<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta />
    <article-meta>
      <title-group>
        <article-title>Opening the Software Engineering Toolbox for the Assessment of Trustworthy AI</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Mohit Kumar Ahuja</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Mohamed-Bachir Belaid</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Pierre Bernab</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Mathieu Collet</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Arnaud Gotlieb</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Chhagan Lal</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Dusica Marijan</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Sagar Sen</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Aizaz Sharif</string-name>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Helge Spieker</string-name>
        </contrib>
      </contrib-group>
      <abstract>
        <p>Trustworthiness is a central requirement for the acceptance and success of human-centered artificial intelligence (AI). To deem an AI system as trustworthy, it is crucial to assess its behaviour and characteristics against a gold standard of Trustworthy AI, consisting of guidelines, requirements, or only expectations. While AI systems are highly complex, their implementations are still based on software. The software engineering community has a longestablished toolbox for the assessment of software systems, especially in the context of software testing. In this paper, we argue for the application of software engineering and testing practices for the assessment of trustworthy AI. We make the connection between the seven key requirements as defined by the European Commission's AI high-level expert group and established procedures from software engineering and raise questions for future work.</p>
      </abstract>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>INTRODUCTION</title>
      <p>Artificial Intelligence (AI) has increasing relevance for many aspects
of the current and future everyday life. Many of these aspects
interfere directly with the personal space of humans, their perception,
actions, and, more generally, their data, both online and offline. Due to
this close integration, it is therefore crucial to develop the AI systems
in a human-centered fashion such that they are trustworthy and can
be accepted by providers, who develop and deploy the AI systems,
users, who operate the AI systems, regulatory bodies, who oversee
the usage and effects of the AI systems, and affected humans, who
are act in cooperation with or next to the AI systems or who’s data is
subject to processing via the AI systems.</p>
      <p>
        To define the extent and more specific definition of a trustworthy
AI, a high-level expert group (AI-HLEG) that was set up by the
European Commission, identified guidelines and requirements for an AI
system that need to be sufficiently fulfilled to be regarded as
trustworthy [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ]. On the highest level, an AI system is deemed trustworthy
if it behaves according to four ethical principles: respect for human
autonomy, prevention of harm, fairness, and explicability [12, p. 12];
on a more technical level, requirements have been formulated that
are supposed ”to be continuously evaluated and addressed
throughout the AI system’s life cycle” [12, p. 15].
1 Simula Research Laboratory, Dept. of Validation Intelligence for
Autonomous Software Systems, Oslo, Norway, fmohit, bachir, pierbernabe,
mathieu, arnaud, chhagan, dusica, sagar, aizaz, helgeg@simula.no
Funding: This work has received funding from the European Union under grant
agreement no. 825619 (AI4EU), the EU landmark project to develop a
European AI on-demand platform and ecosystem. Copyright c 2020 for this
paper by its authors. Use permitted under Creative Commons License
Attribution 4.0 International (CC BY 4.0).
      </p>
      <p>Having a definition of trustworthy formulates a goal for the
development of AI systems. The second step is to evaluate if a
system fulfills the definition sufficiently and can be deemed trustworthy.
This evaluation should be transparent and accessible to understand
its results, robust and reproducible, and both automated and generic
as much as possible to allow a low barrier for application to new
AI systems. Since there is no single trustworthiness criterion or even
metric, a single evaluation technique is not sufficient or maybe even
possible. The trustworthiness assessment has to consist of multiple
techniques, each appropriate for some of the requirements of
trustworthy AI and each robust and mature enough to be reliable.</p>
      <p>
        Tools and techniques for the assessment of trustworthy AI can be
taken from the established methods of software engineering research
and especially the subarea of software testing. For 50 years, these
communities have proposed methods for the realization and
assessment of large-scale, complex software systems. While the criteria for
trustworthy AI do cover more than technical aspects, the AI system
itself is still mostly a software system. Even though their are
differences in their engineering, many of the software engineering
principles apply to them or are transferable [
        <xref ref-type="bibr" rid="ref1 ref5">1, 5</xref>
        ]. Recently, motivated
through the recent breakthroughs of AI and especially deep learning,
the software engineering community has increased the attention on
machine learning, both as a tool within software engineering and an
area for the application of software engineering principles.
