The Experts below are selected from a list of 210 Experts worldwide ranked by ideXlab platform
Richard Hawkins - One of the best experts on this subject based on the ideXlab platform.
-
a pattern for arguing the Assurance of machine learning in medical diagnosis systems
International Conference on Computer Safety Reliability and Security, 2019Co-Authors: Chiara Picardi, Richard Hawkins, Colin Paterson, Ibrahim HabliAbstract:Machine Learning offers the potential to revolutionise healthcare with recent work showing that machine-learned algorithms can achieve or exceed expert human performance. The adoption of such systems in the medical domain should not happen, however, unless sufficient Assurance can be demonstrated. In this paper we consider the implicit Assurance argument for state-of-the-art systems that uses machine-learnt models for clinical diagnosis, e.g. retinal disease diagnosis. Based upon an assessment of this implicit argument we identify a number of additional Assurance considerations that would need to be addressed in order to create a compelling Assurance Case. We present an Assurance Case pattern that we have developed to explicitly address these Assurance considerations. This pattern may also have the potential to be applied to a wide class of critical domains where ML is used in the decision making process.
-
model based system Assurance using the structured Assurance Case metamodel
Journal of Systems and Software, 2019Co-Authors: Ran Wei, Tim Kelly, Xiaotian Dai, Shuai Zhao, Richard HawkinsAbstract:Abstract Assurance Cases are used to demonstrate confidence in system properties of interest (e.g. safety and/or security). A number of system Assurance approaches are adopted by industries in the safety-critical domain. However, the task of constructing Assurance Cases remains a manual, lenghty and informal process. The Structured Assurance Case Metamodel (SACM) is a standard specified by the Object Management Group (OMG). SACM provides a richer set of features than existing system Assurance languages/approaches. SACM provides a foundation for model-based system Assurance, which bears great application potentials in growing technology domains such as Open Adaptive Systems. However, the intended usage of SACM has not been sufficiently explained. In addition, there has not been support to interoperate between existing Assurance Case (models) and SACM models. In this article, we explain the intended usage of SACM based on our involvement in the OMG specification process of SACM. In addition, to promote a model-based approach, we provide SACM compliant metamodels for existing system Assurance approaches (the Goal Structuring Notation and Claims-Arguments-Evidence), and the transformations from these models to SACM. We also briefly discuss the tool support for model-based system Assurance which helps practitioners make the transition from existing system Assurance approaches to model-based system Assurance using SACM.
-
model based system Assurance using the structured Assurance Case metamodel
arXiv: Software Engineering, 2019Co-Authors: Ran Wei, Tim Kelly, Xiaotian Dai, Shuai Zhao, Richard HawkinsAbstract:Assurance Cases are used to demonstrate confidence in system properties of interest (e.g. safety and/or security). A number of system Assurance approaches are adopted by industries in the safety-critical domain. However, the task of constructing Assurance Cases remains a manual, trivial and informal process. The Structured Assurance Case Metamodel (SACM) is a standard specified by the Object Management Group (OMG). SACM provides a richer set of features than existing system Assurance languages/approaches. SACM provides a foundation for model-based system Assurance, which has great potentials in growing technology domains such as Open Adaptive Systems. However, the intended usage of SACM has not been sufficiently explained. In addition, there has been no support to interoperate between existing Assurance Case (models) and SACM models. In this article, we explain the intended usage of SACM based on our involvement in the OMG specification process of SACM. In addition, to promote a model-based approach, we provide SACM compliant metamodels for existing system Assurance approaches (the Goal Structuring Notation and Claims-Arguments-Evidence), and the transformations from these models to SACM. We also briefly discuss the tool support for model-based system Assurance which helps practitioners to make the transition from existing system Assurance approaches to model-based system Assurance using SACM.
