Just Enough Formality in Assurance Argument Structures.

Safety assurance cases (ACs) are structured arguments that assert the safety of cyber-physical systems. ACs use reasoning steps, or strategies, to show how a safety claim is decomposed into subclaims which are then supported by evidence. In practice, ACs are informal, and thus it is difficult to check whether these decompositions are valid and no subclaims are missed. This may lead to the approval of fallacious safety arguments and thus the deployment of unsafe systems. Fully formalizing ACs to facilitate rigorous evaluation is not realistic due to the complexity of creating and comprehending such ACs. We take an intermediate approach by formalizing several types of decomposition strategies, proving the conditions under which they are deductive, and applying them as templates that guard against common errors in ACs. We demonstrate our approach on two scenarios: creation of ACs with deductive reasoning steps and evaluation and improvement of existing ACs.