      </p>
      <p>
        Through the remainder of this short paper, we argue to open the
software engineering toolbox with its wide range of methods for the
realization and assessment of trustworthy AI systems. Following the
structure of the key requirements for trustworthy AI [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ], we link
existing techniques with the goals for the fulfillment of these
requirements. It is important to note, that even though there are already
many methods available, the research on trustworthy AI is by far not
complete. Our current toolbox, however, provides a strong starting
position but needs adjustments and further experiences to be adapted
for the specific characteristics of modern AI.
2
      </p>
    </sec>
    <sec id="sec-2">
      <title>TRUSTWORTHY AI</title>
      <p>This section discusses an overview of approaches related to the key
requirements for Trustworthy AI from the HLEG’s Ethics Guidelines
from software engineering and adjacent subfields. We aim to
analyse how to map system engineering onto the requirements, and to
show examples for techniques, case studies, that have already been
explored. At the same time allows a discussion of existing techniques
to identify where future research is required or areas where the
software engineering toolbox might be insufficient to properly address
aspects of a given requirement.
System 1</p>
      <p>System 2 ... System n
Compare Outputs
Transformation</p>
      <p>System
Metamorphic</p>
      <p>Relation
Fault-Generating</p>
      <p>Inputs
(b) Metamorphic
Testing</p>
    </sec>
    <sec id="sec-3">
      <title>Human agency and oversight</title>
      <p>The first of the requirements is the necessity for the AI to support
human autonomy and the option for the human to inspect and influence
the AI’s actions. Human agency directly affects the collaboration
between AI and human and to support this interaction, it is important to
take appropriate design measures, such as ergonomic and accessible
user interfaces (UI) and an excellent user experience (UX). Human
oversight requires the inspection of the AI decision making, either
by having interpretable models or having access to design decision
documents, source code, or data, depending on the level of expertise
of the inspecting party.</p>
      <p>
        It is also one of the main challenges in AI to find a perfect balance
between enhancing human agency and preserving a degree of
responsibility [
        <xref ref-type="bibr" rid="ref11">11</xref>
        ]. Some ”black box” AI techniques prevent the human
from understanding the embraced process and thus prevent him from
the control. We believe that software engineering and testing
frameworks can contribute in achieving a better degree of human
understanding and control of AI techniques. Software testing techniques
are often based around the goal to design the simplest test cases to
determine a system’s quality. Having these tests for AI systems will
improve the ability to understand the AI behaviour and its deviations
from it. While there is already work on applying and adopting
current testing techniques on AI [
        <xref ref-type="bibr" rid="ref29">29</xref>
        ], future work is required to ease
their capabilities and expressiveness for human oversight.
2.2
      </p>
    </sec>
    <sec id="sec-4">
      <title>Technical Robustness and safety</title>
      <p>
        The technical robustness of AI systems is central to their reliability.
While performing well in their main performance metrics, e.g. the
classification accuracy, additional safety, and robustness metrics and
the resilience to attacks often remain open challenges [
        <xref ref-type="bibr" rid="ref20">20</xref>
        ]. Of
particular relevance are adversarial inputs which are specially crafted
to attack an AI system, for example, to cause misclassification or to
extract internal information about training data.
      </p>
      <p>
        These challenges have recently been identified by several software
testing techniques and have been adopted towards the testing of AI
systems, especially for deep learning. To highlight two techniques
that have been successfully applied towards the testing of deep
learning, we briefly discuss differential and metamorphic testing (see
Figure 1). In differential testing, a system is evaluated by comparing its
behaviour against a set of reference implementations for the same
task. For the same inputs, it is expected that all systems provide
similar outputs and if a system diverges it is an indicator of faulty
behaviour. The advantage of differential testing is that the specific test
oracles for the inputs, i.e. the precise expected outputs, are not
required which allows easier setup of the test cases, especially when
defining the test oracles is too costly or complex. DeepXplore [
        <xref ref-type="bibr" rid="ref21">21</xref>
        ]
first explored differential testing for deep learning. The paper
proposes a controlled way to generate test inputs, similar to adversarial
examples, that are likely to identify diverging behaviours and showed
promising results on multiple datasets and models.
      </p>
      <p>
        Metamorphic testing also alleviates the problem of defining
precise test oracles. Here, new test cases are generated with the help of
metamorphic relations. These relations allow to describe a property
of the behaviour, e.g. the output, when a change in the input is made.
