The Case For Maintaining Assurance Cases
نویسنده
چکیده
When we build and maintain safety-, mission-, or security-critical systems, we are usually constrained by regulations or acquisition guidelines that require us to provide a documented body of evidence that the system satisfies specified critical properties. In other words, we must construct an “assurance case” to convince the purchaser or user of the system’s suitability or quality. However, in building such high-quality software and balancing many objectives, it has become painfully clear that the resulting software is brittle: small changes in the software itself, the hardware and software environment, or in its operational use, can have unexpected and significant (unwanted) effects. Unfortunately, assurance cases for software are often even more brittle than the software itself. This presentation will address the challenges we confront in preserving the quality of the assurance cases as we maintain the quality of the associated software. It is critical that we make progress in addressing these challenges as software continues to become a fundamental enabling technology for 21st-century society. Biography Chuck Howell is Consulting Engineer for Software Assurance in the Center for Innovative Computing and Informatics at the MITRE Corporation in McLean, Virginia, USA. The Center focuses on exploring, evaluating, and applying advanced information technologies in critical systems for a wide range of government organizations. His current interests include techniques to calibrate and reduce residual doubt about the behavior of critical systems, and approaches to making software intensive systems more robust (i.e., less fragile). Howell is the author of the article on “Dependability” in John Wiley & Sons’ Second Edition of the Encyclopedia of Software Engineering, and is the coauthor (with Shari Lawrence Pfleeger and Les Hatton) of Solid Software (Prentice Hall, 2001). He is a Senior Member of the IEEE. Proceedings of the International Conference on Software Maintenance (ICSM’03) 1063-6773/03 $17.00 © 2003 IEEE
منابع مشابه
A Methodology for Security Assurance Driven Development
In this work we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special em...
متن کاملReviewing Assurance Arguments – A Step-By-Step Approach
An assurance case based regime requires a strong review element. Typically, one party is responsible for preparing the assurance case. Another party (the certification authority) is responsible for accepting the assurance case. Assurance cases are, by their nature, often subjective. The objective of assurance case development, therefore, is to obtain mutual acceptance of this subjective positio...
متن کاملComparison between complications of vascular surgery procedures with and without aPPT assessment and protamine sulfate reversal
Abstract Background: Thrombosis will occur due to contact of blood with unepithelialized surfaces after vascular clamping and also blood stasis during vascular surgery. Heparin is administered to prevent thrombosis. The aPTT test is used for assurance of the anticoagulative effect of heparin. At the end of the operation heparin is neutralized by protamine sulfate in some centers. In this study...
متن کاملThe future of goal-based assurance cases
Most regulations and guidelines for critical systems require a documented case that the system will meet its critical requirements, which we call an assurance case. Increasingly, the case is made using a goal-based approach, where claims are made (or goals are set) about the system and arguments and evidence are presented to support those claims. In this paper we describe Adelard’s approach to ...
متن کاملSafety.Lab: Model-Based Domain Specific Tooling for Safety Argumentation
Assurance cases capture the argumentation that a system is safe by putting together pieces of evidence at different levels of abstraction and of different nature. Managing the interdependencies between these artefacts lies at the heart of any safety argument. Keeping the assurance case complete and consistent with the system is a manual and very ressource consuming process. Current tools do not...
متن کاملStatus of Measles Elimination from the Reported Outbreaks: Fars Province, 2001–03
Background: The status of measles elimination is best summarized by evaluation of the effective reproduction number R; maintaining R < 1 is necessary and sufficient to achieve elimination. In the present article, we estimated reproduction number for the measles data reported for the Fars province of Iran in 2001–03. Methods: We estimated by using sizes and durations of chains of measles transm...
متن کامل