A PRISMA-driven systematic mapping study on system assurance weakeners

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Information and Software Technology Pub Date : 2024-07-20 DOI:10.1016/j.infsof.2024.107526

Kimya Khakzad Shahandashti , Alvine B. Belle , Timothy C. Lethbridge , Oluwafemi Odu , Mithila Sivakumar

{"title":"A PRISMA-driven systematic mapping study on system assurance weakeners","authors":"Kimya Khakzad Shahandashti , Alvine B. Belle , Timothy C. Lethbridge , Oluwafemi Odu , Mithila Sivakumar","doi":"10.1016/j.infsof.2024.107526","DOIUrl":null,"url":null,"abstract":"<div><h3>Context:</h3><p>An assurance case is a structured hierarchy of claims aiming at demonstrating that a mission-critical system supports specific requirements (e.g., safety, security, privacy). The presence of assurance weakeners (i.e., assurance deficits, logical fallacies) in assurance cases reflects insufficient evidence, knowledge, or gaps in reasoning. These weakeners can undermine confidence in assurance arguments, potentially hindering the verification of mission-critical system capabilities which could result in catastrophic outcomes (e.g., loss of lives). Given the growing interest in employing assurance cases to ensure that systems are developed to meet their requirements, exploring the management of assurance weakeners becomes beneficial.</p></div><div><h3>Objective:</h3><p>As a stepping stone for future research on assurance weakeners, we aim to initiate the first comprehensive systematic mapping study on this subject.</p></div><div><h3>Methods:</h3><p>We followed the well-established PRISMA 2020 and SEGRESS guidelines to conduct our systematic mapping study. We searched for primary studies in five digital libraries and focused on the 2012–2023 publication year range. Our selection criteria focused on studies addressing assurance weakeners from a qualitative standpoint, resulting in the inclusion of 39 primary studies in our systematic review.</p></div><div><h3>Results:</h3><p>Our systematic mapping study reports a taxonomy (map) that provides a uniform categorization of assurance weakeners and approaches proposed to manage them from a qualitative perspective. The taxonomy classifies weakeners in four categories: aleatory, epistemic, ontological, and argument uncertainty. Additionally, it classifies approaches supporting the management of weakeners in three main categories: representation, identification and mitigation approaches.</p></div><div><h3>Conclusion:</h3><p>Our study findings suggest that the SACM (Structured Assurance Case Metamodel) – a standard specified by the OMG (Object Management Group) – offers a comprehensive range of capabilities to capture structured arguments and reason about their potential assurance weakeners. Our findings also suggest novel assurance weakener management approaches should be proposed to better assure mission-critical systems.</p></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"175 ","pages":"Article 107526"},"PeriodicalIF":3.8000,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0950584924001319/pdfft?md5=5f5782fecf500fafd6a0caffa9ef549f&pid=1-s2.0-S0950584924001319-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584924001319","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Context:

An assurance case is a structured hierarchy of claims aiming at demonstrating that a mission-critical system supports specific requirements (e.g., safety, security, privacy). The presence of assurance weakeners (i.e., assurance deficits, logical fallacies) in assurance cases reflects insufficient evidence, knowledge, or gaps in reasoning. These weakeners can undermine confidence in assurance arguments, potentially hindering the verification of mission-critical system capabilities which could result in catastrophic outcomes (e.g., loss of lives). Given the growing interest in employing assurance cases to ensure that systems are developed to meet their requirements, exploring the management of assurance weakeners becomes beneficial.

Objective:

As a stepping stone for future research on assurance weakeners, we aim to initiate the first comprehensive systematic mapping study on this subject.

Methods:

We followed the well-established PRISMA 2020 and SEGRESS guidelines to conduct our systematic mapping study. We searched for primary studies in five digital libraries and focused on the 2012–2023 publication year range. Our selection criteria focused on studies addressing assurance weakeners from a qualitative standpoint, resulting in the inclusion of 39 primary studies in our systematic review.

Results:

Our systematic mapping study reports a taxonomy (map) that provides a uniform categorization of assurance weakeners and approaches proposed to manage them from a qualitative perspective. The taxonomy classifies weakeners in four categories: aleatory, epistemic, ontological, and argument uncertainty. Additionally, it classifies approaches supporting the management of weakeners in three main categories: representation, identification and mitigation approaches.

Conclusion:

Our study findings suggest that the SACM (Structured Assurance Case Metamodel) – a standard specified by the OMG (Object Management Group) – offers a comprehensive range of capabilities to capture structured arguments and reason about their potential assurance weakeners. Our findings also suggest novel assurance weakener management approaches should be proposed to better assure mission-critical systems.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

关于系统保证削弱因素的 PRISMA 驱动型系统映射研究

内涵：保证案例是一个结构化的索赔层次，旨在证明关键任务系统支持特定要求（如安全、保安、隐私）。保证案例中存在的保证弱化（即保证缺陷、逻辑谬误）反映了证据、知识或推理中的不足。这些削弱因素会破坏对保证论证的信心，可能会阻碍对关键任务系统能力的验证，从而导致灾难性后果（如生命损失）。目标：作为未来对保证弱化因素进行研究的垫脚石，我们的目标是启动关于该主题的第一项全面的系统映射研究。方法：我们遵循成熟的 PRISMA 2020 和 SEGRESS 指南开展系统映射研究。我们在五个数字图书馆中搜索了主要研究，并将重点放在 2012-2023 年的出版年份范围内。结果：我们的系统图谱研究报告了一个分类法（图谱），该分类法从定性的角度对保证弱化因素和管理这些弱化因素的方法进行了统一分类。该分类法将弱化因素分为四类：假定性、认识论、本体论和论证不确定性。结论：我们的研究结果表明，结构化保证案例元模型（SACM，Structured Assurance Case Metamodel）--OMG（对象管理组织）指定的标准--提供了全面的功能，可以捕获结构化论证并推理其潜在的保证弱化。我们的研究结果还表明，应提出新的保证弱化物管理方法，以更好地保证关键任务系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Information and Software Technology 工程技术-计算机：软件工程

CiteScore

9.10

自引率

7.70%

发文量

164

审稿时长

9.6 weeks

期刊介绍： Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.