Assuring Transformative Technologies

The assurance of systems implemented with transformative technologies will usually need performance, behaviour-based evaluation approach as purely compliance-based approach will not have the necessary validated standard to be used as basis.

The requirements to support innovation and a higher tempo of rigorous assurance was one of the motivations behind Assurance 2.0. Since 2021 Assurance 2.0 has been developed and extended within the DARPA Arcos program [1] in the Clarissa project [2], a collaboration between Honeywell Aerospace, Adelard (NCC), SRI International, and the University of Texas at Dallas. The US NRC, along with other regulators and evaluators, provide an agency perspective to the program and to Clarissa. 

Clarissa assurance cases are built upon a more rigorous and demanding Claims Argument Evidence (CAE) methodology called Assurance 2.0 [3]. This simplifies the development and assessment of cases because issues that were previously treated in an ad-hoc manner and were subject to contention, misinterpretation and challenges are now made explicit and treated systematically. 

Clarissa tools provide the Assurance 2.0 foundational building blocks and automation support that ensures focus on both positive claims while actively addressing biases by searching for negative defeaters that could invalidate a claim and propagate refutations through the case. Evidence is weighed deliberately using confirmation measures that carefully distinguish between facts established by the evidence (claims about something measured) and inferences drawn from it (claims about something useful). Assurance 2.0 requires that the completed assurance case should be indefeasible whereby no credible new information would change the judgment and evaluation of the case i.e., no unresolved doubts and defeaters. 

The NRC launched a research project (HARDENS - publicly available at https://github.com/GaloisInc/HARDENS) to understand the potential of state-of-the-art digital engineering approaches applied to a reactor protection system. The longer-term NRC goal is to assess whether an adequate level of assurance be achieved without necessitating diverse redundancy. The first steps in achieving this were to 

• Demonstrate how a correct by construction approach might be applied to develop an RTS using formal verification technologies 
• Deploy Assurance 2.0 and associated Clarissa toolset to develop an assurance case 

The intent was to improve the effectiveness and efficiency of the safety evaluation process for both, the developer of the design and the evaluator (e.g., a certification authority or its designated agent). In this talk I would outline Assurance 2.0 and illustrate how it has been applied to a correct by construction research pilot and consider the lessons learnt from advance assurance approaches and transformative technologies. 

[1] Defense Advanced Research Projects Agency (DARPA).Automated Rapid Certification Of Software (ARCOS). [Online]. Available: https://www.darpa.mil/program/ automated- rapid- certification- of- software 

[2] Varadarajan S, Bloomfield R, Rushby J, Gupta G, Murugesan A, Stroud R, Netkachova K, Wong IH. CLARISSA: Foundations, Tools & Automation for Assurance Cases. In2023 IEEE/AIAA 42nd Digital Avionics Systems Conference (DASC) 2023 Oct 1 (pp. 1-10). IEEE. 

[3] R. Bloomfield and J. Rushby, “Assurance 2.0: A manifesto,” arXiv preprint arXiv:2004.10474, 2021. [Online]. Available: https://arxiv.org/abs/2004.10474v3 Acknowledgments: The case study benefitted greatly from interactions with the Hardens project led by J Kiniry, Galois; Sushil Birla and Derek Halverson of the US NRC; and my colleagues in the Clarissa project

Robin E Bloomfield is a founder of the specialist safety and security consultancy Adelard, now part of NCC Group. He is also a full Professor at City, University of London. His work in safety and security in the past 35 years has combined policy formulation, technical consulting and underpinning research. He was elected a Fellow of the Royal Academy of Engineering in 2014 in recognition of his international leadership in the engineering of safety-critical systems containing software. He is a major contributor to the development of the assurance and safety case approach and the use of claims, arguments and evidence (CAE) and the extension of this work to security and critical infrastructures. Over the past 5 years he has been working on the policy and technical aspects of assuring safety and security systems deploying AI and Machine Learning.  He is developing Assurance 2.0 with John Rushby of SRI and is currently leading Adelard’s work within a Darpa project on tool support for Assurance 2.0 and the automation of certification.  His early career was in the UK CEGB working on nuclear control and protection systems.