Reasoning About Confidence and Uncertainty in Assurance Cases: A Survey

  • Lian Duan
  • Sanjai Rayadurgam
  • Mats P. E. Heimdahl
  • Anaheed Ayoub
  • Oleg Sokolsky
  • Insup Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9062)


Assurance cases are structured logical arguments supported by evidence that explain how systems, possibly software systems, satisfy desirable properties for safety, security or reliability. The confidence in both the logical reasoning and the underlying evidence is a factor that must be considered carefully when evaluating an assurance case; the developers must have confidence in their case before the system is delivered and the assurance case reviewer, such as a regulatory body, must have adequate confidence in the case before approving the system for use. A necessary aspect of gaining confidence in the assurance case is dealing with uncertainty, which may have several sources. Uncertainty, often impossible to eliminate, nevertheless undermines confidence and must therefore be sufficiently bounded. It can be broadly classified into two types, aleatory (statistical) and epistemic (systematic). This paper surveys how researchers have reasoned about uncertainty in assurance cases. We analyze existing literature to identify the type of uncertainty addressed and distinguish between qualitative and quantitative approaches for dealing with uncertainty.


  1. 1.
    Ayoub, A., Chang, J., Sokolsky, O., Lee, I.: Assessing the overall sufficiency of safety arguments. In: Safety-Critical Systems Club (2013)Google Scholar
  2. 2.
    Ayoub, A., Kim, B.G., Lee, I., Sokolsky, O.: A systematic approach to justifying sufficient confidence in software safety arguments. In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP 2012. LNCS, vol. 7612, pp. 305–316. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33678-2_26 CrossRefGoogle Scholar
  3. 3.
    Bender, M., Maibaum, T., Lawford, M., Wassyng, A.: Positioning verification in the context of software/system certification. In: Proceedings of the 11th International Workshop on Automated Verification of Critical Systems (2011)Google Scholar
  4. 4.
    Bertolino, A., Strigini, L.: Assessing the risk due to software faults: estimates of failure rate versus evidence of perfection. Softw. Testing Verification Reliab. 8(3), 155–166 (1998)CrossRefGoogle Scholar
  5. 5.
    Bishop, P., Bloomfield, R., Littlewood, B., Povyakalo, A., Wright, D.: Towards a formalism for conservative claims about the dependability of software-based systems. IEEE Trans. Softw. Eng. 37(5), 708–717 (2011)CrossRefGoogle Scholar
  6. 6.
    Bloomfield, R., Bishop, P.: Safety and assurance cases: past, present, and possible future - an adelard perspective. In: Making Systems Safe (2010)Google Scholar
  7. 7.
    Bloomfield, R.E., Littlewood, B., Wright, D.: Confidence: its role in dependability cases for risk assessment. In: International Conference on Dependable Systems and Networks (2007)Google Scholar
  8. 8.
    Chapman, R.: Safety assurance for embedded software in infusion pumps. In: Presented as a Keynote Talk at FHIES/SEHC (2014)Google Scholar
  9. 9.
    Cyra, L., G\(\acute{o}\)rski, J.: Supporting expert assessment of argument structures in trust cases. In: 9th International Probability Safety Assessment and Management Conference PSAM (2008)Google Scholar
  10. 10.
    Denney, E., Pai, G., Habli, I.: Towards measurement of confidence in safety cases. In: 2011 International Symposium on Empirical Software Engineering and Measurement (2011)Google Scholar
  11. 11.
    Goodenough, J.B., Weinstock, C.B., Klein, A.Z.: Toward a theory of assurance case confidence. Technical report, Carnegie Mellon (2012)Google Scholar
  12. 12.
