An Investigation of Proposed Techniques for Quantifying Confidence in Assurance Arguments

The use of safety cases in certification raises the question of assurance argument sufficiency and the issue of confidence (or uncertainty) in the argument's claims. Some researchers propose to model confidence quantitatively and to calculate confidence in argument conclusions. We know of little evidence to suggest that any proposed technique would deliver trustworthy results when implemented by system safety practitioners. Proponents do not usually assess the efficacy of their techniques through controlled experiment or historical study. Instead, they present an illustrative example where the calculation delivers a plausible result. In this paper, we review current proposals, claims made about them, and evidence advanced in favor of them. We then show that proposed techniques can deliver implausible results in some cases. We conclude that quantitative confidence techniques require further validation before they should be recommended as part of the basis for deciding whether an assurance argument justifies fielding a critical system

Planning the Unplanned Experiment: Towards Assessing the Efficacy of Standards for Safety-Critical Software

Safe use of software in safety-critical applications requires well-founded means of determining whether software is fit for such use. While software in industries such as aviation has a good safety record, little is known about whether standards for software in safety-critical applications 'work' (or even what that means). It is often (implicitly) argued that software is fit for safety-critical use because it conforms to an appropriate standard. Without knowing whether a standard works, such reliance is an experiment; without carefully collecting assessment data, that experiment is unplanned. To help plan the experiment, we organized a workshop to develop practical ideas for assessing software safety standards. In this paper, we relate and elaborate on the workshop discussion, which revealed subtle but important study design considerations and practical barriers to collecting appropriate historical data and recruiting appropriate experimental subjects. We discuss assessing standards as written and as applied, several candidate definitions for what it means for a standard to 'work,' and key assessment strategies and study techniques and the pros and cons of each. Finally, we conclude with thoughts about the kinds of research that will be required and how academia, industry, and regulators might collaborate to overcome the noted barriers

Planning the Unplanned Experiment: Assessing the Efficacy of Standards for Safety Critical Software

We need well-founded means of determining whether software is t for use in safety-critical applications. While software in industries such as aviation has an excellent safety record, the fact that software aws have contributed to deaths illustrates the need for justi ably high con dence in software. It is often argued that software is t for safety-critical use because it conforms to a standard for software in safety-critical systems. But little is known about whether such standards `work.' Reliance upon a standard without knowing whether it works is an experiment; without collecting data to assess the standard, this experiment is unplanned. This paper reports on a workshop intended to explore how standards could practicably be assessed. Planning the Unplanned Experiment: Assessing the Ecacy of Standards for Safety Critical Software (AESSCS) was held on 13 May 2014 in conjunction with the European Dependable Computing Conference (EDCC). We summarize and elaborate on the workshop's discussion of the topic, including both the presented positions and the dialogue that ensued

"Evidence" Under a Magnifying Glass: Thoughts on Safety Argument Epistemology

Common definitions of "safety case" emphasize that evidence is the basis of a safety argument, yet few widely referenced works explicitly define "evidence". Their examples suggest that similar things can be regarded as evidence. But the category evidence seems to contain (1) processes for finding things out, (2) information resulting from such processes, and (3) relevant documents. Moreover, any item of evidence could be replaced by further argument. Normative models of informal argumentation do not offer clear guidance on when a safety argument should cite evidence rather than appeal to a more detailed argument. Disciplines such as the law address the problem with a practical, domain-specific epistemology. In this paper, we explore these problems associated with evidence citations in safety arguments, identify goals for a theory of safety argument evidence and a practical safety argument epistemology, propose a model of safety evidence citation that advances the identified goals, and present a related extension to the Goal Structuring Notation (GSN)

Emerging Fields of Study

When I learned that CLAGS had secured an interdisciplinary program in Lesbian and Gay Studies and that the first course, An Introduction to Lesbian and Gay/Queer Studies, was to be offered in the Fall, I knew that I wanted to be in what I conceived as the first step in a much larger offering and celebration of critical ideas and counter-hegemonic discourse. I thought: finally, I won\u27t be the only student reading and thinking from a radically left, feminist, lesbian, perspective - not that all of these four leanings must in any way accompany the position of lesbian, gay or queer, or for that matter, accompany any person entering this class, they just do for me, and thankfully, I wasn\u27t the only whatever-it-is-that-l-am sitting at the table

