Abstract
Arguments about the safety, security, and correctness of a complex system are often made in the form of an assurance case. An assurance case is a structured argument, often represented with a graphical interface, that presents and supports claims about a system's behavior. The argument may combine different kinds of evidence to justify its top level claim. While assurance cases deliver some level of guarantee of a system's correctness, they lack the rigor that proofs from formal methods typically provide. Furthermore, changes in the structure of a model during development may result in inconsistencies between a design and its assurance case. Our solution is a framework for automatically generating assurance cases based on 1) a system model specified in an architectural design language, 2) a set of logical rules expressed in a domain specific language that we have developed, and 3) the results of other formal analyses that have been run on the model. We argue that the rigor of these automatically generated assurance cases exceeds those of traditional assurance case arguments because of their more formal logical foundation and direct connection to the architectural model.
- Adelard. ASCE. http://www.adelard.com/asce/ .Google Scholar
- N. Basir, E. Denney, and B. Fischer. Deriving safety cases for hierarchical structure in model-based development. In E. Schoitsch, editor, Proceedings of the 2010 International Conference on Computer Safety, Reliability, and Security (SAFECOMP), volume 6351 of Lecture Notes in Computer Science, pages 68--81. Springer, 2010. Google Scholar
Digital Library
- P. Bishop, R. Bloomfield, and L. Cyra. Combining testing and proof to gain high assurance in software. In ISSRE 2013, November 2013.Google Scholar
- Boeing. Unmanned Little Bird. http://www.boeing.com/boeing/rotorcraft/military/ulb/.Google Scholar
- D. D. Cofer, A. Gacek, S. P. Miller, M. W. Whalen, B. LaValley, and L. Sha. Compositional verification of architectural models. In A. E. Goodloe and S. Person, editors, Proceedings of the 4th NASA Formal Methods Symposium (NFM 2012), volume 7226, pages 126--140, Berlin, Heidelberg, April 2012. Springer-Verlag. Google Scholar
Digital Library
- S. Cruanes, G. Hamon, S. Owre, and N. Shankar. Tool integration with the evidential tool bus. In R. Giacobazzi, J. Berdine, and I. Mastroeni, editors, Verification, Model Checking, and Abstract Interpretation, volume 7737 of Lecture Notes in Computer Science, pages 275--294. Springer Berlin Heidelberg, 2013.Google Scholar
- L. Cyra and J. Górski. Supporting compliance with security standards by trust case templates. In 2007 International Conference on Dependability of Computer Systems (DepCoS-RELCOMEX 2007), June 14-16, 2007, Szklarska Poreba, Poland, pages 91--98. IEEE Computer Society, 2007. Google Scholar
Digital Library
- Defense Advanced Research Projects Agency. High-Assurance Cyber Military Systems. http://www.darpa.mil/Our_Work/I2O/Programs/High-Assurance_Cyber_Military_Systems_(HACMS).aspx.Google Scholar
- E. Denney and G. Pai. Evidence arguments for using formal methods in software certification. In IEEE International Workshop on Software Certification (WoSoCer 2013), November 2013.Google Scholar
Cross Ref
- E. Denney and G. Pai. A formal basis for safety case patterns. In Proceedings of the 2013 International Conference on Computer Safety, Reliability and Security (SAFECOMP), September 2013.Google Scholar
Digital Library
- E. Denney, G. Pai, and J. Pohl. AdvoCATE: An assurance case automation toolset. In Proceedings of the 2012 International Conference on Computer Safety, Reliability, and Security (SAFECOMP), pages 8--21, Berlin, Heidelberg, 2012. Springer-Verlag. Google Scholar
Digital Library
- P. H. Feiler and D. P. Gluch. Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis & Design Language. Addison-Wesley Professional, 1st edition, 2012. Google Scholar
Digital Library
- O. Gilles and J. Hugues. Expressing and enforcing user-defined constraints of AADL models. Engineering of Complex Computer Systems, IEEE International Conference on, 0:337--342, 2010. Google Scholar
Digital Library
- J. Goodenough, C. Weinstock, and A. Klein. Toward a theory of assurance case confidence. Technical Report Carnegie Mellon University/SEI-2012-TR-002, Software Engineering Institute, Carnegie Mellon University, September 2012.Google Scholar
