An Overview of My Papers on Assurance Cases

John Rushby, 2017

I have several papers on assurance cases, some of which share text and diagrams, and you might wonder how they relate to each other, or whether I am plagiarizing myself. So on this page I will try to provide a guide to what I think are the significant aspects of each paper.

The various papers record the evolution of my thinking on the topic of assurance cases. The first is this Technical Report, which is updated from my part of a NASA Contractor Report developed with colleagues at Boeing. I think sections 2, 3, and 4 remain useful; they document, respectively, the origin and history of safety and assurance cases, how a section of DO-178C might be interpreted as an assurance case, and something of the notations and tools available (in 2015). Section 5, on evaluation of assurance cases, is still OK, especially for background on logic and related topics, but my thinking has developed since then.

My current thinking is that the leaves and the interior parts of an assurance case argument (viewed as a tree) should be interpreted differently from each other. The leaves concern evidence about the system and are best evaluated using methods from epistemology, whereas the interior nodes document reasoning (based on the evidence) and should be evaluated by the methods of logic. This idea is first adumbrated in my SafeComp 2013 paper.

A detailed proposal and example how evidential steps can be evaluated using the ideas and measures of Bayesian confirmation theory is developed in my AAA 2015 paper, and a comparable treatment for reasoning steps is developed in my forthcoming Shonan 2016 paper, which builds on the epistemological notion of indefeasibility.

Together, these two approaches provide an interpretation for assurance case arguments that is a systematic version of Natural Language Deductivism (NLD), as documented in my Marktoberdorf 2016 paper. NLD is the idea that an assurance case should provide a deductively valid argument; it differs from deductive proof in formal mathematics and logic in that its premises are "reasonable or plausible" rather than certain, and hence its conclusions are likewise reasonable or plausible rather than certain. The criteria of AAA 2015 systematize what it means for the premises to be "reasonable or plausible."

The Marktoberdorf 2016 paper was written before the Shonan 2016 paper and so it is not quite the best overall summary: for that, I suggest reading the AAA 2015 and Shonan 2016 papers for detail on evidential and reasoning steps, respectively, and the Marktoberdorf 2016 paper for the overall picture.

Please note that many of the papers here are slightly updated from their published form--so it's always best to get my papers from my bibliography page.


Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page