Ed Roberts provided an overview of Steven Toulmin’s argumentation work as well as and in-depth look at ARM (Argument Metamodel) from the OMG (Object Management Group). Also discussed was a brief look at the SAEM (Software Assurance Evidence Model) which (along with ARM) forms the basis for adoption of standards by the RT&ES Forum for Assurance Case technologies.
Rance DeLong spoke on his continuing work on MILS architecture and how one can combine “assured” components into larger aggregates that are “assured” by construction according to specific rules.
Dr. Matsuno from the University of Tokyo presented their work, D-Case, on Assurance Cases under the umbrella of the DEOS project. They presented their soon-to-be-released Assurance Case development tool which has been implemented under the Eclipse framework. Also presented was their formulating process by which they develop Assurance Cases. They received feedback from the Forum on their process and tooling.
In the afternoon, Dr. Matsuno presented a dependability/assurance case from several different aspects including the following elements of their proposed assurance case: process, patterns, and projects.
Joe Jarzombek from DHS presented and led a good discussion on the importance of software assurance particularly from a known vulnerabilities and cybersecurity perspective. He also covered the importance of tools in being able to determine whether known vulnerabilities were addressed during software development and at run-time.
Edwin Lee, Raytheon covered The Open Group Pocket Guide to Open Systems Architecture, the purpose of which is to provide a dynamic executive-level guide to Open Systems Architecture; highlighting the landscape, the applications for specific architecture, and the business value in general for Open Systems Architecture. The RT&ES Wiki is used as the latest reference for the current work. Glen Logan, DoD Biometrics, US Army, covered the MOSA architecture framework.
There was consensus from the Forum that the Assurance Case would be the technology, and indeed had de facto industry support, that was an encompassing technique for capturing precise (e.g., Formal Mathematical Methods) as well as less precise assurance arguments for target systems. The Assurance Case can capture arguments and data at all the different stages of design and development and would be a good way forward to incorporate into our best practices.
Coordinate with Dr. Matsuno and his development effort to make sure that both their processes and tools would be useful and available to Forum members.
There will be follow-up conference calls and online web conferencing sessions hosted by RT&ES to advance much of the work that was started or furthered in these sessions.