Welcome to the PSAM 18 Abstract Status page.
Abstract PE139Full Paper + Presentation
Weaving the Web of Assurance: AOPG as a Foundation for Coherent Safety Arguments
A single typed property graph can support ontology representation, serve as a substrate for MBSE design information, enable GraphRAG style retrieval, and capture the safety assurance reasoning behind an engineering design. We developed Aspect Oriented Property Graphs (AOPG) to explore an approach for capturing safety assurance reasoning directly in such a graph as part of the design process. Our aim was to examine whether a typed property graph substrate can address limitations of traditional assurance case representation and documentation.
The AOPG approach records the reasoning behind design choices in a typed, queryable model and then projects familiar argument trees when needed. Aligned with the system engineering phases, it systematically captures rationale from which a structured assurance case can be generated. In the AOPG ontology, RiskContributor nodes represent hazards or events that drive risk. Property nodes state the constraints the system must meet. Contract nodes turn those properties into clear obligations with assumptions and guarantees on specific components. Mechanism nodes capture how the design fulfills those obligations. Evidence, activities, and context sit in the same model.
This paper introduces advanced AOPG features that address common assurance problems (e.g., duplication, drift). Obligations often reappear across many branches (e.g., CCF, cybersecurity), arguments fall out of sync with evolving designs, and diagrams require constant manual edits. AOPG tackles these issues by weaving cross‑cutting obligations directly into the graph and by using queries to monitor coverage, evidence freshness, and change impact. These automated checks make reviewer progress visible and keep the model aligned with the system as it evolves.
Aspect weaving provides the main automation. Aspects target relevant parts of the graph using binding queries (e.g., “all redundant channel groups,” “all digital safety elements”). When multiple aspects apply, precedence rules, a conflict matrix, and merge policies ensure deterministic results (e.g., combining assumptions, keeping stricter evidence windows, or elevating guarantees when obligations overlap). Each injected item carries provenance to record when, which aspect was added. Even simple scenarios (such as a cybersecurity aspect increasing latency) can trigger re‑evaluation (e.g., of timing guarantees). Aspect weaving avoids manual duplication of assurance content and keeps the application of cross cutting obligations consistent, even though the graph may contain repeated nodes.
Structured assurance views are generated from the graph rather than maintained as the source. Mapping rules project AOPG elements to GSN/SACM so assessors still receive the familiar artifacts. Filters let us tailor what each audience sees, e.g., a safety only slice, or a cyber-security view. Because the graph is the authoritative source, regenerating views after any change is a single step.
Finally, RiskContributor nodes can be connected to external probabilistic safety analysis (PSA/PRA) artifacts where available and thereby anchor claims to risk informed sources. The gain is practical: mitigation, evidence, and freshness policies can be traced back to the contributors that matter most, and confidence gaps become visible in the same model. In short, AOPG elevates assurance from document maintenance to model based, human governed oversight that scales with cross cutting concerns while keeping arguments readable and regulator friendly.
← Check another abstractThe AOPG approach records the reasoning behind design choices in a typed, queryable model and then projects familiar argument trees when needed. Aligned with the system engineering phases, it systematically captures rationale from which a structured assurance case can be generated. In the AOPG ontology, RiskContributor nodes represent hazards or events that drive risk. Property nodes state the constraints the system must meet. Contract nodes turn those properties into clear obligations with assumptions and guarantees on specific components. Mechanism nodes capture how the design fulfills those obligations. Evidence, activities, and context sit in the same model.
This paper introduces advanced AOPG features that address common assurance problems (e.g., duplication, drift). Obligations often reappear across many branches (e.g., CCF, cybersecurity), arguments fall out of sync with evolving designs, and diagrams require constant manual edits. AOPG tackles these issues by weaving cross‑cutting obligations directly into the graph and by using queries to monitor coverage, evidence freshness, and change impact. These automated checks make reviewer progress visible and keep the model aligned with the system as it evolves.
Aspect weaving provides the main automation. Aspects target relevant parts of the graph using binding queries (e.g., “all redundant channel groups,” “all digital safety elements”). When multiple aspects apply, precedence rules, a conflict matrix, and merge policies ensure deterministic results (e.g., combining assumptions, keeping stricter evidence windows, or elevating guarantees when obligations overlap). Each injected item carries provenance to record when, which aspect was added. Even simple scenarios (such as a cybersecurity aspect increasing latency) can trigger re‑evaluation (e.g., of timing guarantees). Aspect weaving avoids manual duplication of assurance content and keeps the application of cross cutting obligations consistent, even though the graph may contain repeated nodes.
Structured assurance views are generated from the graph rather than maintained as the source. Mapping rules project AOPG elements to GSN/SACM so assessors still receive the familiar artifacts. Filters let us tailor what each audience sees, e.g., a safety only slice, or a cyber-security view. Because the graph is the authoritative source, regenerating views after any change is a single step.
Finally, RiskContributor nodes can be connected to external probabilistic safety analysis (PSA/PRA) artifacts where available and thereby anchor claims to risk informed sources. The gain is practical: mitigation, evidence, and freshness policies can be traced back to the contributors that matter most, and confidence gaps become visible in the same model. In short, AOPG elevates assurance from document maintenance to model based, human governed oversight that scales with cross cutting concerns while keeping arguments readable and regulator friendly.