The Comprehensive Lifecycle for Assuring System Safety – CLASS


The participants in this research project were:

  • Dependable Computing LLC, Charlottesville, VA.
  • Barron Associates, Charlottesville, VA.
  • Ferrell And Associates Consulting, Inc., Charlottesville, VA.
  • The Department of Computer Science, University of Virginia, Charlottesville, VA.

CLASS is a novel approach to the enhancement of system safety in which the system safety case becomes the focus of safety engineering throughout the system lifecycle. CLASS also expands the role of the safety case across all phases of the system’s lifetime, from concept formation to decommissioning. As CLASS has been developed, the concept has been generalized to a more comprehensive notion of assurance becoming the driving goal, where safety is an important special case.

The definition of a safety case given by the UK MoD Standard 00–56 – Safety Management Requirements for Defence Systems – is:

“The Safety Case shall consist of a structured argument, supported by a body of evidence, that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given environment.”

The structured argument referred to in this definition is a rigorous argument about properties of the subject system. The argument provides the explicit rationale for belief in a claim about the system. The claims made about the systems of interest to this research are safety claims. Nevertheless, the conclusions and concepts are influenced by and support the more general notion of assurance.

The concept of having the system safety case be the focus of safety engineering only has value if the safety case is well maintained and is always consistent with the system. If the safety case is not consistent with the system then belief in a safety claim might not be justified. Maintaining consistency establishes a property referred to as synchrony. Synchrony requires that a system and its safety case be regarded as a pair or a couple, always linked and always correctly representing one another. This notion of maintaining synchrony is one of several fundamental principles upon which CLASS is built.

CLASS was developed as a series of prototypes in an evolutionary manner. As CLASS evolved, various technologies were developed and added to CLASS with each new prototype. An important aspect of this project was the conduct of empirical studies of the concepts and ideas as they evolved. These empirical studies led to major changes to the various CLASS prototypes over the duration of the project. The major differences that arose during the development of CLASS are characterized as three phases. Phase 1 was the original concept. Phase 2 was an expanded and enhanced version of the original concept in which the notion of process dominated. Phase 3 was a further enhancement in which domain knowledge became the central focus of CLASS.

Technical topics developed as part of this research project include:

  •  A broad process approach to the system development lifecycle into which the safety case is fully integrated.
  • A comprehensive notion of monitoring that includes: (a) all aspects of the assurance and certification of the development, operational and maintenance processes, and (b) all aspects of evidence and assumptions used with the safety case that might change over time.
  • A new approach to the definition of standards, rationalized standards, in which the standard includes a complete explicit rationale for the associated guidance.
  • A variety of support tools including a GSN editor.
    • A novel form of argument, domain arguments, in which domain expertise is captured in details so that the argument truly documents the rationale of domain experts.
  • An “open source” model of domain expert engagement in the creation and maintenance of safety artifacts, including processes, domain arguments, guidance, tools, and systems. Communities enhance one another’s understanding of safety by sharing created artifacts with one another and accepting feedback from users.
  • A new approach to the rigorous use of expert judgment in assurance/safety cases.

Details of the technology of CLASS are available in the project’s publications.


List of Publications

  1. John C. Knight and Jonathan C. Rowanhill, Comprehensive Lifecycle for Assuring System Safety (CLASS), NASA Technical Report NASA/CR-2017-219359 (April 2017)
  2. Jonathan Rowanhill and John C. Knight, Domain Arguments in Safety Critical Software Development, 27th International Symposium on Software Reliability Engineering (ISSRE), Ottawa, Canada (October 2016)
  3. John C. Knight and Jonathan Rowanhill, The Indispensable Role of Rationale in Safety Standards, International Conference on Computer Safety, Reliability and Security SAFECOMP, Trondheim, Norway (September 2016)
  4. Jonathan Rowanhill, CLASS Server Toolset: Design and Implementation, Dependable Computing Technical Report TR-2016-01 (May 2016)
  5. Patrick McGee and John Knight, An Annotated Bibliography of Expert Judgment, University of Virginia, Department of Computer Science, Technical Report CS-2016-02 (May 2016)
  6. Patrick McGee and John C. Knight, Expert Judgment in Assurance Cases, 10th IET System Safety and Cyber Security Conference, Bristol UK (October 2015)
  7. John Knight, Jonathan Rowanhill, M. Anthony Aiello, and Kimberly Wasson, A Comprehensive Safety Lifecycle, ASSURE 2015: The 3rd International Workshop on Assurance Cases for Software-Intensive Systems, Delft, The Netherlands (September 2015)
  8. John Knight, Jonathan Rowanhill, and Jian Xiang, A Safety Condition Monitoring System, ASSURE 2015: The 3rd International Workshop on Assurance Cases for Software-Intensive Systems, Delft, The Netherlands (September 2015)
  9. John Knight, Jonathan Rowanhill, Uma Ferrell, Alec Bateman, Neha Gandhi, Integrating an Assurance Case Into DO-178B Compliant Software Development, 34th IEEE/AIAA 34th Digital Avionics Systems Conference (DASC), Prague, Czech Republic (September 2015)
  10. John Knight and Jonathan Rowanhill, CLASS Assurance Knowledge Ecology, Dependable Computing Technical Report TR-2015-1 (May 2015)
  11. John Knight, Jonathan Rowanhill, and Uma Ferrell, CLASS System Certification, Dependable Computing Technical Report TR-2014-4 (December 2014)
  12. Jonathan Rowanhill, CLASS Lifecycle Technology Survey, Dependable Computing Technical Report TR-2014-3 (December 2014)
  13. John Knight and Jonathan Rowanhill, CLASS Safety Condition Monitoring System, Dependable Computing Technical Report TR-2014-2 (December 2014)
  14. John Knight and Jonathan Rowanhill, CLASS Analysis Framework, Dependable Computing Technical Report TR-2014-1 (December 2014)
  15. Anthony Aiello, Ashlie B. Hocking, John Knight, Jonathan Rowanhill, SCT: A Safety Case Toolkit, International Workshop on Assurance Cases for Software-intensive Systems (ASSURE 2014), Naples IT (November 2014)


List of Presentations