200 research outputs found
Uncertainty and Confidence in Safety Logic
Abstract Reasoning about system safety requires reasoning about confidence in safety claims. For example, DO-178B requires developers to determine the correctness of the worst-case execution time of the software. It is not possible to do this beyond any doubt. Therefore, developers and assessors must consider the limitations of execution time evidence and their effect on the confidence that can be placed in execution time figures, timing analysis results, and claims to have met timing-related software safety requirements. In this paper, we survey and assess five existing concepts that might serve as means of describing and reasoning about confidence: safety integrity levels, probability distributions of failure rates, Bayesian Belief Networks, argument integrity levels, and Baconian probability. We define use cases for confidence in safety cases, prescriptive standards, certification of component-based systems, and the reuse of safety elements both in and out of context. From these use cases, we derive requirements for a confidence framework. We assess existing techniques by discussing what is known about how well each confidence metric meets these requirements. Our results show that no existing confidence metric is ideally suited for all uses. We conclude by discussing implications for future standards and for reuse of safety elements
Measuring Confidence of Assurance Cases in Safety-Critical Domains
Evaluation of assurance cases typically requires certifiers’ domain knowledge and experience, and, as such, most software certification has been conducted manually. Given the advancement in uncertainty theories and software traceability, we envision that these technologies can synergistically be combined and leveraged to offer some degree of automation to improve the certifiers’ capability to perform software certification. To this end, we present DS4AC, a novel confidence calculation framework that 1) applies the Dempster-Shafer theory to calculate the confidence between a parent claim and its children claims; and 2) uses the vector space model to evaluate the confidence for the evidence items using traceability information. We illustrate our approach on two different applications, where safety is the key property of interest for both systems. In both cases, we use the Goal Structuring Notation to represent the respective assurance cases and provide proof of concept results that demonstrate the DS4AC framework can automate portions of the evaluation of assurance cases, thereby reducing the burden of manual certification process
The Last Decade in Review: Tracing the Evolution of Safety Assurance Cases through a Comprehensive Bibliometric Analysis
Safety assurance is of paramount importance across various domains, including
automotive, aerospace, and nuclear energy, where the reliability and
acceptability of mission-critical systems are imperative. This assurance is
effectively realized through the utilization of Safety Assurance Cases. The use
of safety assurance cases allows for verifying the correctness of the created
systems capabilities, preventing system failure. The latter may result in loss
of life, severe injuries, large-scale environmental damage, property
destruction, and major economic loss. Still, the emergence of complex
technologies such as cyber-physical systems (CPSs), characterized by their
heterogeneity, autonomy, machine learning capabilities, and the uncertainty of
their operational environments poses significant challenges for safety
assurance activities. Several papers have tried to propose solutions to tackle
these challenges, but to the best of our knowledge, no secondary study
investigates the trends, patterns, and relationships characterizing the safety
case scientific literature. This makes it difficult to have a holistic view of
the safety case landscape and to identify the most promising future research
directions. In this paper, we, therefore, rely on state-of-the-art bibliometric
tools(e.g., VosViewer) to conduct a bibliometric analysis that allows us to
generate valuable insights, identify key authors and venues, and gain a birds
eye view of the current state of research in the safety assurance area. By
revealing knowledge gaps and highlighting potential avenues for future
research, our analysis provides an essential foundation for researchers,
corporate safety analysts, and regulators seeking to embrace or enhance safety
practices that align with their specific needs and objectives
Understanding and Evaluating Assurance Cases
Assurance cases are a method for providing assurance for a system by giving an argument to justify a claim about the system, based on evidence about its design, development, and tested behavior. In comparison with assurance based on guidelines or standards (which essentially specify only the evidence to be produced), the chief novelty in assurance cases is provision of an explicit argument. In principle, this can allow assurance cases to be more finely tuned to the specific circumstances of the system, and more agile than guidelines in adapting to new techniques and applications. The first part of this report (Sections 1-4) provides an introduction to assurance cases. Although this material should be accessible to all those with an interest in these topics, the examples focus on software for airborne systems, traditionally assured using the DO-178C guidelines and its predecessors. A brief survey of some existing assurance cases is provided in Section 5. The second part (Section 6) considers the criteria, methods, and tools that may be used to evaluate whether an assurance case provides sufficient confidence that a particular system or service is fit for its intended use. An assurance case cannot provide unequivocal "proof" for its claim, so much of the discussion focuses on the interpretation of such less-than-definitive arguments, and on methods to counteract confirmation bias and other fallibilities in human reasoning
A holistic approach to the examination and analysis of evidence in Anglo-American judicial processes
This thesis is divided into three parts. Part I provides
a critique of the dominant approach to the analysis and
examination of evidence in Anglo-American writings. The
critique consists in showing that the dominant approach, on
account of its atomism, does not capture the complexity of
judicial fact-finding tasks or codify intuitive judgments about
them. Recent attempts offering either mathematical or
inductivist structures for the analysis of judicial evidence
are explained and criticized as a resurgence of interest
in atomistic analysis. Part III identifies a non-atomistic
body of thought outside the mainstream of the dominant tradition.