-
weaving an Assurance Case from design a model based approach
High-Assurance Systems Engineering, 2015Co-Authors: Richard Hawkins, Ibrahim Habli, Dimitris Kolovos, Richard F Paige, Tim KellyAbstract:Assurance Cases are used to demonstrate confidence in properties of interest for a system, e.g. For safety or security. A model-based Assurance Case seeks to bring the benefits of model-driven engineering, such as automation, transformation and validation, to what is currently a lengthy and informal process. In this paper we develop a model-based Assurance approach, based on a weaving model, which allows integration between Assurance Case, design and process models and meta-models. In our approach, the Assurance Case itself is treated as a structured model, with the aim that all entities in the Assurance Case become linked explicitly to the models that represent them. We show how it is possible to exploit the weaving model for automated generation of Assurance Cases. Building upon these results, we discuss how a seamless model-driven approach to Assurance Cases can be achieved and examine the utility of increased formality and automation.
Ibrahim Habli - One of the best experts on this subject based on the ideXlab platform.
-
a pattern for arguing the Assurance of machine learning in medical diagnosis systems
International Conference on Computer Safety Reliability and Security, 2019Co-Authors: Chiara Picardi, Richard Hawkins, Colin Paterson, Ibrahim HabliAbstract:Machine Learning offers the potential to revolutionise healthcare with recent work showing that machine-learned algorithms can achieve or exceed expert human performance. The adoption of such systems in the medical domain should not happen, however, unless sufficient Assurance can be demonstrated. In this paper we consider the implicit Assurance argument for state-of-the-art systems that uses machine-learnt models for clinical diagnosis, e.g. retinal disease diagnosis. Based upon an assessment of this implicit argument we identify a number of additional Assurance considerations that would need to be addressed in order to create a compelling Assurance Case. We present an Assurance Case pattern that we have developed to explicitly address these Assurance considerations. This pattern may also have the potential to be applied to a wide class of critical domains where ML is used in the decision making process.
-
perspectives on Assurance Case development for retinal disease diagnosis using deep learning
Artificial Intelligence in Medicine in Europe, 2019Co-Authors: Chiara Picardi, Ibrahim HabliAbstract:We report our experience with developing an Assurance Case for a deep learning system used for retinal disease diagnosis and referral. We investigate how an Assurance Case could clarify the scope and structure of the primary argument and identify sources of uncertainty. We also explore the need for an Assurance argument pattern that could provide developers with a reusable template for communicating and structuring the different claims and evidence and clarifying the clinical context rather than merely focusing on meeting or exceeding performance measures.
-
weaving an Assurance Case from design a model based approach
High-Assurance Systems Engineering, 2015Co-Authors: Richard Hawkins, Ibrahim Habli, Dimitris Kolovos, Richard F Paige, Tim KellyAbstract:Assurance Cases are used to demonstrate confidence in properties of interest for a system, e.g. For safety or security. A model-based Assurance Case seeks to bring the benefits of model-driven engineering, such as automation, transformation and validation, to what is currently a lengthy and informal process. In this paper we develop a model-based Assurance approach, based on a weaving model, which allows integration between Assurance Case, design and process models and meta-models. In our approach, the Assurance Case itself is treated as a structured model, with the aim that all entities in the Assurance Case become linked explicitly to the models that represent them. We show how it is possible to exploit the weaving model for automated generation of Assurance Cases. Building upon these results, we discuss how a seamless model-driven approach to Assurance Cases can be achieved and examine the utility of increased formality and automation.
Insup Lee - One of the best experts on this subject based on the ideXlab platform.
-
Assurance Case patterns for cyber physical systems with deep neural networks
International Conference on Computer Safety Reliability and Security, 2020Co-Authors: Ramneet Kaur, Oleg Sokolsky, Radoslav Ivanov, Matthew Cleaveland, Insup LeeAbstract:With the increasing use of deep neural networks (DNNs) in the safety-critical cyber-physical systems (CPS), such as autonomous vehicles, providing guarantees about the safety properties of these systems becomes ever more important. Tools for reasoning about the safety of DNN-based systems have started to emerge. In this paper, we show that Assurance Cases can be used to argue about the safety of CPS with DNNs by proposing Assurance Case patterns that are amenable to the existing evidence generation tools for these systems. We use Case studies of two different autonomous driving scenarios to illustrate the use of the proposed patterns for the construction of these Assurance Cases.