For example, for an AI-based HR system to rank resumes of
applicants, adding relevant keywords should improve the ranking, even
though there is no precise definition of the final expected ranking. In
the context of testing AI, metamorphic testing has been applied for
testing of autonomous driving systems [
        <xref ref-type="bibr" rid="ref30">30</xref>
        ], image classifiers [
        <xref ref-type="bibr" rid="ref10">10</xref>
        ],
or ranking algorithms [
        <xref ref-type="bibr" rid="ref19">19</xref>
        ].
2.3
      </p>
    </sec>
    <sec id="sec-5">
      <title>Privacy and data governance</title>
      <p>Privacy protection of individuals who contribute with their personal
data towards development of AI is of paramount importance in
human-centered AI. Any party that curates datasets needs to ensure
that the data does not provide means of re-identifying individuals
while, at the same time, being effective at predicting patterns of
business/societal value. Secure data-intensive systems storing personal
data typically contain identifying, quasi-identifying, non-identifying
and sensitive attributes about individuals.</p>
      <p>
        Software tools such as ARX [
        <xref ref-type="bibr" rid="ref22">22</xref>
        ] can anonymize and perform
reidentification risk analysis on large datasets to quantify the risk of
prosecutor, journalist, and marketer attacks before the data is used in
AI. ARX can be used to anonymize data based on criteria [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ] such as
k-anonymization (personal attributes are suppressed or generalized
until each row is identical with at least k-1 other rows), l-diversity
(entails reducing granularity of data), and t-closeness (a refined
reduction of granularity by maintaining an underlying data
distribution). However, in specific cases, quasi-identifying attributes such as
the birth date of an individual are required to train AI models.
Therefore, controlled fuzzification of quasi-identifying attributes [
        <xref ref-type="bibr" rid="ref27">27</xref>
        ] can
minimize the risk of re-identification while maintaining underlying
patterns of interest in the data. For instance, in cervical cancer
screening, attributes such as birth date or screening exam date can be
perturbed within certain bounds. This is primarily due to the fact that the
human papillomavirus has an average latency period of 3 months.
Therefore, database commands can fuzzy all dates to the 15th of a
month (middle), and move months by 2 months without affecting
disease progression patterns and increasing risk of re-identification.
2.4
      </p>
    </sec>
    <sec id="sec-6">
      <title>Transparency</title>
      <p>
        The transparency of an AI system is closely related to its
interpretability and explainability, but also to the documentation of its
purpose and how it has been designed. An approach for transparency
documentation is the concept of model cards [
        <xref ref-type="bibr" rid="ref18">18</xref>
        ], which aims to
provide accessible overview of a model for people of different expertise,
including all of developers, testers, and technical end-users, similar
to a package insert in pharmaceutical products.
      </p>
      <p>
        Lower level measures for transparency can be achieved via strict
traceability and static analysis [
        <xref ref-type="bibr" rid="ref26">26</xref>
        ] to allow the documentation of
system behaviour, e.g. in autonomous vehicles [
        <xref ref-type="bibr" rid="ref3">3</xref>
        ] in combination
with requirements engineering [
        <xref ref-type="bibr" rid="ref7">7</xref>
        ]. These techniques allow higher
transparency of the AI during development, evaluation, and
certification tasks, where they serve mostly technical needs for the
development and integration of the AI component.
2.5
      </p>
    </sec>
    <sec id="sec-7">
      <title>Diversity, non-discrimination and fairness</title>
      <p>
        Adequate diversity in data to train AI systems is necessary to avoid
discrimination and maintain fairness in human-centered AI. History
has taught us that bias in using personal data has harmed several
generations of ethnic minorities. Lundy Braun [
        <xref ref-type="bibr" rid="ref4">4</xref>
        ] reports the
implications of biased data in spirometers that measure a person’s lung
function after a forced exhale. The predicted values of a lung’s forced
vital capacity (in litres of air exhaled) for black people for over a
century been lower than white people. One of the reasons was that the
data was collected from black men working in cotton fields where
lint from cotton severely damaged lung function. This has resulted
in black people receiving very little help from medical insurance
companies for several generations. Even today, race and not
socioeconomic factor is used as a parameter to predict lung capacity in
spirometers used worldwide. This unfortunate trend continues in AI
systems where a recent study [
        <xref ref-type="bibr" rid="ref15">15</xref>
        ] shows that millions of black
people are victims of biased decision making in health care systems.
