A Taxonomy of Real-World Defeaters in Safety Assurance Cases
Usman Gohar, Michael C. Hunter, Myra B. Cohen, Robyn R. Lutz
TL;DR
Safety-critical CPS assurance cases are vulnerable to defeaters that undermine claim validity. The authors conduct a systematic literature review and thematic analysis to derive a seven-category defeater taxonomy, grounded in real-world cases. They validate the taxonomy with an initial application to a sUAS case and release open artifacts to support adoption. The framework aims to standardize defeater analysis, improving robustness and regulatory confidence, with future work on empirical validation and tool support.
Abstract
The rise of cyber-physical systems in safety-critical domains calls for robust risk-evaluation frameworks. Assurance cases, often required by regulatory bodies, are a structured approach to demonstrate that a system meets its safety requirements. However, assurance cases are fraught with challenges, such as incomplete evidence and gaps in reasoning, called defeaters, that can call into question the credibility and robustness of assurance cases. Identifying these defeaters increases confidence in the assurance case and can prevent catastrophic failures. The search for defeaters in an assurance case, however, is not structured, and there is a need to standardize defeater analysis. The software engineering community thus could benefit from having a reusable classification of real-world defeaters in software assurance cases. In this paper, we conducted a systematic study of literature from the past 20 years. Using open coding, we derived a taxonomy with seven broad categories, laying the groundwork for standardizing the analysis and management of defeaters in safety-critical systems. We provide our artifacts as open source for the community to use and build upon, thus establishing a common framework for understanding defeaters.