OntoGSN: An Ontology-Based Framework for Semantic Management and Extension of Assurance Cases

Assurance cases (ACs) are a common artifact for building and maintaining confidence in system properties such as safety or robustness. Constructing an AC can be challenging, although existing tools provide support in static, document-centric applications and methods for dynamic contexts (e.g., autonomous driving) are emerging. Unfortunately, managing ACs remains a challenge, since maintaining the embedded knowledge in the face of changes requires substantial effort, in the process deterring developers - or worse, producing poorly managed cases that instill false confidence. To address this, we present OntoGSN: an ontology and supporting middleware for managing ACs in the Goal Structuring Notation (GSN) standard. OntoGSN offers a knowledge representation and a queryable graph that can be automatically populated, evaluated, and updated. Our contributions include: a 1:1 formalization of the GSN Community Standard v3 in an OWL ontology with SWRL rules; a helper ontology and parser for integration with a widely used AC tool; a repository and documentation of design decisions for OntoGSN maintenance; a SPARQL query library with automation patterns; and a prototypical interface. The ontology strictly adheres to the standard’s text and has been evaluated according to FAIR principles, the OOPS framework, competency questions, and community feedback. The development of other middleware elements is guided by the community needs and subject to ongoing evaluations. To demonstrate the utility of our contributions, we illustrate dynamic AC management in an example involving assurance of adversarial robustness in large language models.

💡 Research Summary

The paper addresses a critical gap in the management of Assurance Cases (ACs), which are hierarchical argument structures used to document and maintain confidence in system properties such as safety, security, or robustness. While the Goal Structuring Notation (GSN) standard provides a visual and textual notation for ACs, its normative core is intentionally minimal, leaving many semantic aspects—contexts, assumptions, justifications, and domain‑specific extensions—to be added informally by practitioners. This informal enrichment creates “semantic gaps” that become especially problematic for dynamic, complex systems (e.g., autonomous vehicles, large language models) where the underlying system evolves rapidly. Existing tools are largely document‑centric, siloed, and lack mechanisms for systematic, automated semantic management, leading to high maintenance effort, potential inconsistencies, and a risk of false confidence.

OntoGSN is presented as a three‑layered, ontology‑based framework designed to bridge these gaps. Its core contribution is a 1:1 formalization of the entire GSN Community Standard v3 in OWL, supplemented by 51 SWRL rules that capture normative constraints expressed in the standard (e.g., “must”, “should”). The ontology defines a hierarchy of classes—Goal, Strategy, Assumption, Justification, Context, Solution (the latter grouped under ArtefactReference)—and a generic abstract class GSNElement that enforces mandatory properties such as schema:identifier and statement. Relationships like supportedBy and inContextOf model the directed edges of the GSN graph, while container classes (Argument, AssuranceCase, Relationship) enable complete representation of an AC as a set of interconnected triples.

The middleware layer implements a client‑side Oxigraph triple store and a library of SPARQL queries that provide context‑sensitive CRUD operations, validation checks, and rule‑based reasoning. For example, a query can verify that every Goal has an identifier, that Context nodes are linked to the appropriate Goal, or that a change in a Goal propagates to dependent evidence. These queries are packaged as reusable “automation patterns” and are evaluated using the OOPS ontology pitfall scanner and FAIR principles (Findable, Accessible, Interoperable, Reusable). The authors also define a set of competency questions derived from personas (assurance engineers, domain experts, external auditors) and demonstrate that OntoGSN can answer them in a realistic case study concerning the adversarial robustness of commercial large language models.

The interface layer is a pure JavaScript web application that visualizes the ontology, allows users to import GSN artifacts from existing tools, and supports extension with domain ontologies (e.g., AI risk ontologies). It offers reusable components such as Pattern catalogs, Templates, and InstantiationDataReference objects, enabling users to instantiate generic argument patterns with concrete data. The system is deliberately open‑source (MIT license) and publishes persistent identifiers via w3id.org, ensuring long‑term accessibility and community contribution.

In the related‑work discussion, the authors position OntoGSN against prior efforts such as the Structured Assurance Case Metamodel, ECSEL AMASS, AdvocaTE, and various proprietary GSN tools. They argue that those solutions either lack a complete normative formalization, are closed‑source, or provide limited reasoning capabilities. OntoGSN’s distinctive strengths are (1) a comprehensive, standards‑compliant ontology, (2) automated reasoning and validation via SWRL/SPARQL, and (3) a modular, open middleware that can be integrated with any existing AC tooling or domain ontology.

The design methodology follows the NeOn approach: the standard text was parsed three times independently, each sentence was mapped to ontology axioms or rules, and the mappings were recorded side‑by‑side with rationales in a tabular design document. This rigorous process minimizes subjective bias and provides transparent version control for the ontology development.

Evaluation results show that the ontology passes OOPS checks with no critical pitfalls, adheres to FAIR criteria, and successfully satisfies the competency questions in the LLM robustness case study. The SPARQL‑based CRUD operations correctly update dependent nodes when a Goal is modified, and the SWRL rules enforce normative constraints without requiring manual inspection.

In conclusion, OntoGSN offers a robust, extensible solution for semantic management of assurance cases. By providing a full OWL representation of GSN, automated validation, and an open, web‑based interface, it enables practitioners to maintain consistency, incorporate domain knowledge, and adapt ACs to evolving system contexts. Future work includes scaling the triple store for large industrial ACs, automating the integration of additional domain ontologies, and conducting broader industry pilots to assess real‑world impact.