      </p>
      <p>
        Data needs to be carefully curated for training AI systems such
that variation in human attributes such as different ethnic groups,
genders, ages, weights, heights, geographical areas, and medical
histories are taking into account for unbiased decision making.
However, discovering if a data set satisfies all possible combinations of
attributes is often computationally intractable. Combinatorial
interaction testing (CIT) of software has been very effective in finding
over 95% of all faults in a wide range of software systems using a
very small set of tests covering all 2-wise/pairwise combinations of
features [
        <xref ref-type="bibr" rid="ref14">14</xref>
        ]. CIT has been extended to verify if data in a large
relational database contains all pairwise interactions between attribute
values of interest [
        <xref ref-type="bibr" rid="ref24">24</xref>
        ]. Verifying the presence of all pairwise
interactions in human attribute values in data set can clarify limitations or
guarantee adequate diversity in human-centered AI systems.
      </p>
      <p>
        The importance of fairness in software received attention as a
dedicated topic in software engineering research [
        <xref ref-type="bibr" rid="ref28">28</xref>
        ] with close
connections for the assessment via software testing methodology [
        <xref ref-type="bibr" rid="ref6">6</xref>
        ].
2.6
      </p>
    </sec>
    <sec id="sec-8">
      <title>Societal and environmental well-being</title>
      <p>
        Human-centered AI systems need to benefit society and not cause
harm. It is necessary to see an AI system as not merely a software
system but as a socio-technical system where the interaction between
people the system is used to evaluate its benefit. Learning from
epidemiology, we can evaluate an AI system as if it were an intervention
on the public. For instance, in [
        <xref ref-type="bibr" rid="ref25">25</xref>
        ], the authors visualize the paths a
patient takes after different screening exams for cervical cancer.
Similarly, there is a need to understand how decisions made by the AI
system affect the decisions made by people and the paths they take in
life. Are people making healthier life choices, environmentally
conscious, or giving a helping hand in society after an AI intervention?
Evidence-based software engineering [
        <xref ref-type="bibr" rid="ref13">13</xref>
        ] inspired by epidemiology
and clinical studies presents numerous approaches to evaluate the
impact of AI on people. These approaches include randomized
controlled trials, observational studies, and focus group discussions to
High Level of Manual Effort
      </p>
      <p>Requirements Engineering &amp; Analysis</p>
      <p>Process Control &amp; Monitoring:</p>
      <p>Code &amp; Data Review</p>
      <p>Software Testing of Trustworthy AI
High Level of Automation
Questionnaire &amp;
Self-Assessment
Manual Inspection
Scoring &amp; Labeling
name a few. All these approaches however require careful data
collection after a target audience has been exposed to an AI system.
2.7</p>
    </sec>
    <sec id="sec-9">
      <title>Accountability</title>
      <p>
        Access to personal data used in AI systems should be controlled by
its owner in human-centered AI. The owner can give consent of use
and take away access to personal data whenever he/she wants to. This
implies that the AI system would need to be re-trained with or
without a specific person’s data. The proof of this operation should be
made known to the owner to ensure accountability. The blockchain
has the potential to facilitate the accountability of such
transactions between a data owner and an AI system. The blockchain is a
distributed ledger which was initially designed to record financial
transactions. Numerous models of using the blockchain and smart
contracts have now been proposed for data access control [
        <xref ref-type="bibr" rid="ref9">9</xref>
        ] and
AI [
        <xref ref-type="bibr" rid="ref23">23</xref>
        ]. Tal Rapke [
        <xref ref-type="bibr" rid="ref16">16</xref>
        ] suggests that people own and access their
health and life record on a decentralized blockchain that does not rely
on a central storage facility. This will liberate organizations from the
liability of storing personal data. The data will reside on the latest
secure technology and using verifiable cryptography and owners of
the data will be empowered to decide who they share their data with.
3
      </p>
    </sec>
    <sec id="sec-10">
      <title>THE SOFTWARE ENGINEERING TOOLBOX</title>
      <p>
        The discussion of the key requirements on trustworthy AI [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ] shows
that there are many challenges to be addressed, but also a set of
methods available that can embraced and extended. As a general approach
towards these challenges, we propose to adopt three main
considerations (see Figure 2): First, since the expectations on trustworthy
AI cannot be presented as a strict set of guidelines and rules only,
it is recommended to understand their impact on the AI that is
developed. Performing thorough requirements analysis helps to gather
these requirements in a systematic way [
        <xref ref-type="bibr" rid="ref2">2</xref>
        ] and to formalize the
requirements’ impact on the AI including final acceptance criteria and
whether they can be assessed automatically or require manual
intervention. One method to guide the requirements analysis at this point
could be to formulate checklists for each of the requirements, e.g.
similar to this proposition for fairness [
        <xref ref-type="bibr" rid="ref17">17</xref>
        ].
