Representing Confidence in Assurance Case Evidence
نویسندگان
چکیده
When evaluating assurance cases, being able to capture the confidence one has in the individual evidence nodes is crucial, as these values form the foundation for determining the confidence one has in the assurance case as a whole. Human opinions are subjective, oftentimes with uncertainty—it is difficult to capture an opinion with a single probability value. Thus, we believe that a distribution best captures a human opinion such as confidence. Previous work used a doubly-truncated normal distribution or a Dempster-Shafer theory-based belief mass to represent confidence in the evidence nodes, but we argue that a beta distribution is more appropriate. The beta distribution models a variety of shapes and we believe it provides an intuitive way to represent confidence. Furthermore, there exists a duality between the beta distribution and subjective logic, which can be exploited to simplify mathematical calculations. This paper is the first to apply this duality to assurance
منابع مشابه
Reasoning About Confidence and Uncertainty in Assurance Cases: A Survey
Assurance cases are structured logical arguments supported by evidence that explain how systems, possibly software systems, satisfy desirable properties for safety, security or reliability. The confidence in both the logical reasoning and the underlying evidence is a factor that must be considered carefully when evaluating an assurance case; the developers must have confidence in their case bef...
متن کاملAssurance and Assurance Cases
Assurance provides confidence that a system will work as required and not cause harm. Confidence is based on justified beliefs about the system and its environment, and justification can be developed and documented as an assurance case comprised of a structured argument grounded on evidence. For justification to be compelling, the argument must be indefeasible, meaning that we have so thoroughl...
متن کاملA Framework for Reasoning about Assurance
Informed decisions about security depend upon a complex set of factors related to both assurance and risk. In this paper we argue for a new definition of assurance, specifically describing its relationship to measurements of risk or security. The following definition expands the traditional definition of assurance to include a broad range of evidence, while narrowing the scope to a specific typ...
متن کاملUsing argumentation to evaluate software assurance standards
Context: Many people and organisations rely upon software safety and security standards to provide confidence in software intensive systems. For example, people rely upon the Common Criteria for Information Technology Security Evaluation to establish justified and sufficient confidence that an evaluated information technology product’s contributions to security threats and threat management are...
متن کاملAssurance Cases for Proofs as Evidence
Proof-carrying code (PCC) provides a “gold standard” for establishing formal and objective confidence in program behavior. However, in order to extend the benefits of PCC – and other formal certification techniques – to realistic systems, we must establish the correspondence of a mathematical proof of a program’s semantics and its actual behavior. In this paper, we argue that assurance cases ar...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015