Assurance and Assurance Cases
John Rushby
Slightly updated from Dependable Software Systems Engineering
(Marktoberdorf Summer School Lectures, 2016), ed. A. Pretschner,
D. Peled and T. Hutzelmann, pp. 207-236. Published by IOS Press,
Volume 50 of NATO Science for Peace and Security Series D, October
2017
An overview of my papers on
assurance cases
Abstract
Assurance provides confidence that a system will work as required and
not cause harm. Confidence is based on justified beliefs about the
system and its environment, and justification can be developed and
documented as an assurance case comprised of a structured argument
grounded on evidence. For justification to be compelling, the
argument must be indefeasible, meaning that we have so thoroughly
considered everything that can go wrong (i.e., hazards to the system
and defeaters to the argument) that there is no new information that
could change our assessment.
I show how the obligation for indefeasible justification can guide
construction and interpretation of the argument and the evidence in an
assurance case and how confidence in the case translates to bounds on
the risk posed by the system.
Assurance requires predictability in
both the system and its environment; I speculate how credible
assurance may be provided for recent and forthcoming systems where
both kinds of predictability may be lacking.
PDF
Slides
Lecture 1
Lecture 2
Lecture 3
Lecture 4
Lecture 5
BibTeX Entry
@INCOLLECTION{Rushby17:Marktoberdorf,
AUTHOR = {John Rushby},
TITLE = {Assurance and Assurance Cases},
BOOKTITLE = {Dependable Software Systems Engineering
(Marktoberdorf Summer School Lectures, 2016)},
PUBLISHER = {IOS Press},
YEAR = 2017,
EDITOR = {A. Pretschner and D. Peled and T. Hutzelmann},
PAGES = {207--236},
MONTH = oct,
SERIES = {Volume 50 of NATO Science for Peace and Security Series D}
}
Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page