    Greenwell, W.S., Knight, J.C., Holloway, C.M., Pease, J.J.: A taxonomy of fallacies in system safety arguments. In: International System Safety Conference (2006)Google Scholar
  13. 13.
    Grigorova, S., Maibaum, T.S.E.: Taking a page from the law books: considering evidence weight in evaluating assurance case confidence. In: Software Reliability Engineering Workshops (2013)Google Scholar
  14. 14.
    Hawkins, R.D., Kelly, T., Knight, J., Graydon, P.: A new approach to creating clear safety arguments. In: Advances in Systems Safety (2011)Google Scholar
  15. 15.
    Hawkins, R.D., Kelly, T.P.: Software safety assurance - what is sufficient? In: 4th IET International Conference on Systems Safety (2009)Google Scholar
  16. 16.
    Jøsang, A., Grandison, T.: Conditional inference in subjective logic. In: Proceedings of the 6th International Conference on Information Fusion (2003)Google Scholar
  17. 17.
    Kelly, T.: Arguing safety-a systematic approach to safety case management. PhD thesis, The University of York (1998)Google Scholar
  18. 18.
    Kelly, T.: Reviewing assurance arguments - a step-by-step approach. In: Safety Management Requirements for Defence System (2007)Google Scholar
  19. 19.
    Der Kiureghian, A., Ditlevsen, O.: Aleatory or epistemic? does it matter? J. Struct. Safety 31(2), 105–112 (2008)CrossRefGoogle Scholar
  20. 20.
    Knight, J.: Private e-mail communication (2014)Google Scholar
  21. 21.
    Leveson, N.: Cost-effective safety certification of software-intensive systems. In: Seventh Software Certification Consortium (2011)Google Scholar
  22. 22.
    Littlewood, B., Wright, D.: The use of multilegged arguments of increase confdience in safety claims for software-based sytems: a study based on a BBN analysis of an idealized example. IEEE Trans. Software Eng. 33(5), 347–365 (2007)CrossRefGoogle Scholar
  23. 23.
    Rodes, B.D., Knight, J.C., Wasson, K.S.: A security metric based on security arguments. In: WETSoM 2014 (2014)Google Scholar
  24. 24.
    Rushby, J.: Formalism in safety cases. In: Dale, C., Anderson, T. (eds.) Making Systems Safer, pp. 3–17. Springer, London (2010)CrossRefGoogle Scholar
  25. 25.
    Rushby, J.: Logic and epistemology in safety cases. In: Proceedings of SafeComp, p. 32 (2013)Google Scholar
  26. 26.
    Strigini, L.: Engineering judgement in reliability and safety and its limits: what can we learn from research in psychology. Technical report, Centre for Software Reliability Technical report (1996)Google Scholar
  27. 27.
    Swiler, L.P., Paez, T.L., Mayes, R.L.: Epistemic uncertainty quantification tutorial. In: Proceedings of the IMAC-XXVII (2009)Google Scholar
  28. 28.
    Toulmin, S.: The Uses of Argument. Cambridge University Press, Cambridge (1958)Google Scholar
  29. 29.
    Weaver, R., Fenn, J., Kelly, T.: A pragmatic approach to reasoning about the assurance of safety arguments. In: 8th Australian Workshop on Safety Critical Systems and Software (SCS 2003) (2003)Google Scholar
  30. 30.
    Wilkinson, P.: The use of safety cases in certification and regulation by Nancy Leveson a review by Peter Wilkinson. Technical report, US Chemical Safety Board (2014)Google Scholar
  31. 31.
    Zhao, X., Zhang, D., Lu, M., Zeng, F.: A new approach to assessment of confidence in assurance cases. In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP 2012. LNCS, vol. 7613, pp. 79–91. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33675-1_7 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Lian Duan
    • 1
  • Sanjai Rayadurgam
    • 1
  • Mats P. E. Heimdahl
    • 1
  • Anaheed Ayoub
    • 2
  • Oleg Sokolsky
    • 2
  • Insup Lee
    • 2
  1. 1.University of MinnesotaMinneapolisUSA
  2. 2.University of PennsylvaniaPhiladelphiaUSA

Personalised recommendations