Our Next Joint Meeting with the Baltimore SIGAda Chapter
is scheduled for
Thursday, 11 March 2004 at 7:30 P.M.
Scott Ankrum, of The MITRE Corportion
will be speaking on
at the DC SIGAda Venue
(MITRE 2, McLean, Virginia)
The presentation will start at 7:30 P.M. (Refreshments and Social at 7:00 P.M.) at the new MITRE 2 Building in McLean, Virginia
Munchies and soft drinks will be served at 7:00 PM, the general meeting will start at 7:30 PM, followed by the program.
For safety-, or security, or mission-critical systems, there are typically regulations or acquisition guidelines requiring a documented body of evidence to provide a compelling justification that the system satisfies specified critical properties. Traditionally called safety case, certification case, security case… we collectively call them assurance cases.
Existing frameworks for constructing and evaluating assurance cases often provide excruciating detail about the final table of contents but offer little about how to identify, collect, merge, and analyze technical evidence. In other words, current frameworks suggest the detailed outline of the final product (the assurance case) but leave the truly meaningful and challenging aspects of arguing assurance for the developers and reviewers to work out. When we look closely at the output from today’s frameworks, we find that they generate large volumes of data without offering guidance for navigation or analysis. That is, we end up with long, flat collections of minimally-structured text that do not easily reveal the nature of the arguments themselves.
Assurance cases often result in “squandered diagnostic resources.” Rather than offer rigorous guidance for identifying, gathering and evaluating technical evidence, they simply require “casting a wide net” to amass evidence. Given the considerable resources needed for developing and assessing systems that require an assurance argument, such poor resource allocation can substantially impede the actual software development process. Moreover, there is a risk that key sources of evidence may be ignored or buried in the sheer volume of details captured. Finally, assurance case frameworks address new software development but rarely consider the larger lifecycle, including how to maintain confidence as the software evolves. Once an assurance case is completed, assessed, and approved, there is little attention paid to maintaining the assurance case as the software itself changes and evolves. Assurance cases can be even more brittle than the software itself.
The purpose of the Assurance Frameworks research task is to explore the concept of notations and tool support for developing, reviewing, maintaining and reusing an assurance case. A central assertion of the investigation is that this has value whether it is for a safety-critical, a security-critical or a business-critical system. This presentation outlines the work we have done on this research project, what we plan to do further, and some of our preliminary conclusions.
Assurance Frameworks are starting to be valuable to the Ada community as Ada is becoming an important implementation language for applications requiring high levels of integrity and assurance frameworks.
T. Scott Ankrum has been a project manager, software designer and developer and has almost 30 years of experience in many aspects of computing, from mainframe systems to distributed systems development and client/server design. He has managed projects and led development teams, and has been personally involved in software development from requirements definition to final testing. Mr. Ankrum is working in software development process improvement and assessment at the MITRE Corporation, where he is leading the Assurance Frameworks research task. He holds a B.S. degree in Computer Science from American University and a Master of Software Engineering degree from the University of Maryland. He is a member of the Association for Computing Machinery (ACM), the IEEE Computer Society, an the American Society for Quality (ASQ). He is currently the chairman of the local ASQ Software SIG. His coordinates are:
T. Scott Ankrum
The MITRE Corporation
7515 Colshire Drive
McLean, Virginia 22102-7508
+1 (703) 883-6127
FAX: +1 (703) 883-1339
MITRE2 is on Colshire Drive just inside the beltway south of Route 123.
Colshire Road is known as "Scotts Xing" on the North side of Route 123.
Colshire Road is located on Route 123, East of I-495 and West of the Dulles Access Highway.
From I-495 south of Route 123 (Dolley Madison Boulevard):
From Dulles Access Toll Road or I-495
north of the Dulles Access Toll Road:
To obtain a map of MITRE2 Building and the MITRE Campus, visit =>
At the Baltimore SIGAda meeting on 8 January 2004, Robert O'Brien gave an excellent presentation titled: Using Rational Rose RT with UML. Slides from his presentation are available online as a Powerpoint Presentation at http://www.acm.org/sigada/locals/dc/200402_RoseRealTime.ppt (ppt, 559KB).
Please provide suggestions on the Web site and its contents. We are particularly interested in ways the DC SIGAda Home Page can serve you better.
Consider subscribing to our e-mail list. Simply send an email to:
with the body containing:
subscribe SIGAda-DC Your Name
To be removed from the list, send an email request to:
with the body containing:
Please forward this message to people who might be interested in attending. We welcome all new members as our attendance and interests grow.
Many thanks to all earlier participants, contributors, speakers, advisors, and friends, who are involved in helping to produce and attend the meetings.
Jeff Castellow, Chair, DC SIGAda
If you have comments or suggestions,
email the DC SIGAda Webmaster
updated 3 March 2004