-
representation of confidence in Assurance Cases using the beta distribution
High-Assurance Systems Engineering, 2016Co-Authors: Lian Duan, Sanjai Rayadurgam, Mats P E Heimdahl, Oleg Sokolsky, Insup LeeAbstract:Assurance Cases are used to document an argument that a system -- such as a critical software system -- satisfies some desirable property (e.g., safety, security, or reliability). Demonstrating high confidence that the claims made based on an Assurance Case can be trusted is crucial to the success of the Case. Researchers have proposed quantification of confidence as a Baconian probability ratio of eliminated concerns about the Assurance Case to the total number of identified concerns. In this paper, we extend their work by mapping this discrete ratio to a continuous probability distribution -- a beta distribution -- enabling different visualizations of the confidence in a claim. Further, the beta distribution allows us to quantify and visualize theuncertainty associated with the expressed confidence. Additionally, by transforming the Assurance Case into a reasoning structure, we show how confidence calculations can be performed using beta distributions.
-
representing confidence in Assurance Case evidence
International Conference on Computer Safety Reliability and Security, 2014Co-Authors: Lian Duan, Sanjai Rayadurgam, Mats P E Heimdahl, Oleg Sokolsky, Insup LeeAbstract:When evaluating Assurance Cases, being able to capture the confidence one has in the individual evidence nodes is crucial, as these values form the foundation for determining the confidence one has in the Assurance Case as a whole. Human opinions are subjective, oftentimes with uncertainty—it is difficult to capture an opinion with a single probability value. Thus, we believe that a distribution best captures a human opinion such as confidence. Previous work used a doubly-truncated normal distribution or a Dempster-Shafer theory-based belief mass to represent confidence in the evidence nodes, but we argue that a beta distribution is more appropriate. The beta distribution models a variety of shapes and we believe it provides an intuitive way to represent confidence. Furthermore, there exists a duality between the beta distribution and subjective logic, which can be exploited to simplify mathematical calculations. This paper is the first to apply this duality to Assurance Cases.
-
Assurance Cases in model driven development of the pacemaker software
Leveraging Applications of Formal Methods, 2010Co-Authors: Eunkyoung Jee, Insup Lee, Oleg SokolskyAbstract:We discuss the construction of an Assurance Case for the pacemaker software. The software is developed following a model-based technique that combined formal modeling of the system, systematic code generation from the formal model, and measurement of timing behavior of the implementation. We show how the structure of the Assurance Case reflects our development approach.
Iain Whiteside - One of the best experts on this subject based on the ideXlab platform.
-
The role of safety architectures in aviation safety Cases
Reliability Engineering & System Safety, 2019Co-Authors: Ewen Denney, Ganesh Pai, Iain WhitesideAbstract:Abstract We develop a notion of safety architecture (SA), based on an extension to Bow Tie Diagrams (BTDs), to characterize the overall scope of the mitigation measures undertaken to provide safety Assurance at both design time and during operations. We motivate the need for SAs, whilst also illustrating their application and utility in the context of aviation systems, through an example based upon a safety Case for an unmanned aircraft system mission that successfully underwent regulatory scrutiny. We elaborate how SAs fit into our overall safety Assurance methodology, also discussing the key role they play in conjunction with structured Assurance arguments to provide a more comprehensive basis for the associated safety Case. We give a formal semantics as a basis for implementing both BTDs and SAs in our Assurance Case tool, AdvoCATE, describing the functionality afforded to support both the related safety analysis and subsequent development activities, e.g., enforcement of well-formedness properties, computation of residual risk, and model-based views and transformations.
-
modeling the safety architecture of uas flight operations
International Conference on Computer Safety Reliability and Security, 2017Co-Authors: Ewen Denney, Ganesh Pai, Iain WhitesideAbstract:We develop a notion of safety architecture, based on an extension to bow tie diagrams, to characterize the overall scope of the mitigation measures undertaken to provide safety Assurance in the context of unmanned aircraft systems. We use a formal semantics as a basis for implementation in our Assurance Case tool, AdvoCATE. We also describe the functionality that a safety architecture affords to support both the related safety analysis and subsequent development activities. We motivate the need for a safety architecture through an example based upon a real safety Case, whilst also illustrating its application and utility. Additionally, we discuss its role, when combined with structured arguments, in providing a more comprehensive basis for the associated safety Case.
