Assurance and Assurance Cases

John Rushby

Slightly updated from Dependable Software Systems Engineering (Marktoberdorf Summer School Lectures, 2016), ed. A. Pretschner, D. Peled and T. Hutzelmann, pp. 207-236. Published by IOS Press, Volume 50 of NATO Science for Peace and Security Series D, October 2017

 *NEW* An overview of my papers on assurance cases


Assurance provides confidence that a system will work as required and not cause harm. Confidence is based on justified beliefs about the system and its environment, and justification can be developed and documented as an assurance case comprised of a structured argument grounded on evidence. For justification to be compelling, the argument must be indefeasible, meaning that we have so thoroughly considered everything that can go wrong (i.e., hazards to the system and defeaters to the argument) that there is no new information that could change our assessment. I show how the obligation for indefeasible justification can guide construction and interpretation of the argument and the evidence in an assurance case and how confidence in the case translates to bounds on the risk posed by the system. Assurance requires predictability in both the system and its environment; I speculate how credible assurance may be provided for recent and forthcoming systems where both kinds of predictability may be lacking.



Lecture 1 Lecture 2 Lecture 3 Lecture 4 Lecture 5

BibTeX Entry

	AUTHOR = {John Rushby},
	TITLE = {Assurance and Assurance Cases},
	BOOKTITLE = {Dependable Software Systems Engineering
		  (Marktoberdorf Summer School Lectures, 2016)},
	YEAR = 2017,
	EDITOR = {A. Pretschner and D. Peled and T. Hutzelmann},
	PAGES = {207--236},
	MONTH = oct,
	SERIES = {Volume 50 of NATO Science for Peace and Security Series D}

Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page