A Subjective Logic-based method for runtime confidence updates in safety arguments

Benjamin Herd; Clarissa Heinemann; Jessica Kelly; Jo\~ao-Vitor Zacchi

arxiv: 2605.22530 · v1 · pith:LZCAFGH2new · submitted 2026-05-21 · 💻 cs.AI

A Subjective Logic-based method for runtime confidence updates in safety arguments

Benjamin Herd , Jessica Kelly , Clarissa Heinemann , Jo\~ao-Vitor Zacchi This is my paper

Pith reviewed 2026-05-22 05:54 UTC · model grok-4.3

classification 💻 cs.AI

keywords subjective logicsafety argumentsruntime assurancesafety performance indicatorsmachine learning safetyconfidence updatesassurance casesdynamic safety cases

0 comments

The pith

A Subjective Logic method updates confidence in safety arguments at runtime by integrating design evidence with live Safety Performance Indicators.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper develops a method to make safety arguments dynamic by continuously updating their confidence levels using runtime data. It combines static design-time evidence with observations from short windows of Safety Performance Indicators inside a Subjective Logic framework. The update rule boosts confidence when no safety violations appear and quickly lowers it when they do, aiming for responsiveness in safety contexts. This is demonstrated on a simulated ML-based construction cone detector in a construction zone assist system. If successful, it would allow safety cases for AI systems to remain relevant as the system operates rather than becoming obsolete after initial certification.

Core claim

The paper establishes a Subjective Logic-based assurance case that quantifies and propagates confidence by merging design-time evidence with windowed runtime Safety Performance Indicators. A dedicated update rule is applied at runtime that increases confidence in the absence of violations and applies prompt penalties upon violations, prioritizing safety-relevant responsiveness over precise Bayesian updates. The approach is illustrated through simulation of a construction zone assist function relying on an ML cone detection component, showing how confidence evolves with observed SPI evidence.

What carries the argument

Subjective Logic update rule within an assurance case that incorporates both design-time evidence and runtime Safety Performance Indicators (SPIs) to dynamically adjust confidence in safety claims.

If this is right

Confidence values in safety claims evolve over the system lifecycle rather than staying fixed after design.
Violations detected in runtime windows cause rapid confidence penalties, enabling quicker safety responses.
Design-time and runtime evidence are unified in one framework for ML components in safety-critical applications.
The method supports continuous assurance instead of one-time static cases.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

This approach might support regulatory requirements for ongoing monitoring in AI safety certifications.
Applying the same structure to other uncertainty models could broaden its use beyond Subjective Logic.
Validation against historical incident data could test if the confidence trajectories match real-world safety outcomes.
Extension to multi-component systems could show how confidence propagates across interconnected claims.

Load-bearing premise

The chosen Subjective Logic update rule produces confidence values that remain useful and meaningful for making safety decisions even when applied to outputs from real machine learning components.

What would settle it

Observing whether the runtime confidence updates accurately reflect the actual safety performance of the ML component over extended operation, for example by checking if low confidence periods coincide with increased error rates or incidents in the simulation or real tests.

Figures

Figures reproduced from arXiv: 2605.22530 by Benjamin Herd, Clarissa Heinemann, Jessica Kelly, Jo\~ao-Vitor Zacchi.

**Figure 2.** Figure 2: Example GSN assurance argument for the ML cone detection component [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗

**Figure 3.** Figure 3: Logic of the SPI monitor in pseudocode form [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗

**Figure 4.** Figure 4: Simulation scenario with an SPI violation showing [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗

**Figure 5.** Figure 5: Three scenarios demonstrating the effect of SPI monitoring and SL-based update on the resulting claim opinion. [PITH_FULL_IMAGE:figures/full_fig_p007_5.png] view at source ↗

read the original abstract

We present a method for dynamic quantitative assurance that enhances static safety cases with continuous, runtime-driven confidence updates. The method quantifies and propagates confidence across the development lifecycle by integrating design-time evidence and windowed runtime Safety Performance Indicators (SPIs) within a single Subjective Logic (SL)-based assurance case. At runtime, SPI evidence is continuously evaluated, and targeted claims are updated using a rule that increases confidence in the absence of violations and imposes prompt penalties when violations occur. This design prioritizes safety-relevant responsiveness over exact classical Bayesian posterior updates. We demonstrate the method using a simulation-based construction zone assist function, focusing on an ML-based construction cone detection component, and show how confidence evolves as SPI evidence is observed in operation.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This paper offers a runtime confidence update method for safety cases via Subjective Logic but the simulation leaves open whether the values are usable for actual safety decisions.