Ewen Denney - One of the best experts on this subject based on the ideXlab platform.
-
The role of safety architectures in aviation safety Cases
Reliability Engineering & System Safety, 2019Co-Authors: Ewen Denney, Ganesh Pai, Iain WhitesideAbstract:Abstract We develop a notion of safety architecture (SA), based on an extension to Bow Tie Diagrams (BTDs), to characterize the overall scope of the mitigation measures undertaken to provide safety Assurance at both design time and during operations. We motivate the need for SAs, whilst also illustrating their application and utility in the context of aviation systems, through an example based upon a safety Case for an unmanned aircraft system mission that successfully underwent regulatory scrutiny. We elaborate how SAs fit into our overall safety Assurance methodology, also discussing the key role they play in conjunction with structured Assurance arguments to provide a more comprehensive basis for the associated safety Case. We give a formal semantics as a basis for implementing both BTDs and SAs in our Assurance Case tool, AdvoCATE, describing the functionality afforded to support both the related safety analysis and subsequent development activities, e.g., enforcement of well-formedness properties, computation of residual risk, and model-based views and transformations.
-
Tool support for Assurance Case development
Automated Software Engineering, 2018Co-Authors: Ewen Denney, Ganesh PaiAbstract:Argument-based Assurance Cases , often represented and organized using graphical argument structures , are increasingly being used in practice to provide Assurance to stakeholders, e.g., regulatory authorities, that a system is acceptable for its intended use with respect to dependability and safety concerns. In general, comprehensive system-wide Assurance arguments aggregate a substantial amount of diverse information, such as the results of safety analysis, requirements analysis, design, verification and other engineering activities. Although a variety of Assurance Case tools exist, many desirable operations on argument structures such as hierarchical and modular abstraction, argument pattern instantiation, and inclusion/extraction of richly structured information have limited to no automation support. To close this automation gap, over the past four years we have been developing a toolset for Assurance Case automation, AdvoCATE, at the NASA Ames Research Center. This paper describes how AdvoCATE is being engineered atop formal foundations for Assurance Case argument structures, to provide unique capabilities for: ( a ) automated creation and assembly of Assurance arguments, ( b ) integration of formal methods into wider Assurance arguments, ( c ) automated pattern instantiation, ( d ) hierarchical abstraction, ( e ) queries and views, and ( f ) verification of arguments. We (and our colleagues) have used AdvoCATE in real projects for safety Assurance, in the context of unmanned aircraft systems.
-
modeling the safety architecture of uas flight operations
International Conference on Computer Safety Reliability and Security, 2017Co-Authors: Ewen Denney, Ganesh Pai, Iain WhitesideAbstract:We develop a notion of safety architecture, based on an extension to bow tie diagrams, to characterize the overall scope of the mitigation measures undertaken to provide safety Assurance in the context of unmanned aircraft systems. We use a formal semantics as a basis for implementation in our Assurance Case tool, AdvoCATE. We also describe the functionality that a safety architecture affords to support both the related safety analysis and subsequent development activities. We motivate the need for a safety architecture through an example based upon a real safety Case, whilst also illustrating its application and utility. Additionally, we discuss its role, when combined with structured arguments, in providing a more comprehensive basis for the associated safety Case.
-
advocate an Assurance Case automation toolset
International Conference on Computer Safety Reliability and Security, 2012Co-Authors: Ewen Denney, Ganesh Pai, Josef PohlAbstract:We present AdvoCATE, an Assurance Case Automation ToolsEt, to support the automated construction and assessment of safety Cases. In addition to manual creation and editing, it has a growing suite of automated features. In this paper, we highlight its capabilities for (i) inclusion of specific metadata, (ii) translation to and from various formats, including those of other widely used safety Case tools, (iii) composition, with auto-generated safety Case fragments, and (iv) computation of safety Case metrics which, we believe, will provide a transparent, quantitative basis for assessment of the state of a safety Case as it evolves. The tool primarily supports the Goal Structuring Notation (GSN), is compliant with the GSN Community Standard Version 1, and the Object Modeling Group Argumentation Metamodel (OMG ARM).
