Evolution of Formal Model-Based Assurance Cases for Autonomous Robots

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11724)


An assurance case should carry sufficient evidence for a compelling argument that a system fulfils its guarantees under specific environmental assumptions. Assurance cases are often subject of maintenance, evolution, and reuse. In this paper, we demonstrate how evidence of an assurance case can be formalised, and how an assurance case can be refined using this formalisation to increase argument confidence and to react to changing operational needs. Moreover, we propose two argument patterns for construction and extension and we implement these patterns using the generic proof assistant Isabelle. We illustrate our approach for an autonomous mobile ground robot. Finally, we relate our approach to international standards (e.g. DO-178C, ISO 26262) recommending the delivery and maintenance of assurance cases.


Assurance case Formal verification Refinement Autonomous robot Integrated formal methods Model-based engineering 



This work is partly supported by the EPSRC projects CyPhyAssure7, grant reference EP/S001190/1, and RoboCalc, grant reference EP/M025756/1.


  1. 1.
    Basir, N.: Safety cases for the formal verification of automatically generated code. Ph.D. thesis, University of Southampton (2010)Google Scholar
  2. 2.
    Bate, I., Kelly, T.: Architectural considerations in the certification of modular systems. Reliab. Eng. Syst. Saf. 81(3), 303–324 (2003). Scholar
  3. 3.
    Brucker, A.D., Ait-Sadoune, I., Crisafulli, P., Wolff, B.: Using the isabelle ontology framework. In: Rabe, F., Farmer, W.M., Passmore, G.O., Youssef, A. (eds.) CICM 2018. LNCS (LNAI), vol. 11006, pp. 23–38. Springer, Cham (2018). Scholar
  4. 4.
    Calinescu, R., Weyns, D., Gerasimou, S., Iftikhar, M.U., Habli, I., Kelly, T.: Engineering trustworthy self-adaptive software with dynamic assurance cases. IEEE Trans. Softw. Eng. 44(11), 1039–1069 (2018). Scholar
  5. 5.
    Common Criteria Consortium: Common criteria for information technology security evaluation - part 1: Introduction and general model, Technical report, CCMB-2017-04-001 (2017).
  6. 6.
    Cooper, D., et al.: Tokeneer ID Station: Formal Specification, Technical report, Praxis High Integrity Systems, August 2008.
  7. 7.
    Denney, E., Pai, G., Habli, I.: Dynamic safety cases for through-life safety assurance. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. IEEE, May 2015.
  8. 8.
    Desai, A., Saha, I., Yang, J., Qadeer, S., Seshia, S.A.: DRONA: a framework for safe distributed mobile robotics. In: Proceedings of the 8th International Conference on Cyber-Physical Systems - ICCPS 2017. ACM Press (2017).
  9. 9.
    Edwards, S., Lavagno, L., Lee, E.A., Sangiovanni-Vincentelli, A.: Design of embedded systems: formal models, validation, and synthesis. Proc. IEEE 85(3), 366–90 (1997). Scholar
  10. 10.
    Foster, S., Baxter, J., Cavalcanti, A., Woodcock, J., Zeyda, F.: Unifying semantic foundations for automated verification tools in Isabelle/UTP. Submitted to Science of Computer Programming, March 2019.
  11. 11.
    Foster, S., Zeyda, F., Nemouchi, Y., Ribeiro, P., Wolff, B.: Isabelle/UTP: mechanised theory engineering for unifying theories of programming. Arch. Formal Proofs (2019).
  12. 12.
    Gleirscher, M., Carlan, C.: Arguing from hazard analysis in safety cases: a modular argument pattern. In: 18th International Symposium High Assurance Systems Engineering (HASE), January 2017.
  13. 13.
    Gleirscher, M., Foster, S., Nemouchi, Y.: Evolution of formal model based assurance cases for autonomous robots. University of York (2019). Supplemental material.
  14. 14.
    Gleirscher, M., Foster, S., Woodcock, J.: New opportunities for integrated formal methods. ACM Comput. Surv. (2019, inpress). ISSN. 0360-0300.
  15. 15.
    Gleirscher, M., Vogelsang, A., Fuhrmann, S.: A model-based approach to innovation management of automotive control systems. In: 8th International Workshop on Software Product Management (IWSPM). IEEE digital library (2014).
  16. 16.
