This Article 
 Bibliographic References 
 Add to: 
Toward a Formalism for Conservative Claims about the Dependability of Software-Based Systems
September/October 2011 (vol. 37 no. 5)
pp. 708-717
Peter Bishop, City University, London and Adelard LLP, London
Robin Bloomfield, City University, London and Adelard LLP, London
Bev Littlewood, City University, London
Andrey Povyakalo, City University, London
David Wright, City University, London
In recent work, we have argued for a formal treatment of confidence about the claims made in dependability cases for software-based systems. The key idea underlying this work is “the inevitability of uncertainty”: It is rarely possible to assert that a claim about safety or reliability is true with certainty. Much of this uncertainty is epistemic in nature, so it seems inevitable that expert judgment will continue to play an important role in dependability cases. Here, we consider a simple case where an expert makes a claim about the probability of failure on demand (pfd) of a subsystem of a wider system and is able to express his confidence about that claim probabilistically. An important, but difficult, problem then is how such subsystem (claim, confidence) pairs can be propagated through a dependability case for a wider system, of which the subsystems are components. An informal way forward is to justify, at high confidence, a strong claim, and then, conservatively, only claim something much weaker: “I'm 99 percent confident that the pfd is less than 10^{-5}, so it's reasonable to be 100 percent confident that it is less than 10^{-3}.” These conservative pfds of subsystems can then be propagated simply through the dependability case of the wider system. In this paper, we provide formal support for such reasoning.

[1] P.G. Bishop and R.E. Bloomfield, "The SHIP Safety Case," Proc. 14th IFAC Conf. Computer Safety, Reliability and Security, 1995.
[2] R.E. Bloomfield, P.G. Bishop, C.C.M. Jones, and P.K.D. Froome, ASCAD—Adelard Safety Case Development Manual. Adelard, 1998.
[3] J. Gorski, "Trust Case—A Case for Trustworthiness of IT Infrastructures," Proc. NATO Advanced Research Workshop Cyberspace Security and Defence: Research Issues, 2004.
[4] T.P. Kelly and R.A. Weaver, "The Goal Structuring Notation—A Safety Argument Notation," Proc. Workshop Assurance Cases Dependable Systems and Networks, 2004.
[5] J. Penny, A. Eaton, P.G. Bishop, and R.E. Bloomfield, "The Practicalities of Goal-Based Regulation," Proc. Ninth Safety-Critical Systems Symp., 2001.
[6] SW01: Regulatory Objective for Software Safety Assurance in Air Traffic Service Equipment. Civil Aviation Authority, 2001.
[7] Def-Stan 00-56, Issue 4: Safety Management Requirements for Defence Systems. Ministry of Defence, 2007.
[8] R. Bloomfield and B. Littlewood, "Multi-Legged Arguments: The Impact of Diversity Upon Confidence in Dependability Arguments," Proc. Int'l Conf. Dependable Systems and Networks, 2003.
[9] R. Bloomfield and B. Littlewood, "Confidence: Its Role in Dependability Cases for Risk Assessment," Proc. Int'l Conf. Dependable Systems and Networks, 2007.
[10] B. Littlewood and D. Wright, "The Use of Multi-Legged Arguments to Increase Confidence in Safety Claims for Software-Based Systems: A Study Based on a BBN of an Idealized Example," IEEE Trans. Software Eng., vol. 33, no. 5, pp. 347-365, May 2007.
[11] W.L. Oberkampf and J.C. Helton, "Alternative Representations of Epistemic Uncertainty," Reliability Eng. and System Safety, vol. 85, special issue, 2004.
[12] B. Littlewood and D. Wright, "Some Conservative Stopping Rules for the Operational Testing of Safety-Critical Software," IEEE Trans. Software Eng., vol. 23, no. 11, pp. 673-683, Nov. 1997.
[13] D.L. Parnas, A.J.v. Schowan, and S.P. Kwan, "Evaluation of Safety-Critical Software," Comm. ACM, vol. 33, no. 6, pp. 636-648, 1990.
[14] R.M. Cooke, "Expert Judgement," Reliability Eng. and System Safety, vol. 93, no. 5,special issue, 2008.
[15] D.M. Hunns and N. Wainwright, "Software-Based Protection for Sizewell B: The Regulator's Perspective," Proc. Nuclear Eng. Int'l., pp. 38-40, Sept. 1991.
[16] J. May, G. Hughes, and A.D. Lunn, "Reliability Estimation from Appropriate Testing of Plant Protection Software," Software Eng. J., vol. 10, no. 6, pp. 206-218, 1995.
[17] The Use of Computers in Safety-Critical Applications. HSE Books, 1998.
[18] Safety Assessment Principles for Nuclear Facilities. Health and Safety Executive, 2006.
[19] IEC61508: Functional Safety of Electrical, Electronic and Programmable Electronic Safety Related Systems, Parts 1 to 7. Int'l Electrotechnical Commission, 2000.
[20] Def-Stan 00-56, Issue 2: Hazard Analysis and Safety Classification of the Computer and Programmable Electronic Systems Elements of Defence Equipment. Ministry of Defence, 1996.
[21] R.W. Butler and G.B. Finelli, "The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software," IEEE Trans Software Eng., vol. 19, no. 1, pp. 3-12, Jan. 1993.
[22] B. Littlewood and L. Strigini, "Validation of Ultra-High Dependability for Software-Based Systems," Comm. ACM, vol. 36, no. 11, pp. 69-80, 1993.
[23] Software Considerations in Airborne Systems and Equipment Certification, DO-178B. Requirements and Technical Concepts for Aeronautics, 1992.
[24] G. Guiho and C. Hennebert, "SACEM Software Validation," Proc. 12th Int'l Conf. Software Eng., 1990.

Index Terms:
Bayesian probability, safety case, software reliability.
Peter Bishop, Robin Bloomfield, Bev Littlewood, Andrey Povyakalo, David Wright, "Toward a Formalism for Conservative Claims about the Dependability of Software-Based Systems," IEEE Transactions on Software Engineering, vol. 37, no. 5, pp. 708-717, Sept.-Oct. 2011, doi:10.1109/TSE.2010.67
Usage of this product signifies your acceptance of the Terms of Use.