Cross Ref
- P. Graydon, J. Knight, and E. Strunk. Assurance based development of critical systems. In 2007 International Symposium on Dependable Systems and Networks (DSN), June 2007. Google Scholar
Digital Library
- W. Greenwell, J. Knight, C. M. Holloway, and J. Pease. A taxonomy of fallacies in system safety arguments. In 24th International System Safety Conference, August 2006.Google Scholar
- GSN. GSN community standard version 1. http://www.goalstructuringnotation.info/documents/GSN_Standard.pdf, November 2011.Google Scholar
- R. Hawkins, K. Clegg, R. Alexander, and T. Kelly. Using a software safety argument pattern catalogue: Two case studies. In Proceedings of the 2011 International Conference on Computer Safety, Reliability and Security (SAFECOMP), September 2011. Google Scholar
Digital Library
- R. Hawkins, I. Habli, T. Kelly, and J. McDermid. Assurance cases and prescriptive software safety certification: A comparative study. Safety Science, 59:55--71, 2013.Google Scholar
Cross Ref
- R. D. Hawkins and T. P. Kelly. A Systematic Approach for Developing Software Safety Arguments. In Proceedings of the 2009 International System Safety Conference (ISSC), 2009.Google Scholar
- T. Kelley. Concepts and principles of compositional safety case construction. Technical Report COMSA/2001/1/1, The University of York, 2001.Google Scholar
- T. Kelly. Arguing Safety - A Systematic Approach to Managing Safety Cases. PhD thesis, University of York, 1998.Google Scholar
- T. Kelly and J. McDermid. Safety case construction and reuse using patterns. In Proceedings of the 1997 International Conference on Computer Safety, Reliability, and Security (SAFECOMP), 1997.Google Scholar
Cross Ref
- T. Kelly and R. Weaver. The goal structuring notation - a safety argument notation. In Proceedings of the Dependable Systems and Networks 2004 Workshop on Assurance Cases, July 2004.Google Scholar
- G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP '09, pages 207--220, New York, NY, USA, 2009. ACM. Google Scholar
Digital Library
- Y. Matsuno, H. Takamura, and Y. Ishikawa. A dependability case editor with pattern library. In HASE, pages 170--171. IEEE Computer Society, 2010. Google Scholar
Digital Library
- S. P. Miller, M. W. Whalen, and D. D. Cofer. Software model checking takes off. Commun. ACM, 53(2):58--64, Feb. 2010. Google Scholar
Digital Library
- NASA. Certware. http://nasa.github.io/CertWare/.Google Scholar
- Rockwell Collins. Resolute. https://github.com/smaccm/smaccm.Google Scholar
- Software Engineering Institute, Carnegie Mellon University. OSATE. http://www.aadl.info/aadl/currentsite/tool/osate.html.Google Scholar
- L. Sun, O. Lisagor, and T. Kelly. Justifying the validity of safety assessment models with safety case patterns. In Proceedings of the 6th IET System Safety Conference, September 2011.Google Scholar
Cross Ref
Index Terms
Resolute: an assurance case language for architecture models
Recommendations
Resolute assurance arguments for cyber assured systems engineering
Destion '21: Proceedings of the Workshop on Design Automation for CPS and IoTResolute is a tool and language for embedding an assurance argument in a system architecture model and evaluating the validity of the associated evidence. In this paper we report on a number of extensions to Resolute that support systems engineers in ...
Resolute: an assurance case language for architecture models
HILT '14: Proceedings of the 2014 ACM SIGAda annual conference on High integrity language technologyArguments about the safety, security, and correctness of a complex system are often made in the form of an assurance case. An assurance case is a structured argument, often represented with a graphical interface, that presents and supports claims about ...
Two Formal Semantics of a Subset of the AADL
ICECCS '11: Proceedings of the 2011 16th IEEE International Conference on Engineering of Complex Computer SystemsThe analysis and verification of an AADL model usually requires its transformation into the meta-model of this model-checker or that schedulability analysis tool. However, one challenging problem is to prove that the transformation into the target model ...







Comments