Critical systems should be built in a manner that makes them not only adequately dependable, but demonstrably adequately dependable. An assurance case is an argument that demonstrates how the specific evidence resulting from system development efforts (test results, results of static analysis, etc.) combine to support the conclusion that the system is adequately dependable. The assurance case moreover documents the rationale used to draw conclusions about each piece of evidence. In the event of a failure that is not a random event, this record can be examined to discover the faulty reasoning that led to the release of the flawed system, thus helping developers to redress the system?s flaws and to avoid making similar mistakes in future development efforts.
This research is developing methods for Assurance Based Development that couples the development of the system with the development of its assurance case so that explicit criteria for the dependability impact of each development decision are available at the time the decision is made. The need for assurance of dependability drives system development, leading developers to make choices that give rise to both the needed dependability and evidence of that dependability. The explicit evaluation of dependability throughout the development process also facilitates detection and avoidance of potential assurance difficulties as they arise, rather than after development is complete?when they are much harder to address. Furthermore, knowing the assurance obligation incident on each part of the system will give developers the flexibility to deploy expensive technology, such as formal verification, only on components whose assurance needs demand it.
