Abstract
Developers of a critical system must argue that the system satisfies its critical requirements — those that, if not satisfied, could result in human injury or death, substantial loss of capital, or the compromise of national security. Documenting an explicit, persuasive assurance argument is especially important when the system produced must be evaluated and approved by an independent certifier, as is often the case for safety- and security-critical systems. Past experience developing independently evaluated systems using formal methods (Moore and Payne, 1996a; Payne et al, 1994) demonstrates that the presentation of the assurance argument is as important as the rigor of the assurance evidence on which that argument is based. Formal specifications and analyses must be presented coherently in the context of the overall system decomposition or much of their power to persuade may be lost. This chapter describes and illustrates a general framework that supports gathering, integrating, presenting and reviewing the evidence that we can trust a system to conform to its critical requirements.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag London
About this chapter
Cite this chapter
Moore, A.P., Klinker, J.E., Mihelcic, D.M. (1999). How to Construct Formal Arguments that Persuade Certifiers. In: Hinchey, M.G., Bowen, J.P. (eds) Industrial-Strength Formal Methods in Practice. Formal Approaches to Computing and Information Technology (FACIT). Springer, London. https://doi.org/10.1007/978-1-4471-0523-7_13
Download citation
DOI: https://doi.org/10.1007/978-1-4471-0523-7_13
Publisher Name: Springer, London
Print ISBN: 978-1-85233-640-0
Online ISBN: 978-1-4471-0523-7
eBook Packages: Springer Book Archive