Toward a Formalism for Conservative Claims about the Dependability of Software-Based Systems

In recent work, we have argued for a formal treatment of confidence about the claims made in dependability cases for software-based systems. The key idea underlying this work is "the inevitability of uncertainty": It is rarely possible to assert that a claim about safety or reliability is true with certainty. Much of this uncertainty is epistemic in nature, so it seems inevitable that expert judgment will continue to play an important role in dependability cases. Here, we consider a simple case where an expert makes a claim about the probability of failure on demand (pfd) of a subsystem of a wider system and is able to express his confidence about that claim probabilistically. An important, but difficult, problem then is how such subsystem (claim, confidence) pairs can be propagated through a dependability case for a wider system, of which the subsystems are components. An informal way forward is to justify, at high confidence, a strong claim, and then, conservatively, only claim something much weaker: "I'm 99 percent confident that the pfd is less than 10-5, so it's reasonable to be 100 percent confident that it is less than 10-3." These conservative pfds of subsystems can then be propagated simply through the dependability case of the wider system. In this paper, we provide formal support for such reasoning.

[1]  Bev Littlewood,et al.  Multi-legged arguments:the impact of diversity upon confidence in dependability arguments , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[2]  Roger M. Cooke,et al.  Special issue on expert judgment , 2008, Reliab. Eng. Syst. Saf..

[3]  Tim Kelly,et al.  The Goal Structuring Notation – A Safety Argument Notation , 2004 .

[4]  David Wright,et al.  The Use of Multilegged Arguments to Increase Confidence in Safety Claims for Software-Based Systems: A Study Based on a BBN Analysis of an Idealized Example , 2007, IEEE Transactions on Software Engineering.

[5]  Bev Littlewood,et al.  Validation of ultrahigh dependability for software-based systems , 1993, CACM.

[6]  Peter G. Bishop,et al.  The SHIP Safety Case , 1995 .

[7]  John H. R. May,et al.  Reliability estimation from appropriate testing of plant protection software , 1995, Softw. Eng. J..

[8]  David Wright,et al.  Some Conservative Stopping Rules for the Operational Testing of Safety-Critical Software , 1997, IEEE Trans. Software Eng..

[9]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[10]  B. Littlewood,et al.  The Use of Multi-legged Arguments to Increase Confidence in Safety Claims for Software-based Systems : a Study Based on a BBN Analysis of an Idealised Example , 2005 .

[11]  David Lorge Parnas,et al.  Evaluation of safety-critical software , 1990, CACM.

[12]  Bev Littlewood,et al.  The use of computers in safety-critical applications , 1998 .

[13]  Peter G. Bishop,et al.  The Practicalities of Goal-Based Safety Regulation , 2001 .

[14]  David Wright,et al.  Confidence: Its Role in Dependability Cases for Risk Assessment , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[15]  D. M. Hunns,et al.  Software-based protection for Sizewell B: the regulator's perspective , 1992 .

[16]  G. B. Finelli,et al.  The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software , 1993, IEEE Trans. Software Eng..

[17]  C. Hennebert,et al.  SACEM software validation , 1990, [1990] Proceedings. 12th International Conference on Software Engineering.

[18]  Jon C. Helton,et al.  Alternative representations of epistemic uncertainty , 2004, Reliab. Eng. Syst. Saf..

[19]  Janusz Górski Trust Case—A Case for Trustworthiness of IT Infrastructures , 2005 .