      </p>
      <p>Second, the realization of a trustworthy AI should be continuously
accompanied by regular monitoring instruments. The goal of this
monitoring is to ensure the awareness of trustworthiness measures
during development. These monitoring instruments can include
dedicated questions to consider during code and data reviews, as well as
retrospective meetings.</p>
      <p>Third, automated testing should be used to allow automated,
repeated, and comparable assessment of trustworthiness. Where
possible, testable acceptance criteria should be defined or test process
that can quantify the behaviour of the AI system. For example, the
technical robustness of an AI systems against adversarial inputs can
be assessed through automatic techniques.</p>
      <p>Finally, in all cases does the qualitative and quantitative summary
of the results, e.g. via a score or a badge to attest the quality of an
AI system, provides valuable information to the different stakeholder
groups, e.g. the providers, their customers, or the users. A common
scoring scheme, similar to the maturity levels in engineering projects,
could allow for comparability and accessibility of the results.
4</p>
    </sec>
    <sec id="sec-11">
      <title>CONCLUSION</title>
      <p>
        The realization of trustworthy AI systems is one of the big
challenges for the success of ethical and human-centered AI. This has
been acknowledged by both politics [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ] and academia. For the
implementation of trustworthiness principles, we argue for the adoption
of methods and technologies from software engineering. Software
engineering has a long-standing tradition on the principled
construction of complex systems and has already much of the fundamental
work available, as shown throughout this paper.
      </p>
      <p>Still, further work is necessary to cover all the requirements on
trustworthy AI and to provide the tools and guidelines necessary for
the widespread realization of trustworthy AI. Are the current
software engineering tools sufficient to assess AI systems? Or do we
need to develop dedicated tools? How can we converge on a set of
acceptance criteria for trustworthiness? How many of the
requirements can effectively be assessed in a mostly automated way? What
are the challenges for assessing trustworthy AI by non-specialists or
external users? How can we present the results in an accessible way?</p>
      <p>The software engineering community has already taken up the
challenge of software engineering for AI/ML, but often with a focus
on the general system engineering, maintenance requirements, and
general validation. However, as the requirements discussed in this
paper showed, the engineering efforts need to cast a wider need and
address more concerns in the context of trustworthy AI. This will be
an interdisciplinary challenge and the software engineering toolbox
can be of central relevance during its development.</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          [1]
          <string-name>
            <given-names>Saleema</given-names>
            <surname>Amershi</surname>
          </string-name>
          , Andrew Begel, Christian Bird,
          <string-name>
            <surname>Robert</surname>
            <given-names>DeLine</given-names>
          </string-name>
          , Harald Gall, Ece Kamar, Nachiappan Nagappan, Besmira Nushi, and Thomas Zimmermann, '
          <article-title>Software Engineering for Machine Learning: A Case Study'</article-title>
          , in International Conference on Software Engineering: Software Engineering in Practice, (
          <year>2019</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          [2]
          <string-name>
            <given-names>Hrvoje</given-names>
            <surname>Belani</surname>
          </string-name>
          , Marin Vukovic, and Zˇ eljka Car, '
          <article-title>Requirements Engineering Challenges in Building AI-Based Complex Systems'</article-title>
          , in International Requirements Engineering Conference Workshops, (
          <year>2019</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          [3]
          <string-name>
            <given-names>Markus</given-names>
            <surname>Borg</surname>
          </string-name>
          , Cristofer Englund, and Boris Duran, '
          <article-title>Traceability and deep learning-safety-critical systems with traces ending in deep neural networks'</article-title>
          ,
          <source>Proc. of the Grand Challenges of Traceability: The Next Ten Years</source>
          , (
          <year>2017</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          [4]
          <string-name>
            <given-names>Lundy</given-names>
            <surname>Braun</surname>
          </string-name>
          ,
          <article-title>Breathing race into the machine: The surprising career of the spirometer from plantation to genetics</article-title>
          , U of Minnesota,
          <year>2014</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          [5]
          <string-name>
            <given-names>Eric</given-names>
            <surname>Breck</surname>
          </string-name>
          , Shanqing Cai, Eric Nielsen,
          <string-name>
            <given-names>Michael</given-names>
            <surname>Salib</surname>
          </string-name>
          , and
          <string-name>
            <given-names>D.</given-names>
            <surname>Sculley</surname>
          </string-name>
          , '
          <article-title>The ML test score: A rubric for ML production readiness and technical debt reduction'</article-title>
          ,
          <source>in IEEE International Conference on Big Data</source>
          , (
          <year>2017</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          [6]
          <string-name>
            <given-names>Yuriy</given-names>
            <surname>Brun</surname>
          </string-name>
          and Alexandra Meliou, '
          <article-title>Software fairness'</article-title>
          ,
          <source>in ACM ESEC/FSE</source>
          , p.