read the letter

The main point to take away is that the authors have built a method for updating confidence in safety arguments on the fly using Subjective Logic, pulling in runtime Safety Performance Indicators over sliding windows. This lets the assurance case react to how the system is actually performing instead of staying frozen after design time. What is new here is the specific way they tie design-time evidence and runtime SPIs together in a single SL-based structure, with an update rule tuned for safety by giving quick penalties on violations while allowing confidence to build gradually otherwise. The simulation example with the construction-cone detector in a construction zone assist function shows the confidence values changing in response to observed evidence, which helps make the abstract idea tangible. The paper does a good job of keeping the focus on practical integration rather than overpromising on full certification. By choosing responsiveness over exact Bayesian matching, they align the method with the needs of safety monitoring where missing a problem is worse than being slightly off on the probability. The main soft spot is in the validation. Everything rests on a simulation, with no side-by-side look at how these SL opinions compare to standard Bayesian posteriors or any check against actual safety outcomes. Without a clear link from the confidence numbers to risk thresholds or some form of external review, it's difficult to judge if the outputs would hold up for real decision making. The stress-test note highlights this gap correctly. This paper is for researchers and engineers dealing with assurance of ML components in safety-critical systems, particularly those exploring runtime monitoring techniques. Anyone already familiar with safety cases or subjective logic will see the value in the combined approach. It deserves a serious referee. The core contribution addresses a real need in turning static cases dynamic, and the simulation provides a starting point even if more work on validation is required. I would recommend sending it out for review.

Referee Report

2 major / 3 minor

Summary. The paper presents a Subjective Logic (SL)-based method for dynamic quantitative assurance in safety arguments. It integrates design-time evidence with windowed runtime Safety Performance Indicators (SPIs) into a single SL-based assurance case. At runtime, a custom update rule is applied to targeted claims: confidence increases during violation-free windows and receives prompt penalties upon violations. This rule is explicitly chosen to prioritize safety-relevant responsiveness over exact classical Bayesian posterior updates. The approach is demonstrated in a simulation of a construction-zone assist function, focusing on an ML-based construction-cone detection component, with results showing how confidence values evolve as SPI evidence is observed.

Significance. If the central claim holds, the work offers a practical bridge between static safety cases and continuous runtime monitoring for ML components in safety-critical systems. The simulation demonstration illustrates responsiveness to SPI data, which is a valuable contribution given the acknowledged limitations of purely design-time arguments for data-driven components. Strengths include the explicit design choice for responsiveness and the use of an established formalism (SL) rather than ad-hoc metrics.

major comments (2)

[Section 4.2] Section 4.2 (Update Rule Definition): The manuscript defines the SL update rule as increasing confidence on violation-free windows and imposing penalties on violations, but supplies no formal derivation showing that this rule is consistent with SL operator semantics or that the resulting opinion values remain interpretable as degrees of belief for safety decisions. Without this, the claim that the outputs support safety argument updates rests on an unverified assumption.
[Section 5] Section 5 (Simulation Results): The demonstration reports qualitative evolution of confidence values on a simulated construction-cone detector but provides no quantitative comparison against classical Bayesian updating, no mapping from SL opinion triples to risk or safety thresholds, and no external validation (e.g., expert review or ground-truth safety outcome). This leaves the central claim that the values remain 'meaningful for safety decision-making' untested.

minor comments (3)

[Section 2] The notation for SL opinions (b,d,u,a) is introduced without a self-contained reminder of the standard definitions; a brief recap in Section 2 would improve accessibility.
[Figure 3] Figure 3 (confidence evolution plot) lacks axis labels for the time windows and a legend distinguishing the different claims being updated.
[Related Work] The paper cites Subjective Logic literature but omits recent applications of SL to safety cases or runtime assurance; adding 2–3 targeted references would better situate the contribution.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their thoughtful review and positive assessment of the potential contribution of our work. We address each of the major comments below, indicating where revisions will be made to strengthen the manuscript.

read point-by-point responses

Referee: [Section 4.2] Section 4.2 (Update Rule Definition): The manuscript defines the SL update rule as increasing confidence on violation-free windows and imposing penalties on violations, but supplies no formal derivation showing that this rule is consistent with SL operator semantics or that the resulting opinion values remain interpretable as degrees of belief for safety decisions. Without this, the claim that the outputs support safety argument updates rests on an unverified assumption.

