Extending the Safety Case Concept to Address Dependability

A safety case is a well-reasoned argument, supported by evidence that a system is acceptably safe to operate in a particular context. For many, evolving a safety case in step with the design has proved to be an effective means of identifying and addressing safety concerns during a system’s lifecycle. However, ultimately safety cases address only one system attribute safety. Increasingly, the idea of extending the well-established concept of the safety case to address wider dependability concerns is being discussed. Attempting to address all dependability attributes can result in competing objectives. As a consequence, there are trade-offs among the dependability attributes that need to be resolved in order to achieve the optimum dependability characteristics for the system. Furthermore, the balance of these trade-offs can depend heavily upon the context in which the system operates. In this paper we examine the suitability of extending existing methodologies and concepts from safety case development practice to address the wider concerns of dependability arguments. We will discuss existing approaches to managing trade-offs between competing design objectives and explain how trade-offs may be supported within the Goal Structuring Notation (GSN) framework. In particular we examine how trade-off resolution during the evolution of the dependability objectives, contributes to establishing a final dependability argument.