          <fpage>754759</fpage>
          , (
          <year>2018</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          [7]
          <string-name>
            <given-names>L. M.</given-names>
            <surname>Cysneiros</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Raffi</surname>
          </string-name>
          , and
          <string-name>
            <surname>J. C.</surname>
          </string-name>
          <article-title>Sampaio do Prado Leite, 'Software transparency as a key requirement for self-driving cars'</article-title>
          , in International Requirements Engineering Conference (RE), (
          <year>2018</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          [8]
          <string-name>
            <given-names>Anil</given-names>
            <surname>Prakash</surname>
          </string-name>
          Dangi and Ravindar Mogili, '
          <article-title>Privacy preservation measure using t-closeness with combined l-diversity and k-anonymity'</article-title>
          ,
          <source>International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE)</source>
          ,
          <volume>1</volume>
          (
          <issue>8</issue>
          ), (
          <year>2012</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          [9]
          <string-name>
            <given-names>George</given-names>
            <surname>Drosatos</surname>
          </string-name>
          and Eleni Kaldoudi, '
          <article-title>Blockchain applications in the biomedical domain: a scoping review', Computational and structural biotechnology journal</article-title>
          , (
          <year>2019</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          [10]
          <string-name>
            <given-names>A.</given-names>
            <surname>Dwarakanath</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Ahuja</surname>
          </string-name>
          , S. Sikand, RM Rao, RP Bose,
          <string-name>
            <given-names>N.</given-names>
            <surname>Dubash</surname>
          </string-name>
          , and
          <string-name>
            <given-names>S.</given-names>
            <surname>Podder</surname>
          </string-name>
          , '
          <article-title>Identifying implementation bugs in machine learning based image classifiers using metamorphic testing'</article-title>
          ,
          <source>in ACM International Symposium on Software Testing and Analysis (ISSTA)</source>
          , (
          <year>2018</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          [11]
          <string-name>
            <given-names>L.</given-names>
            <surname>Floridi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Cowls</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Beltrametti</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Chatila</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Chazerand</surname>
          </string-name>
          ,
          <string-name>
            <given-names>V.</given-names>
            <surname>Dignum</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C.</given-names>
            <surname>Luetge</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Madelin</surname>
          </string-name>
          ,
          <string-name>
            <given-names>U.</given-names>
            <surname>Pagallo</surname>
          </string-name>
          ,
          <string-name>
            <given-names>F.</given-names>
            <surname>Rossi</surname>
          </string-name>
          , et al.,
          <article-title>'Ai4peoplean ethical framework for a good ai society: Opportunities, risks</article-title>
          , principles, and recommendations',
          <source>Minds and Machines</source>
          ,
          <volume>28</volume>
          (
          <issue>4</issue>
          ), (
          <year>2018</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref12">
        <mixed-citation>
          [12]
          <string-name>
            <surname>High-Level Expert</surname>
          </string-name>
          Group on Artificial Intelligence, '
          <article-title>Ethics Guidelines for Trustworthy AI'</article-title>
          ,
          <source>Technical report, European Commission</source>
          , (
          <year>2019</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref13">
        <mixed-citation>
          [13]
          <string-name>
            <surname>Barbara</surname>
            <given-names>A Kitchenham</given-names>
          </string-name>
          ,
          <string-name>
            <given-names>Tore</given-names>
            <surname>Dyba</surname>
          </string-name>
          , and Magne Jorgensen, '
          <article-title>Evidencebased software engineering'</article-title>
          ,
          <source>in International Conference on Software Engineering (ICSE)</source>
          , pp.