Authors: The update rule is intentionally a custom heuristic designed to achieve safety-relevant responsiveness, as classical Bayesian updates may not provide sufficiently prompt reactions to violations in runtime monitoring scenarios. We will revise Section 4.2 to include an explicit discussion of this design choice, its motivation from safety engineering principles, and a note on the assumptions regarding interpretability within the SL framework. We will also clarify that the rule is not claimed to be a formal derivation from SL operators but rather an application tailored to the assurance context. revision: yes
Referee: [Section 5] Section 5 (Simulation Results): The demonstration reports qualitative evolution of confidence values on a simulated construction-cone detector but provides no quantitative comparison against classical Bayesian updating, no mapping from SL opinion triples to risk or safety thresholds, and no external validation (e.g., expert review or ground-truth safety outcome). This leaves the central claim that the values remain 'meaningful for safety decision-making' untested.

Authors: Section 5 provides a simulation to illustrate how confidence values evolve with observed SPI evidence, demonstrating the method's responsiveness. We agree that a quantitative comparison to Bayesian updating and explicit mappings to safety thresholds would strengthen the work. We will add a subsection discussing potential approaches for such mappings and acknowledge the limitations of the current qualitative demonstration. External validation is beyond the scope of this simulation-based study but represents an important direction for future research; we will note this explicitly. revision: partial

Circularity Check

0 steps flagged

No circularity; update rule is explicit design choice with independent demonstration

full rationale

The paper introduces a Subjective Logic assurance case that integrates design-time evidence with runtime SPIs via an explicit update rule (increase confidence on violation-free windows, impose penalties on violations). This rule is presented as a deliberate design decision that trades exact Bayesian posteriors for safety-relevant responsiveness, not as a quantity derived from or fitted to the simulation data it later illustrates. The demonstration on the construction-cone detector shows confidence evolution but supplies no equations that reduce the claimed propagation or meaningfulness to the inputs by construction, nor any load-bearing self-citation chain. The central method therefore remains self-contained against external benchmarks and does not exhibit any of the enumerated circularity patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The method rests on the standard axioms of Subjective Logic for opinion combination and on the domain assumption that Safety Performance Indicators can be treated as direct evidence for safety claims. No free parameters or invented entities are mentioned in the abstract.

axioms (2)

domain assumption Subjective Logic operators correctly combine design-time and runtime evidence into a single opinion
Invoked when the paper states that confidence is quantified and propagated within a single SL-based assurance case.
domain assumption Windowed runtime SPIs constitute valid evidence for updating safety claims
Stated in the description of how SPI evidence is continuously evaluated at runtime.

pith-pipeline@v0.9.0 · 5652 in / 1522 out tokens · 27936 ms · 2026-05-22T05:54:09.689881+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

ω'_c = ¬ω_SPI_c ⊠ (ω_c ⊕ ω_SPI_c) ... prioritizes safety-relevant responsiveness over exact classical Bayesian posterior updates

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

24 extracted references · 24 canonical work pages

[1]

ANSI/UL 4600. 2023. UL 4600: Evaluation of Autonomous Products. Northbrook, IL, (2023)

work page 2023
[2]

Anaheed Ayoub, Jian Chang, Oleg Sokolsky, and Insup Lee. 2013. Assessing the overall sufficiency of safety arguments. In21st Safety-critical Systems Sym- posium (SSS’13), Bristol, United Kingdom, 127–144

work page 2013
[3]

Ewen Denney and Ganesh Pai. 2024. Reconciling safety measurement and dynamic assurance. InInt. Conf. on Computer Safety, Reliability, and Security. Springer, 51–67

work page 2024
[4]

