- This repository contains everything related to the new concept "Assurance as Code" (abbriviated ASaC) and its implementation project.
- The aim of this project is to develop a programming environment in which non-specialists can easily develop assurance cases, like "IaC" (Infrastracture as Code).
- Assurance case is very good tool for improving system/software quality. However, the cost for developing assurance case is still very high.
- The solution to this problem is to develop an environment in which programmers can freely write assurance cases like program code.
- For starters, we limited the assurance target properties to "usability".
- This is because we are assuming an ordinary web application engineer as non-assurance-case-specialist. Usability is an important element in web applications.
- In addition, any mishandling of the web console of a huge cloud service would be a major problem. Therefore, usability improvement is closely related to safety and dependability in terms of preventing human error. (recent example in Japan. Human error at the largest AWS partner company rendered many accounts inoperable.)
- Use TypeScript. Develop assurance case DSL inside TypeScript
- Internal DSL allows us to enjoy the good features of existing IDEs
- Integrate existing Testing Framework such as Jest, Puppeteer
- Test result directly provide the "evidence" part of assurance cases
- For visualisation, use existing framework like mermaid.js
- exporting SACM is another idea
- Based on the international standards for formalising "Usability"
The statements are from the GSN example.
let acSample = new AssuranceCase(new TopLevelClaim("Control system X is acceptably safe to operate."));
let doc001: FormalVerificationReport;
let doc002: automatedUITest = testModule; // TODO to be implemented by Puppeteer and/or Jest
acSample.hasContext("Operating role and context of X")
.supportedByStrategy("Argument over product and process aspects")
.supportedBySubClaim("All identified hazards have been eliminated or sufficiently mitigated.")
.supportedByStrategy("Argument over each identified hazard")
.supportedBySubClaim("Hazard H1 has been eliminated.")
.supportedByEvidence(doc001)
.supportedBySubClaim("Hazard H2 has been eliminated.")
.supportedByEvidence(doc002)
.supportedBySubClaim("Software in the Control System has been developed to SIL appropriate to hazards involved.")
.markedUndeveloped();- Shuji Kinoshita. ASsurance as Code (ASaC). SAFECOMP 2023, Position Paper, Sep 2023, Toulouse, France. ⟨hal-04191767⟩
- ISO/IEC JTC 1/SC 7.: ISO/IEC/IEEE 15026-2:2022 Systems and software engineering ― Systems and software assurance ― Part 2: Assurance case. ISO (2022).
This project is supported by Centre for Software Reliability (CSR) at City, University of London. This repository's owner, Shuji Kinoshita, promoted this project during his stay at the CSR as a visiting fellow.