Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Assurance Case Design IV&V Workshop S. R. Brown KeyLogic Inc With my thanks and appreciation Don Ohi – Project Monitor Travis Dawson – Chief.

Published byDrew Maxcy Modified over 9 years ago

Similar presentations

Presentation on theme: "Practical Assurance Case Design IV&V Workshop S. R. Brown KeyLogic Inc With my thanks and appreciation Don Ohi – Project Monitor Travis Dawson – Chief."— Presentation transcript:

1 Practical Assurance Case Design IV&V Workshop S. R. Brown KeyLogic Inc With my thanks and appreciation Don Ohi – Project Monitor Travis Dawson – Chief Engineer Bill Stanton for tolerating a lot of questions 9/2/20131

2 Why Assurance Cases State your case: What are we trying to prove How are we trying to prove it What evidence supports the proof Assurance Cases make the point Design of Assurance Support of Assurance Related to: Argumentation Safety Case GSN Standard Kelly, T.: 'Arguing Safety: A Systematic Approach to Managing Safety Cases', D.Phil Thesis, University of York (1998). Available for download from http://www-users.cs.york.ac.uk/~tpk 9/2/20132

3 State Your Case Spousal Coffee Assurance Case Top level Claim Claim Justification Perspective: Who is the stakeholder? 9/2/20133

4 Make the Argument Architectural decomposition Behavioral decomposition 9/2/20134

5 Gather the Evidence Atomic evidence 9/2/20135

6 Assurance Case Semantic Content What I get out of a cup of coffee: The assurance design is not a description of the system Assurance network needs only to go as far as necessary to provide stated assurance Strength of evidence is a constant consideration Without more information there is little basis for claim prioritization Can address risk (uncertainty) Does not support consequence 9/2/20136

7 Where to Start Testable (yes/no) Is Clearly Stated Will decompose in a useful way Lessons Learned: Look for simple and comprehensive claims Claims must be objective (yes/no) Watch out for claims that must decompose through out-of-scope domains (e.g.: reset/sideswap hardware timing) Take advantage of self-similarity, patterns and common arguments. Initially a major goal: In almost every case it is self-evident if the objective is defined. This is where perspective becomes important. Consider stakeholder needs. 9/2/20137

8 Perspectives and Planning The perspective of the assurance case is important Software lifecycle (NPR 7150) System/Human safety 09-1 System definition Project-specific A place for (almost) everything Decomposes differently than lifecycle Represent the stakeholder 9/2/20138

9 Argument: the Art of Assurance Case Some Useful decomposition classes Appeal to architecture Use software architecture to decompose to subsystems No uncertainty Appeal to Usage Use scenario to decompose to subsystems by required actions Some uncertainty Note: 3Q is a special case of appeal to usage Appeal to Specificity Provide detail to support a more general claim Little uncertainty Arguments describe how the child claims satisfy the parent claim but do not carry the burden of proof Some approaches require a justification for each argument but this was often redundant. Assumptions are often necessary in order that the argument is clear to a reviewer Arguments are in the context of the system Use cases can be a good basis for an Appeal to Usage. Note semantic equivalence. 9/2/20139

10 When to Stop Completeness Are all claims fully decomposed? Are all assumptions described? Depth Is there evidence that is directly relatable? Abstraction Are sub-claims at (more or less) the same level of abstraction? Is evidence ascribed at the appropriate level of abstraction? Generally the lowest level claim can be supported by one or more low level requirements. Software architecture level System-level tests and requirements are evidence too, but lower- level evidence is earlier in the project and often less ambiguous. 9/2/201310

11 Top Down or Bottom Up? GSN Standard describes both methods, then tosses in a third – use both. Practical use dictates that both are necessary for IV&V Top level claims provide the entire motivation for the assurance case Evidence is determined by a combination of artifacts and IV&V analysis. 9/2/201311

12 GENERIC PBRA Summary GNC Driver 9/2/201312

13 Using the Assurance Cases with PBRA We can map scenario steps to the assurance case because we used them for decomposition Semantically, it seems that scenarios map to arguments (decomp by behavior), and scenario steps map to claims. 9/2/201313