Ewen Denney, Ganesh Pai, and Ibrahim Habli. 2015. Dynamic safety cases for through-life safety assurance. In2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. Vol. 2, 587–590. doi:10.1109/ICSE.2015.199

work page doi:10.1109/icse.2015.199 2015
[5]

Ewen Denney, Ganesh Pai, and Ibrahim Habli. 2011. Towards measurement of confidence in safety cases. In2011 International Symposium on Empirical Software Engineering and Measurement, 380–383. doi:10.1109/ESEM.2011.53

work page doi:10.1109/esem.2011.53 2011
[6]

López, and Vladlen Koltun

Alexey Dosovitskiy, Germán Ros, Felipe Codevilla, Antonio M. López, and Vladlen Koltun. 2017. CARLA: an open urban driving simulator. InCoRL(Pro- ceedings of Machine Learning Research). Vol. 78. PMLR, 1–16

work page 2017
[7]

Lian Duan, Sanjai Rayadurgam, Mats Heimdahl, Oleg Sokolsky, and Insup Lee. 2016. Representation of confidence in assurance cases using the beta distribution. In2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE). IEEE, 86–93

work page 2016
[8]

Goodenough, Charles B

John B. Goodenough, Charles B. Weinstock, and Ari Z. Klein. 2013. Eliminative induction: a basis for arguing system confidence. In2013 35th Int. Conf. on Software Engineering (ICSE), 1161–1164. doi:10.1109/ICSE.2013.6606668

work page doi:10.1109/icse.2013.6606668 2013
[9]

Patrick J. Graydon. 2016. Defining Baconian Probability for Use in Assurance Argumentation. Tech. rep. NASA/TM-2016-219341. NASA Langley Research Center, (Oct. 1, 2016)

work page 2016
[10]

B. Guo. 2003. Knowledge representation and uncertainty management: ap- plying Bayesian Belief Networks to a safety assessment expert system. In International Conference on Natural Language Processing and Knowledge Engi- neering, 2003. Proceedings. 2003, 114–119. doi:10.1109/NLPKE.2003.1275879

work page doi:10.1109/nlpke.2003.1275879 2003
[11]

Richard Hawkins and Philippa Ryan Conmy. 2023. Identifying run-time moni- toring requirements for autonomous systems through the analysis of safety arguments. InComputer Safety, Reliability, and Security. Jérémie Guiochet, Stefano Tonetta, and Friedemann Bitsch, (Eds.) Springer Nature Switzerland, Cham, 11–24.isbn: 978-3-031-40923-3. doi:10.1007/978-3-031...

work page doi:10.1007/978-3-031-40923-3_2 2023
[12]

Benjamin Herd and Simon Burton. 2024. Can you trust your ML metrics? Using Subjective Logic to determine the true contribution of ML metrics for safety. Proc. of the 39th ACM/SIGAPP Symposium On Applied Computing (SAC24)

work page 2024
[13]

Benjamin Herd, Jessica Kelly, Clarissa Heinemann, and João-Vitor Zacchi

work page
[14]

of the 20th European Dependable Computing Conf

Integrating Defeaters into Subjective Logic-based Quantitative Assurance Arguments.Proc. of the 20th European Dependable Computing Conf. (EDCC)

work page
[15]

Chris Hobbs and Martin Lloyd. 2012. The application of Bayesian Belief Net- works to assurance case preparation. InAchieving Systems Safety. Chris Dale and Tom Anderson, (Eds.) Springer London, London, 159–176.isbn: 978-1- 4471-2494-8

work page 2012
[16]

ISO. 2019. Systems and software engineering: Systems and software assurance. Tech. rep. ISO/IEC/IEEE 15026:2019. Int. Organization for Standardization

work page 2019
[17]

Glenn Jocher, Ayush Chaurasia, and Jing Qiu. 2023. Ultralytics YOLOv8. Ver- sion 8.0.0. (2023). https://github.com/ultralytics/ultralytics

work page 2023
[18]

2016.Subjective Logic

Audun Jøsang. 2016.Subjective Logic. Vol. 3. Springer

work page 2016
[19]

