A. Bondavalli et al. (Eds.): SAFECOMP 2014 Workshops, LNCS 8696, pp. 384–395, 2014. © Springer International Publishing Switzerland 2014 Rethinking of Strategy for Safety Argument Development Linling Sun 1 , Nuno Silva 1 , and Tim Kelly 2 1 Critical Software, SA Parque Industrial de Taveiro, Lote 49, 3045-504 Coimbra, Portugal 2 Department of Computer Science, University of York Deramore Lane, York, YO10 5GH, UK {lsun,nsilva}@criticalsoftware.com, tim.kelly@cs.york.ac.uk Abstract. A ‘strategy’ in Goal Structuring Notation (GSN) aims to help safety- case developers and reviewers to understand the inferences in a hierarchy of safety claims. However, the identification and elaboration of ‘strategies’ in ar- gument development is not always straightforward in practice. In this paper, we revisit the role of strategies in the development of safety cases and examine the application of strategies in some existing argument structures. Four main sources of information are identified as the basis of strategy formulation. A list of generic strategy types for argument decomposition and refinement are ana- lysed in order to facilitate the safety case development and review processes for assuring system safety. Keywords: Safety Case, Assurance Case, Argument, Strategy, GSN. 1 Introduction Safety cases have been increasingly accepted as an assurance technique by many industrial sectors, e.g. defence, air traffic control, railway, automobile and medical devices [1]. In the past decade, there are considerable research and application efforts placed on safety case notations, safety case life cycles, argument patterns, safety case tools and argument and evidence meta-models. However, a supportive element in the safety case development process, the ‘strategy’ for describing the relationships be- tween safety claims of different levels has not been emphasized as much as other key safety case elements, e.g. claims and evidence items. Nevertheless, in practice, inexperienced safety case developers had experienced difficulties with the application of strategies [6], e.g. ‘confusing strategies with goals’ or ‘misunderstanding strategies as judgment branches’. Some engineers find it is help- ful for argument decomposition with predefined argument decomposition patterns [6], e.g. architecture decomposition pattern. However, there are limited resources that specialized in collecting the applicable strategies for argument decomposition. In [7], seven ways of decomposing claims in assurance cases that are identified through empirical study are listed. However, there is no guidance and examples re- garding their usage in the paper. A series of reusable safety case patterns are pre- sented in [3, 4]. However, they are aiming at guiding safety case construction with