NASA Logo, National Aeronautics and Space Administration


AdvoCATE logo

AdvoCATE: Assurance Case Automation Toolset

Safety/assurance cases represent the state of the art in assurance technologies. Effectively, they provide an audit trail of assurance considerations from concept through operations, demonstrating that the risks associated with a specific system concern (such as safety, security, etc.) have been identified, are well-understood, have been appropriately controlled, and that there are processes in place to monitor the performance and effectiveness of the risk management measures. Thus, safety/assurance cases are risk management artifacts whose purpose is to convince the various stakeholders of a system, including the regulatory authority, that the system has been designed to be safe, is operated safely, and that it meets the required assurance properties.

Engineered atop formal foundations, the Assurance Case Automation Toolset (AdvoCATE) supports the development and management of safety/assurance cases, providing novel capabilities in automating their production, with applicability to safety-critical applications in general (e.g., nuclear power, road and rail transportation, defense, medical devices, etc.), and aviation systems in particular.

AdvoCATE 1.0

Built as an Eclipse application, AdvoCATE 1.0 mainly focuses on the construction and manipulation of the structured argument component of safety/assurance cases. It provides:
  • Manual creation and editing of assurance arguments in the Goal Structuring Notation (GSN)
  • User-customizable metadata.
  • Structuring of arguments using modules and hierarchy.
  • Formal methods integration
  • Assembly of manually-created and auto-generated assurance argument fragments.
  • Semi-automated creation of arguments through argument pattern instantiation.
  • Computation of argument metrics
  • Logical querying

AdvoCATE 2.0

AdvoCATE 2.0 is an Eclipse application that targets a broader scope of assurance activities than AdvoCATE 1.0. AdvoCATE 2.0 facilitates creating safety/assurance cases (as opposed to only the underlying structured arguments) and, more broadly, organizing project assurance activities. It is architected around an integrated assurance model that combines hazard analysis, requirements, structured arguments, barrier models (bow tie diagrams), and verification artifacts. All the capabilities of AdvoCATE 1.0 are (or will be) available in AdvoCATE 2.0, with some of those being re-engineered from the ground up. Additional capabilities include:
  • Hazard analysis and risk assessment:
    • Conducting hazard identification
    • Specification of hazard causes and consequences
    • Assessment of initial and residual risk levels given in terms of probability and severity
  • Capture of risk reduction and assurance requirements
  • Safety architecture modeling using modules and hierarchy.
  • Traceability and consistency between related artifacts, e.g., between
    • Entries in the hazard log and the relevant assurance requirements
    • Arguments and the corresponding requirements, verification artifacts, etc.
  • Assurance analytics, e.g., status of assurance activities, presented on customizable dashboards; additionally, generated views to visualize aggregated status of assurance artifacts.

Applications

AdvoCATE has been used in the development of safety cases for real unmanned aircraft systems (UAS), and their operations. Those safety cases successfully underwent regulatory scrutiny and evaluation, resulting in the grant of operational approval to conduct UAS flight operations in the US National Airspace.

References

Updated January 2018


Active Members

Ewen Denney
Ganesh Pai
Iain Whiteside
Louis (Greg) Detweiler

Past Members

Josef Pohl
Atef Suleiman
Peter Tran

Other Contributors

Dwight Naylor
Sarah Bass
Alejandro Fernandez
Gregory Han

First Gov logo
NASA Logo - nasa.gov