John Thomas

Executive Director - Safety and Security Group Massachusetts Institute of Technology

Dr. John Thomas is on the research staff in the department of Aeronautics and Astronautics at MIT. He holds a Ph.D. from MIT in the area of systems engineering, and his bachelor's and master's degrees are in computer engineering. John's work involves creating structured processes for analyzing cyber-physical systems, especially systems that may behave in unanticipated, unsafe, or otherwise undesirable ways through complex interactions with each other and their environment. By using control theory and systems theory, more efficient and effective design and analysis processes can be created to prevent flaws that lead to unexpected and undesirable behaviors when integrated with other systems. More recently he has been applying these techniques to automated systems that are heavily dependent on human-computer interactions to achieve safety and security goals. These automated systems may not only be subject to human error--they may inadvertently induce human error through mode confusion, clumsy automation, and other mechanisms that can be difficult to anticipate. John's work also includes defining a formal structure underlying a systems-theoretic process that can be used to help ensure potentially hazardous or undesirable software behaviors are systematically identified and controlled. He has also developed algorithms to automatically generate formal executable and model-based requirements for software components as well as methods to detect flaws in an existing software specification. The same process can be applied to address security and functional goals of the system, thereby permitting the automated detection of conflicts between these and other goals during early development processes.

Pre-conference Workshop Day

Monday, March 25th, 2019


A Safety Case is a structured argument that justifies that your system is acceptably safe for aspecific application in a specific context. The Safety Case is the final document including all safety evidence that you have won from testing and analysing. The Standard for the Evaluation of Autonomous Products, UL 4600, provides a guideline on methods and techniques forbuilding and evaluating a safety argument for fully autonomous vehicles.

  • Learn on safety principles, techniques, tools and processes for writing a Safety Case
  • Brainstorm together on all evidence that needs to be collected for a good Safety Case
  • Exchange on lessons learnt and develop a good understanding on advantageous approaches to build a Safety Case

Second Conference Day

Wednesday, March 27th, 2019

9:40 AM A Systems Approach to Autonomous Vehicle Safety using STPA

  • New systems-based safety techniques like System Theoretic Process Analysis (STPA) are being used for today‘s increasingly complex and automated safety-critical systems
  • As a top-down analysis, STPA emphasizes the system‘s dynamic behavior including automation interactions and human behavior
  • This talk will demonstrate STPA applied to autonomous vehicles to identify potential design flaws, missing requirements, human interactions, and unsafe software behaviors

3:00 PM Panel Discussion: Functional Safety in Autonomous Vehicles

  • What’s the safety landscape for AV
  • Hardware and random failure risks associated with AI/Ml
  • ISO 26262 and assurance of neural network systems
  • Challenges of compliance with increasingly complex systems
  • Streamlining safety arguments
  • What is the fail-safe when a human driver is no longer in control
  • The legal perspective

Post-conference Workshop Day

Thursday, March 28th, 2019


The system theoretic process analysis (STPA) is a much discussed risk and hazard analysis method. As a top-down analysis, STPA emphasizes the system‘s dynamic behavior including automation interactions and human behavior. Join this workshop to get a hands-on approach how to perform STPA and it’s relationship to the safety of the intended functionality.

  • Get a summary of the most important aspects of the STPA: basic concepts, terminology, and process will be explained
  • Understand the difference between traditional techniques and STPA, and latter‘s advantages
  • Apply an exemplary STPA to a limited case study to demonstrate the process

Check out the incredible speaker line-up to see who will be joining John.

Download The Latest Agenda