Steven Macenski, Tully Foote, Brian Gerkey, Chris Lalancette, and William Woodall. 2022. Robot operating system 2: design, architecture, and uses in the wild.Science Robotics, 7, 66, eabm6074

work page 2022
[20]

Daniel Ratiu, Tihomir Rohlinger, Torben Stolte, and Stefan Wagner. 2024. Towards an argument pattern for the use of safety performance indicators. In Int. Conference on Computer Safety, Reliability, and Security. Springer, 160–172

work page 2024
[21]

Philipp Schleiss, Francesco Carella, and Iwo Kurzidem. 2022. Towards continu- ous safety assurance for autonomous systems. InICSRS. IEEE, 457–462

work page 2022
[22]

Rui Wang, Jérémie Guiochet, Gilles Motet, and Walter Schön. 2019. Safety case confidence propagation based on Dempster–Shafer theory.Int. Journal of Approx. Reasoning, 107, 46–64. doi:https://doi.org/10.1016/j.ijar.2019.02.002

work page doi:10.1016/j.ijar.2019.02.002 2019
[23]

Danny Weyns et al. 2017. Perpetual assurances for self-adaptive systems. In Software Engineering for Self-Adaptive Systems III. Assurances: International Seminar, Dagstuhl Castle, Germany, December 15-19, 2013, Revised Selected and Invited Papers. Springer, 31–63. An SL-based method for runtime confidence updates in safety arguments SAC ’26, March 23–27, ...

work page 2017
[24]

Chunchun Yuan, Ji Wu, Chao Liu, and Haiyan Yang. 2017. A subjective logic- based approach for assessing confidence in assurance case.International Journal of Performability Engineering, 13, 6, 807

work page 2017

[1] [1]

ANSI/UL 4600. 2023. UL 4600: Evaluation of Autonomous Products. Northbrook, IL, (2023)

work page 2023

[2] [2]

Anaheed Ayoub, Jian Chang, Oleg Sokolsky, and Insup Lee. 2013. Assessing the overall sufficiency of safety arguments. In21st Safety-critical Systems Sym- posium (SSS’13), Bristol, United Kingdom, 127–144

work page 2013

[3] [3]

Ewen Denney and Ganesh Pai. 2024. Reconciling safety measurement and dynamic assurance. InInt. Conf. on Computer Safety, Reliability, and Security. Springer, 51–67

work page 2024

[4] [4]

Ewen Denney, Ganesh Pai, and Ibrahim Habli. 2015. Dynamic safety cases for through-life safety assurance. In2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. Vol. 2, 587–590. doi:10.1109/ICSE.2015.199

work page doi:10.1109/icse.2015.199 2015

[5] [5]

Ewen Denney, Ganesh Pai, and Ibrahim Habli. 2011. Towards measurement of confidence in safety cases. In2011 International Symposium on Empirical Software Engineering and Measurement, 380–383. doi:10.1109/ESEM.2011.53

work page doi:10.1109/esem.2011.53 2011

[6] [6]

López, and Vladlen Koltun

Alexey Dosovitskiy, Germán Ros, Felipe Codevilla, Antonio M. López, and Vladlen Koltun. 2017. CARLA: an open urban driving simulator. InCoRL(Pro- ceedings of Machine Learning Research). Vol. 78. PMLR, 1–16

work page 2017

[7] [7]

Lian Duan, Sanjai Rayadurgam, Mats Heimdahl, Oleg Sokolsky, and Insup Lee. 2016. Representation of confidence in assurance cases using the beta distribution. In2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE). IEEE, 86–93

work page 2016

[8] [8]

Goodenough, Charles B

John B. Goodenough, Charles B. Weinstock, and Ari Z. Klein. 2013. Eliminative induction: a basis for arguing system confidence. In2013 35th Int. Conf. on Software Engineering (ICSE), 1161–1164. doi:10.1109/ICSE.2013.6606668

work page doi:10.1109/icse.2013.6606668 2013

[9] [9]

Patrick J. Graydon. 2016. Defining Baconian Probability for Use in Assurance Argumentation. Tech. rep. NASA/TM-2016-219341. NASA Langley Research Center, (Oct. 1, 2016)

work page 2016

[10] [10]

