NASA Formal Methods

Volume 7871 of the series Lecture Notes in Computer Science pp 478-483

Hierarchical Safety Cases

  • Ewen DenneyAffiliated withLancaster UniversitySGT / NASA Ames Research Center
  • , Ganesh PaiAffiliated withLancaster UniversitySGT / NASA Ames Research Center
  • , Iain WhitesideAffiliated withCarnegie Mellon UniversitySchool of Informatics, University of Edinburgh

* Final gross prices may vary according to local VAT.

Get Access


The development of a safety case has become common practice for the certification of systems in many safety-critical domains, but large safety cases still remain difficult to develop, evaluate and maintain. We propose hierarchical safety cases (hicases) as a technique to overcome some of the difficulties that arise in manipulating industrial-size safety arguments. This paper introduces and motivates hicases, lays their formal foundations and relates them to other safety case concepts. Our approach extends the existing Goal Structuring Notation (GSN) with abstraction mechanisms that allow viewing the safety case at different levels of detail.


Abstraction Automation Formal methods Hierarchy Safety assurance Safety cases