Requirements Evolution Drives Software Evolution

855 views

Published on

Talk at the IWPSE workshop

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
855
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Requirements Evolution Drives Software Evolution

  1. 1. Requirements Evolution Drives Software Evolution Neil  Ernst,  Alexander  Borgida,  John  Mylopoulosnernst@cs.ubc.ca  -­‐  borgida@cs.rutgers.edu  -­‐  jm@disi.unitn.it 1
  2. 2. The Position • If  we  dont  know  what,  or  more  importantly,   why  we  are  doing  something,  "how"  we  do  it  is   inconsequential.   • Changing  requirements  are  costly  and  a  major   source  of  software  errors.   • Requirements  drift  from  implementation.   • Lack  of  tool  support  for  requirements  evolution. • Requirements  are  ultimately  about  business   value.2
  3. 3. Outline • Other  positions  and  examples • What  is  a  requirement?  What  is  software   evolution? • How  can  we  use  requirements  in  SW  Evol? • One  approach  to  the  problem • Discussion  questions3
  4. 4. Other researchers agree • A  challenge  for  software  migration  is  “How  to   ensure  that  the  resulting  system  has  the   desired  quality  and  functionality?”1 • How  to  accommodate  “.  .  .  evolution  of  higher-­‐ level  artifacts  such  as  analysis  and  design   models,  software  architectures,  requirement   specifications,  and  so  on.”2 • Agreement  on  importance  of  requirements  re-­‐ use  and  requirements  integration [1] T. Mens. Future Research Challenges in Software Evolution. Presentation to ERCIM Working Group on Software Evolution, Brussels, 2009.4 [2] Mens et al. Challenges in Software Evolution, IWPSE/EVOL 2005.
  5. 5. Some examples • Recent  study  on  million  €  government  IT   project1 • 16  months,  4222  person-­‐days  of  work,  282   changes  (50%  of  effort) • 24%  of  changes  at  requirements  phase • Most  expensive  changes  originate  with   organization  and  strategic  concerns • Changes  in  solution  domain  very  low  value [1] S. McGee and D. Greer, “Software Requirements Change Taxonomy: Evaluation by Case Study,” ICRE, August 2011.5
  6. 6. PCI Data Security Standard (PCI-DSS) 1. Build  and  Maintain  a  Secure  Network   2. Protect  Cardholder  Data 3. Maintain  a  Vulnerability  Management  Program 4. Implement  Strong  Access  Control  Measures 5. Regularly  Monitor  and  Test  Networks 6. Maintain  an  Information  Security  Policy6
  7. 7. PCI-DSS changes • Multiple  root  logins • WEP  -­‐>  WPA • Server  virtualization7
  8. 8. Requirements problems: Goals, tasks, and assumptions • Requirements  describe  stakeholder  desires  for  the  new   system  (e.g.,  “protect  cardholder  data”). • These  desired  states  we  call  goals. • Goals  are  iteratively  refined  until  operationalized  by  an   implementation  task. • A  goal  model  defines  a  space  of  alternative  designs  for   satisfying  goals,  constrained  by  domain  assumptions. The  requirements  problem:  given  a  set  of  goals,  which  tasks   and  assumptions  satisfy  those  goals?1 [1] [1] P. Zave and M. Jackson, “Four Dark Corners of Requirements Engineering,” TOSEM, vol. 6, pp. 1-30, 1997.8
  9. 9. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances9
  10. 10. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances9
  11. 11. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances9
  12. 12. PCI-DSS model Increase Goal revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances9
  13. 13. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept cash Accept credit card Refinement Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances9
  14. 14. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server Task No money for new servers Virtualize Use multiple server servers instances9
  15. 15. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Domain Buy strongbox Implement only one primary function per assumption server No money for new servers Virtualize Use multiple server servers instances9
  16. 16. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Alternatives server No money for new servers Virtualize Use multiple server servers instances9
  17. 17. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server instances servers Conflict9
  18. 18. The requirements evolution problem • Given  an  existing  solution  Si  which  satisfies D,  Si  ⊢  G,  and • modified  entities  (δ(G),  δ(D),  δ(S)); • Find  Ŝ  so  that  δ(D),  Ŝ  ⊢  δ(G),  such  that  this   satisfies  some  desired  property  π,  relating  Ŝ  to  Si.10
  19. 19. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances11
  20. 20. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new serversSi Virtualize Use multiple server servers instances11
  21. 21. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new serversSi Virtualize Use multiple server servers instances11
  22. 22. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new serversSi Virtualize Use multiple server servers instances New Requirement11
  23. 23. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new servers Virtualize Use multiple server servers instances New Requirement11
  24. 24. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new servers Virtualize Use multiple server serversŜ instances New Requirement11
  25. 25. Maintenance implications • New  implementation  tasks: • switch  payment  system  providers • add  secure  hash  function12
  26. 26. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g13
  27. 27. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g13
  28. 28. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g13
  29. 29. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g13
  30. 30. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g13
  31. 31. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g13
  32. 32. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g13
  33. 33. Implementing the REKB • Implemented  a  tool  for  answering  these   questions. • For  case  study,  tell  user • what  compliance  strategy  to  use • what  business  goals  will  be  satisfied • what  changes  are  important14
  34. 34. Discussion questions 1. Is  it  important  to  support  full  traceability? 2. How  do  we  capture  business  objectives  (and   value)  in  software  evolution  tools? 3. Why  has  there  been  relatively  little  focus  on   requirements  in  Software  Evolution? http://neilernst.net @neilernst github.com/neilernst15
  35. 35. Thanks! http://neilernst.net @neilernst github.com/neilernst16

×