles (AVs) are coming to our streets. Due to the presence of highly complex software systems in AVs, there is a need for a new hazard analysis technique to meet stringent safety standards. System Theoretic Process Analysis (STPA), based on Systems Theoretic Accident Modeling and Processes (STAMP), is a powerful tool that can identify, define, analyze and mitigate hazards from the earliest conceptual stage deployment to the operation of a system. Applying STPA to autonomous vehicles demonstrates STPA\u27s applicability to preliminary hazard analysis, alternative available, developmental tests, organizational design, and functional design of each unique safety operation. This paper describes the STPA process used to generate system design requirements for an Autonomous Emergency Braking (AEB) system using a top-down analysis approach to system safety. The paper makes the following contributions to practicing STPA for safety and security: 1) It describes the incorporation of safety and security analysis in one process and discusses the benefits of this; 2) It provides an improved, structural approach for scenario analysis, concentrating on safety and security; 3) It demonstrates the utility of STPA for gap analysis of existing designs in the automotive domain; 4) It provides lessons learned throughout the process of applying STPA and STPA-Sec

Arguing from Hazard Analysis in Safety Cases: A Modular Argument Pattern

We observed that safety arguments are prone to stay too abstract, e.g. solutions refer to large packages, argument strategies to complex reasoning steps, contexts and assumptions lack traceability. These issues can reduce the confidence we require of such arguments. In this paper, we investigate the construction of confident arguments from (i) hazard analysis (HA) results and (ii) the design of safety measures, i.e., both used for confidence evaluation. We present an argument pattern integrating three HA techniques, i.e., FTA, FMEA, and STPA, as well as the reactions on the results of these analyses, i.e., safety requirements and design increments. We provide an example of how our pattern can help in argument construction and discuss steps towards using our pattern in formal analysis and computer-assisted construction of safety cases

Transcriptional control of the H-NS antagonists LeuO and RcsB-BglJ in Escherichia coli

The bacterial nucleoid-associated protein (NAP) H-NS is involved in the organization and compaction of the bacterial chromatin and acts as a global respressor, mainly of genes that have been acquired by horizontal gene transfer and that are related to stress responses and pathogenicity. Binding of H-NS to the DNA and formation of a nucleoprotein complex at promoter regions leads to repression. This repressor effect of H-NS can be antagonized by gene-specific transcription factors (H-NS antagonists) that activate transcription of H NS-repressed genes by competing with H-NS for binding or by disturbing formation of the nucleoprotein complex. Two examples of such H NS antagonists are the LysR-type transcription factor LeuO and the FixJ/NarL-type transcription factor heterodimer RcsB-BglJ. LeuO is a pleiotropic regulator of stress responses and virulence determinants. RcsB-BglJ activates transcription of the H NS-repressed bgl (aryl-β,D-glucoside) operon. In this work, novel targets of RcsB-BglJ were identified in Escherichia coli by microarray analyses. The results suggest that heterodimerization of RcsB and BglJ is essential for regulation. Further, in addition to genes related to unknown or predicted function in the membrane the leuO gene was identified as a target gene. Detailed analysis of transcriptional regulation of leuO demonstrated that RcsB-BglJ strongly activates transcription of leuO by binding proximal to a newly mapped leuO promoter. Thus RcsB-BglJ antagonizes repression of leuO by H-NS and the H-NS-like protein StpA. Additional data presented here show that LeuO negatively autoregulates its own expression and inhibits activation of leuO by RcsB-BglJ. Regulation of leuO by RcsB-BglJ and autoregulation by LeuO, as shown here, as well as activation of bglJ by LeuO, as published previously, indicates a feedback control mechanism of two global transcriptional regulators and H-NS antagonists.This feedback regulation may ensure turn on of their expression in response to specific environmental signals. Screens to search for novel regulators or upstream signals were performed by transposon mutagenesis and by using a genomic expression library. These screens indicate that additional factors may be involved in the regulation of this leuO-bglJ feedback loop

Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to elicit Privacy Risks in eHealth

Context: System Theoretic Process Analysis for Privacy (STPA-Priv) is a novel privacy risk elicitation method using a top down approach. It has not gotten very much attention but may offer a convenient structured approach and generation of additional artifacts compared to other methods. Aim: The aim of this exploratory study is to find out what benefits the privacy risk elicitation method STPA-Priv has and to explain how the method can be used. Method: Therefore we apply STPA-Priv to a real world health scenario that involves a smart glucose measurement device used by children. Different kinds of data from the smart device including location data should be shared with the parents, physicians, and urban planners. This makes it a sociotechnical system that offers adequate and complex privacy risks to be found. Results: We find out that STPA-Priv is a structured method for privacy analysis and finds complex privacy risks. The method is supported by a tool called XSTAMPP which makes the analysis and its results more profound. Additionally, we learn that an iterative application of the steps might be necessary to find more privacy risks when more information about the system is available later. Conclusions: STPA-Priv helps to identify complex privacy risks that are derived from sociotechnical interactions in a system. It also outputs privacy constraints that are to be enforced by the system to ensure privacy.Comment: author's post-prin

Study of E. coli Hfq's RNA annealing acceleration and duplex destabilization activities using substrates with different GC-contents

Folding of RNA molecules into their functional three-dimensional structures is often supported by RNA chaperones, some of which can catalyse the two elementary reactions helix disruption and helix formation. Hfq is one such RNA chaperone, but its strand displacement activity is controversial. Whereas some groups found Hfq to destabilize secondary structures, others did not observe such an activity with their RNA substrates. We studied Hfq’s activities using a set of short RNAs of different thermodynamic stabilities (GC-contents from 4.8% to 61.9%), but constant length. We show that Hfq’s strand displacement as well as its annealing activity are strongly dependent on the substrate’s GC-content. However, this is due to Hfq’s preferred binding of AU-rich sequences and not to the substrate’s thermodynamic stability. Importantly, Hfq catalyses both annealing and strand displacement with comparable rates for different substrates, hinting at RNA strand diffusion and annealing nucleation being rate-limiting for both reactions. Hfq’s strand displacement activity is a result of the thermodynamic destabilization of the RNA through preferred single-strand binding whereas annealing acceleration is independent from Hfq’s thermodynamic influence. Therefore, the two apparently disparate activities annealing acceleration and duplex destabilization are not in energetic conflict with each other

Hierarchical Features of Large-Scale Cortical Connectivity

The analysis of complex networks has revealed patterns of organization in a variety of natural and artificial systems, including neuronal networks of the brain at multiple scales. In this paper, we describe a novel analysis of the large-scale connectivity between regions of the mammalian cerebral cortex, utilizing a set of hierarchical measurements proposed recently. We examine previously identified functional clusters of brain regions in macaque visual cortex and cat cortex and find significant differences between such clusters in terms of several hierarchical measures, revealing differences in how these clusters are embedded in the overall cortical architecture. For example, the ventral cluster of visual cortex maintains structurally more segregated, less divergent connections than the dorsal cluster, which may point to functionally different roles of their constituent brain regions.Comment: 17 pages, 6 figure