Mechanically transformative electronics, sensors, and implantable devices

Traditionally, electronics have been designed with static form factors to serve designated purposes. This approach has been an optimal direction for maintaining the overall device performance and reliability for targeted applications. However, electronics capable of changing their shape, flexibility, and stretchability will enable versatile and accommodating systems for more diverse applications. Here, we report design concepts, materials, physics, and manufacturing strategies that enable these reconfigurable electronic systems based on temperature-triggered tuning of mechanical characteristics of device platforms. We applied this technology to create personal electronics with variable stiffness and stretchability, a pressure sensor with tunable bandwidth and sensitivity, and a neural probe that softens upon integration with brain tissue. Together, these types of transformative electronics will substantially broaden the use of electronics for wearable and implantable applications

Photonic crystals of coated metallic spheres

It is shown that simple face-centered-cubic (fcc) structures of both metallic and coated metallic spheres are ideal candidates to achieve a tunable complete photonic bandgap (CPBG) for optical wavelengths using currently available experimental techniques. For coated microspheres with the coating width to plasma wavelength ratio $l_c/\lambda_p \leq 10$ and the coating and host refractive indices $n_c$ and $n_h$, respectively, between 1 and 1.47, one can always find a sphere radius $r_s$ such that the relative gap width $g_w$ (gap width to the midgap frequency ratio) is larger than 5% and, in some cases, $g_w$ can exceed 9%. Using different coatings and supporting liquids, the width and midgap frequency of a CPBG can be tuned considerably.Comment: 14 pages, plain latex, 3 ps figures, to appear in Europhys. Lett. For more info on this subject see http://www.amolf.nl/research/photonic_materials_theory/moroz/moroz.htm

dTtc1, a conserved tetratricopeptide repeat protein, is required for maturation of Drosophila egg chambers via its role in stabilizing electron transport chain components

We recently identified the Drosophila ortholog of TTC1 (dTtc1) as an interacting partner of Egalitarian, an RNA adaptor of the Dynein motor. In order to better understand the function of this relatively uncharacterized protein, we depleted dTtc1 in the Drosophila female germline. Depletion of dTtc1 resulted in defective oogenesis and no mature eggs were produced. A closer examination revealed that mRNA cargoes normally transported by Dynein were relatively unaffected. However, mitochondria in dTtc1 depleted egg chambers displayed an extremely swollen phenotype. Ultrastructural analysis revealed a lack of cristae. These phenotypes were not observed upon disruption of Dynein. Thus, this function of dTtc1 is likely to be Dynein independent. Consistent with a role for dTtc1 in mitochondrial biology, a published proteomics screen revealed that dTtc1 interacts with numerous components of electron transport chain (ETC) complexes. Our results indicate that the expression level of several of these ETC components was significantly reduced upon depletion of dTtc1. Importantly, this phenotype was completely rescued upon expression of wild-type GFP-dTtc1 in the depleted background. Lastly, we demonstrate that the mitochondrial phenotype caused by a lack of dTtc1 is not restricted to the germline but is also observed in somatic tissues. Our model suggests that dTtc1, likely in combination with cytoplasmic chaperones, is required for stabilizing ETC components

Heat Treated NiP–SiC Composite Coatings: Elaboration and Tribocorrosion Behaviour in NaCl Solution

Tribocorrosion behaviour of heat-treated NiP and NiP–SiC composite coatings was investigated in a 0.6 M NaCl solution. The tribocorrosion tests were performed in a linear sliding tribometer with an electrochemical cell interface. It was analyzed the influence of SiC particles dispersion in the NiP matrix on current density developed, on coefficient of friction and on wear volume loss. The results showed that NiP–SiC composite coatings had a lower wear volume loss compared to NiP coatings. However, the incorporation of SiC particles into the metallic matrix affects the current density developed by the system during the tribocorrosion test. It was verified that not only the volume of co-deposited particles (SiC vol.%) but also the number of SiC particles per coating area unit (and consequently the SiC particles size) have made influence on the tribocorrosion behaviour of NiP–SiC composite coatings