    Hawkins, R., Habli, I., Kolovos, D., Paige, R., Kelly, T.: Weaving and assurance case from design: a model-based approach. In: Proceedings of the 16th International Symposium on High Assurance Systems Engineering. IEEE (2015)Google Scholar
  17. 17.
    Hoare, C.A.R., He, J.: Unifying Theories of Programming. Prentice-Hall, Upper Saddle River (1998)zbMATHGoogle Scholar
  18. 18.
    Jackson, M.A.: Problem Frames: Analysing and Structuring Software Development Problems. Addison-Wesley, Boston (2001)Google Scholar
  19. 19.
    Kelly, T.: Arguing Safety - A Systematic Approach to Safety Case Management, Ph.D. thesis, University of York (1998)Google Scholar
  20. 20.
    Kelly, T.P., McDermid, J.A.: Safety case construction and reuse using patterns. In: Daniel, P. (ed.) Safe Comp 97, pp. 55–69. Springer, London (1997). Scholar
  21. 21.
    Lee, E.A., Sirjani, M.: What good are models? In: Bae, K., Ölveczky, P.C. (eds.) FACS 2018. LNCS, vol. 11222, pp. 3–31. Springer, Cham (2018). Scholar
  22. 22.
    Leveson, N.G.: Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, Cambridge (2012). Engineering SystemsCrossRefGoogle Scholar
  23. 23.
    Loos, S.M., Platzer, A.: Differential refinement logic. In: Proceeding of the 31st International Symposium on Logic in Computer Science (LICS). ACM, July 2016Google Scholar
  24. 24.
    Lyons, D.M., Arkin, R.C., Jiang, S., Liu, T.M., Nirmal, P.: Performance verification for behavior-based robot missions. IEEE Trans. Robot. 31(3), 619–636 (2015). Scholar
  25. 25.
    Meyer, B.: Applying “design by contract”. IEEE Comput. 25(10), 40–51 (1992)CrossRefGoogle Scholar
  26. 26.
    Mitsch, S., Ghorbal, K., Vogelbacher, D., Platzer, A.: Formal verification of obstacle avoidance and navigation of ground robots, CoRR (2016).
  27. 27.
    Nair, S., de la Vara, J.L., Sabetzadeh, M., Falessi, D.: Evidence management for compliance of critical systems with safety standards: a survey on the state of practice. Inf. Softw. Technol. 60, 1–15 (2015). Scholar
  28. 28.
    Nemouchi, Y., Foster, S., Gleirscher, M., Kelly, T.: Mechanised assurance cases with integrated formal methods in Isabelle. In: Submitted to iFM 2019 (2019).
  29. 29.
    Nipkow, T., Wenzel, M., Paulson, L.C. (eds.): Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002). Scholar
  30. 30.
    de Oliveira, A.L., Braga, R.T., Masiero, P.C., Papadopoulos, Y., Habli, I., Kelly, T.: Supporting the automated generation of modular product line safety cases. Adv. Intell. Syst. Comput. 365, 319–330 (2015). Scholar
  31. 31.
    Palin, R., Habli, I.: Assurance of automotive safety – a safety case approach. In: Schoitsch, E. (ed.) SAFECOMP 2010. LNCS, vol. 6351, pp. 82–96. Springer, Heidelberg (2010). Scholar
  32. 32.
    Parnas, D.L., Madley, J.: Function documents for computer systems. Sci. Comput. Program. 25, 41–61 (1995)CrossRefGoogle Scholar
  33. 33.
    Platzer, A.: Differential dynamic logic for hybrid systems. J. Autom. Reasoning 41, 143–189 (2008)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Prokhorova, Y., Laibinis, L., Troubitsyna, E.: Facilitating construction of safety cases from formal models in event-B. Inf. Softw. Technol. 60, 51–76 (2015). Scholar
  35. 35.
    Rahimi, M., Xiadong, X.: A framework for software safety verification of industrial robot operations. Comput. Ind. Eng. 20(2), 279–287 (1991). Scholar
  36. 36.
    RTCA: DO-333: Formal Methods Supplement to DO-178C and DO-278A (2012)Google Scholar
  37. 37.
    Smith, R.S., Doyle, J.C.: Model validation: a connection between robust control and identification. IEEE Trans. Autom. Control 37(7), 942–952 (1992). Scholar
  38. 38.
    Spivey, J.: The Z Notation: A Reference Manual. Prentice Hall, Upper Saddle River (1992)zbMATHGoogle Scholar
  39. 39.
    Wei, R., Kelly, T., Dai, X., Zhao, S., Hawkins, R.: Model based system assurance using the structured assurance case metamodel. J. Softw. Syst. 154, 211–233 (2019)CrossRefGoogle Scholar
  40. 40.
    Woodcock, J., Davies, J.: Using Z: Specification, Refinement, and Proof. Prentice Hall, Upper Saddle River (1996)zbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of YorkYorkUK

Personalised recommendations