On the Interpretation of Assurance Case Arguments

  • John RushbyEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10091)


An assurance case provides a structured argument to establish a claim for a system based on evidence about the system and its environment. I propose a simple interpretation for the overall argument that uses epistemic methods for its evidential or leaf steps and logic for its reasoning or interior steps: evidential steps that cross some threshold of credibility are accepted as premises in a classical deductive interpretation of the reasoning steps. Thus, all uncertainty is located in the assessment of evidence. I argue for the utility of this interpretation.


Formal Verification Logical Interpretation Reasoning Step Defeasible Reasoning Confirmation Measure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was partially funded by NASA under contract NNL13AA00B to The Boeing Company, and by SRI International. I benefited from many suggestions by Michael Holloway, our NASA contract monitor, but the content is solely the responsibility of the author and does not necessarily represent the official views of NASA. Thoughtful comments by the anonymous reviewers improved the presentation of this material.


  1. 1.
    RTCA, Washington, DC: DO-178C: Software Considerations in Airborne Systems and Equipment Certification (2011)Google Scholar
  2. 2.
    Society of Automotive Engineers: Aerospace Recommended Practice (ARP) 4754A: Certification Considerations for Highly-Integrated or Complex Aircraft Systems. Also issued as EUROCAE ED-79 (2010)Google Scholar
  3. 3.
    Society of Automotive Engineers: Aerospace Recommended Practice (ARP) 4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment (1996)Google Scholar
  4. 4.
    Holloway, C.M.: Explicate ’78: discovering the implicit assurance case in DO-178C. In: Parsons, M., Anderson, T. (eds.) Engineering Systems for Safety. Proceedings of 23rd Safety-critical Systems Symposium, Bristol, UK, pp. 205–225 (2015)Google Scholar
  5. 5.
    Rushby, J., Xu, X., Rangarajan, M., Weaver, T.L.: Understanding and evaluating assurance cases. NASA Contractor Report NASA/CR-2015-218802, NASA Langley Research Center (2015)Google Scholar
  6. 6.
    Toulmin, S.E.: The Uses of Argument. Cambridge University Press, Cambridge (2003). Updated edition (the original is dated 1958)CrossRefGoogle Scholar
  7. 7.
    Adams, E.W.: A Primer of Probability Logic. Center for the Study of Language and Information (CSLI), Stanford University (1998)Google Scholar
  8. 8.
    Good, I.J.: Probability and the Weighing of Evidence. Charles Griffin, London (1950)zbMATHGoogle Scholar
  9. 9.
    Good, I.J.: Weight of evidence: a brief survey. In: Bernardo, J., et al. (eds.) Bayesian Statistics 2: Proceedings of the Second Valencia International Meeting, Valencia, Spain, pp. 249–270 (1983)Google Scholar
  10. 10.
    Bovens, L., Hartmann, S.: Bayesian Epistemology. Oxford University Press, Oxford (2003)zbMATHGoogle Scholar
  11. 11.
    Earman, J.: Bayes or Bust? A Critical Examination of Bayesian Confirmation Theory. MIT Press, Cambridge (1992)Google Scholar
  12. 12.
    Dawid, A.P.: Bayes’s theorem and weighing evidence by juries. In: Swinburne, R. (ed.) Bayes’s Theorem. Proceedings of the British Academy, pp. 71–90 (2002)Google Scholar
  13. 13.
    Jeffrey, R.: Subjective Probability: The Real Thing. Cambridge University Press, Cambridge (2004)CrossRefzbMATHGoogle Scholar
  14. 14.
    Fitelson, B.: Studies in Bayesian Confirmation Theory. Ph.D. thesis, Department of Philosophy, University of Wisconsin, Madison (2001)Google Scholar
  15. 15.
    Tentori, K., Crupi, V., Bonini, N., Osherson, D.: Comparison of confirmation measures. Cognition 103, 107–119 (2007)CrossRefGoogle Scholar
  16. 16.
    Joyce, J.M.: On the plurality of probabilist measures of evidential relevance. In: Bayesian Epistemology Workshop of the 26th International Wittgenstein Symposium, Kirchberg, Austria (2003)Google Scholar
  17. 17.
    Gardner-Medwin, T.: What probability should a jury address? Significance 2, 9–12 (2005)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Littlewood, B., Wright, D.: The use of multi-legged arguments to increase confidence in safety claims for software-based systems: a study based on a BBN analysis of an idealised example. IEEE Trans. Softw. Eng. 33, 347–365 (2007)CrossRefGoogle Scholar
  19. 19.
    HUGIN Expert: Hugin home page. Accessed 2015
  20. 20.
    Hawkins, R., Kelly, T., Knight, J., Graydon, P.: A new approach to creating clear safety arguments. In: Dale, C., Anderson, T. (eds.) Advances in System Safety: Proceedings of 19th Safety-Critical Systems Symposium, pp. 3–23. Springer, London (2011)CrossRefGoogle Scholar
  21. 21.
    Hempel, C.G.: Provisoes: a problem concerning the inferential function of scientific theories. Erkenntnis 28, 147–164 (1988)CrossRefGoogle Scholar
  22. 22.
    Suppe, F.: Hempel and the problem of provisos. In: Fetzer, J.H. (ed.) Science, Explanation, and Rationality: Aspects of the Philosophy of Carl G. Hempel, pp. 186–213. Oxford University Press, Oxford (2000)Google Scholar
  23. 23.
    Earman, J., Roberts, J., Smith, S.: Ceteris paribus lost. Erkenntnis 57, 281–301 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Rushby, J., Owre, S., Shankar, N.: Subtypes for specifications: predicate subtyping in PVS. IEEE Trans. Softw. Eng. 24, 709–720 (1998)CrossRefGoogle Scholar
  25. 25.
    Zeng, F., Lu, M., Zhong, D.: Using D-S evidence theory to evaluation of confidence in safety case. J. Theor. Appl. Inform. Technol. 47, 184–189 (2013)Google Scholar
  26. 26.
    Denney, E., Pai, G., Habli, I.: Towards measurement of confidence in safety cases. In: Fifth International Symposium on Empirical Software Engineering and Measurement (ESEM), Banff, Canada, pp. 380–383. IEEE Computer Society (2011)Google Scholar
  27. 27.
    Ossowski, S. (ed.): Agreement Technologies. Law, Governance and Technology Series, vol. 8. Springer, Heidelberg (2013)Google Scholar
  28. 28.
    Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34, 133–153 (2008)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Computer Science LaboratorySRI InternationalMenlo ParkUSA

Personalised recommendations