Post on 12-Nov-2014
description
transcript
Requirements Evolution Drives Software Evolution
Neil Ernst, Alexander Borgida, John Mylopoulos
nernst@cs.ubc.ca -‐ borgida@cs.rutgers.edu -‐ jm@disi.unitn.it
1
The Position
• If we don't know what, or more importantly, why we are doing something, "how" we do it is inconsequential.
• Changing requirements are costly and a major source of software errors.
• Requirements drift from implementation. • Lack of tool support for requirements evolution.• Requirements are ultimately about business
value.
2
Outline
• Other positions and examples• What is a requirement? What is software
evolution?• How can we use requirements in SW Evol?• One approach to the problem• Discussion questions
3
Other researchers agree
• A challenge for software migration is “How to ensure that the resulting system has the desired quality and functionality?”1
• How to accommodate “. . . evolution of higher-‐level artifacts such as analysis and design models, software architectures, requirement specifications, and so on.”2
• Agreement on importance of requirements re-‐use and requirements integration
4
[1] T. Mens. Future Research Challenges in Software Evolution. Presentation to ERCIM Working Group on Software Evolution, Brussels, 2009.
[2] Mens et al. Challenges in Software Evolution, IWPSE/EVOL 2005.
Some examples
• Recent study on million € government IT project1
• 16 months, 4222 person-‐days of work, 282 changes (50% of effort)
• 24% of changes at requirements phase• Most expensive changes originate with
organization and strategic concerns• Changes in solution domain very low value
5
[1] S. McGee and D. Greer, “Software Requirements Change Taxonomy: Evaluation by Case Study,” ICRE, August 2011.
PCI Data Security Standard (PCI-DSS)
1. Build and Maintain a Secure Network 2. Protect Cardholder Data3. Maintain a Vulnerability Management Program4. Implement Strong Access Control Measures5. Regularly Monitor and Test Networks6. Maintain an Information Security Policy
6
PCI-DSS changes
• Multiple root logins• WEP -‐> WPA• Server virtualization
7
Requirements problems:Goals, tasks, and assumptions• Requirements describe stakeholder desires for the new
system (e.g., “protect cardholder data”).• These desired states we call goals.• Goals are iteratively refined until operationalized by an
implementation task.• A goal model defines a space of alternative designs for
satisfying goals, constrained by domain assumptions.
8
The requirements problem: given a set of goals, which tasks and assumptions satisfy those goals?1
[1] [1] P. Zave and M. Jackson, “Four Dark Corners of Requirements Engineering,” TOSEM, vol. 6, pp. 1-30, 1997.
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Goal
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Refinement
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Task
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Domain assumption
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Alternatives
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
PCI-DSS model
9
Conflict
The requirements evolution problem
• Given an existing solution Si which satisfiesD, Si ⊢ G, and
• modified entities (δ(G), δ(D), δ(S));• Find Ŝ so that δ(D), Ŝ ⊢ δ(G), such that this
satisfies some desired property π, relating Ŝ to Si.
10
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
11
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
11
Si
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
Use Secure Hash on CC #
11
Si
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
Use Secure Hash on CC #
11
Si
New Requirement
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
Use Secure Hash on CC #
11
New Requirement
Increase revenues
Accept credit card
Avoid financial losses and penalties
Be PCI compliant
No money for new servers
Implement only one primary function per
server
Virtualize server
instances
Use Verifone POS
Use multiple servers
Use Moneris POS
Accept payment
Accept cash
Buy strongbox
Use Secure Hash on CC #
11
Ŝ New Requirement
Maintenance implications
• New implementation tasks:• switch payment system providers• add secure hash function
12
Useful properties π
1. Minimal implementation effort.2. Minimal change effort solutions.3. Maximal familiarity solutions.
13
ed
cbahgf fd
ca
gd
cba
SaSi Sb Sc
Useful properties π
1. Minimal implementation effort.2. Minimal change effort solutions.3. Maximal familiarity solutions.
13
ed
cbahgf fd
ca
gd
cba
SaSi Sb Sc
Useful properties π
1. Minimal implementation effort.2. Minimal change effort solutions.3. Maximal familiarity solutions.
13
ed
cbahgf fd
ca
gd
cba
SaSi Sb Sc
Useful properties π
1. Minimal implementation effort.2. Minimal change effort solutions.3. Maximal familiarity solutions.
13
ed
cbahgf fd
ca
gd
cba
SaSi Sb Sc
Useful properties π
1. Minimal implementation effort.2. Minimal change effort solutions.3. Maximal familiarity solutions.
13
ed
cbahgf fd
ca
gd
cba
SaSi Sb Sc
Useful properties π
1. Minimal implementation effort.2. Minimal change effort solutions.3. Maximal familiarity solutions.
13
ed
cbahgf fd
ca
gd
cba
SaSi Sb Sc
Useful properties π
1. Minimal implementation effort.2. Minimal change effort solutions.3. Maximal familiarity solutions.
13
ed
cbahgf fd
ca
gd
cba
SaSi Sb Sc
Implementing the REKB
• Implemented a tool for answering these questions.
• For case study, tell user• what compliance strategy to use• what business goals will be satisfied• what changes are important
14
Discussion questions
1. Is it important to support full traceability?2. How do we capture business objectives (and
value) in software evolution tools?3. Why has there been relatively little focus on
requirements in Software Evolution?
15
http://neilernst.net@neilernst
github.com/neilernst
Thanks!
16
http://neilernst.net@neilernst
github.com/neilernst