Assessing the Usefulness of Assurance Cases: Experience With the Large Hadron Collider

Assurance cases (ACs) are structured arguments designed to show that a system is sufficiently reliable to function properly in its operational environment. They are mandated by safety standards and are largely used in industry to support risk management for systems; however, ACs often contain proprietary information and are not publicly available. Therefore, the benefits of AC development are usually not rigorously documented, measured, or assessed. In this paper, we empirically evaluate the effectiveness of using ACs to show that a system is reliable using a case study over the CERN Large Hadron Collider (LHC) Machine Protection System (MPS). We used open-source documentation to create an AC over the MPS and used the Eliminative Argumentation (EA) methodology for its development. The development involved four authors with considerable experience in AC development, three of whom work for Critical System Labs, a small enterprise specializing in ACs. Our findings show that (a) the cost and time required to develop our AC is negligible compared to the effort needed to develop the system, and (b) EA helped identify defeaters (i.e., doubts in the system's reliability) that were not detailed in the documentation used for creation of the AC.