Application of System Theoretic Process Analysis to understand safety requirements for a domestic robot
Lead Research Organisation:
University of Oxford
Department Name: Engineering Science
Abstract
Research Context
Domestic robots can offer significant societal benefits by performing household tasks and providing assistance and care to end-users. However, their deployment could introduce new types of risks and/or lead to unintended consequences. To this end, this project investigates the safety requirements for domestic robots in everyday environments. Hence, it falls within EPSRC's Artificial Intelligence and robotics research area.
As a starting point, the project will apply System Theoretic Process Analysis (STPA) to domestic robot applications. STPA is a technique to identify unsafe control actions and hazardous system states with the aim to generate detailed safety requirements to prevent the occurrence of the identified hazardous scenarios. STPA was developed at MIT more than a decade ago. Since its inception, it has been adopted in different industries including the automotive sector. In the past, STPA has been shown to be very effective in understanding emergent behaviors and complex interactions of novel products, improving on previous hazard analysis tools such as Fault Tree Analysis (FTA) by considering the context in which faults occur, identifying hazards that arise from component interactions instead of just single component failures. The System-Theoretic Accident Model and Processes (STAMP) model is the causality model that underpins STPA. STAMP assumes a hierarchical safety control structure that allows inadequate enforcement of safety constraints on a processes behavior, in this case a domestic robots behavior, which leads to inadequate control which and when applied to the hazardous process results in a hazardous system state, which can lead to accidents occurring. This differs from conventional hazard analysis tools such as FTA, essentially saying accidents are caused by inadequate control, which can be prevented with suitable design requirements.
Aims and Objectives
The aim of this project is to strengthen the safety case for domestic robot applications. To do this, we aim to identify the high-level safety requirements that would apply to domestic robots through the application of STPA to domestic robot systems. Application scenarios might focus on representative tasks that a domestic robot might be expected to carry out, which demonstrate fundamental capability requirements of such as system, such as robot navigation, perception, manipulation, etc. In this context, STPA will be used to complement risk assessments based on safety measures. A particular focus will be on the operation of robots in open-ended, dynamic environments, with additional effort to show research products deployed on actual robot systems performing representative tasks.
Novelty of the research methodology
There have been few instances where the STPA method has been applied to domestic robots [1]. Since the time of writing, the field of robotics has seen considerable progress, including the development of legged robots that enable a wider range of applications scenarios. Previous applications of STPA tended to stay at a high level of abstraction, not delving into specific algorithms, and lacked examples of the method being used on real hardware. This project aims to address these limitations and explore how to combine STPA and STAMP with emerging areas of robotics research, such as causal inference.
Companies and collaborators
- Supervisor: Dr. Lars Kunze
- Companies: Dyson Technology
References
[1] E. Mitka and S. G. Mouroutsos, "Applying the stamp system safety engineering methodology to the design of a domestic robot," 2015.
Domestic robots can offer significant societal benefits by performing household tasks and providing assistance and care to end-users. However, their deployment could introduce new types of risks and/or lead to unintended consequences. To this end, this project investigates the safety requirements for domestic robots in everyday environments. Hence, it falls within EPSRC's Artificial Intelligence and robotics research area.
As a starting point, the project will apply System Theoretic Process Analysis (STPA) to domestic robot applications. STPA is a technique to identify unsafe control actions and hazardous system states with the aim to generate detailed safety requirements to prevent the occurrence of the identified hazardous scenarios. STPA was developed at MIT more than a decade ago. Since its inception, it has been adopted in different industries including the automotive sector. In the past, STPA has been shown to be very effective in understanding emergent behaviors and complex interactions of novel products, improving on previous hazard analysis tools such as Fault Tree Analysis (FTA) by considering the context in which faults occur, identifying hazards that arise from component interactions instead of just single component failures. The System-Theoretic Accident Model and Processes (STAMP) model is the causality model that underpins STPA. STAMP assumes a hierarchical safety control structure that allows inadequate enforcement of safety constraints on a processes behavior, in this case a domestic robots behavior, which leads to inadequate control which and when applied to the hazardous process results in a hazardous system state, which can lead to accidents occurring. This differs from conventional hazard analysis tools such as FTA, essentially saying accidents are caused by inadequate control, which can be prevented with suitable design requirements.
Aims and Objectives
The aim of this project is to strengthen the safety case for domestic robot applications. To do this, we aim to identify the high-level safety requirements that would apply to domestic robots through the application of STPA to domestic robot systems. Application scenarios might focus on representative tasks that a domestic robot might be expected to carry out, which demonstrate fundamental capability requirements of such as system, such as robot navigation, perception, manipulation, etc. In this context, STPA will be used to complement risk assessments based on safety measures. A particular focus will be on the operation of robots in open-ended, dynamic environments, with additional effort to show research products deployed on actual robot systems performing representative tasks.
Novelty of the research methodology
There have been few instances where the STPA method has been applied to domestic robots [1]. Since the time of writing, the field of robotics has seen considerable progress, including the development of legged robots that enable a wider range of applications scenarios. Previous applications of STPA tended to stay at a high level of abstraction, not delving into specific algorithms, and lacked examples of the method being used on real hardware. This project aims to address these limitations and explore how to combine STPA and STAMP with emerging areas of robotics research, such as causal inference.
Companies and collaborators
- Supervisor: Dr. Lars Kunze
- Companies: Dyson Technology
References
[1] E. Mitka and S. G. Mouroutsos, "Applying the stamp system safety engineering methodology to the design of a domestic robot," 2015.
People |
ORCID iD |
| Lars Kunze (Primary Supervisor) | |
| Michael Groom (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/Y52878X/1 | 01/10/2023 | 30/09/2028 | |||
| 2891071 | Studentship | EP/Y52878X/1 | 01/10/2023 | 30/09/2027 | Michael Groom |