In the future, AI will increasingly find its way into systems that can potentially cause physical harm to humans. For such safety-critical systems, it must be demonstrated that their residual risk does not exceed what is acceptable. This includes, in particular, the AI components that are part of such systems' safety-related functions. Assurance cases are an intensively discussed option today for specifying a sound and comprehensive safety argument to demonstrate a system's safety. In previous work, it has been suggested to argue safety for AI components by structuring assurance cases based on two complementary risk acceptance criteria. One of these criteria is used to derive quantitative targets regarding the AI. The argumentation structures commonly proposed to show the achievement of such quantitative targets, however, focus on failure rates from statistical testing. Further important aspects are only considered in a qualitative manner -- if at all. In contrast, this paper proposes a more holistic argumentation structure for having achieved the target, namely a structure that integrates test results with runtime aspects and the impact of scope compliance and test data quality in a quantitative manner. We elaborate different argumentation options, present the underlying mathematical considerations, and discuss resulting implications for their practical application. Using the proposed argumentation structure might not only increase the integrity of assurance cases but may also allow claims on quantitative targets that would not be justifiable otherwise.
翻译:今后,大赦国际将越来越多地找到可能对人类造成身体伤害的系统。对于这种安全临界系统,必须证明它们的残余风险不会超过可接受的程度。这特别包括作为这种系统与安全有关的功能一部分的大赦国际组成部分。保证案件是今天一个经过深入讨论的备选办法,用于具体说明一个健全和全面的安全理由,以证明一个系统的安全。在以往的工作中,有人建议通过根据两个补充的风险接受标准来构建保证案例来为大赦国际组成部分的安全辩护。这些标准之一用来得出有关AI的量化目标。但是,通常提议的论点结构是为了显示这些量化目标的实现程度,但是,通常建议的论点结构的重点是统计测试的故障率。其他重要方面仅以定性方式加以考虑 -- -- 如果有的话。与此相反,本文件为达到目标提出了一种更加全面的论证结构,即将测试结果与运行时间方面以及范围遵守和测试数据质量的影响结合起来的结构。我们用不同的论证方案,提出基本的数学考虑,并讨论其实际应用将产生的影响。用其他方式衡量标准可能不会增加量化要求。