B. Guo. 2003. Knowledge representation and uncertainty management: ap- plying Bayesian Belief Networks to a safety assessment expert system. In International Conference on Natural Language Processing and Knowledge Engi- neering, 2003. Proceedings. 2003, 114–119. doi:10.1109/NLPKE.2003.1275879

work page doi:10.1109/nlpke.2003.1275879 2003

[11] [11]

Richard Hawkins and Philippa Ryan Conmy. 2023. Identifying run-time moni- toring requirements for autonomous systems through the analysis of safety arguments. InComputer Safety, Reliability, and Security. Jérémie Guiochet, Stefano Tonetta, and Friedemann Bitsch, (Eds.) Springer Nature Switzerland, Cham, 11–24.isbn: 978-3-031-40923-3. doi:10.1007/978-3-031...

work page doi:10.1007/978-3-031-40923-3_2 2023

[12] [12]

Benjamin Herd and Simon Burton. 2024. Can you trust your ML metrics? Using Subjective Logic to determine the true contribution of ML metrics for safety. Proc. of the 39th ACM/SIGAPP Symposium On Applied Computing (SAC24)

work page 2024

[13] [13]

Benjamin Herd, Jessica Kelly, Clarissa Heinemann, and João-Vitor Zacchi

work page

[14] [14]

of the 20th European Dependable Computing Conf

Integrating Defeaters into Subjective Logic-based Quantitative Assurance Arguments.Proc. of the 20th European Dependable Computing Conf. (EDCC)

work page

[15] [15]

Chris Hobbs and Martin Lloyd. 2012. The application of Bayesian Belief Net- works to assurance case preparation. InAchieving Systems Safety. Chris Dale and Tom Anderson, (Eds.) Springer London, London, 159–176.isbn: 978-1- 4471-2494-8

work page 2012

[16] [16]

ISO. 2019. Systems and software engineering: Systems and software assurance. Tech. rep. ISO/IEC/IEEE 15026:2019. Int. Organization for Standardization

work page 2019

[17] [17]

Glenn Jocher, Ayush Chaurasia, and Jing Qiu. 2023. Ultralytics YOLOv8. Ver- sion 8.0.0. (2023). https://github.com/ultralytics/ultralytics

work page 2023

[18] [18]

2016.Subjective Logic

Audun Jøsang. 2016.Subjective Logic. Vol. 3. Springer

work page 2016

[19] [19]

Steven Macenski, Tully Foote, Brian Gerkey, Chris Lalancette, and William Woodall. 2022. Robot operating system 2: design, architecture, and uses in the wild.Science Robotics, 7, 66, eabm6074

work page 2022

[20] [20]

Daniel Ratiu, Tihomir Rohlinger, Torben Stolte, and Stefan Wagner. 2024. Towards an argument pattern for the use of safety performance indicators. In Int. Conference on Computer Safety, Reliability, and Security. Springer, 160–172

work page 2024

[21] [21]

Philipp Schleiss, Francesco Carella, and Iwo Kurzidem. 2022. Towards continu- ous safety assurance for autonomous systems. InICSRS. IEEE, 457–462

work page 2022

[22] [22]

Rui Wang, Jérémie Guiochet, Gilles Motet, and Walter Schön. 2019. Safety case confidence propagation based on Dempster–Shafer theory.Int. Journal of Approx. Reasoning, 107, 46–64. doi:https://doi.org/10.1016/j.ijar.2019.02.002

work page doi:10.1016/j.ijar.2019.02.002 2019

[23] [23]

Danny Weyns et al. 2017. Perpetual assurances for self-adaptive systems. In Software Engineering for Self-Adaptive Systems III. Assurances: International Seminar, Dagstuhl Castle, Germany, December 15-19, 2013, Revised Selected and Invited Papers. Springer, 31–63. An SL-based method for runtime confidence updates in safety arguments SAC ’26, March 23–27, ...

work page 2017

[24] [24]

Chunchun Yuan, Ji Wu, Chao Liu, and Haiyan Yang. 2017. A subjective logic- based approach for assessing confidence in assurance case.International Journal of Performability Engineering, 13, 6, 807

work page 2017