City Research Online

Abstract

For safety-critical systems, high confidence that the system will operate without dangerous failure is required for certification and licensing. Evidence of operation without such failures can support such confidence. However, collecting enough operational evidence might be expensive. Changes to the system, its environment, or the way it is used can exacerbate the problem, as evidence that supports confidence in safety before the change seems no longer relevant after the change. Our motivation is to produce safety arguments for the system after a change by applying pre-change operational evidence, if there are convincing reasons for some confidence that the change did not degrade safety. This thesis is a substantial addition to previous work in this area.

There are standards and guidelines that allow the use of pre-change evidence for safety demonstration after a change, e.g., “proven in use” arguments. However, these guidelines do not specify how much weight to give to the pre-change evidence, risking over-optimistic claims. This thesis studies how much any pre-change evidence should be “discounted” compared to the evidence collected after the change.

Bayesian inference is the standard way to integrate evidence from different sources. We have applied “Conservative Bayesian Inference” (CBI), to avoid the common problem of specifying a hard-to-justify detailed prior distribution for the variables of interest. In CBI, instead, information about the system is used to select a set of acceptable priors, and choose, prudently, the most conservative posterior claim (prediction) from the set generated from these acceptable priors and the observed evidence of operation and failures.

CBI requires assessors to translate their knowledge prior to system operation into suitable mathematical constraints to define the set of acceptable priors. We show examples of the effects of different mathematical statements of apparently similar prior information on the
posterior measures of interest, which in this thesis are: the posterior confidence in the probability of failure on demand satisfying a required upper bound, and the posterior post-change reliability.

The main contributions of this thesis are: a) new examples of such arguments for post-change system dependability claims, using post-change evidence alongside weighted pre-change evidence, for new scenarios (combinations of constraints on priors and kind of dependability claim); b) in particular, extensive study of a new mathematical form of constraints on priors, “Unconditional Improvement” (UI), which produces, in a broad set of practical situations, more accurate, less pessimistic claims than previously published; and c) highlighting through these examples the impact on post-change dependability claims of how exactly assessors translate their information about the change into a mathematical specification of the constraints on their priors.

Publication Type:	Thesis (Doctoral)
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology > Computer Science School of Science & Technology > School of Science & Technology Doctoral Theses Doctoral Theses

Export

Downloads