This body of thought is used as the starting-point for
developing a holistic approach to the examination and analysis
of evidence in Anglo-American judicial processes
A PRISMA-driven systematic mapping study on system assurance weakeners
Context: An assurance case is a structured hierarchy of claims aiming at
demonstrating that a given mission-critical system supports specific
requirements (e.g., safety, security, privacy). The presence of assurance
weakeners (i.e., assurance deficits, logical fallacies) in assurance cases
reflects insufficient evidence, knowledge, or gaps in reasoning. These
weakeners can undermine confidence in assurance arguments, potentially
hindering the verification of mission-critical system capabilities.
Objectives: As a stepping stone for future research on assurance weakeners,
we aim to initiate the first comprehensive systematic mapping study on this
subject. Methods: We followed the well-established PRISMA 2020 and SEGRESS
guidelines to conduct our systematic mapping study. We searched for primary
studies in five digital libraries and focused on the 2012-2023 publication year
range. Our selection criteria focused on studies addressing assurance weakeners
at the modeling level, resulting in the inclusion of 39 primary studies in our
systematic review.
Results: Our systematic mapping study reports a taxonomy (map) that provides
a uniform categorization of assurance weakeners and approaches proposed to
manage them at the modeling level.
Conclusion: Our study findings suggest that the SACM (Structured Assurance
Case Metamodel) -- a standard specified by the OMG (Object Management Group) --
may be the best specification to capture structured arguments and reason about
their potential assurance weakeners
Assessing relevance
This paper advances an approach to relevance grounded on patterns of material inference called argumentation schemes, which can account for the reconstruction and the evaluation of relevance relations. In order to account for relevance in different types of dialogical contexts, pursuing also non-cognitive goals, and measuring the scalar strength of relevance, communicative acts are conceived as dialogue moves, whose coherence with the previous ones or the context is represented as the conclusion of steps of material inferences. Such inferences are described using argumentation schemes and are evaluated by considering 1) their defeasibility, and 2) the acceptability of the implicit premises on which they are based. The assessment of both the relevance of an utterance and the strength thereof depends on the evaluation of three interrelated factors: 1) number of inferential steps required; 2) the types of argumentation schemes involved; and 3) the implicit premises required
Addressing uncertainty in the safety assurance of machine-learning
There is increasing interest in the application of machine learning (ML) technologies to safety-critical cyber-physical systems, with the promise of increased levels of autonomy due to their potential for solving complex perception and planning tasks. However, demonstrating the safety of ML is seen as one of the most challenging hurdles to their widespread deployment for such applications. In this paper we explore the factors which make the safety assurance of ML such a challenging task. In particular we address the impact of uncertainty on the confidence in ML safety assurance arguments. We show how this uncertainty is related to complexity in the ML models as well as the inherent complexity of the tasks that they are designed to implement. Based on definitions of uncertainty as well as an exemplary assurance argument structure, we examine typical weaknesses in the argument and how these can be addressed. The analysis combines an understanding of causes of insufficiencies in ML models with a systematic analysis of the types of asserted context, asserted evidence and asserted inference within the assurance argument. This leads to a systematic identification of requirements on the assurance argument structure as well as supporting evidence. We conclude that a combination of qualitative arguments combined with quantitative evidence are required to build a robust argument for safety-related properties of ML functions that is continuously refined to reduce residual and emerging uncertainties in the arguments after the function has been deployed into the target environment
The proof of the pudding: the presentation and proof of expert evidence in South Africa
Imagine, as one may well imagine at this time of the day, a chocolate mousse, dark and delectable, or a tempting tiramasu or a perfect pavlova. How are you going to decide which is best? Yes, indeed the actual presentation of the puddings may influence your choice, but to be able to make an informed choice, you would need to taste them. Do you have to make the choice according to your own taste, or do you have to decide which should go best with your menu for your dinner party? If you have to decide which is best, you would have to be able to rank them in relation to other mousses, tiramasus or pavlovas. You need to know the ingredients, and for a professional decision you would need some knowledge of the art of cooking. Proof in the art of cooking, science, and also in law depends on the quantum and quality of evidence or data sufficient to support a conclusion. Loevinger concludes that “[p]roof ultimately depends on the ability of the human mind to make appropriate and useful distinctions and connections among data or items of evidence”
- …