          <fpage>273</fpage>
          -
          <lpage>281</lpage>
          , (
          <year>2004</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref14">
        <mixed-citation>
          [14]
          <string-name>
            <given-names>D</given-names>
            <surname>Richard</surname>
          </string-name>
          Kuhn and
          <string-name>
            <surname>Michael J Reilly,</surname>
          </string-name>
          '
          <article-title>An investigation of the applicability of design of experiments to software testing'</article-title>
          ,
          <source>in 27th Annual NASA Goddard/IEEE Software Engineering Workshop</source>
          , (
          <year>2002</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref15">
        <mixed-citation>
          [15]
          <string-name>
            <surname>Heidi</surname>
            <given-names>Ledford</given-names>
          </string-name>
          , '
          <article-title>Millions of black people affected by racial bias in health-care algorithms</article-title>
          .',
          <source>Nature</source>
          ,
          <volume>574</volume>
          (
          <issue>7780</issue>
          ), (
          <year>2019</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref16">
        <mixed-citation>
          [16]
          <string-name>
            <surname>Laure</surname>
            <given-names>A</given-names>
          </string-name>
          <string-name>
            <surname>Linn and Martha B Koo</surname>
          </string-name>
          , '
          <article-title>Blockchain for health data and its potential use in health it and health care related research'</article-title>
          ,
          <source>in ONC/NIST Use of Blockchain for Healthcare and Research Workshop</source>
          , (
          <year>2016</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref17">
        <mixed-citation>
          [17]
          <string-name>
            <surname>Michael</surname>
            <given-names>A Madaio</given-names>
          </string-name>
          , Luke Stark, Jennifer Wortman Vaughan, and Hanna Wallach, '
          <article-title>Co-Designing Checklists to Understand Organizational Challenges and Opportunities around Fairness in AI'</article-title>
          ,
          <string-name>
            <surname>in</surname>
            <given-names>CHI</given-names>
          </string-name>
          , (
          <year>2020</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref18">
        <mixed-citation>
          [18] Margaret Mitchell, Simone Wu, Andrew Zaldivar, Parker Barnes, Lucy Vasserman, Ben Hutchinson, Elena Spitzer, Inioluwa Deborah Raji, and Timnit Gebru, '
          <article-title>Model cards for model reporting'</article-title>
          , in Conference on Fairness, Accountability, and Transparency - FAT*, (
          <year>2019</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref19">
        <mixed-citation>
          [19]
          <string-name>
            <surname>Christian</surname>
            <given-names>Murphy</given-names>
          </string-name>
          , Gail Kaiser, Lifeng Hu, and Leon Wu, '
          <article-title>Properties of Machine Learning Applications for Use in Metamorphic Testing'</article-title>
          ,
          <source>20th International Conference on Software Engineering and Knowledge Engineering (SEKE)</source>
          , (
          <year>2008</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref20">
        <mixed-citation>
          [20]
          <string-name>
            <surname>Nicolas</surname>
            <given-names>Papernot</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Patrick</surname>
            <given-names>McDaniel</given-names>
          </string-name>
          ,
          <string-name>
            <given-names>Arunesh</given-names>
            <surname>Sinha</surname>
          </string-name>
          , and
          <string-name>
            <given-names>Michael P.</given-names>
            <surname>Wellman</surname>
          </string-name>
          , '
          <article-title>SoK: Security and Privacy in Machine Learning'</article-title>
          ,
          <source>in IEEE European Symposium on Security and Privacy (EuroS&amp;P)</source>
          , (
          <year>2018</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref21">
        <mixed-citation>
          [21]
          <string-name>
            <surname>Kexin</surname>
            <given-names>Pei</given-names>
          </string-name>
          , Yinzhi Cao,
          <string-name>
            <given-names>Junfeng</given-names>
            <surname>Yang</surname>
          </string-name>
          , and Suman Jana, 'Deepxplore:
          <article-title>Automated whitebox testing of deep learning systems'</article-title>
          ,
          <source>in Symposium on Operating Systems Principles</source>
          , (
          <year>2017</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref22">
        <mixed-citation>
          [22]
          <string-name>
            <given-names>Fabian</given-names>
            <surname>Prasser</surname>
          </string-name>
          and Florian Kohlmayer, '