14 Odd topics Where does static code analysis fit into the picture? Certainly provides assurance in some sense Applies to the product in general but traceable to architectural components Claim: “Module XYZ is free of implementation flaws” How does uncertainty fit into the picture? IEEE15026 assumes there is a way to combine the independent (and ill- defined) components of uncertainty, or at least specify uncertainty. Even if we could calculate uncertainty, would it be a Good Thing? Would broad categories be sufficient? 9/2/201314

15 And now for something you will really like Hot spots for development Algorithmic blind spots Scoring or ranking system Real project testbed Is a practical S/C assurance case possible? Is a practical S/C assurance case useful? Is it difficult to write top-level claims? Is it difficult to develop arguments for decomposition? Can this be a uniform and systematic process for each project? Yes Yes – if well-designed Not at all Only in a few cases Structured GSN Re-usability of assurance design 9/2/201315

Download ppt "Practical Assurance Case Design IV&V Workshop S. R. Brown KeyLogic Inc With my thanks and appreciation Don Ohi – Project Monitor Travis Dawson – Chief."

Similar presentations

Mapping Assurance to the Software Engineering Process Alfred H. Kromholz, Ph.D. The MITRE Corporation mitre.org+1-703.883.7331 Copyright © 2004.

Mapping Assurance to the Software Engineering Process Alfred H. Kromholz, Ph.D. The MITRE Corporation mitre.org Copyright © 2004.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
IT Requirements Capture Process. Motivation for this seminar Discovering system requirements is hard. Formally testing use case conformance is hard. We.

IT Requirements Capture Process. Motivation for this seminar Discovering system requirements is hard. Formally testing use case conformance is hard. We.
Evaluating Requirements. Outline Brief Review Stakeholder Review Requirements Analysis Summary Activity 1.

Evaluating Requirements. Outline Brief Review Stakeholder Review Requirements Analysis Summary Activity 1.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Practical Business Modeling in the Unified Process Tom Morgan Software Architect, Fidelity National Information Services

Practical Business Modeling in the Unified Process Tom Morgan Software Architect, Fidelity National Information Services
Software Architecture for DSD DSD Team. Overview What is software architecture and why is it so important? The role of architecture in determining system.

Software Architecture for DSD DSD Team. Overview What is software architecture and why is it so important? The role of architecture in determining system.
The Role of Software Engineering Brief overview of relationship of SE to managing DSD risks 1.

The Role of Software Engineering Brief overview of relationship of SE to managing DSD risks 1.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Domain-Specific Software Engineering (DSSE). Software Engineering Concerns  There are many of them  “Classical” software architecture research has focused.

Domain-Specific Software Engineering (DSSE). Software Engineering Concerns  There are many of them  “Classical” software architecture research has focused.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Business Area Analysis Focus: Domain View (selected business area) Goals: –Isolate functions and procedures that allow the area to meet its goals –Define.

Business Area Analysis Focus: Domain View (selected business area) Goals: –Isolate functions and procedures that allow the area to meet its goals –Define.
Notion of a Project Notes from OOSE Slides - modified.

Notion of a Project Notes from OOSE Slides - modified.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 5 Slide 1 Review 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 5 Slide 1 Review 1.
1 Objective of today’s lesson S oftware engineering occurs as a consequence of a process called system engineering. Instead of concentrating solely on.

1 Objective of today’s lesson S oftware engineering occurs as a consequence of a process called system engineering. Instead of concentrating solely on.
Industrial Avionics Working Group 19/04/07 Block, OSL and MSL Safety Argument Modules.

Industrial Avionics Working Group 19/04/07 Block, OSL and MSL Safety Argument Modules.
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem
Software Quality Assurance For Software Engineering && Architecture and Design.

Software Quality Assurance For Software Engineering && Architecture and Design.
IV&V Facility Model-based Design Verification IVV Annual Workshop September, 2009 Tom Hempler.

IV&V Facility Model-based Design Verification IVV Annual Workshop September, 2009 Tom Hempler.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Similar presentations

Ads by Google