          <article-title>Putting statistical disclosure control into practice: The arx data anonymization tool'</article-title>
          ,
          <source>in Medical Data Privacy Handbook</source>
          , (
          <year>2015</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref23">
        <mixed-citation>
          [23]
          <string-name>
            <given-names>Khaled</given-names>
            <surname>Salah</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M Habib</given-names>
            <surname>Ur Rehman</surname>
          </string-name>
          , Nishara Nizamuddin, and
          <string-name>
            <surname>Ala</surname>
          </string-name>
          Al-Fuqaha, '
          <article-title>Blockchain for ai: Review and open research challenges'</article-title>
          ,
          <source>IEEE Access</source>
          ,
          <volume>7</volume>
          , (
          <year>2019</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref24">
        <mixed-citation>
          [24]
          <string-name>
            <surname>Sagar</surname>
            <given-names>Sen</given-names>
          </string-name>
          , Dusica Marijan, Carlo Ieva, Astrid Grime, and Atle Sander, '
          <article-title>Modeling and verifying combinatorial interactions to test data intensive systems: Experience at the norwegian customs directorate'</article-title>
          ,
          <source>IEEE Transactions on Reliability</source>
          ,
          <volume>66</volume>
          (
          <issue>1</issue>
          ), (
          <year>2016</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref25">
        <mixed-citation>
          [25]
          <string-name>
            <surname>Sagar</surname>
            <given-names>Sen</given-names>
          </string-name>
          , Manoel Horta Ribeiro,
          <string-name>
            <surname>Racquel C De Melo Minardi</surname>
          </string-name>
          , Wagner Meira, and Mari Nyga˚rd, '
          <article-title>Portinari: a data exploration tool to personalize cervical cancer screening'</article-title>
          ,
          <source>in International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS)</source>
          , (
          <year>2017</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref26">
        <mixed-citation>
          [26]
          <string-name>
            <surname>Caterina</surname>
            <given-names>Urban</given-names>
          </string-name>
          , '
          <article-title>Static analysis of data science software'</article-title>
          ,
          <source>in International Static Analysis Symposium</source>
          , pp.
          <fpage>17</fpage>
          -
          <lpage>23</lpage>
          , (
          <year>2019</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref27">
        <mixed-citation>
          [27]
          <string-name>
            <surname>Giske</surname>
            <given-names>Ursin</given-names>
          </string-name>
          , Sagar Sen,
          <string-name>
            <surname>Jean-Marie Mottu</surname>
          </string-name>
          , and Mari Nyga˚rd, '
          <article-title>Protecting privacy in large datasetsfirst we assess the risk; then we fuzzy the data'</article-title>
          ,
          <source>Cancer Epidemiology and Prevention Biomarkers</source>
          ,
          <volume>26</volume>
          (
          <issue>8</issue>
          ), (
          <year>2017</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref28">
        <mixed-citation>
          [28]
          <string-name>
            <given-names>S.</given-names>
            <surname>Verma</surname>
          </string-name>
          and
          <string-name>
            <given-names>J.</given-names>
            <surname>Rubin</surname>
          </string-name>
          , '
          <article-title>Fairness definitions explained'</article-title>
          ,
          <source>in IEEE/ACM International Workshop on Software Fairness (FairWare)</source>
          , (
          <year>2018</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref29">
        <mixed-citation>
          [29]
          <string-name>
            <surname>Jie</surname>
            <given-names>M.</given-names>
          </string-name>
          <string-name>
            <surname>Zhang</surname>
          </string-name>
          , Mark Harman, Lei Ma, and Yang Liu, '
          <article-title>Machine Learning Testing: Survey, Landscapes and Horizons'</article-title>
          ,
          <source>IEEE Transactions on Software Engineering</source>
          , (
          <year>2020</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref30">
        <mixed-citation>
          [30]
          <string-name>
            <surname>Mengshi</surname>
            <given-names>Zhang</given-names>
          </string-name>
          , Yuqun Zhang, Lingming Zhang, Cong Liu, and Sarfraz Khurshid, '
          <article-title>DeepRoad: GAN-based metamorphic testing and input validation framework for autonomous driving systems'</article-title>
          ,
          <source>in International Conference on Automated Software Engineering (ASE)</source>
          , (
          <year>2018</year>
          ).
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>